Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/s1oHfqyCww86fMTI-WD47O7xY1I.roa
File:                     s1oHfqyCww86fMTI-WD47O7xY1I.roa (raw, json)
Hash identifier:          jABB7wsQAAHh23L3arHMXWVypJULL+0MbAIfD+icFqU=
Subject key identifier:   B3:5A:07:7E:AC:82:C3:0F:3A:7C:C4:C8:F9:60:F8:EC:EE:F1:63:52
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019E831FE9A57DE6CB6E25E43F79C3E371F9
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/s1oHfqyCww86fMTI-WD47O7xY1I.roa
Signing time:             Mon 01 Jun 2026 12:19:27 +0000
ROA not before:           Mon 01 Jun 2026 12:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58061
IP address blocks:        91.207.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jun 2026 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:1f:e9:a5:7d:e6:cb:6e:25:e4:3f:79:c3:e3:71:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun  1 12:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b35a077eac82c30f3a7cc4c8f960f8eceef16352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8c:9f:07:b8:66:4d:a9:a0:49:07:14:8d:a0:
                    be:64:77:15:5b:09:d6:12:5a:d0:51:a1:01:ca:5e:
                    10:78:6e:f6:35:ed:d1:ea:5a:ba:d0:ec:c0:6e:ba:
                    a3:f2:20:60:ee:70:68:68:3f:1b:a4:fb:ff:8a:22:
                    ec:9b:a9:c6:ea:6f:dc:ee:4a:f9:04:e8:cf:80:8a:
                    00:6c:46:f5:76:70:39:fd:36:2d:71:85:b1:8b:a4:
                    5f:6c:38:4c:12:11:45:6b:ed:0e:c6:c0:2c:cf:32:
                    b7:c3:fa:df:79:80:b7:4d:b0:bf:ff:f7:1f:9e:68:
                    5d:d3:fd:d0:99:49:34:98:6a:90:ec:4b:18:40:75:
                    09:4a:3d:bf:3b:30:58:aa:29:74:5c:c2:19:7a:c2:
                    f5:24:22:7c:1b:7b:5b:ff:1a:49:33:cf:55:54:e0:
                    08:be:df:21:ff:d9:1c:8c:f1:76:0a:94:e5:c0:1a:
                    ee:02:76:2b:78:ac:14:3b:7b:fb:45:70:e0:0d:b5:
                    c1:a1:24:4d:4f:c3:7b:45:82:4f:6c:eb:38:33:66:
                    80:42:26:d8:ee:72:01:9a:68:b3:70:71:21:22:ef:
                    20:c3:39:f2:cf:1e:0d:1c:32:e4:cb:ed:62:00:da:
                    d9:f8:60:63:43:17:99:af:a7:1c:14:db:12:8a:df:
                    04:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5A:07:7E:AC:82:C3:0F:3A:7C:C4:C8:F9:60:F8:EC:EE:F1:63:52
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/s1oHfqyCww86fMTI-WD47O7xY1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:af:23:76:13:4d:7c:79:66:e5:0a:d5:20:73:a4:62:8e:25:
         df:2c:ff:8e:e8:82:73:bc:82:5e:5c:09:41:37:3f:e7:d8:95:
         d1:cc:94:0d:7b:19:dc:b6:6f:bc:d8:74:86:79:a9:af:04:f5:
         78:ce:45:8d:09:4c:39:23:d9:74:2b:93:4a:12:1b:ed:c9:c7:
         b8:21:c5:56:af:22:21:7c:cb:bb:30:1f:21:c7:c7:43:b0:21:
         30:10:a1:99:02:17:fe:60:4a:2d:24:f4:59:16:50:ae:ba:6f:
         1f:e1:d3:47:50:ed:1a:4a:11:1e:fb:73:a7:6a:0d:2a:e4:59:
         ef:20:53:2b:8c:25:09:e6:2b:f6:56:a4:bf:47:d8:be:1f:9b:
         46:13:ac:ef:04:a6:80:18:ae:34:23:f1:76:24:2c:35:82:97:
         d2:34:db:a8:c2:67:14:ea:cb:91:a8:c6:37:dc:6d:25:25:bf:
         2e:70:e6:f9:34:ea:3a:a7:76:fc:a8:7d:ef:c9:6c:8a:43:56:
         5c:82:ec:93:4b:e3:ad:0c:64:c4:3e:a2:4a:d6:0e:a2:0b:bd:
         37:36:0e:62:ec:ed:12:14:c8:4e:a7:00:38:1f:57:48:4a:1e:
         5b:d1:26:0d:fb:ab:ed:3a:1b:8c:4e:96:59:fc:c0:ae:74:4b:
         44:6e:58:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DH+mlfebLbiXkP3nD43H5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNjAxMTIxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzVhMDc3ZWFjODJjMzBmM2E3Y2M0YzhmOTYwZjhlY2VlZjE2MzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYyfB7hmTamgSQcUjaC+ZHcVWwnW
ElrQUaEByl4QeG72Ne3R6lq60OzAbrqj8iBg7nBoaD8bpPv/iiLsm6nG6m/c7kr5
BOjPgIoAbEb1dnA5/TYtcYWxi6RfbDhMEhFFa+0OxsAszzK3w/rfeYC3TbC///cf
nmhd0/3QmUk0mGqQ7EsYQHUJSj2/OzBYqil0XMIZesL1JCJ8G3tb/xpJM89VVOAI
vt8h/9kcjPF2CpTlwBruAnYreKwUO3v7RXDgDbXBoSRNT8N7RYJPbOs4M2aAQibY
7nIBmmizcHEhIu8gwznyzx4NHDLky+1iANrZ+GBjQxeZr6ccFNsSit8EDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNaB36sgsMPOnzEyPlg+Ozu8WNSMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvczFvSGZxeUN3dzg2Zk1USS1XRDQ3Tzd4WTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW890MA0G
CSqGSIb3DQEBCwUAA4IBAQDEryN2E018eWblCtUgc6RijiXfLP+O6IJzvIJeXAlB
Nz/n2JXRzJQNexnctm+82HSGeamvBPV4zkWNCUw5I9l0K5NKEhvtyce4IcVWryIh
fMu7MB8hx8dDsCEwEKGZAhf+YEotJPRZFlCuum8f4dNHUO0aShEe+3Onag0q5Fnv
IFMrjCUJ5iv2VqS/R9i+H5tGE6zvBKaAGK40I/F2JCw1gpfSNNuowmcU6suRqMY3
3G0lJb8ucOb5NOo6p3b8qH3vyWyKQ1ZcguyTS+OtDGTEPqJK1g6iC703Ng5i7O0S
FMhOpwA4H1dISh5b0SYN+6vtOhuMTpZZ/MCudEtEblh4
-----END CERTIFICATE-----