Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/IE8VWELD3g0DO3gYHC_z26msPYU.roa
File:                     IE8VWELD3g0DO3gYHC_z26msPYU.roa (raw, json)
Hash identifier:          m/nYv/URr+D7B0eiLOEiVRSy+CpygNvrQVQxj1poyvg=
Subject key identifier:   20:4F:15:58:42:C3:DE:0D:03:3B:78:18:1C:2F:F3:DB:A9:AC:3D:85
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019C87F37BFA0A5B014DCC1DEB88375F3629
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/IE8VWELD3g0DO3gYHC_z26msPYU.roa
Signing time:             Mon 23 Feb 2026 00:43:27 +0000
ROA not before:           Mon 23 Feb 2026 00:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20860
IP address blocks:        91.246.49.0/24 maxlen: 24
                          91.247.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:87:f3:7b:fa:0a:5b:01:4d:cc:1d:eb:88:37:5f:36:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Feb 23 00:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=204f155842c3de0d033b78181c2ff3dba9ac3d85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b0:81:61:f4:1f:85:02:62:1a:5f:63:de:72:
                    bc:7b:93:2f:81:3c:ef:8f:82:3f:e1:16:a2:89:b4:
                    c8:54:47:d2:35:67:4a:59:e1:5c:c0:3f:f6:5a:49:
                    45:54:1d:1a:d8:27:52:96:4d:7e:06:ca:83:94:6d:
                    28:aa:93:fc:e6:b4:3b:1f:4f:0d:41:9b:6e:a1:25:
                    b3:f2:13:99:a5:d0:95:ff:e0:96:7b:2e:de:38:4d:
                    a7:e1:ef:04:7f:69:76:0d:83:8c:07:5f:ac:4a:6b:
                    96:ff:14:04:f7:ef:c2:37:88:95:10:fb:31:2e:e8:
                    a1:ea:eb:0f:e1:a8:f7:e3:d2:04:f0:b3:57:92:0d:
                    ba:4d:a2:87:9d:eb:a4:10:96:c5:e2:2d:26:12:cd:
                    7e:2d:bd:1b:a5:03:a5:1e:e9:ef:1b:d9:dc:52:36:
                    af:34:99:ba:8e:80:d8:94:e8:3d:fd:ee:70:fe:a1:
                    40:9f:e5:30:d7:79:ef:7c:6d:72:3e:64:e8:9a:d2:
                    7c:24:34:14:5d:52:fe:a9:48:b2:a3:24:0a:e1:69:
                    b5:58:f3:81:76:ae:ac:d0:6e:7d:dd:d5:b3:bf:c9:
                    6b:ad:a4:d1:ab:c2:7d:0e:de:2b:0c:8a:c1:44:87:
                    b5:1f:2e:88:c2:b7:91:98:90:97:ef:00:74:5c:02:
                    28:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:4F:15:58:42:C3:DE:0D:03:3B:78:18:1C:2F:F3:DB:A9:AC:3D:85
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/IE8VWELD3g0DO3gYHC_z26msPYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.49.0/24
                  91.247.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:f4:2a:50:cb:7c:bc:c2:87:ec:8c:d2:31:a0:98:21:4e:ab:
         f0:79:9d:bc:70:1f:5a:3b:2c:65:d1:ab:49:e7:ca:22:34:07:
         f8:8f:b3:f8:24:b7:9a:8e:93:40:c2:0c:43:2e:cb:54:e3:e6:
         b3:59:20:4e:41:67:ba:68:12:e2:26:48:3c:56:fa:0f:e5:f3:
         88:a1:66:8e:9c:4a:fb:e9:f3:d4:82:12:54:b9:20:81:37:88:
         96:25:f4:07:78:18:23:2d:cb:08:b9:f6:d5:f4:6d:b5:c8:c0:
         08:38:6b:c4:fb:74:d2:2f:16:c5:bc:2e:c8:08:b7:35:d5:27:
         f8:e0:be:07:bb:ae:71:53:06:68:5e:c2:1d:4d:cf:c1:f8:8f:
         06:54:30:66:4a:a4:41:c6:f6:9c:71:fd:b6:7d:35:76:2b:a6:
         79:32:ef:a0:05:21:e6:c1:cc:ef:a3:14:03:8e:bf:e1:c4:6a:
         04:68:e9:00:ca:44:9d:14:cb:d1:40:88:8d:fa:0d:a1:b4:85:
         3d:97:10:61:a9:76:a4:80:15:50:ca:d3:76:91:d1:4f:0e:a7:
         63:3d:a8:71:13:a4:66:6c:74:2e:4b:03:79:2e:b7:e1:fb:95:
         2d:97:58:68:af:fe:13:c1:cc:6c:9c:79:34:e3:51:40:32:e1:
         48:3a:f1:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyH83v6ClsBTcwd64g3XzYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMjIzMDA0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDRmMTU1ODQyYzNkZTBkMDMzYjc4MTgxYzJmZjNkYmE5YWMzZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrCBYfQfhQJiGl9j3nK8e5MvgTzv
j4I/4RaiibTIVEfSNWdKWeFcwD/2WklFVB0a2CdSlk1+BsqDlG0oqpP85rQ7H08N
QZtuoSWz8hOZpdCV/+CWey7eOE2n4e8Ef2l2DYOMB1+sSmuW/xQE9+/CN4iVEPsx
Luih6usP4aj349IE8LNXkg26TaKHneukEJbF4i0mEs1+Lb0bpQOlHunvG9ncUjav
NJm6joDYlOg9/e5w/qFAn+Uw13nvfG1yPmTomtJ8JDQUXVL+qUiyoyQK4Wm1WPOB
dq6s0G593dWzv8lrraTRq8J9Dt4rDIrBRIe1Hy6IwreRmJCX7wB0XAIoQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCBPFVhCw94NAzt4GBwv89uprD2FMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvSUU4VldFTEQzZzBETzNnWUhDX3oyNm1zUFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/YxAwQA
W/exMA0GCSqGSIb3DQEBCwUAA4IBAQAu9CpQy3y8wofsjNIxoJghTqvweZ28cB9a
Oyxl0atJ58oiNAf4j7P4JLeajpNAwgxDLstU4+azWSBOQWe6aBLiJkg8VvoP5fOI
oWaOnEr76fPUghJUuSCBN4iWJfQHeBgjLcsIufbV9G21yMAIOGvE+3TSLxbFvC7I
CLc11Sf44L4Hu65xUwZoXsIdTc/B+I8GVDBmSqRBxvaccf22fTV2K6Z5Mu+gBSHm
wczvoxQDjr/hxGoEaOkAykSdFMvRQIiN+g2htIU9lxBhqXakgBVQytN2kdFPDqdj
PahxE6RmbHQuSwN5Lrfh+5Utl1hor/4TwcxsnHk041FAMuFIOvGV
-----END CERTIFICATE-----