Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/8enyMWor3_lYLKCjn1VyH8Tmvvo.roa
File:                     8enyMWor3_lYLKCjn1VyH8Tmvvo.roa (raw, json)
Hash identifier:          DXWyK0t3vYkJHhUpLWAQ4emSxTNzSh9hNAKfoEpHYRo=
Subject key identifier:   F1:E9:F2:31:6A:2B:DF:F9:58:2C:A0:A3:9F:55:72:1F:C4:E6:BE:FA
Certificate issuer:       /CN=e43bac4a1bbba56cc434861a4c769ff9ce2d15ec
Certificate serial:       019CFB8EDC8F1493F4F48E21085979E43DFB
Authority key identifier: E4:3B:AC:4A:1B:BB:A5:6C:C4:34:86:1A:4C:76:9F:F9:CE:2D:15:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5DusShu7pWzENIYaTHaf-c4tFew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/8enyMWor3_lYLKCjn1VyH8Tmvvo.roa
Signing time:             Tue 17 Mar 2026 11:29:29 +0000
ROA not before:           Tue 17 Mar 2026 11:29:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200047
IP address blocks:        185.81.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/5DusShu7pWzENIYaTHaf-c4tFew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/5DusShu7pWzENIYaTHaf-c4tFew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5DusShu7pWzENIYaTHaf-c4tFew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 02:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:8e:dc:8f:14:93:f4:f4:8e:21:08:59:79:e4:3d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e43bac4a1bbba56cc434861a4c769ff9ce2d15ec
        Validity
            Not Before: Mar 17 11:29:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1e9f2316a2bdff9582ca0a39f55721fc4e6befa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d2:19:53:79:40:ff:bf:08:27:2b:35:ff:37:
                    d3:44:03:8e:61:6b:5c:c5:51:d4:a9:75:be:4c:6e:
                    e5:5d:34:1d:75:0c:e3:ef:29:10:2f:5d:93:ce:8f:
                    b8:55:0d:91:2c:db:77:5c:9e:be:2d:d3:87:ce:20:
                    9c:72:87:a5:dc:ad:ab:32:e5:2c:c9:1e:96:94:ed:
                    85:4d:1e:79:b6:08:26:16:8a:2b:4a:4e:ee:b5:88:
                    14:85:a9:55:f9:42:33:bc:a4:19:fe:d8:ed:06:61:
                    4e:60:43:49:ae:71:27:55:38:61:fa:55:a8:e8:ca:
                    a6:28:6a:7a:6b:eb:4d:e7:90:b2:50:f6:b6:11:88:
                    63:e2:1a:2c:d7:16:e0:d7:3f:ad:8c:25:20:13:31:
                    c8:aa:d5:67:4e:73:b7:79:8a:0a:68:a4:8c:fa:77:
                    1e:ef:0e:9d:bc:19:fc:de:f3:7c:93:ac:72:12:d9:
                    23:e6:6d:b9:b3:65:21:85:7e:e9:b7:b3:b8:11:18:
                    12:22:12:69:44:6e:47:e1:e7:93:07:83:16:6b:fa:
                    ef:9d:43:24:59:a3:4c:72:6c:07:d5:dc:c3:ae:45:
                    66:fa:00:dd:e9:8c:f6:4e:e7:ab:a4:a7:f9:16:ee:
                    86:1a:3c:21:8d:7a:ae:e0:22:cd:ff:18:79:21:37:
                    46:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E9:F2:31:6A:2B:DF:F9:58:2C:A0:A3:9F:55:72:1F:C4:E6:BE:FA
            X509v3 Authority Key Identifier:
