Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/rOPLVatKhx4LZjWutE2ocwHKK4s.roa
File:                     rOPLVatKhx4LZjWutE2ocwHKK4s.roa (raw, json)
Hash identifier:          hTrWRKSl8UfXdS1Ma2/8We9N4QwcUi3+putJyD3QtJQ=
Subject key identifier:   AC:E3:CB:55:AB:4A:87:1E:0B:66:35:AE:B4:4D:A8:73:01:CA:2B:8B
Certificate issuer:       /CN=8c17f04e9c407458a7ac9ad15f7a0ccea511ba52
Certificate serial:       019E21C2D322D98EF99E0208FC5BFAFFA80C
Authority key identifier: 8C:17:F0:4E:9C:40:74:58:A7:AC:9A:D1:5F:7A:0C:CE:A5:11:BA:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBfwTpxAdFinrJrRX3oMzqURulI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/rOPLVatKhx4LZjWutE2ocwHKK4s.roa
Signing time:             Wed 13 May 2026 14:34:36 +0000
ROA not before:           Wed 13 May 2026 14:34:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22295
IP address blocks:        207.241.172.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/jBfwTpxAdFinrJrRX3oMzqURulI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/jBfwTpxAdFinrJrRX3oMzqURulI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBfwTpxAdFinrJrRX3oMzqURulI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 14:33:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:21:c2:d3:22:d9:8e:f9:9e:02:08:fc:5b:fa:ff:a8:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c17f04e9c407458a7ac9ad15f7a0ccea511ba52
        Validity
            Not Before: May 13 14:34:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ace3cb55ab4a871e0b6635aeb44da87301ca2b8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:df:fb:0a:f9:a9:eb:9e:39:11:ce:e9:7d:55:
                    93:95:8e:4c:66:eb:41:75:5f:85:87:52:ec:13:e0:
                    a6:00:02:cc:6e:14:3a:c9:69:2d:01:ef:7c:4f:f2:
                    49:a8:47:05:c9:af:3d:0b:b1:47:fd:6c:29:70:0c:
                    88:64:07:2b:f4:76:53:a9:75:41:ef:ea:b0:5a:f9:
                    a0:cf:20:7c:c1:c8:af:4d:38:56:b6:80:21:83:7d:
                    46:e2:9a:86:96:54:71:67:fa:53:e9:b8:d9:4b:f3:
                    ba:72:c7:23:34:c2:2c:6e:be:5b:00:27:f9:0b:aa:
                    11:06:dc:59:0c:01:90:6f:c8:8a:1f:98:e9:8b:17:
                    6d:c6:43:16:a4:f9:1b:84:c6:a8:03:51:bb:8c:5d:
                    a6:dc:ac:1d:a7:3d:a4:5e:48:59:55:3b:5f:7e:6f:
                    a4:d6:10:d5:9d:1b:5a:a5:ea:18:b2:08:a1:f9:4e:
                    f2:74:07:9b:7b:91:94:8f:42:d7:55:89:a9:f8:cd:
                    8f:79:12:b2:08:ab:fd:e4:7a:a3:4a:0b:8a:61:02:
                    35:54:94:50:c0:c8:c6:9e:b1:fd:0d:18:18:b6:ff:
                    1f:e4:a1:89:95:0b:4f:31:cf:dd:82:cf:8f:9c:af:
                    ba:65:ac:61:47:58:67:b5:d8:9a:0a:74:e9:af:8e:
                    52:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:E3:CB:55:AB:4A:87:1E:0B:66:35:AE:B4:4D:A8:73:01:CA:2B:8B
            X509v3 Authority Key Identifier:
