Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/1kKPv2wUltItuWIjU1ilVcX9VLE.roa
File:                     1kKPv2wUltItuWIjU1ilVcX9VLE.roa (raw, json)
Hash identifier:          il+uT7sf8sbrAGYBj61G15BD0mwhGRvyVxYl0y6GFnU=
Subject key identifier:   D6:42:8F:BF:6C:14:96:D2:2D:B9:62:23:53:58:A5:55:C5:FD:54:B1
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       019CEDE55F94397F55972EC4D736FA06CDDF
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/1kKPv2wUltItuWIjU1ilVcX9VLE.roa
Signing time:             Sat 14 Mar 2026 19:49:18 +0000
ROA not before:           Sat 14 Mar 2026 19:49:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398465
IP address blocks:        141.226.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ed:e5:5f:94:39:7f:55:97:2e:c4:d7:36:fa:06:cd:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Mar 14 19:49:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6428fbf6c1496d22db962235358a555c5fd54b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c2:c1:fb:18:f0:8f:9e:0d:f8:0c:e7:b3:97:
                    6f:ce:80:01:14:94:5b:3c:9e:bc:21:17:06:03:2a:
                    0a:13:82:68:7e:17:24:de:9d:07:51:86:17:12:bb:
                    5c:b4:f9:14:16:17:df:eb:ba:44:3b:bd:f3:ba:44:
                    b3:92:95:7f:9d:99:64:f3:c1:85:fb:52:a8:5f:fb:
                    77:41:65:90:f1:0f:62:9e:04:5a:a2:25:bd:fb:6d:
                    89:9a:80:ce:14:0c:12:0b:29:ee:f2:06:12:14:87:
                    96:95:90:1f:7e:4d:f4:63:30:db:c9:de:91:35:cf:
                    76:60:ea:8a:32:c7:60:36:ea:52:79:8c:e0:59:e6:
                    61:d3:8a:a1:a3:07:35:75:6f:d6:88:40:d9:f7:56:
                    bf:f5:e3:86:7c:c9:60:9d:7f:e4:2f:57:2f:13:89:
                    cc:15:78:f0:5d:6a:f8:78:ab:00:4e:0c:4b:85:66:
                    72:a9:ed:53:31:1e:ca:ec:b7:74:88:5e:a7:96:42:
                    a8:1b:c6:eb:be:9c:fc:84:d4:44:6e:9f:7d:b1:39:
                    51:25:c2:30:7c:d9:20:fc:64:74:46:99:a5:77:77:
                    bf:4e:68:d9:74:ba:8e:3e:25:56:b5:e2:4c:d3:00:
                    5b:71:6d:03:f6:7a:74:d2:2b:f4:e8:46:43:27:19:
                    11:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:42:8F:BF:6C:14:96:D2:2D:B9:62:23:53:58:A5:55:C5:FD:54:B1
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/1kKPv2wUltItuWIjU1ilVcX9VLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:b9:e7:3c:29:5a:e5:03:fa:8a:10:f0:6c:7e:8d:8e:94:58:
         52:e3:0d:14:52:18:b3:45:d5:2a:d2:45:d4:24:6a:09:05:08:
         1f:d9:88:a1:e0:54:1c:7b:97:33:0c:79:db:5a:4f:d3:07:60:
         19:ed:9d:1a:cf:d8:ca:e6:8d:a0:90:5e:cb:ee:2e:02:0d:cb:
         6f:03:0e:08:59:1e:cb:72:9c:5f:ad:68:31:f2:4d:38:70:59:
         2b:74:aa:22:b4:4e:95:53:b9:75:e0:d9:54:02:98:bf:55:c6:
         c4:f8:47:ed:5d:e1:5a:6f:ed:98:eb:e7:58:75:d7:5b:85:7d:
         8e:03:4a:33:a9:2f:eb:ca:4d:43:4b:a1:9c:2c:dc:aa:8d:df:
         f4:97:37:41:24:3d:fa:46:a4:af:ba:d7:6d:ee:36:77:0e:b0:
         e7:05:57:d4:5b:17:5a:2e:02:56:b8:8f:f5:db:ba:23:3a:17:
         df:60:7d:9e:b7:59:e2:19:bb:66:53:25:1c:35:7e:cb:14:88:
         ab:dd:4d:49:d2:e2:bd:2e:0c:23:ac:7f:25:43:7e:19:2a:3e:
         99:cc:6a:d2:2f:c0:22:06:91:29:17:2a:d6:de:ea:0f:77:5f:
         ea:66:91:54:7c:e8:74:a5:48:b9:f8:61:59:8a:35:3c:64:a2:
         57:2d:a7:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzt5V+UOX9Vly7E1zb6Bs3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjYwMzE0MTk0OTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQyOGZiZjZjMTQ5NmQyMmRiOTYyMjM1MzU4YTU1NWM1ZmQ1NGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8LB+xjwj54N+Azns5dvzoABFJRb
PJ68IRcGAyoKE4Jofhck3p0HUYYXErtctPkUFhff67pEO73zukSzkpV/nZlk88GF
+1KoX/t3QWWQ8Q9ingRaoiW9+22JmoDOFAwSCynu8gYSFIeWlZAffk30YzDbyd6R
Nc92YOqKMsdgNupSeYzgWeZh04qhowc1dW/WiEDZ91a/9eOGfMlgnX/kL1cvE4nM
FXjwXWr4eKsATgxLhWZyqe1TMR7K7Ld0iF6nlkKoG8brvpz8hNREbp99sTlRJcIw
fNkg/GR0Rpmld3e/TmjZdLqOPiVWteJM0wBbcW0D9np00iv06EZDJxkRVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZCj79sFJbSLbliI1NYpVXF/VSxMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvMWtLUHYyd1VsdEl0dVdJalUxaWxWY1g5VkxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjeL2MA0G
CSqGSIb3DQEBCwUAA4IBAQAKuec8KVrlA/qKEPBsfo2OlFhS4w0UUhizRdUq0kXU
JGoJBQgf2Yih4FQce5czDHnbWk/TB2AZ7Z0az9jK5o2gkF7L7i4CDctvAw4IWR7L
cpxfrWgx8k04cFkrdKoitE6VU7l14NlUApi/VcbE+EftXeFab+2Y6+dYdddbhX2O
A0ozqS/ryk1DS6GcLNyqjd/0lzdBJD36RqSvutdt7jZ3DrDnBVfUWxdaLgJWuI/1
27ojOhffYH2et1niGbtmUyUcNX7LFIir3U1J0uK9LgwjrH8lQ34ZKj6ZzGrSL8Ai
BpEpFyrW3uoPd1/qZpFUfOh0pUi5+GFZijU8ZKJXLadY
-----END CERTIFICATE-----