Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/c-uurSvFwdZ4HnQ-2FusksHz4JY.roa
File:                     c-uurSvFwdZ4HnQ-2FusksHz4JY.roa (raw, json)
Hash identifier:          L6sexLXbR65THJCvf0Zc/VUy29DDIcDYXnW872IpKPc=
Subject key identifier:   73:EB:AE:AD:2B:C5:C1:D6:78:1E:74:3E:D8:5B:AC:92:C1:F3:E0:96
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       019DF242FB48927931F52E0897099B164D1B
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/c-uurSvFwdZ4HnQ-2FusksHz4JY.roa
Signing time:             Mon 04 May 2026 09:12:49 +0000
ROA not before:           Mon 04 May 2026 09:12:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199524
IP address blocks:        141.98.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 12:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:42:fb:48:92:79:31:f5:2e:08:97:09:9b:16:4d:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: May  4 09:12:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73ebaead2bc5c1d6781e743ed85bac92c1f3e096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:fa:c2:c2:28:66:dc:aa:81:f8:fb:e8:cd:68:
                    ab:b8:cf:05:e5:18:cc:54:ea:65:8d:f4:fe:b8:a9:
                    9b:9f:e3:07:0c:7b:ea:72:77:c1:f3:f3:e0:21:00:
                    38:5d:9d:d7:9b:71:6a:73:b1:dc:31:7b:25:31:72:
                    e6:3d:5a:8c:2a:95:4c:41:64:92:3c:36:53:a6:73:
                    82:12:61:ab:ab:d4:23:19:98:b7:2f:72:0a:82:90:
                    05:e0:15:86:3b:1d:88:f6:02:81:5a:aa:45:10:5a:
                    71:ae:86:9a:a3:af:39:16:37:92:61:60:aa:0d:29:
                    23:ca:38:1b:d7:c5:fd:bf:41:75:0f:ac:5f:12:ac:
                    76:cf:1e:58:37:ac:99:bf:96:b2:d7:ff:4b:8f:60:
                    f6:ee:b4:6b:c1:25:05:16:7a:09:91:a2:99:03:30:
                    5d:32:66:29:eb:26:22:03:c5:4c:c7:d1:55:52:8b:
                    31:a7:1d:ef:18:14:c9:0f:90:54:9d:d6:ea:2f:4f:
                    ea:bc:bf:cc:ae:19:db:bb:a6:e3:c8:54:ea:46:28:
                    8d:8d:fc:f4:73:0b:f9:1b:79:12:b7:3f:4f:dd:42:
                    1e:4f:49:46:42:24:c2:b1:54:42:c7:70:c1:34:25:
                    f2:30:1e:e4:5e:ae:45:ff:6d:8f:43:02:4d:fa:5a:
                    9b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:EB:AE:AD:2B:C5:C1:D6:78:1E:74:3E:D8:5B:AC:92:C1:F3:E0:96
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/c-uurSvFwdZ4HnQ-2FusksHz4JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:da:43:d0:dc:70:73:ea:76:7c:59:23:36:ea:13:7f:eb:f3:
         a0:85:4d:0c:75:bd:81:db:97:3c:07:d1:df:26:25:87:d4:da:
         ec:08:aa:f1:b0:a9:14:71:37:25:7c:fa:1d:32:f8:ba:49:33:
         e8:02:f8:25:fa:77:31:4a:e9:79:9e:83:81:9c:5a:43:23:3d:
         3d:24:63:49:53:19:b4:87:7f:d3:e3:52:c3:ec:0b:9f:8c:22:
         2f:44:7b:02:46:ad:63:76:9f:17:1d:91:48:cf:b5:b0:61:20:
         ef:69:f5:6c:31:9c:02:82:41:41:3e:ed:1d:32:13:ee:be:76:
         a2:25:44:4b:cc:53:45:a1:0f:fb:d1:55:90:35:d2:6f:78:15:
         fe:c7:d5:a9:f5:c7:02:b9:57:c7:e4:c2:66:da:1d:16:70:8f:
         ae:20:48:b2:b2:f2:69:85:d7:de:cf:03:0d:33:a2:cf:bc:46:
         aa:ca:57:c6:90:5c:3d:d5:cd:d5:a5:2e:27:f3:67:0c:67:45:
         44:68:ab:12:8e:27:16:e3:c1:ed:c6:f9:48:9c:8f:dc:10:6c:
         1c:64:04:14:f4:44:d4:ca:f2:13:55:1e:69:76:22:a8:c6:0e:
         d7:b2:be:8a:6e:37:bc:c0:32:23:df:67:0d:17:7d:8a:ce:29:
         03:0f:e7:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3yQvtIknkx9S4IlwmbFk0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjYwNTA0MDkxMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2ViYWVhZDJiYzVjMWQ2NzgxZTc0M2VkODViYWM5MmMxZjNlMDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/rCwihm3KqB+PvozWiruM8F5RjM
VOpljfT+uKmbn+MHDHvqcnfB8/PgIQA4XZ3Xm3Fqc7HcMXslMXLmPVqMKpVMQWSS
PDZTpnOCEmGrq9QjGZi3L3IKgpAF4BWGOx2I9gKBWqpFEFpxroaao685FjeSYWCq
DSkjyjgb18X9v0F1D6xfEqx2zx5YN6yZv5ay1/9Lj2D27rRrwSUFFnoJkaKZAzBd
MmYp6yYiA8VMx9FVUosxpx3vGBTJD5BUndbqL0/qvL/Mrhnbu6bjyFTqRiiNjfz0
cwv5G3kStz9P3UIeT0lGQiTCsVRCx3DBNCXyMB7kXq5F/22PQwJN+lqbDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPrrq0rxcHWeB50PthbrJLB8+CWMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvYy11dXJTdkZ3ZFo0SG5RLTJGdXNrc0h6NEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWKVMA0G
CSqGSIb3DQEBCwUAA4IBAQDT2kPQ3HBz6nZ8WSM26hN/6/OghU0Mdb2B25c8B9Hf
JiWH1NrsCKrxsKkUcTclfPodMvi6STPoAvgl+ncxSul5noOBnFpDIz09JGNJUxm0
h3/T41LD7AufjCIvRHsCRq1jdp8XHZFIz7WwYSDvafVsMZwCgkFBPu0dMhPuvnai
JURLzFNFoQ/70VWQNdJveBX+x9Wp9ccCuVfH5MJm2h0WcI+uIEiysvJphdfezwMN
M6LPvEaqylfGkFw91c3VpS4n82cMZ0VEaKsSjicW48HtxvlInI/cEGwcZAQU9ETU
yvITVR5pdiKoxg7Xsr6Kbje8wDIj32cNF32KzikDD+fO
-----END CERTIFICATE-----