Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/CPFUjdYmYvlsWtWYLd7v5035Xuw.roa
File:                     CPFUjdYmYvlsWtWYLd7v5035Xuw.roa (raw, json)
Hash identifier:          7sSnoPkIa2/4PXjqT4j8dkD8edXrnocaOy0KeObQQ4s=
Subject key identifier:   08:F1:54:8D:D6:26:62:F9:6C:5A:D5:98:2D:DE:EF:E7:4D:F9:5E:EC
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019E01F7CAD13ACB2D80675EDAEAD85C9872
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/CPFUjdYmYvlsWtWYLd7v5035Xuw.roa
Signing time:             Thu 07 May 2026 10:24:37 +0000
ROA not before:           Thu 07 May 2026 10:24:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201592
IP address blocks:        131.222.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:f7:ca:d1:3a:cb:2d:80:67:5e:da:ea:d8:5c:98:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: May  7 10:24:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08f1548dd62662f96c5ad5982ddeefe74df95eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:33:69:6c:25:12:12:a3:fc:ef:a0:1e:0c:ec:
                    54:eb:1a:1f:63:df:2d:a8:32:3b:22:eb:81:a7:38:
                    21:35:00:e6:c7:78:f6:50:da:ae:21:5b:38:40:87:
                    5f:92:6f:d9:3f:85:b1:07:d8:fc:4a:b9:f9:8b:18:
                    19:0c:03:c2:75:6e:fb:5e:c4:85:2b:14:02:70:90:
                    50:23:e5:f9:2b:c2:bc:f0:a9:6f:7e:42:0f:ae:f5:
                    b6:ae:4e:b1:a1:41:d1:72:3e:71:23:b4:c7:4e:84:
                    fe:1d:dc:1f:43:a0:c1:99:06:eb:a5:80:73:a1:cc:
                    9b:95:d5:ea:cb:a7:88:d2:09:8d:59:ba:ec:e8:2e:
                    bf:dc:25:5c:01:74:d8:10:ea:d7:60:d3:90:e8:0e:
                    cf:cb:6c:24:ea:28:c6:b0:b7:e0:f2:17:ae:ba:2c:
                    30:1a:63:c6:82:a1:8b:c5:0f:b1:da:47:d3:20:b7:
                    63:6d:b3:f4:eb:25:de:c1:f1:d5:7e:c9:6a:4d:31:
                    7e:1a:3e:91:3b:75:ef:30:38:1b:e6:1f:e5:17:53:
                    07:d3:39:a9:a0:0a:da:5f:bb:a9:4a:f0:4e:ba:12:
                    5d:19:96:04:10:b9:3a:35:99:6e:c5:fd:eb:3f:87:
                    65:2f:e9:65:bc:04:ed:09:c4:b2:94:13:f0:e0:6f:
                    10:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F1:54:8D:D6:26:62:F9:6C:5A:D5:98:2D:DE:EF:E7:4D:F9:5E:EC
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/CPFUjdYmYvlsWtWYLd7v5035Xuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:93:8c:09:0d:99:dd:d5:91:8b:85:88:9c:c3:4a:d9:8e:ca:
         55:47:59:a6:66:7e:b7:a9:9d:64:f9:b0:c9:90:8f:5d:10:9a:
         62:09:86:50:a9:69:02:c5:ad:96:db:2d:04:e9:3f:ef:85:cb:
         dd:75:17:04:20:11:b4:7c:ea:41:57:c1:49:21:f1:fc:31:f5:
         a1:4a:bf:8f:36:ab:b2:b7:b1:9d:08:f4:62:10:b6:a6:b1:be:
         ff:6e:41:01:33:a7:bb:02:c4:13:2b:05:03:1b:9f:b0:08:35:
         9a:b4:6b:80:ac:ca:81:6d:55:34:c6:d1:f3:db:00:c2:32:f9:
         9a:d1:97:f1:7c:c8:a0:82:fe:b0:98:40:fa:39:70:38:ea:f1:
         03:09:f1:d6:92:a6:f8:c5:fd:a9:01:d8:6a:de:b9:a8:d7:b4:
         9f:52:cb:91:ef:0e:46:1d:91:8b:c0:80:1e:5a:98:59:28:70:
         dd:05:43:a0:5a:50:1d:65:34:d9:ae:9c:4e:e6:21:77:ea:ae:
         fd:e6:e8:b3:7c:4a:c0:77:92:c7:7e:19:c3:e6:19:b7:4f:81:
         d7:b5:9e:b1:83:49:ed:c2:ea:6e:d6:01:a9:44:e3:0a:69:5e:
         a1:c9:36:1e:dc:f8:78:b0:f3:ec:85:19:84:60:9a:f6:8b:a4:
         4c:51:8e:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4B98rROsstgGde2urYXJhyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwNTA3MTAyNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGYxNTQ4ZGQ2MjY2MmY5NmM1YWQ1OTgyZGRlZWZlNzRkZjk1ZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDNpbCUSEqP876AeDOxU6xofY98t
qDI7IuuBpzghNQDmx3j2UNquIVs4QIdfkm/ZP4WxB9j8Srn5ixgZDAPCdW77XsSF
KxQCcJBQI+X5K8K88KlvfkIPrvW2rk6xoUHRcj5xI7THToT+HdwfQ6DBmQbrpYBz
ocybldXqy6eI0gmNWbrs6C6/3CVcAXTYEOrXYNOQ6A7Py2wk6ijGsLfg8heuuiww
GmPGgqGLxQ+x2kfTILdjbbP06yXewfHVfslqTTF+Gj6RO3XvMDgb5h/lF1MH0zmp
oAraX7upSvBOuhJdGZYEELk6NZluxf3rP4dlL+llvATtCcSylBPw4G8Q1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjxVI3WJmL5bFrVmC3e7+dN+V7sMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvQ1BGVWpkWW1ZdmxzV3RXWUxkN3Y1MDM1WHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg97XMA0G
CSqGSIb3DQEBCwUAA4IBAQBPk4wJDZnd1ZGLhYicw0rZjspVR1mmZn63qZ1k+bDJ
kI9dEJpiCYZQqWkCxa2W2y0E6T/vhcvddRcEIBG0fOpBV8FJIfH8MfWhSr+PNquy
t7GdCPRiELamsb7/bkEBM6e7AsQTKwUDG5+wCDWatGuArMqBbVU0xtHz2wDCMvma
0ZfxfMiggv6wmED6OXA46vEDCfHWkqb4xf2pAdhq3rmo17SfUsuR7w5GHZGLwIAe
WphZKHDdBUOgWlAdZTTZrpxO5iF36q795uizfErAd5LHfhnD5hm3T4HXtZ6xg0nt
wupu1gGpROMKaV6hyTYe3Ph4sPPshRmEYJr2i6RMUY4t
-----END CERTIFICATE-----