Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/8MxVvwEohbQmIikgrwper0uymEc.roa
File:                     8MxVvwEohbQmIikgrwper0uymEc.roa (raw, json)
Hash identifier:          Xz+dhMsydC+qsZLDpjaa9cvEI5H7yFeVKoYAKozIz24=
Subject key identifier:   F0:CC:55:BF:01:28:85:B4:26:22:29:20:AF:0A:5E:AF:4B:B2:98:47
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019DF01AED01EC4AF02E87DF2E393264880E
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/8MxVvwEohbQmIikgrwper0uymEc.roa
Signing time:             Sun 03 May 2026 23:09:49 +0000
ROA not before:           Sun 03 May 2026 23:09:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214095
IP address blocks:        131.222.221.0/24 maxlen: 24
                          131.222.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f0:1a:ed:01:ec:4a:f0:2e:87:df:2e:39:32:64:88:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: May  3 23:09:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0cc55bf012885b426222920af0a5eaf4bb29847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:72:79:03:fc:2d:70:72:ac:c3:02:a8:ed:46:
                    9a:a4:d9:0a:58:70:16:ee:5b:50:aa:60:04:53:24:
                    75:15:83:d5:d6:dc:71:f8:e4:55:f5:ca:d8:b7:3e:
                    db:a6:b2:ff:f8:5a:db:b2:24:36:46:c3:59:07:e5:
                    ca:8a:df:a9:70:6d:e1:69:fb:ad:c6:1d:7f:2f:52:
                    83:66:1d:78:24:6d:1c:17:b1:c2:e1:ed:09:1a:e3:
                    ee:97:b3:55:74:0e:13:ff:06:09:2b:97:86:09:bc:
                    13:58:91:2d:6a:f6:fe:73:21:12:55:eb:21:9c:c5:
                    5a:cb:df:b0:4b:70:99:c3:25:3f:8e:54:28:eb:41:
                    11:07:03:6b:73:62:07:15:93:f0:7b:9f:f5:8b:9c:
                    22:a8:ac:11:8a:00:83:95:38:bc:8a:60:53:11:88:
                    f4:75:45:18:a5:9c:a4:a1:ba:1a:6a:2f:19:71:cf:
                    3a:a7:cd:3a:9f:e0:72:59:7b:31:da:1e:05:4b:08:
                    25:ca:c1:75:84:fd:66:cf:df:bc:80:bf:af:12:86:
                    88:f3:63:f5:25:bf:e1:25:79:18:fd:d6:6b:6d:69:
                    98:ae:50:3b:13:57:03:f7:44:85:c3:e7:c7:7e:06:
                    89:b0:bd:50:8f:f8:de:96:07:0b:53:06:56:0e:d2:
                    f6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:CC:55:BF:01:28:85:B4:26:22:29:20:AF:0A:5E:AF:4B:B2:98:47
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/8MxVvwEohbQmIikgrwper0uymEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.221.0/24
                  131.222.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:0f:8f:56:72:54:23:96:c1:11:12:d6:72:29:cb:ff:64:df:
         97:99:7a:d3:a8:4e:13:37:83:22:28:67:84:cf:d9:23:15:64:
         3f:9a:b6:6c:e3:05:c4:b4:c8:27:ef:29:72:1c:16:ee:a3:61:
         98:ff:b6:e2:10:a0:e7:29:48:e4:70:0d:b7:c1:6b:95:3b:f7:
         9f:40:b9:8f:99:2b:32:99:07:90:71:c0:97:52:4d:52:d4:11:
         63:6e:57:5a:e8:60:cb:3a:bb:c7:2b:58:3b:31:3f:56:37:01:
         00:2a:66:37:99:9c:79:b8:8f:ce:3b:57:f6:a1:d9:3d:8b:ea:
         31:f7:88:a3:45:ec:20:66:ee:49:dd:5b:db:75:be:72:0c:d8:
         79:71:2b:de:aa:66:8d:23:64:6f:62:c5:f1:06:ec:f9:17:17:
         fe:b9:82:af:84:55:49:d8:73:58:0c:90:3b:6e:9b:4a:1b:75:
         ee:d7:d5:59:b3:30:37:30:c1:91:29:40:e3:95:e1:c4:71:b1:
         0e:12:7c:c9:6a:7d:b5:80:a9:14:a9:4c:8b:8b:84:9c:5c:bf:
         ff:fd:ec:c9:94:be:cd:8f:04:1c:70:dd:af:23:e6:8b:79:85:
         bc:5b:fd:e2:9e:85:1e:80:83:b0:19:12:ce:d3:d8:3f:00:d3:
         58:82:e3:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3wGu0B7ErwLoffLjkyZIgOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwNTAzMjMwOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGNjNTViZjAxMjg4NWI0MjYyMjI5MjBhZjBhNWVhZjRiYjI5ODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnJ5A/wtcHKswwKo7UaapNkKWHAW
7ltQqmAEUyR1FYPV1txx+ORV9crYtz7bprL/+FrbsiQ2RsNZB+XKit+pcG3hafut
xh1/L1KDZh14JG0cF7HC4e0JGuPul7NVdA4T/wYJK5eGCbwTWJEtavb+cyESVesh
nMVay9+wS3CZwyU/jlQo60ERBwNrc2IHFZPwe5/1i5wiqKwRigCDlTi8imBTEYj0
dUUYpZykoboaai8Zcc86p806n+ByWXsx2h4FSwglysF1hP1mz9+8gL+vEoaI82P1
Jb/hJXkY/dZrbWmYrlA7E1cD90SFw+fHfgaJsL1Qj/jelgcLUwZWDtL2kwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPDMVb8BKIW0JiIpIK8KXq9LsphHMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvOE14VnZ3RW9oYlFtSWlrZ3J3cGVyMHV5bUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAg97dAwQA
g970MA0GCSqGSIb3DQEBCwUAA4IBAQAID49WclQjlsEREtZyKcv/ZN+XmXrTqE4T
N4MiKGeEz9kjFWQ/mrZs4wXEtMgn7ylyHBbuo2GY/7biEKDnKUjkcA23wWuVO/ef
QLmPmSsymQeQccCXUk1S1BFjblda6GDLOrvHK1g7MT9WNwEAKmY3mZx5uI/OO1f2
odk9i+ox94ijRewgZu5J3Vvbdb5yDNh5cSveqmaNI2RvYsXxBuz5Fxf+uYKvhFVJ
2HNYDJA7bptKG3Xu19VZszA3MMGRKUDjleHEcbEOEnzJan21gKkUqUyLi4ScXL//
/ezJlL7NjwQccN2vI+aLeYW8W/3inoUegIOwGRLO09g/ANNYguNY
-----END CERTIFICATE-----