Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/32024d-d3e7-4ad0-8a91-3318504c7750/1/AqfiHRSMPIcbIVkiIdixaRazNn0.roa
File:                     AqfiHRSMPIcbIVkiIdixaRazNn0.roa (raw, json)
Hash identifier:          UDIOUMnhU9VicSJL71PeZpDe6IjDOXbKWWhQadSznoc=
Subject key identifier:   02:A7:E2:1D:14:8C:3C:87:1B:21:59:22:21:D8:B1:69:16:B3:36:7D
Certificate issuer:       /CN=2c8ff3614fd0c8a8b7e963ccf20c3af085e2bace
Certificate serial:       019D967D32F48B5F40F3B8A3B026CF77C412
Authority key identifier: 2C:8F:F3:61:4F:D0:C8:A8:B7:E9:63:CC:F2:0C:3A:F0:85:E2:BA:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LI_zYU_QyKi36WPM8gw68IXius4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/32024d-d3e7-4ad0-8a91-3318504c7750/1/AqfiHRSMPIcbIVkiIdixaRazNn0.roa
Signing time:             Thu 16 Apr 2026 13:31:20 +0000
ROA not before:           Thu 16 Apr 2026 13:31:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211040
IP address blocks:        87.238.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/32024d-d3e7-4ad0-8a91-3318504c7750/1/LI_zYU_QyKi36WPM8gw68IXius4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/32024d-d3e7-4ad0-8a91-3318504c7750/1/LI_zYU_QyKi36WPM8gw68IXius4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LI_zYU_QyKi36WPM8gw68IXius4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:7d:32:f4:8b:5f:40:f3:b8:a3:b0:26:cf:77:c4:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c8ff3614fd0c8a8b7e963ccf20c3af085e2bace
        Validity
            Not Before: Apr 16 13:31:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02a7e21d148c3c871b21592221d8b16916b3367d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d0:cf:7a:d5:0a:64:63:25:a8:43:c8:1d:f6:
                    c7:2b:08:a0:65:6b:b0:c8:05:07:6d:68:32:b9:b8:
                    f7:1b:f8:09:8e:f0:4c:b4:41:95:b6:07:76:e6:d3:
                    81:17:f5:7f:a7:f5:bf:bc:9d:a5:32:d4:4c:4f:ba:
                    b5:93:2d:8a:63:ee:d5:9d:4f:e6:12:21:cb:e9:cd:
                    34:52:5a:9a:ce:c6:50:0c:bf:64:e3:40:47:ae:8d:
                    97:b6:fc:76:3f:6a:03:97:4a:3f:66:49:d4:c2:8d:
                    2c:83:b9:9f:3a:3c:58:1d:03:3c:3e:85:b8:8c:96:
                    79:0e:60:41:e5:91:0f:72:15:83:5f:a4:b8:a2:d5:
                    10:96:6a:fe:54:e9:56:4a:b5:e7:e1:a3:3e:a1:3c:
                    25:d9:50:b4:e4:b2:ec:b8:0c:36:bd:dc:46:f6:7d:
                    b7:25:50:c8:61:62:34:78:76:3c:0f:c6:89:70:c9:
                    ad:cb:7b:5a:4a:cc:50:4b:d2:05:3c:df:bb:12:ba:
                    39:ea:5c:4b:10:9d:55:71:5a:a0:5b:67:ad:fa:a1:
                    6b:dd:9f:e3:36:3d:28:d7:47:cb:29:af:45:b7:81:
                    19:ba:c9:ee:06:1d:a3:fd:3c:dd:62:1a:70:87:ed:
                    2b:e9:d6:9f:8a:d5:32:e9:a0:db:72:c8:b9:68:c2:
                    a4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A7:E2:1D:14:8C:3C:87:1B:21:59:22:21:D8:B1:69:16:B3:36:7D
            X509v3 Authority Key Identifier:
