Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/f8TG-bZI-Z4nSjLzL-HsS0C_Tf0.roa
File:                     f8TG-bZI-Z4nSjLzL-HsS0C_Tf0.roa (raw, json)
Hash identifier:          0olqv2jmyhIPEjFWu6/XmLwOWBRD4BMaKAamfg5ymBE=
Subject key identifier:   7F:C4:C6:F9:B6:48:F9:9E:27:4A:32:F3:2F:E1:EC:4B:40:BF:4D:FD
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019E701C0DB6C362863F3BA8B1174AF1D1F6
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/f8TG-bZI-Z4nSjLzL-HsS0C_Tf0.roa
Signing time:             Thu 28 May 2026 19:42:27 +0000
ROA not before:           Thu 28 May 2026 19:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     984
IP address blocks:        80.246.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:70:1c:0d:b6:c3:62:86:3f:3b:a8:b1:17:4a:f1:d1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: May 28 19:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7fc4c6f9b648f99e274a32f32fe1ec4b40bf4dfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f2:74:6f:f7:11:5d:8c:96:99:db:29:4d:e5:
                    9e:7d:91:e7:ce:b8:00:f2:41:84:81:e8:9f:01:7b:
                    f2:ce:e1:71:16:27:01:75:9e:55:69:c6:dd:da:bb:
                    50:57:13:6b:c2:9b:50:42:26:a7:84:8d:d0:44:84:
                    49:07:28:b9:7a:ed:a8:9d:4a:81:0f:ed:47:a1:da:
                    19:1a:34:62:01:ac:d8:33:da:d3:38:fe:c6:93:7a:
                    28:42:6c:32:93:16:7b:fa:1a:c5:03:8a:5a:35:31:
                    cf:cf:08:22:ff:b7:ed:3d:fb:43:0b:d4:6c:c5:94:
                    e3:df:68:0b:b5:36:1e:17:02:ea:d2:50:3e:ca:b5:
                    18:75:f6:33:78:9b:ce:6a:81:c8:15:32:ab:ff:51:
                    01:8f:af:61:9a:ab:48:66:ec:e7:b2:0f:ca:e3:b2:
                    24:5d:7f:3b:16:30:a8:56:c4:4f:3a:d0:87:8c:d5:
                    d9:c1:5f:8e:db:fb:70:28:de:2f:1a:1c:5c:de:b6:
                    e5:ad:7b:86:7b:da:83:c2:a5:9c:fc:98:d4:65:ed:
                    a3:b5:20:d6:ae:08:9c:e6:86:06:93:d1:4f:57:20:
                    26:cf:de:e5:ca:16:cb:3c:14:ca:71:97:f5:9f:a0:
                    aa:0c:a5:81:a4:e8:67:09:2d:df:51:12:93:5c:51:
                    f3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C4:C6:F9:B6:48:F9:9E:27:4A:32:F3:2F:E1:EC:4B:40:BF:4D:FD
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/f8TG-bZI-Z4nSjLzL-HsS0C_Tf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:cd:a8:c5:6c:9e:da:40:19:47:a1:66:54:de:eb:71:d8:c5:
         95:a9:d3:15:86:b8:1e:17:71:9c:e3:4a:e5:58:a5:b0:1b:85:
         cb:cf:41:d6:76:f9:50:68:7b:f8:2e:60:93:13:07:45:64:33:
         dd:d7:5c:f9:82:8c:96:60:0b:12:a8:af:6d:f8:e0:e3:ff:39:
         ec:57:12:e5:bc:3f:7d:e6:40:18:6b:8f:c4:27:04:36:74:29:
         b4:17:f1:fa:be:19:9b:a3:55:49:08:ba:15:65:c7:99:d2:87:
         98:23:06:3c:7e:83:25:6f:7a:5d:c2:b3:04:7b:ae:65:9c:83:
         d0:8a:8f:a5:1e:eb:06:06:78:fd:76:17:ee:36:de:22:9c:de:
         b9:ac:eb:3c:5a:7b:4c:e0:fe:a3:60:c3:3c:f8:dd:dc:d1:dd:
         87:1f:bf:57:f4:ee:36:01:1a:62:75:bb:dd:6b:7c:a9:6e:12:
         ff:7e:4d:e8:1d:05:be:f0:7c:88:f8:c6:57:78:78:96:e2:62:
         a4:29:03:a2:6d:a0:b2:b8:f4:1d:14:8d:c1:43:01:b1:e9:6a:
         d4:2a:7e:e8:24:92:e4:de:57:ae:e3:cf:df:39:f1:fb:04:b1:
         a0:64:db:eb:1c:0f:f5:81:c9:3f:b9:e6:d8:d3:a0:ea:15:f7:
         98:e7:ae:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5wHA22w2KGPzuosRdK8dH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjYwNTI4MTk0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmM0YzZmOWI2NDhmOTllMjc0YTMyZjMyZmUxZWM0YjQwYmY0ZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfJ0b/cRXYyWmdspTeWefZHnzrgA
8kGEgeifAXvyzuFxFicBdZ5Vacbd2rtQVxNrwptQQianhI3QRIRJByi5eu2onUqB
D+1HodoZGjRiAazYM9rTOP7Gk3ooQmwykxZ7+hrFA4paNTHPzwgi/7ftPftDC9Rs
xZTj32gLtTYeFwLq0lA+yrUYdfYzeJvOaoHIFTKr/1EBj69hmqtIZuznsg/K47Ik
XX87FjCoVsRPOtCHjNXZwV+O2/twKN4vGhxc3rblrXuGe9qDwqWc/JjUZe2jtSDW
rgic5oYGk9FPVyAmz97lyhbLPBTKcZf1n6CqDKWBpOhnCS3fURKTXFHz8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/Exvm2SPmeJ0oy8y/h7EtAv039MB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvZjhURy1iWkktWjRuU2pMekwtSHNTMENfVGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPbiMA0G
CSqGSIb3DQEBCwUAA4IBAQCEzajFbJ7aQBlHoWZU3utx2MWVqdMVhrgeF3Gc40rl
WKWwG4XLz0HWdvlQaHv4LmCTEwdFZDPd11z5goyWYAsSqK9t+ODj/znsVxLlvD99
5kAYa4/EJwQ2dCm0F/H6vhmbo1VJCLoVZceZ0oeYIwY8foMlb3pdwrMEe65lnIPQ
io+lHusGBnj9dhfuNt4inN65rOs8WntM4P6jYMM8+N3c0d2HH79X9O42ARpidbvd
a3ypbhL/fk3oHQW+8HyI+MZXeHiW4mKkKQOibaCyuPQdFI3BQwGx6WrUKn7oJJLk
3leu48/fOfH7BLGgZNvrHA/1gck/uebY06DqFfeY564D
-----END CERTIFICATE-----