Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/iFoLL08Y0RSZXmxN-OjujZRiXWo.roa
File:                     iFoLL08Y0RSZXmxN-OjujZRiXWo.roa (raw, json)
Hash identifier:          OvbS7GRntI/C8IuP2kjijRom3YriGFk8ZqDEFtaH/hE=
Subject key identifier:   88:5A:0B:2F:4F:18:D1:14:99:5E:6C:4D:F8:E8:EE:8D:94:62:5D:6A
Certificate issuer:       /CN=98dce5a79cb31b148b2e636905a70422fb65c660
Certificate serial:       019D54A1D83876D72E821E8C386FD10E64A8
Authority key identifier: 98:DC:E5:A7:9C:B3:1B:14:8B:2E:63:69:05:A7:04:22:FB:65:C6:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/iFoLL08Y0RSZXmxN-OjujZRiXWo.roa
Signing time:             Fri 03 Apr 2026 18:36:25 +0000
ROA not before:           Fri 03 Apr 2026 18:36:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34442
IP address blocks:        185.145.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 Apr 2026 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:a1:d8:38:76:d7:2e:82:1e:8c:38:6f:d1:0e:64:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98dce5a79cb31b148b2e636905a70422fb65c660
        Validity
            Not Before: Apr  3 18:36:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=885a0b2f4f18d114995e6c4df8e8ee8d94625d6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ac:99:65:33:d6:da:b0:e9:6a:43:f0:82:24:
                    e7:79:67:b6:32:e6:f5:19:60:5d:b3:ed:89:6e:75:
                    c5:34:32:58:a4:f8:49:f2:ef:70:b0:99:88:de:89:
                    c5:1b:81:35:7c:3a:5e:b7:b1:5d:ac:31:ee:53:2e:
                    1c:3f:bf:e5:9f:06:f2:ee:95:32:ae:1c:cf:70:b2:
                    db:38:f8:9e:64:8d:fc:8e:4a:83:51:e8:59:e2:d7:
                    54:02:2b:c1:27:e6:3f:e4:8d:73:ae:8e:25:a3:b4:
                    a9:3c:40:fe:8e:82:7f:ab:8a:60:b5:14:15:dc:1a:
                    1e:d4:52:e3:0d:73:ac:50:65:78:cc:5d:1e:27:7e:
                    77:e0:b9:5c:01:f6:68:5a:d1:d5:28:f8:42:50:06:
                    d5:32:5c:e6:5e:97:8b:88:6d:bd:b3:57:7b:0c:47:
                    2b:a8:2d:f8:11:3f:56:d7:63:16:71:91:c3:4b:81:
                    13:ac:a2:eb:46:db:b4:10:a2:b7:49:d0:da:44:b2:
                    7d:ca:df:56:98:bc:52:46:cd:3f:9f:99:ad:05:82:
                    bb:97:aa:eb:f3:ed:f7:52:2a:db:32:4d:46:a5:94:
                    d2:80:66:29:04:c0:f4:10:7f:c7:44:40:6a:1a:b3:
                    46:13:3f:35:fe:cd:fc:53:2c:88:7a:3d:ee:57:81:
                    60:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:5A:0B:2F:4F:18:D1:14:99:5E:6C:4D:F8:E8:EE:8D:94:62:5D:6A
            X509v3 Authority Key Identifier:
