Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-j0TwsU_0HUAtq-u_Y98QSAiQHw.roa
File:                     1-j0TwsU_0HUAtq-u_Y98QSAiQHw.roa (raw, json)
Hash identifier:          RjXExn7I5kn2rmoPr9Q2isEMBiBp+q4tVjdbWBxeN3U=
Subject key identifier:   FA:3D:13:C2:C5:3F:D0:75:00:B6:AF:AE:FD:8F:7C:41:20:22:40:7C
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019C0E0B735258B4E411909D71DDFD369D21
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-j0TwsU_0HUAtq-u_Y98QSAiQHw.roa
Signing time:             Fri 30 Jan 2026 08:35:57 +0000
ROA not before:           Fri 30 Jan 2026 08:35:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12302
IP address blocks:        31.14.34.0/24 maxlen: 24
                          86.104.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:0e:0b:73:52:58:b4:e4:11:90:9d:71:dd:fd:36:9d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan 30 08:35:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa3d13c2c53fd07500b6afaefd8f7c412022407c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a1:2c:c6:7b:5a:8e:1e:f2:a2:2e:1e:3d:e1:
                    ba:7d:90:ab:89:84:a9:c2:a0:79:a1:94:bd:4e:3d:
                    be:95:82:97:a9:e7:81:4d:d9:e2:3a:57:de:7f:b3:
                    17:48:ea:f7:ab:5f:50:dd:a3:e1:c1:ba:9f:8d:85:
                    f9:b7:9f:75:57:46:d8:ad:58:68:0f:48:e9:4e:bf:
                    78:a7:7c:6c:1b:5b:f2:9c:e5:c0:c1:60:97:92:a2:
                    5e:1f:9c:a9:55:25:a7:03:bc:0a:6f:a8:36:79:ba:
                    5c:13:5c:3a:01:7c:01:f0:f4:8e:17:e9:4c:75:fd:
                    35:28:e5:ea:a8:1c:07:9b:8b:b2:e4:81:da:8b:3f:
                    b8:8a:9a:60:13:69:25:0f:3e:e5:52:13:f7:4b:66:
                    23:97:45:ea:25:4c:61:33:ca:f3:7d:f6:73:a9:4d:
                    de:e3:54:88:1b:90:88:21:c1:2a:af:d2:31:a3:bb:
                    f9:4c:eb:f0:92:b3:5a:20:ba:b9:b7:80:f2:af:f5:
                    72:7d:8a:58:93:e3:a3:3c:5c:c4:e8:b4:62:26:e9:
                    ae:b6:35:2f:7b:d8:ae:d2:7c:c0:54:8f:e4:8c:cd:
                    4d:44:fb:ea:7a:93:73:3b:2d:e9:08:15:60:54:e9:
                    af:05:19:8d:0d:0a:4a:67:59:0c:bd:b2:0e:30:27:
                    d4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:3D:13:C2:C5:3F:D0:75:00:B6:AF:AE:FD:8F:7C:41:20:22:40:7C
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-j0TwsU_0HUAtq-u_Y98QSAiQHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.34.0/24
                  86.104.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:e8:c5:25:b6:7c:6c:34:eb:3b:da:5b:f1:aa:65:a1:18:36:
         09:85:bf:0e:8d:af:4f:aa:98:4c:91:ac:49:76:a9:a7:fe:c1:
         a3:b9:a4:29:1a:cb:2b:05:e2:ac:1d:5c:10:a7:d6:c0:a4:36:
         c0:0f:f9:db:a6:10:95:c4:6f:0c:09:af:93:d8:d2:ab:b6:1a:
         6b:a6:35:c9:2c:f0:27:3f:65:a7:4c:e3:08:97:22:c6:f2:e8:
         37:3e:e2:91:ba:6e:b9:4b:88:0c:d5:c2:18:46:2d:f9:48:85:
         10:57:a5:66:b4:fc:cc:07:27:f7:20:de:e4:5d:7b:bd:f2:83:
         c1:2a:e6:d1:aa:f9:9c:56:f8:2a:ca:ca:ff:b2:79:ec:f2:67:
         a8:28:78:c6:99:e7:bd:48:7f:2b:db:bf:78:9d:09:18:38:35:
         c5:04:59:a3:1a:d3:4d:51:a7:aa:c9:fc:e6:10:ef:8e:4e:6d:
         bf:14:9c:83:2f:2b:9d:23:7b:73:07:c5:13:53:02:01:25:e9:
         4f:b6:1a:0a:17:6b:d2:83:4a:41:eb:d6:e0:6f:2c:44:84:08:
         74:00:1d:75:18:93:42:76:09:08:14:96:00:5b:61:40:9d:78:
         68:0c:a7:c7:85:b2:14:b7:db:28:9b:1a:99:2e:5b:d9:a2:88:
         7b:28:c0:f4
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZwOC3NSWLTkEZCdcd39Np0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTMwMDgzNTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTNkMTNjMmM1M2ZkMDc1MDBiNmFmYWVmZDhmN2M0MTIwMjI0MDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaEsxntajh7yoi4ePeG6fZCriYSp
wqB5oZS9Tj2+lYKXqeeBTdniOlfef7MXSOr3q19Q3aPhwbqfjYX5t591V0bYrVho
D0jpTr94p3xsG1vynOXAwWCXkqJeH5ypVSWnA7wKb6g2ebpcE1w6AXwB8PSOF+lM
df01KOXqqBwHm4uy5IHaiz+4ippgE2klDz7lUhP3S2Yjl0XqJUxhM8rzffZzqU3e
41SIG5CIIcEqr9Ixo7v5TOvwkrNaILq5t4Dyr/VyfYpYk+OjPFzE6LRiJumutjUv
e9iu0nzAVI/kjM1NRPvqepNzOy3pCBVgVOmvBRmNDQpKZ1kMvbIOMCfU+wIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPo9E8LFP9B1ALavrv2PfEEgIkB8MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzEtajBUd3NVXzBIVUF0cS11X1k5OFFTQWlRSHcucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzc4L2RhMzM5OC02Njk4LTQ1ZjItYmFhZS05MmUyNWZlMTYz
MzEvMS8xLU9ZbU5PRzlVVE9wM2tVU3JwakswYklobTFrLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHw4i
AwQAVmjBMA0GCSqGSIb3DQEBCwUAA4IBAQDM6MUltnxsNOs72lvxqmWhGDYJhb8O
ja9PqphMkaxJdqmn/sGjuaQpGssrBeKsHVwQp9bApDbAD/nbphCVxG8MCa+T2NKr
thprpjXJLPAnP2WnTOMIlyLG8ug3PuKRum65S4gM1cIYRi35SIUQV6VmtPzMByf3
IN7kXXu98oPBKubRqvmcVvgqysr/snns8meoKHjGmee9SH8r2794nQkYODXFBFmj
GtNNUaeqyfzmEO+OTm2/FJyDLyudI3tzB8UTUwIBJelPthoKF2vSg0pB69bgbyxE
hAh0AB11GJNCdgkIFJYAW2FAnXhoDKfHhbIUt9somxqZLlvZooh7KMD0
-----END CERTIFICATE-----