Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/1-UY4PSsLAhrs1PzARcse-G3oKuQ.roa
File:                     1-UY4PSsLAhrs1PzARcse-G3oKuQ.roa (raw, json)
Hash identifier:          bquKinVoexR3C7npUBsFt5Z6yuA7X3IOlH1/GIEH79I=
Subject key identifier:   F9:46:38:3D:2B:0B:02:1A:EC:D4:FC:C0:45:CB:1E:F8:6D:E8:2A:E4
Certificate issuer:       /CN=f88b443e992c665658942e6890d298d68cde6425
Certificate serial:       019D0A54E80D47418335956579AE7A800A07
Authority key identifier: F8:8B:44:3E:99:2C:66:56:58:94:2E:68:90:D2:98:D6:8C:DE:64:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-ItEPpksZlZYlC5okNKY1ozeZCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/1-UY4PSsLAhrs1PzARcse-G3oKuQ.roa
Signing time:             Fri 20 Mar 2026 08:20:29 +0000
ROA not before:           Fri 20 Mar 2026 08:20:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200882
IP address blocks:        80.248.141.0/24 maxlen: 24
                          80.248.142.0/24 maxlen: 24
                          2a12:fdc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/1-ItEPpksZlZYlC5okNKY1ozeZCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/1-ItEPpksZlZYlC5okNKY1ozeZCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-ItEPpksZlZYlC5okNKY1ozeZCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 14:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:54:e8:0d:47:41:83:35:95:65:79:ae:7a:80:0a:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f88b443e992c665658942e6890d298d68cde6425
        Validity
            Not Before: Mar 20 08:20:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f946383d2b0b021aecd4fcc045cb1ef86de82ae4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ca:69:85:71:87:6e:2d:34:a7:c3:96:7b:76:
                    9a:9b:82:52:44:85:2a:69:86:78:bb:88:97:b9:1e:
                    6d:99:61:e0:bb:03:26:d5:09:95:e7:a6:bb:47:5d:
                    91:a5:c1:5d:85:14:1a:bd:ff:ca:c3:a8:83:8f:f4:
                    4b:c3:2d:86:9e:29:b6:74:df:53:57:bf:14:4e:00:
                    8f:57:2f:05:8b:47:ed:cf:bd:8f:a3:d5:ab:06:41:
                    8c:46:62:2d:32:8f:6e:ab:7f:36:8a:6e:e0:48:ad:
                    9c:57:40:b9:79:4b:3d:ea:f0:ae:b4:14:41:8e:0b:
                    4f:73:9a:9e:1d:18:ee:f2:70:19:cf:47:8b:1e:5b:
                    5e:e4:33:f3:38:70:60:0d:ab:57:8e:bf:23:aa:b3:
                    39:3f:2f:f4:16:bb:aa:07:89:18:c5:91:d8:c0:4d:
                    ce:f3:0c:a1:65:f1:37:d0:57:23:2a:e5:b3:cd:83:
                    7e:eb:da:33:cf:33:63:26:7d:f8:d1:22:8c:e4:9b:
                    6c:00:f5:8a:70:0f:2b:bf:b4:bb:01:b7:39:5e:d4:
                    d6:3d:94:22:a6:8c:02:2f:ad:4a:c3:41:e0:bf:57:
                    fc:a9:be:2a:5a:d8:d2:f9:fd:c4:7a:9a:ba:55:01:
                    f2:29:e5:3c:d3:90:5f:87:28:a3:69:f9:20:8f:40:
                    07:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:46:38:3D:2B:0B:02:1A:EC:D4:FC:C0:45:CB:1E:F8:6D:E8:2A:E4
            X509v3 Authority Key Identifier:
