Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/SVUjKuzZ_ORsIdZ9huGbzPV9buQ.roa
File:                     SVUjKuzZ_ORsIdZ9huGbzPV9buQ.roa (raw, json)
Hash identifier:          Nvnw35bKd31dDdLFTiIRL9x4aYLcyT04hwpnW9gAJbM=
Subject key identifier:   49:55:23:2A:EC:D9:FC:E4:6C:21:D6:7D:86:E1:9B:CC:F5:7D:6E:E4
Certificate issuer:       /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial:       019E17EEF4BD0004AD657877E3F80869A2CA
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/SVUjKuzZ_ORsIdZ9huGbzPV9buQ.roa
Signing time:             Mon 11 May 2026 16:46:36 +0000
ROA not before:           Mon 11 May 2026 16:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        141.98.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:17:ee:f4:bd:00:04:ad:65:78:77:e3:f8:08:69:a2:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
        Validity
            Not Before: May 11 16:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4955232aecd9fce46c21d67d86e19bccf57d6ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f2:10:23:a0:5a:f8:57:07:08:c7:d2:d3:1b:
                    cc:ed:0a:e2:53:81:32:34:e5:10:30:c6:97:87:a1:
                    5b:db:86:7d:08:81:ee:25:45:a5:a5:06:79:85:05:
                    ca:d4:e2:e7:2c:74:d5:70:c7:c6:42:be:5b:b9:4f:
                    83:9e:5f:7b:66:fa:e7:22:10:c7:92:79:af:1e:8d:
                    11:69:4b:76:64:47:2d:71:73:5e:16:02:2f:7e:1e:
                    5e:df:c1:a5:0a:7b:84:65:92:d4:2c:f0:e4:4c:08:
                    21:a0:ec:ec:28:74:42:84:f6:2c:51:d2:40:c7:b1:
                    65:d6:ae:88:33:f4:8d:10:43:bd:0c:b6:c9:14:4d:
                    e2:3b:64:15:2c:ac:0f:32:6d:21:0f:8a:03:f1:5c:
                    23:d7:b6:4e:d6:a8:1b:70:84:4e:72:e6:12:9e:b1:
                    25:0b:c6:f9:39:79:20:ba:73:5f:2a:3c:ac:d0:86:
                    8b:ea:71:68:c5:7c:e8:5f:7b:53:ad:ce:8f:f7:14:
                    85:ce:43:08:72:b6:3b:26:de:f2:d0:d3:11:f9:7c:
                    b8:9f:10:4c:6b:06:64:80:4a:40:f8:4e:07:8a:4c:
                    4e:14:5b:0d:49:d5:9f:b5:ef:bb:f0:fc:ab:24:a4:
                    5c:77:5a:6b:68:30:26:ca:74:ea:1c:ae:5c:87:9d:
                    03:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:55:23:2A:EC:D9:FC:E4:6C:21:D6:7D:86:E1:9B:CC:F5:7D:6E:E4
            X509v3 Authority Key Identifier:
                keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/SVUjKuzZ_ORsIdZ9huGbzPV9buQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:ac:56:94:77:63:16:54:a9:13:68:e6:4c:d4:3f:6d:fc:a4:
         b2:15:6b:a6:97:66:f9:94:1d:88:f8:6b:82:7b:62:db:c8:38:
         54:7c:51:10:6f:68:9b:bb:aa:6b:ce:ca:05:17:72:ad:81:2c:
         7e:ad:a5:41:89:bf:67:9d:9d:87:97:6c:f0:0d:56:c9:8f:09:
         c1:15:8b:71:6f:bb:ad:1c:da:ff:fe:c1:31:4d:57:3b:ed:54:
         ab:6c:56:a0:38:2f:dd:0d:51:1e:c4:00:60:f1:31:a0:f6:14:
         92:bc:45:e7:50:04:70:1b:07:f9:56:61:22:f2:c2:05:da:15:
         0c:0f:95:a7:41:a4:30:5d:03:89:d5:5a:d7:3a:05:dd:b7:eb:
         81:3d:e9:22:76:b3:1b:c8:4f:c6:fb:81:84:1c:44:48:25:c1:
         dc:11:ef:5f:30:a1:66:b3:13:14:32:df:27:1f:dd:d6:3c:38:
         cd:46:d0:60:3d:0a:db:69:68:d5:f4:c6:af:2d:bb:97:fb:8c:
         ed:91:40:28:8a:b2:65:d5:00:dc:25:bf:66:e3:a3:ac:21:6a:
         79:df:65:c6:cb:49:be:0b:00:d3:c4:e5:9d:2c:37:7b:95:6d:
         00:7c:a8:7f:32:30:2f:a3:ca:23:13:e9:48:5a:ff:69:e3:b0:
         69:a4:f9:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4X7vS9AAStZXh34/gIaaLKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjYwNTExMTY0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTU1MjMyYWVjZDlmY2U0NmMyMWQ2N2Q4NmUxOWJjY2Y1N2Q2ZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PIQI6Ba+FcHCMfS0xvM7QriU4Ey
NOUQMMaXh6Fb24Z9CIHuJUWlpQZ5hQXK1OLnLHTVcMfGQr5buU+Dnl97ZvrnIhDH
knmvHo0RaUt2ZEctcXNeFgIvfh5e38GlCnuEZZLULPDkTAghoOzsKHRChPYsUdJA
x7Fl1q6IM/SNEEO9DLbJFE3iO2QVLKwPMm0hD4oD8Vwj17ZO1qgbcIROcuYSnrEl
C8b5OXkgunNfKjys0IaL6nFoxXzoX3tTrc6P9xSFzkMIcrY7Jt7y0NMR+Xy4nxBM
awZkgEpA+E4HikxOFFsNSdWfte+78PyrJKRcd1praDAmynTqHK5ch50DZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElVIyrs2fzkbCHWfYbhm8z1fW7kMB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEvU1ZVakt1elpfT1JzSWRaOWh1R2J6UFY5YnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMtNzRkOTFjZGJlMTk1
LzEvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWIBMA0G
CSqGSIb3DQEBCwUAA4IBAQBFrFaUd2MWVKkTaOZM1D9t/KSyFWuml2b5lB2I+GuC
e2LbyDhUfFEQb2ibu6przsoFF3KtgSx+raVBib9nnZ2Hl2zwDVbJjwnBFYtxb7ut
HNr//sExTVc77VSrbFagOC/dDVEexABg8TGg9hSSvEXnUARwGwf5VmEi8sIF2hUM
D5WnQaQwXQOJ1VrXOgXdt+uBPekidrMbyE/G+4GEHERIJcHcEe9fMKFmsxMUMt8n
H93WPDjNRtBgPQrbaWjV9MavLbuX+4ztkUAoirJl1QDcJb9m46OsIWp532XGy0m+
CwDTxOWdLDd7lW0AfKh/MjAvo8ojE+lIWv9p47BppPnT
-----END CERTIFICATE-----