Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/14e4bb-2aee-453f-a0f7-a486dca8168b/1/IHECthmlpDpJGsSkgns0x3n0yLw.roa
File:                     IHECthmlpDpJGsSkgns0x3n0yLw.roa (raw, json)
Hash identifier:          X2aYRmqqSOfsP22FqmMtKLm3/ujZWCql9BMXfBL/SYE=
Subject key identifier:   20:71:02:B6:19:A5:A4:3A:49:1A:C4:A4:82:7B:34:C7:79:F4:C8:BC
Certificate issuer:       /CN=31ae807a8fce40a32be876ed779d14f1de6fad9a
Certificate serial:       019CE75947ED512B79CA01793475EBD7C3EF
Authority key identifier: 31:AE:80:7A:8F:CE:40:A3:2B:E8:76:ED:77:9D:14:F1:DE:6F:AD:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ma6Aeo_OQKMr6Hbtd50U8d5vrZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/14e4bb-2aee-453f-a0f7-a486dca8168b/1/IHECthmlpDpJGsSkgns0x3n0yLw.roa
Signing time:             Fri 13 Mar 2026 13:18:33 +0000
ROA not before:           Fri 13 Mar 2026 13:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196898
IP address blocks:        91.217.150.0/24 maxlen: 24
                          91.233.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/14e4bb-2aee-453f-a0f7-a486dca8168b/1/Ma6Aeo_OQKMr6Hbtd50U8d5vrZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/14e4bb-2aee-453f-a0f7-a486dca8168b/1/Ma6Aeo_OQKMr6Hbtd50U8d5vrZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ma6Aeo_OQKMr6Hbtd50U8d5vrZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e7:59:47:ed:51:2b:79:ca:01:79:34:75:eb:d7:c3:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31ae807a8fce40a32be876ed779d14f1de6fad9a
        Validity
            Not Before: Mar 13 13:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=207102b619a5a43a491ac4a4827b34c779f4c8bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a1:c5:95:e4:54:d6:d9:f5:85:30:d6:85:b4:
                    ad:c1:08:11:d1:fa:cf:25:56:5c:68:4c:c1:92:d2:
                    10:37:18:2a:ed:9a:b6:f4:8a:08:db:e1:c3:28:2a:
                    ce:c0:27:96:0b:fb:c3:63:51:32:f5:01:aa:28:ce:
                    2a:05:6a:3c:ea:63:2e:8e:7a:33:ac:b3:46:5e:cf:
                    62:27:1e:f6:de:9e:8e:6b:09:87:18:0e:37:e9:84:
                    1b:37:c5:7a:66:55:c1:93:14:7e:88:24:58:36:fd:
                    4a:e7:7d:87:35:5a:06:64:88:aa:cf:48:97:90:71:
                    6e:38:2f:85:c0:23:30:ba:6b:7d:30:19:a5:b8:40:
                    e6:01:f2:e4:1e:c0:01:31:3c:a6:b8:9b:f3:f8:01:
                    5a:56:63:fa:61:29:4b:b7:f3:dd:72:e9:53:6e:09:
                    12:ac:49:02:15:a4:f5:c3:aa:aa:12:5d:3a:4d:7d:
                    30:e0:2a:f3:0e:3c:47:05:60:4e:fe:43:08:41:e4:
                    be:6a:67:6d:bb:c2:1c:fe:45:63:9c:6b:9d:df:a4:
                    13:be:52:dc:b0:2c:2e:e9:b1:9b:2c:45:82:cf:e2:
                    9d:08:14:f2:58:1b:3a:3e:06:34:bb:d8:cf:37:53:
                    84:46:ae:8a:64:46:2a:18:6c:1a:2f:e0:ee:f0:5d:
                    a3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:71:02:B6:19:A5:A4:3A:49:1A:C4:A4:82:7B:34:C7:79:F4:C8:BC
            X509v3 Authority Key Identifier:
