Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/8WcyMQ3lOVTIvSKFas5ExgPsbZU.roa
File:                     8WcyMQ3lOVTIvSKFas5ExgPsbZU.roa (raw, json)
Hash identifier:          EjdtSKq3M9+llOwbGunPdh03wK0+aZ0al1pXW1HzzXw=
Subject key identifier:   F1:67:32:31:0D:E5:39:54:C8:BD:22:85:6A:CE:44:C6:03:EC:6D:95
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019E6B33F32E0CAFF24005B3F8031C87F8C2
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/8WcyMQ3lOVTIvSKFas5ExgPsbZU.roa
Signing time:             Wed 27 May 2026 20:50:27 +0000
ROA not before:           Wed 27 May 2026 20:50:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398076
IP address blocks:        31.42.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 May 2026 08:33:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6b:33:f3:2e:0c:af:f2:40:05:b3:f8:03:1c:87:f8:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: May 27 20:50:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f16732310de53954c8bd22856ace44c603ec6d95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b8:ad:55:13:4c:99:40:a0:12:95:ab:4c:6c:
                    57:1e:d9:e2:4b:fb:fb:8c:94:ab:b1:12:44:7e:40:
                    72:71:2a:6c:20:b4:4b:37:e9:75:30:59:a3:dd:ab:
                    f8:c1:63:c6:96:cd:24:0c:7f:3e:c4:61:36:50:84:
                    31:68:af:2a:b8:54:f0:3a:aa:c3:dd:c8:fa:c8:ed:
                    f0:ab:e2:66:bf:1c:ca:c5:6a:8a:56:6a:26:02:dd:
                    52:b5:9d:45:be:61:20:48:c2:92:ac:56:e9:f0:ea:
                    50:ce:17:09:a9:da:54:75:f8:a2:32:44:85:e7:7f:
                    b2:a3:12:6f:6c:09:b3:72:3f:56:d2:eb:35:47:ae:
                    21:d9:cd:b5:37:29:e6:c6:0c:01:bd:26:e6:a9:fe:
                    21:4a:29:2c:e3:3b:fd:32:c0:85:11:41:59:c8:9f:
                    2c:de:a9:0e:c3:96:af:44:68:b0:a5:87:09:02:8f:
                    ca:16:df:88:69:44:2b:8b:a2:c0:e8:12:9b:67:f1:
                    af:98:3e:ac:25:45:32:25:81:9f:ea:fc:23:59:bb:
                    d0:2b:ab:84:32:23:28:ae:ec:d6:e4:61:4d:a8:6b:
                    87:ec:5b:87:f0:da:4b:63:10:29:b3:78:d6:11:bc:
                    2b:f1:96:1e:22:09:41:c5:c9:89:2c:6e:ea:de:fd:
                    47:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:67:32:31:0D:E5:39:54:C8:BD:22:85:6A:CE:44:C6:03:EC:6D:95
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/8WcyMQ3lOVTIvSKFas5ExgPsbZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:b3:74:67:fd:ce:9c:8e:ab:8d:ad:22:90:e0:c9:9c:1c:37:
         84:e0:ba:76:d6:de:d3:43:cd:1d:06:35:69:38:a2:4b:4b:92:
         fe:f3:9e:f9:01:27:29:1a:f1:1b:0c:0d:e9:b9:d1:18:38:05:
         63:6d:e9:a3:d2:77:9f:c1:6f:15:47:0c:23:a2:97:48:c1:f1:
         3f:26:f4:ca:e0:d4:bb:35:e9:1b:d1:8f:eb:5e:cd:d1:a0:10:
         ab:7c:69:bd:45:e4:eb:a7:a1:13:40:82:32:a5:58:a6:b1:8e:
         e5:88:5e:ad:39:ed:ec:87:6c:29:7e:8d:6b:1a:3b:36:75:95:
         bc:d5:78:96:1a:31:c1:0c:59:5f:a7:eb:14:7d:0a:a0:41:36:
         80:ba:1d:7e:3c:1d:28:3f:1b:72:83:f7:cc:2d:60:2a:d0:2c:
         91:42:7e:de:c6:52:5d:9f:f2:64:42:4d:37:f8:e8:e8:2d:9c:
         93:58:d3:69:55:30:85:db:94:dd:26:a8:74:c4:0b:7d:34:f6:
         ab:4a:58:d8:b0:ce:47:b6:31:a2:13:a3:e9:ed:0f:2d:3a:c9:
         e9:2f:70:81:73:a2:7b:07:b6:a0:59:9f:bd:3a:45:8e:e1:76:
         ed:da:02:08:9f:ab:e2:7e:97:eb:67:4e:c8:91:d9:a0:6e:60:
         5b:19:a1:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5rM/MuDK/yQAWz+AMch/jCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwNTI3MjA1MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTY3MzIzMTBkZTUzOTU0YzhiZDIyODU2YWNlNDRjNjAzZWM2ZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvritVRNMmUCgEpWrTGxXHtniS/v7
jJSrsRJEfkBycSpsILRLN+l1MFmj3av4wWPGls0kDH8+xGE2UIQxaK8quFTwOqrD
3cj6yO3wq+JmvxzKxWqKVmomAt1StZ1FvmEgSMKSrFbp8OpQzhcJqdpUdfiiMkSF
53+yoxJvbAmzcj9W0us1R64h2c21NynmxgwBvSbmqf4hSiks4zv9MsCFEUFZyJ8s
3qkOw5avRGiwpYcJAo/KFt+IaUQri6LA6BKbZ/GvmD6sJUUyJYGf6vwjWbvQK6uE
MiMoruzW5GFNqGuH7FuH8NpLYxAps3jWEbwr8ZYeIglBxcmJLG7q3v1HdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFnMjEN5TlUyL0ihWrORMYD7G2VMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvOFdjeU1RM2xPVlRJdlNLRmFzNUV4Z1BzYlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp7MA0G
CSqGSIb3DQEBCwUAA4IBAQCPs3Rn/c6cjquNrSKQ4MmcHDeE4Lp21t7TQ80dBjVp
OKJLS5L+8575AScpGvEbDA3pudEYOAVjbemj0nefwW8VRwwjopdIwfE/JvTK4NS7
Nekb0Y/rXs3RoBCrfGm9ReTrp6ETQIIypVimsY7liF6tOe3sh2wpfo1rGjs2dZW8
1XiWGjHBDFlfp+sUfQqgQTaAuh1+PB0oPxtyg/fMLWAq0CyRQn7exlJdn/JkQk03
+OjoLZyTWNNpVTCF25TdJqh0xAt9NParSljYsM5HtjGiE6Pp7Q8tOsnpL3CBc6J7
B7agWZ+9OkWO4Xbt2gIIn6vifpfrZ07IkdmgbmBbGaFo
-----END CERTIFICATE-----