Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/ofUllF-dWXHUPtc7vJnGioqPfCY.roa
File:                     ofUllF-dWXHUPtc7vJnGioqPfCY.roa (raw, json)
Hash identifier:          DKXn87ibX3uXQNhf8bxZ9LKgNiZi6MqVfnjhDNqP0fA=
Subject key identifier:   A1:F5:25:94:5F:9D:59:71:D4:3E:D7:3B:BC:99:C6:8A:8A:8F:7C:26
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       019D0512C381EFD22588BAD5E7DE0094CC05
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/ofUllF-dWXHUPtc7vJnGioqPfCY.roa
Signing time:             Thu 19 Mar 2026 07:50:08 +0000
ROA not before:           Thu 19 Mar 2026 07:50:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209697
IP address blocks:        14.102.8.0/24 maxlen: 24
                          91.200.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 06:57:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:12:c3:81:ef:d2:25:88:ba:d5:e7:de:00:94:cc:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Mar 19 07:50:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1f525945f9d5971d43ed73bbc99c68a8a8f7c26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ca:07:16:e5:4c:34:1e:5e:b2:77:d1:7f:1e:
                    a3:f7:19:8d:ce:67:e3:c0:1a:a0:2c:2d:7c:bd:02:
                    ea:31:26:66:2e:06:ef:8a:34:7c:19:7c:a9:d5:82:
                    c2:9c:03:ec:e5:d2:1c:df:5e:03:0a:54:1d:db:ef:
                    17:95:e2:c3:cf:bd:f4:4c:57:ba:7b:5e:30:22:5d:
                    f9:12:db:9f:7d:3c:53:a5:18:4b:37:2c:68:32:d4:
                    6a:4e:84:b1:b0:8e:75:fc:dd:49:4c:02:79:23:16:
                    cc:ae:51:59:b9:0a:81:55:b2:df:da:da:05:91:2c:
                    fa:a1:25:b5:d2:52:d5:de:13:33:ed:3a:78:20:27:
                    14:5f:c7:12:5b:33:b0:fd:00:a2:75:14:18:38:07:
                    78:48:d9:43:f7:77:89:64:fe:fd:ef:72:fc:07:c7:
                    e4:bd:c3:38:1d:38:41:11:b0:47:50:72:44:1c:ee:
                    59:2a:1e:0a:47:24:71:99:64:27:dc:d3:69:96:fc:
                    90:98:6c:6a:8e:38:94:77:0f:16:c0:53:c0:af:ee:
                    b0:c5:0b:08:0e:13:55:1e:52:ae:1d:38:ec:33:6e:
                    19:23:07:b2:96:01:50:56:0b:b7:79:5b:78:c1:68:
                    59:95:d9:0f:0d:67:54:49:d1:e5:48:76:47:d8:df:
                    86:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:F5:25:94:5F:9D:59:71:D4:3E:D7:3B:BC:99:C6:8A:8A:8F:7C:26
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/ofUllF-dWXHUPtc7vJnGioqPfCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.8.0/24
                  91.200.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:aa:b9:ff:2b:ca:8e:fd:39:d1:82:5a:2d:4a:49:9f:74:fc:
         2f:04:fb:d1:de:aa:5f:f3:c7:38:5c:c9:e6:39:bd:87:5b:e6:
         08:06:27:cb:49:a8:c4:ee:34:ca:96:d9:ef:d3:53:cc:b8:3c:
         36:77:9d:8c:f4:77:cd:1f:2e:d0:4e:b3:32:32:01:de:81:6c:
         1f:92:9e:99:fd:45:19:f3:60:e4:22:17:f6:b5:36:e5:16:e4:
         48:e6:87:aa:7e:ca:3c:a4:7a:27:41:db:a2:b8:7b:2e:86:31:
         ab:9b:54:78:ce:bb:02:09:69:af:d7:32:20:f9:8c:c4:d3:61:
         09:a1:b3:3b:17:85:1c:95:98:55:b0:34:06:bd:45:4d:7f:ef:
         9a:4d:71:4b:0e:81:4a:0f:90:27:d9:a2:25:4d:6d:42:b1:16:
         e3:5a:d7:97:2d:1f:b5:cc:12:82:c4:b0:bc:f6:b9:b1:c1:6e:
         e5:43:21:15:c1:b1:de:3e:dd:0f:4a:f0:97:aa:ec:0b:bd:cb:
         fc:6a:29:38:56:d0:e6:2d:8b:60:1b:0f:0f:c4:00:97:e0:85:
         b2:eb:9e:87:8a:ba:4d:57:09:34:9d:d9:a5:b1:83:d9:a3:0c:
         f2:d7:c0:ec:6a:49:a1:91:d1:69:e9:74:32:6a:2d:a5:88:07:
         94:b5:cd:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0FEsOB79IliLrV594AlMwFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjYwMzE5MDc1MDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWY1MjU5NDVmOWQ1OTcxZDQzZWQ3M2JiYzk5YzY4YThhOGY3YzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsoHFuVMNB5esnfRfx6j9xmNzmfj
wBqgLC18vQLqMSZmLgbvijR8GXyp1YLCnAPs5dIc314DClQd2+8XleLDz730TFe6
e14wIl35EtuffTxTpRhLNyxoMtRqToSxsI51/N1JTAJ5IxbMrlFZuQqBVbLf2toF
kSz6oSW10lLV3hMz7Tp4ICcUX8cSWzOw/QCidRQYOAd4SNlD93eJZP7973L8B8fk
vcM4HThBEbBHUHJEHO5ZKh4KRyRxmWQn3NNplvyQmGxqjjiUdw8WwFPAr+6wxQsI
DhNVHlKuHTjsM24ZIweylgFQVgu3eVt4wWhZldkPDWdUSdHlSHZH2N+GyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKH1JZRfnVlx1D7XO7yZxoqKj3wmMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvb2ZVbGxGLWRXWEhVUHRjN3ZKbkdpb3FQZkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQADmYIAwQA
W8j/MA0GCSqGSIb3DQEBCwUAA4IBAQCBqrn/K8qO/TnRglotSkmfdPwvBPvR3qpf
88c4XMnmOb2HW+YIBifLSajE7jTKltnv01PMuDw2d52M9HfNHy7QTrMyMgHegWwf
kp6Z/UUZ82DkIhf2tTblFuRI5oeqfso8pHonQduiuHsuhjGrm1R4zrsCCWmv1zIg
+YzE02EJobM7F4UclZhVsDQGvUVNf++aTXFLDoFKD5An2aIlTW1CsRbjWteXLR+1
zBKCxLC89rmxwW7lQyEVwbHePt0PSvCXquwLvcv8aik4VtDmLYtgGw8PxACX4IWy
656HirpNVwk0ndmlsYPZowzy18DsakmhkdFp6XQyai2liAeUtc16
-----END CERTIFICATE-----