                keyid:2C:8F:F3:61:4F:D0:C8:A8:B7:E9:63:CC:F2:0C:3A:F0:85:E2:BA:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LI_zYU_QyKi36WPM8gw68IXius4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/32024d-d3e7-4ad0-8a91-3318504c7750/1/AqfiHRSMPIcbIVkiIdixaRazNn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/32024d-d3e7-4ad0-8a91-3318504c7750/1/LI_zYU_QyKi36WPM8gw68IXius4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.238.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:cd:e9:28:62:0d:5a:2d:82:82:b2:01:1a:16:b0:1c:99:96:
         3c:a7:a5:a7:2a:35:9c:ca:d6:3e:72:8b:b7:2c:a9:e0:c3:40:
         dd:40:e6:17:ea:15:42:24:0f:83:30:99:5c:ed:b8:7e:73:db:
         95:7c:c0:5b:1e:33:a2:70:8a:b4:19:df:e5:f2:e1:4b:04:80:
         08:dd:bf:ea:11:b7:8e:1c:38:88:18:4c:e0:9f:6d:b0:56:b7:
         28:b3:c1:ea:9e:a2:58:f8:39:05:5f:f6:c6:06:2f:dc:fe:1d:
         2b:ea:96:5c:ea:dc:f3:ae:81:c2:0d:ba:1a:0f:af:f4:34:55:
         01:d5:ae:8d:d8:78:75:88:97:eb:93:ae:df:1b:67:57:d7:6b:
         cd:25:3b:7d:9c:f7:07:c3:a6:f7:a3:7a:59:fa:64:8b:99:72:
         0f:3b:95:8f:a9:e5:21:67:97:aa:92:a2:d8:76:83:c5:4a:cf:
         00:1a:f3:fc:2d:2b:2a:ce:4d:81:60:dd:8a:c6:11:77:3b:c7:
         86:55:3d:bb:5d:e1:66:70:ed:31:72:00:f2:38:da:6b:1c:6f:
         7f:0d:1e:5c:1f:fa:bf:98:ed:e4:d4:45:ac:48:3b:40:7c:b9:
         0e:a5:98:be:cd:98:48:60:5b:7b:a5:ba:69:6d:28:67:37:d5:
         3f:3b:6c:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2WfTL0i19A87ijsCbPd8QSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOGZmMzYxNGZkMGM4YThiN2U5NjNjY2YyMGMzYWYwODVl
MmJhY2UwHhcNMjYwNDE2MTMzMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmE3ZTIxZDE0OGMzYzg3MWIyMTU5MjIyMWQ4YjE2OTE2YjMzNjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstDPetUKZGMlqEPIHfbHKwigZWuw
yAUHbWgyubj3G/gJjvBMtEGVtgd25tOBF/V/p/W/vJ2lMtRMT7q1ky2KY+7VnU/m
EiHL6c00UlqazsZQDL9k40BHro2Xtvx2P2oDl0o/ZknUwo0sg7mfOjxYHQM8PoW4
jJZ5DmBB5ZEPchWDX6S4otUQlmr+VOlWSrXn4aM+oTwl2VC05LLsuAw2vdxG9n23
JVDIYWI0eHY8D8aJcMmty3taSsxQS9IFPN+7Ero56lxLEJ1VcVqgW2et+qFr3Z/j
Nj0o10fLKa9Ft4EZusnuBh2j/TzdYhpwh+0r6dafitUy6aDbcsi5aMKk5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKn4h0UjDyHGyFZIiHYsWkWszZ9MB8GA1UdIwQY
MBaAFCyP82FP0Miot+ljzPIMOvCF4rrOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTElfellVX1F5S2kzNldQTThndzY4SVhpdXM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8zMjAyNGQtZDNlNy00YWQwLThhOTEt
MzMxODUwNGM3NzUwLzEvQXFmaUhSU01QSWNiSVZraUlkaXhhUmF6Tm4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8zMjAyNGQtZDNlNy00YWQwLThhOTEtMzMxODUwNGM3NzUw
LzEvTElfellVX1F5S2kzNldQTThndzY4SVhpdXM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV+7+MA0G
CSqGSIb3DQEBCwUAA4IBAQAvzekoYg1aLYKCsgEaFrAcmZY8p6WnKjWcytY+cou3
LKngw0DdQOYX6hVCJA+DMJlc7bh+c9uVfMBbHjOicIq0Gd/l8uFLBIAI3b/qEbeO
HDiIGEzgn22wVrcos8HqnqJY+DkFX/bGBi/c/h0r6pZc6tzzroHCDboaD6/0NFUB
1a6N2Hh1iJfrk67fG2dX12vNJTt9nPcHw6b3o3pZ+mSLmXIPO5WPqeUhZ5eqkqLY
doPFSs8AGvP8LSsqzk2BYN2KxhF3O8eGVT27XeFmcO0xcgDyONprHG9/DR5cH/q/
mO3k1EWsSDtAfLkOpZi+zZhIYFt7pbppbShnN9U/O2wm
-----END CERTIFICATE-----