Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/8Xpu1O4i8G8YveSzPyz09_fdc98.roa
File:                     8Xpu1O4i8G8YveSzPyz09_fdc98.roa (raw, json)
Hash identifier:          Bt1xJ3q8KPzlgWyoG3A3cctJyDzyf6F3KbGu2rLkM5I=
Subject key identifier:   F1:7A:6E:D4:EE:22:F0:6F:18:BD:E4:B3:3F:2C:F4:F7:F7:DD:73:DF
Certificate issuer:       /CN=aa67dfb882ae7d8e55d258651742f4e6ce437019
Certificate serial:       019B7C803CE0FE3362F5773C649494CFE93E
Authority key identifier: AA:67:DF:B8:82:AE:7D:8E:55:D2:58:65:17:42:F4:E6:CE:43:70:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qmffuIKufY5V0lhlF0L05s5DcBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/8Xpu1O4i8G8YveSzPyz09_fdc98.roa
Signing time:             Fri 02 Jan 2026 02:18:57 +0000
ROA not before:           Fri 02 Jan 2026 02:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31461
IP address blocks:        80.65.176.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/qmffuIKufY5V0lhlF0L05s5DcBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/qmffuIKufY5V0lhlF0L05s5DcBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qmffuIKufY5V0lhlF0L05s5DcBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:3c:e0:fe:33:62:f5:77:3c:64:94:94:cf:e9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa67dfb882ae7d8e55d258651742f4e6ce437019
        Validity
            Not Before: Jan  2 02:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f17a6ed4ee22f06f18bde4b33f2cf4f7f7dd73df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e7:1d:a2:92:72:93:96:47:ec:61:50:b9:58:
                    57:33:ec:a6:5d:ae:c7:d3:29:be:a1:37:3c:49:2c:
                    07:76:ab:23:df:4d:eb:4f:d3:57:23:90:7a:43:c8:
                    62:25:82:f6:2d:5b:04:32:73:ea:e6:9a:eb:b7:62:
                    0d:46:9b:a2:44:b8:e6:f9:19:28:d9:30:ad:4a:b5:
                    18:83:c4:7c:8a:fd:5d:22:d8:eb:45:a0:49:90:40:
                    b8:bc:ff:33:9a:b2:35:0c:6e:1d:aa:f9:81:b0:03:
                    cc:1a:f9:e7:16:3e:0a:64:c5:0d:e6:bc:07:36:a3:
                    f4:37:fd:18:72:eb:80:4d:55:c9:f2:68:1f:89:f9:
                    87:ae:33:63:33:08:75:09:6b:ea:4b:5d:fe:85:7f:
                    b5:bd:6f:94:33:5b:a1:b8:63:89:ab:8d:2d:81:93:
                    d3:5d:9f:17:72:b8:79:9b:6b:06:ba:12:9d:09:8c:
                    c6:fd:e2:a4:67:cb:a7:26:b1:b9:5c:1a:d2:bd:3b:
                    b4:40:c2:eb:db:e3:9c:4b:d5:6a:ab:a8:5a:f1:11:
                    4e:dd:ea:a1:73:84:62:58:f6:51:b7:13:86:08:41:
                    07:18:09:d1:8c:74:c1:34:34:5c:2f:7f:46:ae:90:
                    95:d8:93:15:87:92:99:8c:46:b6:47:ca:ef:a1:49:
                    0b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:7A:6E:D4:EE:22:F0:6F:18:BD:E4:B3:3F:2C:F4:F7:F7:DD:73:DF
            X509v3 Authority Key Identifier:
