Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/o14utqHYZFxhZfVEkq-FP4EOMBc.roa
File:                     o14utqHYZFxhZfVEkq-FP4EOMBc.roa (raw, json)
Hash identifier:          s9KvSuwsAo53TsaYUbZWoSvNDjlPZyPjIsdZ0Auhgao=
Subject key identifier:   A3:5E:2E:B6:A1:D8:64:5C:61:65:F5:44:92:AF:85:3F:81:0E:30:17
Certificate issuer:       /CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
Certificate serial:       019EFECF90583AFF120BA1627E681681A7BB
Authority key identifier: 91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/o14utqHYZFxhZfVEkq-FP4EOMBc.roa
Signing time:             Thu 25 Jun 2026 12:44:36 +0000
ROA not before:           Thu 25 Jun 2026 12:44:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28819
IP address blocks:        82.112.170.0/24 maxlen: 24
                          82.112.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fe:cf:90:58:3a:ff:12:0b:a1:62:7e:68:16:81:a7:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
        Validity
            Not Before: Jun 25 12:44:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a35e2eb6a1d8645c6165f54492af853f810e3017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4c:3b:b0:d0:3a:81:16:c6:22:60:78:29:6f:
                    d2:cc:4c:92:fa:28:55:8b:fa:31:81:16:eb:9e:06:
                    12:54:ed:5f:c7:a0:dd:c6:a8:e9:70:16:3f:53:ca:
                    fb:0f:58:5a:e6:84:8f:fc:08:1e:a4:ed:5a:a3:d6:
                    7f:18:00:35:1d:7d:3f:c2:96:a3:d9:98:55:cd:1c:
                    2b:6f:2c:6f:e5:47:66:96:05:93:b0:c3:65:75:b8:
                    f7:25:91:ff:f4:6c:f3:10:5e:78:c9:0b:3c:9f:db:
                    ca:34:d9:73:4b:fe:13:f4:a0:36:f2:6d:42:01:15:
                    63:36:eb:48:58:77:e6:67:ef:bf:e0:15:d6:99:83:
                    0b:41:9d:2a:3d:18:2e:73:66:ac:7d:d1:10:97:2b:
                    86:fc:29:2e:49:62:a1:5d:74:8c:c4:10:0a:2b:3d:
                    5b:f7:8b:38:07:e0:c2:34:4b:cb:af:65:7e:58:75:
                    3c:5f:7a:36:f6:b0:dc:e2:96:02:f3:62:52:cf:12:
                    7d:c3:c6:87:42:0a:34:1f:d0:47:2d:1c:18:65:35:
                    b0:eb:5b:f7:e4:4d:59:1f:e9:c2:01:cf:e5:2f:60:
                    8a:21:cc:45:3c:86:67:df:53:d7:49:8b:62:9f:78:
                    c9:41:46:41:23:2c:24:64:0f:4e:94:3a:54:ef:87:
                    38:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:5E:2E:B6:A1:D8:64:5C:61:65:F5:44:92:AF:85:3F:81:0E:30:17
            X509v3 Authority Key Identifier:
                keyid:91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/o14utqHYZFxhZfVEkq-FP4EOMBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.112.170.0/24
                  82.112.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:7f:34:58:20:82:25:6e:0b:ad:7a:e4:7d:ce:40:ec:1e:92:
         5e:f3:1b:de:d2:5a:fd:57:55:af:9c:1f:21:e8:86:be:7e:54:
         9a:83:45:16:25:e7:82:a3:51:4b:2f:43:84:0a:c5:a0:56:e1:
         83:7e:12:14:e5:7b:28:7d:b8:69:0e:ed:58:de:21:8e:3d:bb:
         1d:b9:44:49:a8:f9:bb:60:4f:f6:7c:94:93:a7:7c:34:60:d5:
         d2:c8:a4:a2:31:4c:7e:76:7e:1e:d8:46:6e:9b:35:17:4e:55:
         4a:21:80:55:a8:75:25:76:5d:93:24:1c:41:d2:f7:86:46:bd:
         df:ec:50:ae:aa:a3:2c:83:9e:ab:03:6e:2f:97:13:dc:37:cc:
         73:a3:cb:56:e8:1e:65:82:f5:b2:39:0e:f3:8a:76:4c:b1:54:
         27:29:ef:9e:c7:a1:5d:3a:6e:ec:76:fa:b7:29:6b:7c:d0:7f:
         42:e4:0b:22:8a:c2:77:26:5a:63:6d:94:82:97:fc:a1:24:d7:
         76:d8:9b:31:37:18:34:69:a5:e6:2a:8a:78:be:7f:98:8b:40:
         c0:0f:d4:ab:97:33:a9:8f:5f:30:43:69:df:68:e1:0b:49:dd:
         e9:70:bb:bf:33:53:d7:6e:ef:3d:c8:9f:ab:00:df:6a:73:cc:
         63:06:66:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7+z5BYOv8SC6FifmgWgae7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMzgxYmM5NjlkZTZhZGMzZDFkZGMwZWI4OWJkZWVhY2U5
ODA1Y2QwHhcNMjYwNjI1MTI0NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzVlMmViNmExZDg2NDVjNjE2NWY1NDQ5MmFmODUzZjgxMGUzMDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkw7sNA6gRbGImB4KW/SzEyS+ihV
i/oxgRbrngYSVO1fx6DdxqjpcBY/U8r7D1ha5oSP/AgepO1ao9Z/GAA1HX0/wpaj
2ZhVzRwrbyxv5UdmlgWTsMNldbj3JZH/9GzzEF54yQs8n9vKNNlzS/4T9KA28m1C
ARVjNutIWHfmZ++/4BXWmYMLQZ0qPRguc2asfdEQlyuG/CkuSWKhXXSMxBAKKz1b
94s4B+DCNEvLr2V+WHU8X3o29rDc4pYC82JSzxJ9w8aHQgo0H9BHLRwYZTWw61v3
5E1ZH+nCAc/lL2CKIcxFPIZn31PXSYtin3jJQUZBIywkZA9OlDpU74c4dQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKNeLrah2GRcYWX1RJKvhT+BDjAXMB8GA1UdIwQY
MBaAFJE4G8lp3mrcPR3cDrib3urOmAXNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMt
MjU2ZGE5NWQxMzQ1LzEvbzE0dXRxSFlaRnhoWmZWRWtxLUZQNEVPTUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMtMjU2ZGE5NWQxMzQ1
LzEva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUnCqAwQA
UnCsMA0GCSqGSIb3DQEBCwUAA4IBAQBDfzRYIIIlbguteuR9zkDsHpJe8xve0lr9
V1WvnB8h6Ia+flSag0UWJeeCo1FLL0OECsWgVuGDfhIU5XsofbhpDu1Y3iGOPbsd
uURJqPm7YE/2fJSTp3w0YNXSyKSiMUx+dn4e2EZumzUXTlVKIYBVqHUldl2TJBxB
0veGRr3f7FCuqqMsg56rA24vlxPcN8xzo8tW6B5lgvWyOQ7zinZMsVQnKe+ex6Fd
Om7sdvq3KWt80H9C5AsiisJ3JlpjbZSCl/yhJNd22JsxNxg0aaXmKop4vn+Yi0DA
D9SrlzOpj18wQ2nfaOELSd3pcLu/M1PXbu89yJ+rAN9qc8xjBmYI
-----END CERTIFICATE-----