Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/aiU8GheKUwEsKAvrAGVfVEf_2us.roa
File:                     aiU8GheKUwEsKAvrAGVfVEf_2us.roa (raw, json)
Hash identifier:          ba9JgrJv05bsn4HBNLPhqyZjZDuO1MwJ6BBEyMGIZCc=
Subject key identifier:   6A:25:3C:1A:17:8A:53:01:2C:28:0B:EB:00:65:5F:54:47:FF:DA:EB
Certificate issuer:       /CN=2eeec5231d212b310579d78fc41479ca6ec2aa07
Certificate serial:       019D4D1A9FA82ACFEA53DC0EEE8112FF4ED3
Authority key identifier: 2E:EE:C5:23:1D:21:2B:31:05:79:D7:8F:C4:14:79:CA:6E:C2:AA:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/aiU8GheKUwEsKAvrAGVfVEf_2us.roa
Signing time:             Thu 02 Apr 2026 07:31:23 +0000
ROA not before:           Thu 02 Apr 2026 07:31:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44555
IP address blocks:        92.241.30.0/24 maxlen: 24
                          92.241.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 10:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4d:1a:9f:a8:2a:cf:ea:53:dc:0e:ee:81:12:ff:4e:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eeec5231d212b310579d78fc41479ca6ec2aa07
        Validity
            Not Before: Apr  2 07:31:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a253c1a178a53012c280beb00655f5447ffdaeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:34:1b:09:e0:15:de:3e:d0:65:57:15:69:63:
                    13:31:5a:71:8c:7f:7e:7f:7d:08:48:a0:5c:3d:16:
                    e8:93:a7:c6:ae:ae:2c:52:59:9d:8b:85:32:e6:07:
                    66:72:04:5b:fb:f8:9e:95:6c:db:f4:15:e7:62:ae:
                    fb:2d:5d:27:a7:46:c7:55:ae:b2:48:95:2f:1c:ce:
                    59:1a:34:54:66:8a:96:3d:9a:9a:d5:ec:15:0f:32:
                    34:cc:4c:b0:88:ae:00:71:b3:f1:a5:ee:d2:19:31:
                    37:3f:27:36:be:44:9c:87:74:dd:94:79:b0:5d:ce:
                    93:c0:0d:04:a4:7e:ed:3b:ac:57:5d:af:15:74:c5:
                    cb:12:7c:58:f8:cb:21:9d:b8:49:5c:4b:82:9d:a7:
                    65:1b:95:6c:b7:a6:75:e6:ca:b2:36:c0:52:4c:87:
                    97:e2:08:36:b7:c3:70:0f:df:6a:bf:44:b2:73:80:
                    39:41:e7:46:74:73:c6:f9:1b:d2:07:7d:aa:2a:eb:
                    88:49:1b:db:f7:a7:c8:5b:0a:89:fd:bd:fb:6d:63:
                    b9:90:f8:07:a1:d0:66:7d:c6:ac:e4:12:76:42:62:
                    6c:38:cd:6b:97:fd:12:ab:75:6f:04:3c:d3:db:31:
                    9b:7f:1a:f2:87:b2:66:5a:ce:60:67:51:73:21:6a:
                    1f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:25:3C:1A:17:8A:53:01:2C:28:0B:EB:00:65:5F:54:47:FF:DA:EB
            X509v3 Authority Key Identifier:
