Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/gRtnIkvfQ2cW14FhA_CMkb2fw1s.roa
File:                     gRtnIkvfQ2cW14FhA_CMkb2fw1s.roa (raw, json)
Hash identifier:          DC4irSrhIBP9XMFv6B9hahNdHCOgqyd5fzrOZ6dJ0Kg=
Subject key identifier:   81:1B:67:22:4B:DF:43:67:16:D7:81:61:03:F0:8C:91:BD:9F:C3:5B
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019E8DA7E24C640457B942D3F7D4492F8F9F
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/gRtnIkvfQ2cW14FhA_CMkb2fw1s.roa
Signing time:             Wed 03 Jun 2026 13:24:10 +0000
ROA not before:           Wed 03 Jun 2026 13:24:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     269800
IP address blocks:        94.131.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:a7:e2:4c:64:04:57:b9:42:d3:f7:d4:49:2f:8f:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jun  3 13:24:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=811b67224bdf436716d7816103f08c91bd9fc35b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:01:77:65:e2:34:2c:40:ac:19:3c:e6:b6:48:
                    f5:3f:b4:47:c4:83:2b:a0:8d:82:a7:a2:5a:6d:ff:
                    80:55:b7:7c:7f:82:c5:b5:18:a8:14:cd:d4:45:ba:
                    16:c7:2c:4e:bf:8c:f4:16:9a:bc:70:73:81:0e:f9:
                    89:ac:1d:d7:0f:3b:50:fe:a0:f8:19:8c:f3:d1:64:
                    1b:f3:a9:c8:f8:c2:a9:02:0c:55:a7:65:a2:65:94:
                    45:8a:33:bb:5a:a0:c1:b5:8c:71:28:d5:f2:7b:2b:
                    ec:4d:2a:84:d7:d8:7d:14:e9:81:4d:86:34:1d:3c:
                    4c:f1:40:aa:b4:fb:de:73:49:47:6b:55:ca:f5:54:
                    bc:e3:fe:bd:43:76:ce:48:bd:5f:47:24:d1:1d:67:
                    f4:21:85:4b:e8:ab:c7:b0:02:48:28:4b:aa:22:3b:
                    f5:b8:e0:75:18:92:43:86:5e:aa:be:aa:70:6d:84:
                    a3:7a:df:de:4b:85:bf:d0:ea:af:07:ba:46:80:63:
                    3b:65:29:8e:fa:37:5e:ee:db:8b:cf:d3:17:ec:a0:
                    ae:99:1c:30:1e:45:0c:31:fc:31:9c:b0:e5:46:66:
                    01:42:5a:57:4e:b7:59:5c:10:9f:3b:24:b9:4b:21:
                    44:a1:51:10:cc:01:0d:e0:12:9f:71:7f:41:36:28:
                    9e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:1B:67:22:4B:DF:43:67:16:D7:81:61:03:F0:8C:91:BD:9F:C3:5B
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/gRtnIkvfQ2cW14FhA_CMkb2fw1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:5d:ab:91:28:c8:2d:d6:5b:7c:cc:b0:12:75:ce:43:42:d5:
         cf:0e:f4:9e:22:ce:76:67:a1:4a:d0:6e:19:80:b2:3b:04:94:
         b6:36:9f:74:85:46:3c:19:a6:fb:2a:68:d4:6f:5a:b6:7f:3d:
         fb:a9:c3:99:2d:a4:db:59:d0:58:1c:b5:44:bb:ee:6e:16:21:
         67:b5:00:54:c5:29:f9:d3:55:1f:23:c4:29:da:62:fa:b3:52:
         4e:75:4f:5b:c6:8e:1c:f4:20:0e:c9:bc:bf:68:30:54:75:22:
         3c:9c:73:0b:8f:ef:00:a2:ae:93:4e:99:28:ae:6c:07:5b:cd:
         d3:c4:bb:bd:c2:8e:15:a3:33:64:fb:b8:89:26:bf:d4:af:b5:
         2f:09:47:c7:1d:20:88:af:fd:26:77:8e:1d:e2:d8:c7:fa:a6:
         f5:05:ad:49:ca:50:ee:dc:75:ea:4a:41:75:71:f1:fb:2d:dd:
         57:06:7d:a8:03:fd:e1:13:ca:23:99:65:52:64:25:24:e6:a3:
         32:aa:cd:c8:e0:9b:c0:bd:1c:d0:57:97:57:b1:10:cc:54:e9:
         d9:27:46:ed:25:89:0c:45:57:2f:d9:50:f8:49:85:05:b5:77:
         7a:1e:c3:78:3b:39:8b:1b:d8:7c:cc:0c:3d:a3:9a:57:31:16:
         0d:ee:eb:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6Np+JMZARXuULT99RJL4+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNjAzMTMyNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTFiNjcyMjRiZGY0MzY3MTZkNzgxNjEwM2YwOGM5MWJkOWZjMzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gF3ZeI0LECsGTzmtkj1P7RHxIMr
oI2Cp6Jabf+AVbd8f4LFtRioFM3URboWxyxOv4z0Fpq8cHOBDvmJrB3XDztQ/qD4
GYzz0WQb86nI+MKpAgxVp2WiZZRFijO7WqDBtYxxKNXyeyvsTSqE19h9FOmBTYY0
HTxM8UCqtPvec0lHa1XK9VS84/69Q3bOSL1fRyTRHWf0IYVL6KvHsAJIKEuqIjv1
uOB1GJJDhl6qvqpwbYSjet/eS4W/0OqvB7pGgGM7ZSmO+jde7tuLz9MX7KCumRww
HkUMMfwxnLDlRmYBQlpXTrdZXBCfOyS5SyFEoVEQzAEN4BKfcX9BNiiekwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEbZyJL30NnFteBYQPwjJG9n8NbMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvZ1J0bklrdmZRMmNXMTRGaEFfQ01rYjJmdzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPdMA0G
CSqGSIb3DQEBCwUAA4IBAQAMXauRKMgt1lt8zLASdc5DQtXPDvSeIs52Z6FK0G4Z
gLI7BJS2Np90hUY8Gab7KmjUb1q2fz37qcOZLaTbWdBYHLVEu+5uFiFntQBUxSn5
01UfI8Qp2mL6s1JOdU9bxo4c9CAOyby/aDBUdSI8nHMLj+8Aoq6TTpkormwHW83T
xLu9wo4VozNk+7iJJr/Ur7UvCUfHHSCIr/0md44d4tjH+qb1Ba1JylDu3HXqSkF1
cfH7Ld1XBn2oA/3hE8ojmWVSZCUk5qMyqs3I4JvAvRzQV5dXsRDMVOnZJ0btJYkM
RVcv2VD4SYUFtXd6HsN4OzmLG9h8zAw9o5pXMRYN7usq
-----END CERTIFICATE-----