Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/8UzfUWJvn8I9_AC0AqDko2JvNLk.roa
File:                     8UzfUWJvn8I9_AC0AqDko2JvNLk.roa (raw, json)
Hash identifier:          0Vz8FiIdw8A6JBB2ikazw0zl4TrRKvJ5OhWokpICGeU=
Subject key identifier:   F1:4C:DF:51:62:6F:9F:C2:3D:FC:00:B4:02:A0:E4:A3:62:6F:34:B9
Certificate issuer:       /CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Certificate serial:       019CDEBF1633E7E779BB3266640B672E4EF0
Authority key identifier: 9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/8UzfUWJvn8I9_AC0AqDko2JvNLk.roa
Signing time:             Wed 11 Mar 2026 21:13:10 +0000
ROA not before:           Wed 11 Mar 2026 21:13:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55933
IP address blocks:        116.206.95.0/24 maxlen: 24
                          144.48.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:de:bf:16:33:e7:e7:79:bb:32:66:64:0b:67:2e:4e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
        Validity
            Not Before: Mar 11 21:13:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f14cdf51626f9fc23dfc00b402a0e4a3626f34b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:17:79:1f:e3:68:da:53:4f:da:4b:6e:5b:6d:
                    4a:a7:77:62:ab:b5:90:36:19:81:6f:8e:04:65:60:
                    99:c1:5b:21:05:32:83:53:23:3e:c5:4b:a8:bf:08:
                    6f:9b:b6:67:88:0c:08:a2:11:68:22:0d:8a:87:d6:
                    25:b4:9f:37:c5:ea:03:11:e2:af:38:35:8e:e2:04:
                    d7:20:11:5a:a2:8a:ba:67:d3:ff:fa:dd:4e:53:89:
                    7b:3d:69:99:3d:63:5b:4c:37:b0:6d:98:e9:0f:21:
                    9f:14:94:42:29:49:5e:f5:43:84:23:c3:38:3a:3a:
                    62:40:58:94:cf:59:27:d0:cf:a0:20:e1:4c:3a:82:
                    4a:d5:01:55:f3:e9:4b:41:e4:18:bc:63:52:d5:16:
                    4d:6b:7c:7b:5d:89:4d:df:e2:c8:b6:ff:bf:d6:c3:
                    b3:15:e0:4d:a3:91:db:60:3d:df:8f:c5:e7:38:2a:
                    87:23:06:23:e5:28:71:08:67:41:22:8b:da:41:33:
                    27:f3:c4:22:44:76:81:49:ba:de:06:e2:94:9b:50:
                    d9:a5:59:47:62:4a:78:0f:4f:bd:f6:38:30:46:86:
                    41:4c:ba:1e:4b:af:76:2e:75:37:e9:fc:dc:aa:6f:
                    17:b3:9a:31:06:ca:fb:1f:06:78:90:2c:45:a1:0d:
                    22:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:4C:DF:51:62:6F:9F:C2:3D:FC:00:B4:02:A0:E4:A3:62:6F:34:B9
            X509v3 Authority Key Identifier:
                keyid:9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/8UzfUWJvn8I9_AC0AqDko2JvNLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.206.95.0/24
                  144.48.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:3c:29:22:24:27:d5:db:32:ea:1d:e2:fc:e0:2a:af:0f:57:
         e0:fe:06:44:27:72:34:4c:04:f2:e7:7f:ab:98:9b:87:d3:32:
         16:c5:62:17:94:79:00:da:de:88:5e:b8:05:9a:00:b3:60:7d:
         5e:33:4c:b3:cc:87:7b:61:49:b1:30:4b:43:bc:1e:e6:78:c3:
         86:32:21:b0:85:35:08:1c:9f:54:87:58:d1:4f:bc:1b:28:53:
         ca:cf:03:e7:db:68:e9:cb:4e:07:cc:89:e5:63:e9:b4:90:dd:
         91:30:ce:c0:56:54:fd:15:25:6f:78:18:d7:e2:f2:02:0a:70:
         f8:a5:a9:e2:a0:3f:34:80:33:99:ca:3e:28:ec:e1:06:9b:57:
         b4:b3:f8:e1:21:3a:8d:37:30:f2:cd:80:88:5e:06:ac:5c:90:
         91:24:4a:7d:c4:db:b8:a8:37:75:62:7a:1c:3b:54:b8:14:bd:
         91:55:db:30:32:cb:25:fa:3b:c7:35:7e:f9:38:b4:ee:7f:c5:
         15:2f:82:7e:39:1c:f0:ae:20:3d:24:89:3b:40:4d:48:f4:de:
         7f:6e:4a:d7:f3:9c:7c:d4:0c:09:77:f9:74:1e:3d:24:1f:20:
         b1:4a:1f:7c:a6:10:0d:12:59:c6:c6:14:1b:cb:60:72:6b:f2:
         85:5d:8c:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzevxYz5+d5uzJmZAtnLk7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMzEyZTkyOTdiYzFkMjdlYmViNDc2ZGVhMGVlMTVkZDc1
NjU0MmQwHhcNMjYwMzExMjExMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTRjZGY1MTYyNmY5ZmMyM2RmYzAwYjQwMmEwZTRhMzYyNmYzNGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshd5H+No2lNP2ktuW21Kp3diq7WQ
NhmBb44EZWCZwVshBTKDUyM+xUuovwhvm7ZniAwIohFoIg2Kh9YltJ83xeoDEeKv
ODWO4gTXIBFaooq6Z9P/+t1OU4l7PWmZPWNbTDewbZjpDyGfFJRCKUle9UOEI8M4
OjpiQFiUz1kn0M+gIOFMOoJK1QFV8+lLQeQYvGNS1RZNa3x7XYlN3+LItv+/1sOz
FeBNo5HbYD3fj8XnOCqHIwYj5ShxCGdBIovaQTMn88QiRHaBSbreBuKUm1DZpVlH
Ykp4D0+99jgwRoZBTLoeS692LnU36fzcqm8Xs5oxBsr7HwZ4kCxFoQ0izQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPFM31Fib5/CPfwAtAKg5KNibzS5MB8GA1UdIwQY
MBaAFJ8xLpKXvB0n6+tHbeoO4V3XVlQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQt
YmQ1ZDNmMDBmYmIyLzEvOFV6ZlVXSnZuOEk5X0FDMEFxRGtvMkp2TkxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQtYmQ1ZDNmMDBmYmIy
LzEvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAdM5fAwQC
kDAIMA0GCSqGSIb3DQEBCwUAA4IBAQAoPCkiJCfV2zLqHeL84CqvD1fg/gZEJ3I0
TATy53+rmJuH0zIWxWIXlHkA2t6IXrgFmgCzYH1eM0yzzId7YUmxMEtDvB7meMOG
MiGwhTUIHJ9Uh1jRT7wbKFPKzwPn22jpy04HzInlY+m0kN2RMM7AVlT9FSVveBjX
4vICCnD4panioD80gDOZyj4o7OEGm1e0s/jhITqNNzDyzYCIXgasXJCRJEp9xNu4
qDd1YnocO1S4FL2RVdswMssl+jvHNX75OLTuf8UVL4J+ORzwriA9JIk7QE1I9N5/
bkrX85x81AwJd/l0Hj0kHyCxSh98phANElnGxhQby2Bya/KFXYxw
-----END CERTIFICATE-----