                keyid:98:DC:E5:A7:9C:B3:1B:14:8B:2E:63:69:05:A7:04:22:FB:65:C6:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/iFoLL08Y0RSZXmxN-OjujZRiXWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:6e:75:3c:f4:8f:a5:40:ca:a7:e5:a5:d6:fd:11:9c:52:0e:
         0a:26:88:b0:a6:8d:f9:7e:a8:35:50:81:dc:34:c1:15:5f:e5:
         5a:81:c7:d7:59:63:03:f8:9e:44:f3:ec:8f:45:83:49:0a:50:
         51:21:05:30:de:be:fd:e7:f1:e1:c1:56:ad:35:b9:cc:bc:4d:
         6c:05:b6:ec:d0:64:d4:e6:46:91:25:d7:c3:e2:9e:47:50:f7:
         af:35:54:0f:af:a9:ab:6b:f9:73:1e:10:f3:bf:52:47:73:2e:
         b3:4c:57:ea:3e:09:22:20:97:67:7d:45:28:43:c2:6a:0c:59:
         f2:32:1a:dc:e8:e5:25:70:33:3f:2c:10:56:62:da:d2:b0:c2:
         10:28:5d:54:94:41:53:c3:10:ad:60:93:30:a4:81:9a:59:d7:
         67:d3:ea:81:f4:a8:cb:4d:64:5f:fe:1f:2a:d9:1e:ba:bd:48:
         ed:4d:fc:04:b8:eb:67:a6:fd:02:59:f6:46:2d:47:3e:4e:77:
         21:5f:b8:cf:04:72:8e:da:f1:87:49:08:71:c5:b2:30:97:69:
         aa:e5:8d:58:23:ac:33:b6:14:5e:df:83:95:37:70:8e:df:e9:
         21:f9:d9:38:50:35:4c:11:a3:7e:b5:39:80:59:58:6d:21:b4:
         3a:3f:d2:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Uodg4dtcugh6MOG/RDmSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZGNlNWE3OWNiMzFiMTQ4YjJlNjM2OTA1YTcwNDIyZmI2
NWM2NjAwHhcNMjYwNDAzMTgzNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODVhMGIyZjRmMThkMTE0OTk1ZTZjNGRmOGU4ZWU4ZDk0NjI1ZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwayZZTPW2rDpakPwgiTneWe2Mub1
GWBds+2JbnXFNDJYpPhJ8u9wsJmI3onFG4E1fDpet7FdrDHuUy4cP7/lnwby7pUy
rhzPcLLbOPieZI38jkqDUehZ4tdUAivBJ+Y/5I1zro4lo7SpPED+joJ/q4pgtRQV
3Boe1FLjDXOsUGV4zF0eJ3534LlcAfZoWtHVKPhCUAbVMlzmXpeLiG29s1d7DEcr
qC34ET9W12MWcZHDS4ETrKLrRtu0EKK3SdDaRLJ9yt9WmLxSRs0/n5mtBYK7l6rr
8+33UirbMk1GpZTSgGYpBMD0EH/HREBqGrNGEz81/s38UyyIej3uV4FgtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhaCy9PGNEUmV5sTfjo7o2UYl1qMB8GA1UdIwQY
MBaAFJjc5aecsxsUiy5jaQWnBCL7ZcZgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU56bHA1eXpHeFNMTG1OcEJhY0VJdnRseG1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8xM2I0NTEtOWU4Ni00YmY1LWI2NTEt
Mjk2YjU5ZjZkMmI1LzEvaUZvTEwwOFkwUlNaWG14Ti1PanVqWlJpWFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8xM2I0NTEtOWU4Ni00YmY1LWI2NTEtMjk2YjU5ZjZkMmI1
LzEvbU56bHA1eXpHeFNMTG1OcEJhY0VJdnRseG1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZGfMA0G
CSqGSIb3DQEBCwUAA4IBAQCObnU89I+lQMqn5aXW/RGcUg4KJoiwpo35fqg1UIHc
NMEVX+VagcfXWWMD+J5E8+yPRYNJClBRIQUw3r795/HhwVatNbnMvE1sBbbs0GTU
5kaRJdfD4p5HUPevNVQPr6mra/lzHhDzv1JHcy6zTFfqPgkiIJdnfUUoQ8JqDFny
Mhrc6OUlcDM/LBBWYtrSsMIQKF1UlEFTwxCtYJMwpIGaWddn0+qB9KjLTWRf/h8q
2R66vUjtTfwEuOtnpv0CWfZGLUc+TnchX7jPBHKO2vGHSQhxxbIwl2mq5Y1YI6wz
thRe34OVN3CO3+kh+dk4UDVMEaN+tTmAWVhtIbQ6P9JK
-----END CERTIFICATE-----