Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/4a559f-dd5f-4d01-b082-b07889eb8e93/1/l-aEHGRr6mSwaOOPXptMqOfSa6g.roa
File:                     l-aEHGRr6mSwaOOPXptMqOfSa6g.roa (raw, json)
Hash identifier:          oYGqjiujvvcpv0QPtMiNNXBDknKaO4zREWr9HxsSg3Y=
Subject key identifier:   97:E6:84:1C:64:6B:EA:64:B0:68:E3:8F:5E:9B:4C:A8:E7:D2:6B:A8
Certificate issuer:       /CN=b1446419f5e6b1bed97b9f671868a082cb7290f0
Certificate serial:       019DAA1F0FDADDEEA48B684CE025FB82295E
Authority key identifier: B1:44:64:19:F5:E6:B1:BE:D9:7B:9F:67:18:68:A0:82:CB:72:90:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sURkGfXmsb7Ze59nGGiggstykPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/4a559f-dd5f-4d01-b082-b07889eb8e93/1/l-aEHGRr6mSwaOOPXptMqOfSa6g.roa
Signing time:             Mon 20 Apr 2026 09:00:55 +0000
ROA not before:           Mon 20 Apr 2026 09:00:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201760
IP address blocks:        131.222.236.0/24 maxlen: 24
                          2a14:c780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/4a559f-dd5f-4d01-b082-b07889eb8e93/1/sURkGfXmsb7Ze59nGGiggstykPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/4a559f-dd5f-4d01-b082-b07889eb8e93/1/sURkGfXmsb7Ze59nGGiggstykPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sURkGfXmsb7Ze59nGGiggstykPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 03:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:1f:0f:da:dd:ee:a4:8b:68:4c:e0:25:fb:82:29:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1446419f5e6b1bed97b9f671868a082cb7290f0
        Validity
            Not Before: Apr 20 09:00:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97e6841c646bea64b068e38f5e9b4ca8e7d26ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:00:f6:c0:ee:35:73:ea:d3:1d:d3:8b:f7:58:
                    5b:e9:37:5b:77:48:16:24:dc:3c:3b:d2:3d:07:44:
                    e4:af:b9:f5:13:8a:e6:f0:6e:11:6f:00:ed:ec:a8:
                    3d:34:67:6d:d9:4d:ab:7c:56:9d:f7:52:21:00:e7:
                    6d:50:ff:56:e8:92:1b:58:d2:e7:33:f2:da:d9:9b:
                    1e:d6:20:e4:9f:77:2d:c5:67:be:4b:80:b4:1c:9e:
                    3a:66:a9:48:80:86:c6:ce:39:af:26:57:83:02:93:
                    a7:4d:59:2c:15:3e:1c:56:cb:c7:e1:28:82:63:24:
                    54:ae:f7:5d:74:8d:d8:f1:6e:95:8f:87:72:9e:bf:
                    25:8f:5a:b5:03:50:ce:cc:43:f8:58:9d:33:93:29:
                    43:04:5b:f3:45:46:e3:eb:64:84:2e:95:4e:79:f4:
                    26:27:51:46:09:1f:5c:fa:0a:16:3d:8f:4f:12:f3:
                    8d:e9:8c:4d:4d:4f:aa:05:f9:73:88:e7:6f:ef:c8:
                    eb:67:9a:2e:c9:91:9f:b5:96:ae:ad:77:90:22:8b:
                    9e:4f:c6:4a:d8:03:87:7c:fd:eb:05:eb:a8:5b:b9:
                    ab:19:9f:e1:86:a5:fc:93:b6:5f:fa:32:c5:99:54:
                    04:9e:63:05:93:1a:74:1e:e1:27:be:c7:64:5a:09:
                    aa:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:E6:84:1C:64:6B:EA:64:B0:68:E3:8F:5E:9B:4C:A8:E7:D2:6B:A8
            X509v3 Authority Key Identifier:
