Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/20nj6fj9ACSoaOo0uPyyVoB6gFs.roa
File:                     20nj6fj9ACSoaOo0uPyyVoB6gFs.roa (raw, json)
Hash identifier:          pLtqyR1QshbH6QRp8Nl1NpX0u7W9BailDngIhIvSqoA=
Subject key identifier:   DB:49:E3:E9:F8:FD:00:24:A8:68:EA:34:B8:FC:B2:56:80:7A:80:5B
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019E49BC97E2E1B3781A06C7F8426F213B47
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/20nj6fj9ACSoaOo0uPyyVoB6gFs.roa
Signing time:             Thu 21 May 2026 08:52:36 +0000
ROA not before:           Thu 21 May 2026 08:52:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216020
IP address blocks:        185.224.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:bc:97:e2:e1:b3:78:1a:06:c7:f8:42:6f:21:3b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 21 08:52:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db49e3e9f8fd0024a868ea34b8fcb256807a805b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:74:3f:3d:0c:ce:6d:33:38:73:74:c3:76:09:
                    ee:5d:d7:6d:33:58:f2:0e:08:c3:68:fb:21:64:74:
                    db:fb:4b:d1:e4:c0:1b:43:a0:f5:f3:61:1e:0a:2d:
                    ee:06:4b:22:96:86:f8:9d:a4:f9:b5:a6:e9:97:59:
                    c7:00:92:9a:f5:78:c7:38:3c:cc:27:04:d2:3e:4d:
                    00:37:a3:da:3a:2d:4c:5a:b4:43:9b:4c:22:45:b5:
                    39:7f:d0:db:75:6b:ba:a6:24:0d:a7:e7:8c:29:a4:
                    9d:5b:41:80:d7:fb:4b:9e:5a:c0:06:71:73:bb:5e:
                    f8:fa:9c:42:ca:bd:78:d4:b8:2e:05:49:ca:b8:57:
                    b6:c2:d4:d8:d2:cf:cf:88:e1:75:38:bc:d2:52:3f:
                    07:51:7d:f2:bd:e8:9e:99:d8:b3:66:f1:37:28:84:
                    7a:4e:37:12:f3:32:27:94:9c:d6:7f:cc:b3:06:04:
                    ee:fa:46:eb:02:a7:71:a6:0b:a5:ea:90:f7:4e:fd:
                    28:86:2d:e0:5e:f1:47:e3:f1:f9:3d:84:2d:fd:9f:
                    73:0e:07:d2:c2:18:36:bc:fd:57:3b:03:75:e0:4e:
                    a8:6d:f8:df:19:8b:3d:86:2b:0f:a2:27:a8:83:2d:
                    f1:48:6d:5a:80:a3:4f:a3:f4:b9:32:b5:05:4c:dd:
                    c0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:49:E3:E9:F8:FD:00:24:A8:68:EA:34:B8:FC:B2:56:80:7A:80:5B
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/20nj6fj9ACSoaOo0uPyyVoB6gFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:8c:82:a1:5f:82:22:37:a9:07:67:60:93:ae:4f:8f:09:dd:
         e0:0a:d3:f4:90:16:26:bc:92:c3:37:3d:db:a8:1f:eb:e1:fb:
         16:1f:02:bc:f4:2c:22:a2:08:08:0b:69:48:c1:bb:eb:65:8b:
         9d:20:e4:9d:7a:e1:2a:64:ca:2e:85:df:14:80:89:05:59:73:
         d3:26:72:b3:84:9d:6c:df:1a:67:33:ce:7c:2d:e6:e2:c6:ff:
         e0:df:c7:aa:fa:19:08:1f:68:2d:63:8a:a1:ca:87:41:dc:da:
         e4:75:4e:d3:94:cc:12:0c:f8:62:cd:51:66:ae:7f:a3:d2:65:
         e9:d1:79:15:52:b8:c9:dd:2c:47:b3:e1:56:27:96:91:61:db:
         96:0a:0f:42:da:49:f7:85:63:a6:eb:ae:b9:f8:23:bc:d7:00:
         9c:e5:3b:10:8b:41:57:28:a8:b8:09:c7:de:4e:5b:9b:69:05:
         56:0a:06:a5:86:ff:ac:eb:64:b5:30:23:f6:2f:03:cf:3f:e0:
         a9:c2:93:aa:fa:0c:03:06:e7:ec:c0:7e:fe:8d:9b:60:f2:77:
         0a:12:c1:aa:98:13:1f:cd:7e:62:c3:4a:3b:3c:50:af:4d:98:
         bc:6d:4b:2f:97:4f:8e:c1:cc:9b:ff:bc:a0:c6:1e:48:ba:6c:
         ce:21:b7:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5JvJfi4bN4GgbH+EJvITtHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNTIxMDg1MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjQ5ZTNlOWY4ZmQwMDI0YTg2OGVhMzRiOGZjYjI1NjgwN2E4MDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXQ/PQzObTM4c3TDdgnuXddtM1jy
DgjDaPshZHTb+0vR5MAbQ6D182EeCi3uBksilob4naT5tabpl1nHAJKa9XjHODzM
JwTSPk0AN6PaOi1MWrRDm0wiRbU5f9DbdWu6piQNp+eMKaSdW0GA1/tLnlrABnFz
u174+pxCyr141LguBUnKuFe2wtTY0s/PiOF1OLzSUj8HUX3yveiemdizZvE3KIR6
TjcS8zInlJzWf8yzBgTu+kbrAqdxpgul6pD3Tv0ohi3gXvFH4/H5PYQt/Z9zDgfS
whg2vP1XOwN14E6obfjfGYs9hisPoieogy3xSG1agKNPo/S5MrUFTN3A0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtJ4+n4/QAkqGjqNLj8slaAeoBbMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvMjBuajZmajlBQ1NvYU9vMHVQeXlWb0I2Z0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueAAMA0G
CSqGSIb3DQEBCwUAA4IBAQCxjIKhX4IiN6kHZ2CTrk+PCd3gCtP0kBYmvJLDNz3b
qB/r4fsWHwK89CwioggIC2lIwbvrZYudIOSdeuEqZMouhd8UgIkFWXPTJnKzhJ1s
3xpnM858Lebixv/g38eq+hkIH2gtY4qhyodB3NrkdU7TlMwSDPhizVFmrn+j0mXp
0XkVUrjJ3SxHs+FWJ5aRYduWCg9C2kn3hWOm6665+CO81wCc5TsQi0FXKKi4Ccfe
TlubaQVWCgalhv+s62S1MCP2LwPPP+CpwpOq+gwDBufswH7+jZtg8ncKEsGqmBMf
zX5iw0o7PFCvTZi8bUsvl0+Owcyb/7ygxh5IumzOIbfB
-----END CERTIFICATE-----