                keyid:8C:17:F0:4E:9C:40:74:58:A7:AC:9A:D1:5F:7A:0C:CE:A5:11:BA:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBfwTpxAdFinrJrRX3oMzqURulI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/rOPLVatKhx4LZjWutE2ocwHKK4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/jBfwTpxAdFinrJrRX3oMzqURulI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.241.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:3a:46:81:83:00:e4:b9:a4:06:44:71:67:6e:7e:a4:f5:16:
         e0:21:4c:ff:e9:32:0d:c1:f6:59:94:23:3e:57:8d:45:e4:c0:
         0a:94:b3:bb:1e:7c:33:96:b0:cb:84:7e:8d:e5:f7:4c:95:21:
         dd:c2:ad:f0:e0:e6:d9:b8:eb:79:40:68:67:c4:1b:46:a4:fb:
         ff:7b:f3:11:90:b9:79:92:6e:b3:fc:30:3c:5d:f9:43:4e:1c:
         32:11:d6:fb:14:98:24:29:ff:0a:33:b9:1c:ac:15:ca:3d:c6:
         69:0c:a4:db:c9:79:c2:75:c6:4e:9a:7c:7a:29:18:5d:1e:57:
         36:bf:25:26:9e:d8:6b:45:21:cf:a2:69:79:58:4d:a9:de:96:
         0f:bf:e8:2b:6d:57:a9:63:a8:d3:6e:3f:8d:77:14:c1:3f:7e:
         6a:83:b2:49:39:46:be:8a:d2:47:40:59:25:33:0b:d0:73:d1:
         e0:f4:5c:75:08:60:5a:b2:90:07:24:dc:42:91:d5:0d:00:3d:
         b0:73:62:c8:ec:c3:85:79:6e:94:a3:d7:c3:98:45:ae:19:bb:
         80:d2:5f:4a:6e:d9:a7:03:4b:83:43:1e:99:32:32:c2:24:c9:
         a4:ae:57:21:d7:84:e2:72:d3:0e:4f:7f:dd:86:30:ff:9d:90:
         9f:5f:0e:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4hwtMi2Y75ngII/Fv6/6gMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMTdmMDRlOWM0MDc0NThhN2FjOWFkMTVmN2EwY2NlYTUx
MWJhNTIwHhcNMjYwNTEzMTQzNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2UzY2I1NWFiNGE4NzFlMGI2NjM1YWViNDRkYTg3MzAxY2EyYjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmN/7Cvmp6545Ec7pfVWTlY5MZutB
dV+Fh1LsE+CmAALMbhQ6yWktAe98T/JJqEcFya89C7FH/WwpcAyIZAcr9HZTqXVB
7+qwWvmgzyB8wcivTThWtoAhg31G4pqGllRxZ/pT6bjZS/O6cscjNMIsbr5bACf5
C6oRBtxZDAGQb8iKH5jpixdtxkMWpPkbhMaoA1G7jF2m3Kwdpz2kXkhZVTtffm+k
1hDVnRtapeoYsgih+U7ydAebe5GUj0LXVYmp+M2PeRKyCKv95HqjSguKYQI1VJRQ
wMjGnrH9DRgYtv8f5KGJlQtPMc/dgs+PnK+6ZaxhR1hntdiaCnTpr45SawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzjy1WrSoceC2Y1rrRNqHMByiuLMB8GA1UdIwQY
MBaAFIwX8E6cQHRYp6ya0V96DM6lEbpSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakJmd1RweEFkRmluckpyUlgzb016cVVSdWxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84NDkwYTQtODdjMS00YjhjLTgzNDQt
MmFkMDJlYjA0OTE1LzEvck9QTFZhdEtoeDRMWmpXdXRFMm9jd0hLSzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84NDkwYTQtODdjMS00YjhjLTgzNDQtMmFkMDJlYjA0OTE1
LzEvakJmd1RweEFkRmluckpyUlgzb016cVVSdWxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBz/GsMA0G
CSqGSIb3DQEBCwUAA4IBAQBoOkaBgwDkuaQGRHFnbn6k9RbgIUz/6TINwfZZlCM+
V41F5MAKlLO7HnwzlrDLhH6N5fdMlSHdwq3w4ObZuOt5QGhnxBtGpPv/e/MRkLl5
km6z/DA8XflDThwyEdb7FJgkKf8KM7kcrBXKPcZpDKTbyXnCdcZOmnx6KRhdHlc2
vyUmnthrRSHPoml5WE2p3pYPv+grbVepY6jTbj+NdxTBP35qg7JJOUa+itJHQFkl
MwvQc9Hg9Fx1CGBaspAHJNxCkdUNAD2wc2LI7MOFeW6Uo9fDmEWuGbuA0l9Kbtmn
A0uDQx6ZMjLCJMmkrlch14TictMOT3/dhjD/nZCfXw4C
-----END CERTIFICATE-----