                keyid:AA:67:DF:B8:82:AE:7D:8E:55:D2:58:65:17:42:F4:E6:CE:43:70:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmffuIKufY5V0lhlF0L05s5DcBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/8Xpu1O4i8G8YveSzPyz09_fdc98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/qmffuIKufY5V0lhlF0L05s5DcBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.65.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6b:1b:86:38:25:67:cf:ca:da:af:c1:9a:a9:43:61:9a:e6:68:
         d3:f3:4f:ee:35:14:1a:10:5b:90:e8:7f:e0:3d:5b:19:76:81:
         07:9d:2f:46:1c:30:a8:de:a7:2f:4a:70:ec:1f:e7:4c:da:c1:
         70:03:84:68:32:60:05:33:45:d8:03:dd:1a:b5:8a:cf:1b:20:
         d8:8e:13:33:20:2a:57:d5:74:f4:83:89:08:ed:a0:dc:3f:96:
         6d:5f:33:69:5a:20:d6:68:a3:c4:fb:de:d3:0d:3d:15:24:3b:
         a1:62:9c:4d:2c:8a:48:f4:97:9a:cd:2c:93:63:ac:3f:4b:fb:
         22:a9:1e:52:67:67:e9:18:86:ae:f8:73:c2:fd:df:fc:62:c6:
         af:e7:a8:1b:ac:cd:66:64:9f:42:61:ee:b3:46:67:6d:86:b1:
         f8:e2:fd:1e:63:8a:d5:5d:17:ea:43:cb:4e:76:43:79:02:96:
         cd:a8:c3:32:24:8a:36:67:1e:68:3d:02:3e:6c:83:2a:a3:5b:
         bf:4c:e1:e3:49:73:78:c8:47:84:30:f2:e1:79:77:87:9c:71:
         10:74:e3:ef:fa:68:85:2c:8f:ce:dd:7b:63:ad:1b:87:0f:49:
         45:d4:bb:e5:dd:ec:f4:b8:a2:87:3a:3f:b5:6a:60:29:4c:c3:
         ea:fd:d2:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gDzg/jNi9Xc8ZJSUz+k+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjdkZmI4ODJhZTdkOGU1NWQyNTg2NTE3NDJmNGU2Y2U0
MzcwMTkwHhcNMjYwMTAyMDIxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTdhNmVkNGVlMjJmMDZmMThiZGU0YjMzZjJjZjRmN2Y3ZGQ3M2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlucdopJyk5ZH7GFQuVhXM+ymXa7H
0ym+oTc8SSwHdqsj303rT9NXI5B6Q8hiJYL2LVsEMnPq5prrt2INRpuiRLjm+Rko
2TCtSrUYg8R8iv1dItjrRaBJkEC4vP8zmrI1DG4dqvmBsAPMGvnnFj4KZMUN5rwH
NqP0N/0YcuuATVXJ8mgfifmHrjNjMwh1CWvqS13+hX+1vW+UM1uhuGOJq40tgZPT
XZ8Xcrh5m2sGuhKdCYzG/eKkZ8unJrG5XBrSvTu0QMLr2+OcS9Vqq6ha8RFO3eqh
c4RiWPZRtxOGCEEHGAnRjHTBNDRcL39GrpCV2JMVh5KZjEa2R8rvoUkLDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPF6btTuIvBvGL3ksz8s9Pf33XPfMB8GA1UdIwQY
MBaAFKpn37iCrn2OVdJYZRdC9ObOQ3AZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1mZnVJS3VmWTVWMGxobEYwTDA1czVEY0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ODRkNTQtZjQ2OC00NzlmLTk3NTgt
ZTFmZjg2Mzg2MzRiLzEvOFhwdTFPNGk4RzhZdmVTelB5ejA5X2ZkYzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ODRkNTQtZjQ2OC00NzlmLTk3NTgtZTFmZjg2Mzg2MzRi
LzEvcW1mZnVJS3VmWTVWMGxobEYwTDA1czVEY0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUEGwMA0G
CSqGSIb3DQEBCwUAA4IBAQBrG4Y4JWfPytqvwZqpQ2Ga5mjT80/uNRQaEFuQ6H/g
PVsZdoEHnS9GHDCo3qcvSnDsH+dM2sFwA4RoMmAFM0XYA90atYrPGyDYjhMzICpX
1XT0g4kI7aDcP5ZtXzNpWiDWaKPE+97TDT0VJDuhYpxNLIpI9JeazSyTY6w/S/si
qR5SZ2fpGIau+HPC/d/8Ysav56gbrM1mZJ9CYe6zRmdthrH44v0eY4rVXRfqQ8tO
dkN5ApbNqMMyJIo2Zx5oPQI+bIMqo1u/TOHjSXN4yEeEMPLheXeHnHEQdOPv+miF
LI/O3XtjrRuHD0lF1Lvl3ez0uKKHOj+1amApTMPq/dLm
-----END CERTIFICATE-----