Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/Me_9Iw5Y3T5PhRvo_KA_RR2hSjw.roa
File:                     Me_9Iw5Y3T5PhRvo_KA_RR2hSjw.roa (raw, json)
Hash identifier:          aLnlCk3qXb7CQTNuMSJEGZraHaJlT4uj2zHI9n+GpoU=
Subject key identifier:   31:EF:FD:23:0E:58:DD:3E:4F:85:1B:E8:FC:A0:3F:45:1D:A1:4A:3C
Certificate issuer:       /CN=dfd046af5edc11964096dc20f6af1de55d9c9030
Certificate serial:       019EC2CCA42877C84633FFEEA51EC3B53468
Authority key identifier: DF:D0:46:AF:5E:DC:11:96:40:96:DC:20:F6:AF:1D:E5:5D:9C:90:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/39BGr17cEZZAltwg9q8d5V2ckDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/Me_9Iw5Y3T5PhRvo_KA_RR2hSjw.roa
Signing time:             Sat 13 Jun 2026 21:04:11 +0000
ROA not before:           Sat 13 Jun 2026 21:04:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205230
IP address blocks:        131.222.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/39BGr17cEZZAltwg9q8d5V2ckDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/39BGr17cEZZAltwg9q8d5V2ckDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/39BGr17cEZZAltwg9q8d5V2ckDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 12:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c2:cc:a4:28:77:c8:46:33:ff:ee:a5:1e:c3:b5:34:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfd046af5edc11964096dc20f6af1de55d9c9030
        Validity
            Not Before: Jun 13 21:04:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31effd230e58dd3e4f851be8fca03f451da14a3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:90:c7:2d:0c:03:4a:3c:81:3d:f8:d6:42:98:
                    6c:f8:12:18:90:e9:f0:15:eb:90:e7:27:5b:f1:69:
                    a9:e2:a2:4d:fc:5e:41:89:dd:e7:a4:81:49:0a:bf:
                    9c:a8:ac:74:50:be:c8:df:4d:d8:aa:6f:6c:dc:ff:
                    ba:21:40:18:6b:7c:38:dc:4f:f0:0c:2a:30:68:3f:
                    37:15:3f:e6:bc:db:60:43:32:bb:82:0f:cd:1d:61:
                    34:e5:af:e4:75:8b:37:9c:8e:33:15:5d:64:8a:eb:
                    21:ea:60:94:50:1c:15:63:17:3a:e7:cf:3a:4a:de:
                    36:51:3f:c8:e0:af:96:80:00:36:90:9e:4e:35:82:
                    a8:0d:dd:15:6c:d4:fd:ee:62:f9:f0:94:f6:3d:ed:
                    22:42:61:cb:60:a2:37:07:3e:7b:31:19:d7:71:a1:
                    d8:b3:94:10:53:9c:0f:f7:60:a9:a6:bb:45:ed:0d:
                    f2:ef:7b:de:21:35:07:e3:4b:72:c1:ab:95:84:df:
                    52:bd:85:ed:f2:81:f6:75:2b:08:5b:b8:a8:d4:9b:
                    be:b1:2f:8e:80:83:00:eb:79:9d:6b:23:9b:cc:2a:
                    19:08:fb:fd:07:d7:df:bc:0d:d6:97:8b:a8:ae:f6:
                    05:97:82:f0:bc:c1:ae:1d:42:8e:30:75:43:c5:3c:
                    1e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:EF:FD:23:0E:58:DD:3E:4F:85:1B:E8:FC:A0:3F:45:1D:A1:4A:3C
            X509v3 Authority Key Identifier:
