Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iuhfF6-G-sT6-LZTooRDyr_UBQE.roa
File:                     iuhfF6-G-sT6-LZTooRDyr_UBQE.roa (raw, json)
Hash identifier:          Mtx6TFM8DRL9lTL/51IrxGGDm44zF+2N+BICmgSe/xk=
Subject key identifier:   8A:E8:5F:17:AF:86:FA:C4:FA:F8:B6:53:A2:84:43:CA:BF:D4:05:01
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019D7889A8224B0730CFE0ECF779A79B94AE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iuhfF6-G-sT6-LZTooRDyr_UBQE.roa
Signing time:             Fri 10 Apr 2026 17:56:20 +0000
ROA not before:           Fri 10 Apr 2026 17:56:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42161
IP address blocks:        193.124.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:11:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:89:a8:22:4b:07:30:cf:e0:ec:f7:79:a7:9b:94:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 10 17:56:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ae85f17af86fac4faf8b653a28443cabfd40501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:29:bb:da:c9:9b:d1:9d:84:53:d8:bc:48:cb:
                    e3:e4:b1:8b:8c:2d:ac:04:37:c4:98:d9:f7:0c:2d:
                    1b:22:c6:0f:c3:a4:57:11:a1:86:8a:ad:ae:2d:e8:
                    13:f9:d3:6a:93:35:02:31:b7:2e:f7:c5:a5:ff:43:
                    86:22:38:01:b3:df:86:01:79:42:94:6e:51:9f:a7:
                    47:fd:f4:5e:7b:1e:68:d1:bb:0a:d6:95:77:93:75:
                    48:25:04:30:e3:e5:92:17:27:d1:31:0f:cf:7a:3a:
                    b5:5d:88:93:88:c1:f3:94:e0:49:71:f9:4d:2d:e1:
                    cd:59:65:45:b1:1b:8e:f8:b3:44:13:ed:46:81:c5:
                    e8:83:a3:b8:5f:cd:74:b8:c7:94:a0:f4:56:49:cf:
                    db:ee:3b:65:c7:97:c8:9c:ec:01:ed:31:ab:63:1c:
                    54:be:17:70:52:91:55:62:3a:ee:b9:cb:89:8c:f6:
                    e2:61:d2:96:a4:f8:54:9d:7f:b8:44:f9:75:a2:7a:
                    f5:cd:51:9f:f7:76:b8:8b:07:8a:01:f7:5c:95:c5:
                    90:84:a1:90:c4:7d:2f:91:09:0e:66:87:64:d4:f9:
                    61:0d:41:c1:5f:36:39:dc:c9:fd:16:bd:30:b6:f0:
                    14:89:46:b5:39:0a:99:e2:5f:fc:b0:cb:3e:12:c7:
                    cc:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E8:5F:17:AF:86:FA:C4:FA:F8:B6:53:A2:84:43:CA:BF:D4:05:01
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iuhfF6-G-sT6-LZTooRDyr_UBQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:ee:dc:98:dd:90:99:1e:90:c9:b5:60:c2:a9:3d:36:78:91:
         f5:6f:8a:ac:77:88:f8:df:07:8c:9a:28:25:d9:fb:20:77:21:
         e8:6c:23:9e:b3:1f:66:da:3e:7b:3c:e8:da:00:80:6c:06:15:
         89:c5:bd:96:3e:44:72:92:e6:e1:f8:55:11:ec:b2:be:a8:60:
         c2:35:52:14:18:ee:24:c5:22:8b:71:62:bb:c5:be:9f:96:4f:
         c2:08:41:68:5a:a4:d3:cb:f9:db:31:d6:b2:c2:81:8a:94:fe:
         d3:d4:d3:c1:81:66:78:2d:ea:4d:d8:9b:df:fa:d7:11:41:4c:
         66:71:95:1a:01:47:2a:90:a0:67:d2:0f:41:f1:4c:e0:5b:0b:
         48:d0:15:4e:bc:3e:fb:d8:12:9e:ed:44:8f:05:d9:f8:25:13:
         d5:af:a5:39:ec:d9:05:26:1e:dd:7a:46:9f:40:a9:d4:c3:50:
         65:02:3b:aa:3c:80:eb:62:32:86:87:a2:3e:b0:a1:e0:b7:63:
         60:91:73:31:c9:a4:a3:f0:d0:da:a6:44:42:89:c3:e8:4c:03:
         75:11:64:fa:a9:f8:53:c5:48:a8:88:3f:d8:7f:92:06:6a:fe:
         48:df:46:f6:ab:4d:5d:b7:68:5f:ec:5d:6d:c4:9f:6e:23:22:
         cb:b7:12:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ14iagiSwcwz+Ds93mnm5SuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNDEwMTc1NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWU4NWYxN2FmODZmYWM0ZmFmOGI2NTNhMjg0NDNjYWJmZDQwNTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzym72smb0Z2EU9i8SMvj5LGLjC2s
BDfEmNn3DC0bIsYPw6RXEaGGiq2uLegT+dNqkzUCMbcu98Wl/0OGIjgBs9+GAXlC
lG5Rn6dH/fReex5o0bsK1pV3k3VIJQQw4+WSFyfRMQ/Pejq1XYiTiMHzlOBJcflN
LeHNWWVFsRuO+LNEE+1GgcXog6O4X810uMeUoPRWSc/b7jtlx5fInOwB7TGrYxxU
vhdwUpFVYjruucuJjPbiYdKWpPhUnX+4RPl1onr1zVGf93a4iweKAfdclcWQhKGQ
xH0vkQkOZodk1PlhDUHBXzY53Mn9Fr0wtvAUiUa1OQqZ4l/8sMs+EsfMFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIroXxevhvrE+vi2U6KEQ8q/1AUBMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaXVoZkY2LUctc1Q2LUxaVG9vUkR5cl9VQlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXwSMA0G
CSqGSIb3DQEBCwUAA4IBAQA07tyY3ZCZHpDJtWDCqT02eJH1b4qsd4j43weMmigl
2fsgdyHobCOesx9m2j57POjaAIBsBhWJxb2WPkRykubh+FUR7LK+qGDCNVIUGO4k
xSKLcWK7xb6flk/CCEFoWqTTy/nbMdaywoGKlP7T1NPBgWZ4LepN2Jvf+tcRQUxm
cZUaAUcqkKBn0g9B8UzgWwtI0BVOvD772BKe7USPBdn4JRPVr6U57NkFJh7dekaf
QKnUw1BlAjuqPIDrYjKGh6I+sKHgt2NgkXMxyaSj8NDapkRCicPoTAN1EWT6qfhT
xUioiD/Yf5IGav5I30b2q01dt2hf7F1txJ9uIyLLtxJ3
-----END CERTIFICATE-----