                keyid:E4:3B:AC:4A:1B:BB:A5:6C:C4:34:86:1A:4C:76:9F:F9:CE:2D:15:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5DusShu7pWzENIYaTHaf-c4tFew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/8enyMWor3_lYLKCjn1VyH8Tmvvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/5DusShu7pWzENIYaTHaf-c4tFew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:77:80:cd:8b:7f:5d:0f:de:1e:65:3f:c3:1c:f1:c8:3a:34:
         b1:ec:0c:9c:b8:f2:e2:87:52:94:52:af:90:14:31:35:6c:9e:
         73:3b:fa:c0:1e:4d:01:a6:46:1e:f1:73:ba:8a:55:62:fc:7f:
         dc:e5:27:d8:45:39:f5:4a:1b:6d:40:fe:99:ba:7b:1a:ac:b4:
         dc:25:2b:b5:bb:b9:f7:26:4a:5a:fb:28:ed:aa:4b:30:82:a0:
         d7:ff:42:6d:7b:e0:49:d3:d0:70:a8:19:07:88:d3:0e:5d:e6:
         82:f5:56:9f:02:2f:89:28:4d:c4:a3:71:91:41:3c:1f:96:3b:
         bd:c7:8c:6b:0e:00:3f:45:c9:3b:47:aa:19:d7:39:1a:86:16:
         c2:90:13:fc:67:f0:c1:77:34:1c:81:83:32:4b:40:dd:a5:a5:
         15:f0:57:f9:63:74:7e:cd:53:e0:65:f4:ac:fa:ce:0f:74:ef:
         0c:05:aa:16:e5:61:2c:e2:87:47:79:96:27:50:8b:ff:07:b2:
         9c:03:63:3c:77:9a:42:d2:3e:a5:42:0d:d5:e3:05:79:0f:a8:
         23:a3:4a:52:dd:24:0f:62:74:1a:fd:70:7c:4d:f6:9e:ef:c4:
         3d:b0:d4:cb:d8:34:22:2d:6d:ba:46:b8:a4:3e:b9:7d:91:a6:
         ae:38:75:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz7jtyPFJP09I4hCFl55D37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0M2JhYzRhMWJiYmE1NmNjNDM0ODYxYTRjNzY5ZmY5Y2Uy
ZDE1ZWMwHhcNMjYwMzE3MTEyOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWU5ZjIzMTZhMmJkZmY5NTgyY2EwYTM5ZjU1NzIxZmM0ZTZiZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdIZU3lA/78IJys1/zfTRAOOYWtc
xVHUqXW+TG7lXTQddQzj7ykQL12Tzo+4VQ2RLNt3XJ6+LdOHziCccoel3K2rMuUs
yR6WlO2FTR55tggmFoorSk7utYgUhalV+UIzvKQZ/tjtBmFOYENJrnEnVThh+lWo
6MqmKGp6a+tN55CyUPa2EYhj4hos1xbg1z+tjCUgEzHIqtVnTnO3eYoKaKSM+nce
7w6dvBn83vN8k6xyEtkj5m25s2UhhX7pt7O4ERgSIhJpRG5H4eeTB4MWa/rvnUMk
WaNMcmwH1dzDrkVm+gDd6Yz2TuerpKf5Fu6GGjwhjXqu4CLN/xh5ITdG9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHp8jFqK9/5WCygo59Vch/E5r76MB8GA1UdIwQY
MBaAFOQ7rEobu6VsxDSGGkx2n/nOLRXsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUR1c1NodTdwV3pFTklZYVRIYWYtYzR0RmV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMmFiMGYtYmU0My00NjY1LWJiYWEt
MWNkM2NiMDdlZjVkLzEvOGVueU1Xb3IzX2xZTEtDam4xVnlIOFRtdnZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMmFiMGYtYmU0My00NjY1LWJiYWEtMWNkM2NiMDdlZjVk
LzEvNUR1c1NodTdwV3pFTklZYVRIYWYtYzR0RmV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVFpMA0G
CSqGSIb3DQEBCwUAA4IBAQAod4DNi39dD94eZT/DHPHIOjSx7AycuPLih1KUUq+Q
FDE1bJ5zO/rAHk0BpkYe8XO6ilVi/H/c5SfYRTn1ShttQP6ZunsarLTcJSu1u7n3
Jkpa+yjtqkswgqDX/0Jte+BJ09BwqBkHiNMOXeaC9VafAi+JKE3Eo3GRQTwflju9
x4xrDgA/Rck7R6oZ1zkahhbCkBP8Z/DBdzQcgYMyS0DdpaUV8Ff5Y3R+zVPgZfSs
+s4PdO8MBaoW5WEs4odHeZYnUIv/B7KcA2M8d5pC0j6lQg3V4wV5D6gjo0pS3SQP
YnQa/XB8Tfae78Q9sNTL2DQiLW26RrikPrl9kaauOHWN
-----END CERTIFICATE-----