                keyid:B1:44:64:19:F5:E6:B1:BE:D9:7B:9F:67:18:68:A0:82:CB:72:90:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sURkGfXmsb7Ze59nGGiggstykPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4a559f-dd5f-4d01-b082-b07889eb8e93/1/l-aEHGRr6mSwaOOPXptMqOfSa6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4a559f-dd5f-4d01-b082-b07889eb8e93/1/sURkGfXmsb7Ze59nGGiggstykPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.236.0/24
                IPv6:
                  2a14:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:a2:1f:ce:5e:9d:20:aa:25:0c:d2:b6:00:f9:6e:04:73:71:
         31:a6:ff:3e:f3:44:7f:15:8c:98:91:8a:32:7a:0a:2b:e5:fb:
         b4:f8:a7:9f:14:02:0e:2f:6a:75:8e:1d:b6:f1:2a:e7:d4:49:
         c3:09:e4:10:bd:2b:b0:f6:5c:52:96:68:e4:f4:95:61:32:13:
         67:12:78:89:07:63:95:a6:b1:52:aa:ab:03:b6:80:59:67:df:
         ee:3e:bc:28:e1:c5:f3:17:ac:ec:72:91:41:ca:4a:fa:d3:00:
         dc:78:ef:c7:43:8c:04:b8:43:bf:04:ed:2f:eb:4d:ee:a3:83:
         7b:98:2f:d0:f1:a9:d4:5f:f4:51:75:c4:c7:33:00:6b:e7:f3:
         1e:ec:29:0f:0c:d1:71:6e:4e:30:61:f1:b5:2c:82:f6:91:cd:
         bc:a4:06:b6:1b:b2:94:89:66:54:e3:ad:d4:27:12:de:72:7c:
         c4:15:f9:db:35:b5:94:0a:a1:c0:2c:f4:08:5a:8b:9d:59:7f:
         f7:a1:ec:a2:a6:65:47:b2:76:cf:34:93:1f:b1:52:ed:71:56:
         fe:aa:a8:b6:69:a5:e9:d6:be:3b:8c:82:07:d7:01:38:c3:a6:
         64:5c:65:9e:e6:b9:e3:29:f7:9c:78:19:2e:2e:01:52:73:08:
         0f:07:0c:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2qHw/a3e6ki2hM4CX7gileMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNDQ2NDE5ZjVlNmIxYmVkOTdiOWY2NzE4NjhhMDgyY2I3
MjkwZjAwHhcNMjYwNDIwMDkwMDU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2U2ODQxYzY0NmJlYTY0YjA2OGUzOGY1ZTliNGNhOGU3ZDI2YmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQD2wO41c+rTHdOL91hb6Tdbd0gW
JNw8O9I9B0Tkr7n1E4rm8G4RbwDt7Kg9NGdt2U2rfFad91IhAOdtUP9W6JIbWNLn
M/La2Zse1iDkn3ctxWe+S4C0HJ46ZqlIgIbGzjmvJleDApOnTVksFT4cVsvH4SiC
YyRUrvdddI3Y8W6Vj4dynr8lj1q1A1DOzEP4WJ0zkylDBFvzRUbj62SELpVOefQm
J1FGCR9c+goWPY9PEvON6YxNTU+qBflziOdv78jrZ5ouyZGftZaurXeQIoueT8ZK
2AOHfP3rBeuoW7mrGZ/hhqX8k7Zf+jLFmVQEnmMFkxp0HuEnvsdkWgmq+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJfmhBxka+pksGjjj16bTKjn0muoMB8GA1UdIwQY
MBaAFLFEZBn15rG+2XufZxhooILLcpDwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VSa0dmWG1zYjdaZTU5bkdHaWdnc3R5a1BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My80YTU1OWYtZGQ1Zi00ZDAxLWIwODIt
YjA3ODg5ZWI4ZTkzLzEvbC1hRUhHUnI2bVN3YU9PUFhwdE1xT2ZTYTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My80YTU1OWYtZGQ1Zi00ZDAxLWIwODItYjA3ODg5ZWI4ZTkz
LzEvc1VSa0dmWG1zYjdaZTU5bkdHaWdnc3R5a1BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAg97sMA0E
AgACMAcDBQMqFMeAMA0GCSqGSIb3DQEBCwUAA4IBAQCqoh/OXp0gqiUM0rYA+W4E
c3Expv8+80R/FYyYkYoyegor5fu0+KefFAIOL2p1jh228Srn1EnDCeQQvSuw9lxS
lmjk9JVhMhNnEniJB2OVprFSqqsDtoBZZ9/uPrwo4cXzF6zscpFBykr60wDceO/H
Q4wEuEO/BO0v603uo4N7mC/Q8anUX/RRdcTHMwBr5/Me7CkPDNFxbk4wYfG1LIL2
kc28pAa2G7KUiWZU463UJxLecnzEFfnbNbWUCqHALPQIWoudWX/3oeyipmVHsnbP
NJMfsVLtcVb+qqi2aaXp1r47jIIH1wE4w6ZkXGWe5rnjKfeceBkuLgFScwgPBwxi
-----END CERTIFICATE-----