                keyid:31:AE:80:7A:8F:CE:40:A3:2B:E8:76:ED:77:9D:14:F1:DE:6F:AD:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ma6Aeo_OQKMr6Hbtd50U8d5vrZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/14e4bb-2aee-453f-a0f7-a486dca8168b/1/IHECthmlpDpJGsSkgns0x3n0yLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/14e4bb-2aee-453f-a0f7-a486dca8168b/1/Ma6Aeo_OQKMr6Hbtd50U8d5vrZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.150.0/24
                  91.233.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:74:88:a3:a7:73:8c:a9:48:7b:dd:72:f2:9f:ea:6c:3a:73:
         82:8a:71:26:26:5c:16:32:61:a6:83:70:00:ae:b4:39:31:2f:
         07:bd:02:69:e9:bb:7a:e3:bb:61:e9:4f:0a:a6:bf:94:1e:7f:
         be:bc:2c:85:64:16:c7:be:e1:68:d8:97:03:e4:4d:f6:08:59:
         3e:f6:73:76:7a:72:a4:29:3b:e4:b1:75:ec:bd:68:f5:bb:43:
         5b:b8:6e:ec:51:a4:be:0d:75:1b:f9:0a:bd:34:29:95:96:49:
         98:0f:6b:4d:1d:e5:08:68:b1:4d:6c:7a:f7:a4:ab:c0:50:b5:
         34:cc:65:b3:bd:67:b9:c6:81:71:4a:da:24:5c:b1:db:b1:64:
         8f:b3:71:60:80:55:38:3a:62:b6:29:d8:45:76:16:15:03:5c:
         5d:15:d8:93:48:be:92:42:0f:17:64:55:15:47:df:28:81:9c:
         98:4a:44:36:01:46:29:72:0c:00:3e:42:4a:e0:22:9e:3f:47:
         8b:ce:91:f7:2b:b5:4b:52:dc:19:1b:cd:ec:df:85:02:a3:9c:
         a9:b2:ef:f1:39:08:0a:86:9a:74:6a:06:3d:39:b2:f2:31:10:
         69:66:be:fd:4d:64:64:17:f6:ae:c8:53:29:3c:1f:43:88:90:
         75:14:3a:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZznWUftUSt5ygF5NHXr18PvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYWU4MDdhOGZjZTQwYTMyYmU4NzZlZDc3OWQxNGYxZGU2
ZmFkOWEwHhcNMjYwMzEzMTMxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDcxMDJiNjE5YTVhNDNhNDkxYWM0YTQ4MjdiMzRjNzc5ZjRjOGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKHFleRU1tn1hTDWhbStwQgR0frP
JVZcaEzBktIQNxgq7Zq29IoI2+HDKCrOwCeWC/vDY1Ey9QGqKM4qBWo86mMujnoz
rLNGXs9iJx723p6OawmHGA436YQbN8V6ZlXBkxR+iCRYNv1K532HNVoGZIiqz0iX
kHFuOC+FwCMwumt9MBmluEDmAfLkHsABMTymuJvz+AFaVmP6YSlLt/PdculTbgkS
rEkCFaT1w6qqEl06TX0w4CrzDjxHBWBO/kMIQeS+amdtu8Ic/kVjnGud36QTvlLc
sCwu6bGbLEWCz+KdCBTyWBs6PgY0u9jPN1OERq6KZEYqGGwaL+Du8F2jAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCBxArYZpaQ6SRrEpIJ7NMd59Mi8MB8GA1UdIwQY
MBaAFDGugHqPzkCjK+h27XedFPHeb62aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWE2QWVvX09RS01yNkhidGQ1MFU4ZDV2clpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xNGU0YmItMmFlZS00NTNmLWEwZjct
YTQ4NmRjYTgxNjhiLzEvSUhFQ3RobWxwRHBKR3NTa2duczB4M24weUx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xNGU0YmItMmFlZS00NTNmLWEwZjctYTQ4NmRjYTgxNjhi
LzEvTWE2QWVvX09RS01yNkhidGQ1MFU4ZDV2clpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9mWAwQA
W+kiMA0GCSqGSIb3DQEBCwUAA4IBAQBydIijp3OMqUh73XLyn+psOnOCinEmJlwW
MmGmg3AArrQ5MS8HvQJp6bt647th6U8Kpr+UHn++vCyFZBbHvuFo2JcD5E32CFk+
9nN2enKkKTvksXXsvWj1u0NbuG7sUaS+DXUb+Qq9NCmVlkmYD2tNHeUIaLFNbHr3
pKvAULU0zGWzvWe5xoFxStokXLHbsWSPs3FggFU4OmK2KdhFdhYVA1xdFdiTSL6S
Qg8XZFUVR98ogZyYSkQ2AUYpcgwAPkJK4CKeP0eLzpH3K7VLUtwZG83s34UCo5yp
su/xOQgKhpp0agY9ObLyMRBpZr79TWRkF/auyFMpPB9DiJB1FDrW
-----END CERTIFICATE-----