                keyid:DF:D0:46:AF:5E:DC:11:96:40:96:DC:20:F6:AF:1D:E5:5D:9C:90:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/39BGr17cEZZAltwg9q8d5V2ckDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/Me_9Iw5Y3T5PhRvo_KA_RR2hSjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/39BGr17cEZZAltwg9q8d5V2ckDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:b3:94:d5:ee:82:27:bc:8b:20:c2:46:19:80:37:41:b6:39:
         de:f0:9c:8d:08:21:e1:03:22:a8:2d:ea:da:a7:61:48:a6:a6:
         99:7b:70:21:f9:ef:ec:6d:48:9a:e5:2e:78:60:bf:1d:e8:63:
         99:f5:b9:28:25:25:fd:3b:b8:3b:05:db:c6:82:f4:71:f3:96:
         ba:d6:c3:5e:ca:08:be:ee:e1:f1:07:ca:f0:28:dc:ee:66:bc:
         7c:b6:15:1d:51:a4:8b:e6:08:72:06:fe:1d:ec:35:f4:88:7d:
         15:1c:ee:54:c0:7d:89:67:09:61:fc:2b:71:68:dd:31:f8:a4:
         58:f9:76:7f:95:6e:da:21:e7:8e:35:39:9b:a3:7a:8a:24:38:
         81:96:be:47:80:f5:7d:85:ea:03:9a:c4:e5:e1:42:64:27:4d:
         cd:52:34:05:17:22:95:c4:2b:f7:8e:f3:ae:02:c0:5f:30:fb:
         d6:1d:bf:2b:c3:b4:eb:81:b4:27:03:eb:99:b2:fb:3a:c7:69:
         05:14:b8:fd:b5:54:c3:b7:87:68:0a:e7:5a:8b:37:f7:fa:8a:
         aa:f0:27:09:1a:a1:4c:22:3f:ee:9a:82:91:9b:73:59:3d:da:
         07:83:04:34:f8:2e:ca:1d:b1:30:6b:b7:e1:5a:ea:1f:f7:13:
         01:c1:e6:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7CzKQod8hGM//upR7DtTRoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZDA0NmFmNWVkYzExOTY0MDk2ZGMyMGY2YWYxZGU1NWQ5
YzkwMzAwHhcNMjYwNjEzMjEwNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWVmZmQyMzBlNThkZDNlNGY4NTFiZThmY2EwM2Y0NTFkYTE0YTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JDHLQwDSjyBPfjWQphs+BIYkOnw
FeuQ5ydb8Wmp4qJN/F5Bid3npIFJCr+cqKx0UL7I303Yqm9s3P+6IUAYa3w43E/w
DCowaD83FT/mvNtgQzK7gg/NHWE05a/kdYs3nI4zFV1kiush6mCUUBwVYxc65886
St42UT/I4K+WgAA2kJ5ONYKoDd0VbNT97mL58JT2Pe0iQmHLYKI3Bz57MRnXcaHY
s5QQU5wP92CpprtF7Q3y73veITUH40tywauVhN9SvYXt8oH2dSsIW7io1Ju+sS+O
gIMA63mdayObzCoZCPv9B9ffvA3Wl4uorvYFl4LwvMGuHUKOMHVDxTweWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHv/SMOWN0+T4Ub6PygP0UdoUo8MB8GA1UdIwQY
MBaAFN/QRq9e3BGWQJbcIPavHeVdnJAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzlCR3IxN2NFWlpBbHR3ZzlxOGQ1VjJja0RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iZmQwZmYtODQ1ZS00ZTEyLWFjN2Mt
NTg4ZTBkOTIzYzE1LzEvTWVfOUl3NVkzVDVQaFJ2b19LQV9SUjJoU2p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iZmQwZmYtODQ1ZS00ZTEyLWFjN2MtNTg4ZTBkOTIzYzE1
LzEvMzlCR3IxN2NFWlpBbHR3ZzlxOGQ1VjJja0RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg97yMA0G
CSqGSIb3DQEBCwUAA4IBAQBMs5TV7oInvIsgwkYZgDdBtjne8JyNCCHhAyKoLera
p2FIpqaZe3Ah+e/sbUia5S54YL8d6GOZ9bkoJSX9O7g7BdvGgvRx85a61sNeygi+
7uHxB8rwKNzuZrx8thUdUaSL5ghyBv4d7DX0iH0VHO5UwH2JZwlh/CtxaN0x+KRY
+XZ/lW7aIeeONTmbo3qKJDiBlr5HgPV9heoDmsTl4UJkJ03NUjQFFyKVxCv3jvOu
AsBfMPvWHb8rw7TrgbQnA+uZsvs6x2kFFLj9tVTDt4doCudaizf3+oqq8CcJGqFM
Ij/umoKRm3NZPdoHgwQ0+C7KHbEwa7fhWuof9xMBweYY
-----END CERTIFICATE-----