                keyid:F8:8B:44:3E:99:2C:66:56:58:94:2E:68:90:D2:98:D6:8C:DE:64:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-ItEPpksZlZYlC5okNKY1ozeZCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/1-UY4PSsLAhrs1PzARcse-G3oKuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/bfb542-4f67-46c5-9710-694252f029f1/1/1-ItEPpksZlZYlC5okNKY1ozeZCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.248.141.0-80.248.142.255
                IPv6:
                  2a12:fdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b8:51:e1:25:79:4e:24:93:27:76:44:56:d5:6b:81:81:8f:39:
         8f:1e:a6:b8:9d:b7:c3:09:34:20:87:46:21:16:0f:35:cb:17:
         ee:52:cd:70:b7:01:f7:6c:05:75:07:23:a7:f3:70:31:59:da:
         25:30:0a:6d:17:9d:60:85:4c:6a:b3:aa:78:73:68:24:1a:7a:
         50:41:41:bd:d2:61:42:38:7c:e6:b3:43:e8:02:fc:f6:e8:7d:
         8b:ab:23:d1:41:64:86:ef:cf:3b:28:02:98:50:1c:89:2e:33:
         9e:70:04:5d:16:6f:1d:cf:7d:c3:9c:d0:d1:e9:be:bf:48:9e:
         4f:80:29:b9:1d:a3:d9:7a:f9:83:8a:35:94:18:37:63:8c:77:
         58:64:74:fb:24:e9:bb:49:b6:18:2b:bd:4d:9d:0d:fc:01:72:
         d9:9c:21:60:09:0e:b7:ea:34:2c:e4:47:f3:54:e4:93:22:08:
         35:c4:55:8c:f5:df:84:5f:ba:07:d2:8c:81:17:4c:b9:4b:98:
         64:2e:14:43:e4:40:0d:ee:d9:ee:65:18:72:72:34:07:d8:e5:
         9f:97:fa:43:50:22:2f:cf:d4:9e:92:b1:26:f2:a8:03:b2:5d:
         09:75:b2:4d:52:45:1e:27:57:21:bb:a1:bd:56:74:16:4b:dc:
         e3:b8:88:cf
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ0KVOgNR0GDNZVlea56gAoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4OGI0NDNlOTkyYzY2NTY1ODk0MmU2ODkwZDI5OGQ2OGNk
ZTY0MjUwHhcNMjYwMzIwMDgyMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTQ2MzgzZDJiMGIwMjFhZWNkNGZjYzA0NWNiMWVmODZkZTgyYWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8pphXGHbi00p8OWe3aam4JSRIUq
aYZ4u4iXuR5tmWHguwMm1QmV56a7R12RpcFdhRQavf/Kw6iDj/RLwy2Gnim2dN9T
V78UTgCPVy8Fi0ftz72Po9WrBkGMRmItMo9uq382im7gSK2cV0C5eUs96vCutBRB
jgtPc5qeHRju8nAZz0eLHlte5DPzOHBgDatXjr8jqrM5Py/0FruqB4kYxZHYwE3O
8wyhZfE30FcjKuWzzYN+69ozzzNjJn340SKM5JtsAPWKcA8rv7S7Abc5XtTWPZQi
powCL61Kw0Hgv1f8qb4qWtjS+f3Eepq6VQHyKeU805Bfhyijafkgj0AHrQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPlGOD0rCwIa7NT8wEXLHvht6CrkMB8GA1UdIwQY
MBaAFPiLRD6ZLGZWWJQuaJDSmNaM3mQlMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1JdEVQcGtzWmxaWWxDNW9rTktZMW96ZVpDVS5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIvYmZiNTQyLTRmNjctNDZjNS05NzEw
LTY5NDI1MmYwMjlmMS8xLzEtVVk0UFNzTEFocnMxUHpBUmNzZS1HM29LdVEucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzViL2JmYjU0Mi00ZjY3LTQ2YzUtOTcxMC02OTQyNTJmMDI5
ZjEvMS8xLUl0RVBwa3NabFpZbEM1b2tOS1kxb3plWkNVLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBABQ
+I0DBABQ+I4wDQQCAAIwBwMFAyoS/cAwDQYJKoZIhvcNAQELBQADggEBALhR4SV5
TiSTJ3ZEVtVrgYGPOY8epridt8MJNCCHRiEWDzXLF+5SzXC3AfdsBXUHI6fzcDFZ
2iUwCm0XnWCFTGqzqnhzaCQaelBBQb3SYUI4fOazQ+gC/PbofYurI9FBZIbvzzso
AphQHIkuM55wBF0Wbx3PfcOc0NHpvr9Ink+AKbkdo9l6+YOKNZQYN2OMd1hkdPsk
6btJthgrvU2dDfwBctmcIWAJDrfqNCzkR/NU5JMiCDXEVYz134RfugfSjIEXTLlL
mGQuFEPkQA3u2e5lGHJyNAfY5Z+X+kNQIi/P1J6SsSbyqAOyXQl1sk1SRR4nVyG7
ob1WdBZL3OO4iM8=
-----END CERTIFICATE-----