                keyid:2E:EE:C5:23:1D:21:2B:31:05:79:D7:8F:C4:14:79:CA:6E:C2:AA:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/aiU8GheKUwEsKAvrAGVfVEf_2us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.241.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:34:d1:0e:07:6f:dd:14:ac:78:aa:49:90:04:43:23:fc:00:
         5d:15:67:61:65:14:67:e7:04:94:1f:34:ca:3c:7f:a9:ae:a2:
         93:0e:4e:fd:32:17:5a:01:9e:14:f4:ea:81:73:5b:ba:c8:ea:
         1f:2c:14:8b:da:c9:03:96:34:e8:c8:b9:a3:67:41:a1:5c:76:
         46:e2:4b:3e:90:84:3a:08:9f:6c:38:5e:55:b3:60:d4:46:ff:
         aa:9a:c7:da:2f:3b:60:a4:f4:1b:1c:eb:5d:7b:bd:22:4d:e1:
         a5:9d:b2:0f:57:8e:f9:2a:c1:bb:fc:f3:06:6a:5f:3b:e6:ac:
         b0:10:21:a1:90:3a:40:20:cc:a1:1f:77:ea:0b:dd:65:c2:4f:
         95:f8:a4:e3:4b:00:aa:ae:0e:47:41:4d:63:6a:fa:80:c0:37:
         73:d7:b7:f8:c3:57:c8:48:ec:21:2a:27:4e:46:56:ba:7f:e0:
         71:70:f0:e4:7b:1f:32:c1:70:2e:06:30:9c:c2:db:9b:2d:b2:
         78:d7:b5:76:f2:69:c0:a9:65:24:ec:49:26:b4:c8:24:6d:e4:
         64:14:0e:00:ae:ff:d3:b4:48:3b:1d:44:e2:96:10:ee:bf:0c:
         71:db:2b:f5:c6:8e:6c:88:ec:9f:9a:2e:51:9a:58:09:43:2e:
         8d:55:a8:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1NGp+oKs/qU9wO7oES/07TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWVjNTIzMWQyMTJiMzEwNTc5ZDc4ZmM0MTQ3OWNhNmVj
MmFhMDcwHhcNMjYwNDAyMDczMTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTI1M2MxYTE3OGE1MzAxMmMyODBiZWIwMDY1NWY1NDQ3ZmZkYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzQbCeAV3j7QZVcVaWMTMVpxjH9+
f30ISKBcPRbok6fGrq4sUlmdi4Uy5gdmcgRb+/ielWzb9BXnYq77LV0np0bHVa6y
SJUvHM5ZGjRUZoqWPZqa1ewVDzI0zEywiK4AcbPxpe7SGTE3Pyc2vkSch3TdlHmw
Xc6TwA0EpH7tO6xXXa8VdMXLEnxY+MshnbhJXEuCnadlG5Vst6Z15sqyNsBSTIeX
4gg2t8NwD99qv0Syc4A5QedGdHPG+RvSB32qKuuISRvb96fIWwqJ/b37bWO5kPgH
odBmfcas5BJ2QmJsOM1rl/0Sq3VvBDzT2zGbfxryh7JmWs5gZ1FzIWofvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGolPBoXilMBLCgL6wBlX1RH/9rrMB8GA1UdIwQY
MBaAFC7uxSMdISsxBXnXj8QUecpuwqoHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHU3Rkl4MGhLekVGZWRlUHhCUjV5bTdDcWdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84Yjg1NmEtMzhhZS00Y2ZiLTgxZDIt
MjcxYTk1NzZlYWU3LzEvYWlVOEdoZUtVd0VzS0F2ckFHVmZWRWZfMnVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84Yjg1NmEtMzhhZS00Y2ZiLTgxZDItMjcxYTk1NzZlYWU3
LzEvTHU3Rkl4MGhLekVGZWRlUHhCUjV5bTdDcWdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXPEeMA0G
CSqGSIb3DQEBCwUAA4IBAQAINNEOB2/dFKx4qkmQBEMj/ABdFWdhZRRn5wSUHzTK
PH+prqKTDk79MhdaAZ4U9OqBc1u6yOofLBSL2skDljToyLmjZ0GhXHZG4ks+kIQ6
CJ9sOF5Vs2DURv+qmsfaLztgpPQbHOtde70iTeGlnbIPV475KsG7/PMGal875qyw
ECGhkDpAIMyhH3fqC91lwk+V+KTjSwCqrg5HQU1javqAwDdz17f4w1fISOwhKidO
Rla6f+BxcPDkex8ywXAuBjCcwtubLbJ417V28mnAqWUk7EkmtMgkbeRkFA4Arv/T
tEg7HUTilhDuvwxx2yv1xo5siOyfmi5RmlgJQy6NVaj1
-----END CERTIFICATE-----