Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/8Pw5xwJZ8_FbijY1UWyOiCbMwAw.roa
File:                     8Pw5xwJZ8_FbijY1UWyOiCbMwAw.roa (raw, json)
Hash identifier:          xnklsSjf4RU4mZa1xLfkXZcRtc5QBrEjwNAkBQns+5I=
Subject key identifier:   F0:FC:39:C7:02:59:F3:F1:5B:8A:36:35:51:6C:8E:88:26:CC:C0:0C
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019D3D649F6D2C3BD8F24EF33D7D4CED80A9
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/8Pw5xwJZ8_FbijY1UWyOiCbMwAw.roa
Signing time:             Mon 30 Mar 2026 06:18:17 +0000
ROA not before:           Mon 30 Mar 2026 06:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        80.71.233.0/24 maxlen: 24
                          80.71.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3d:64:9f:6d:2c:3b:d8:f2:4e:f3:3d:7d:4c:ed:80:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Mar 30 06:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0fc39c70259f3f15b8a3635516c8e8826ccc00c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a9:fb:c7:9f:98:34:34:37:55:a1:59:af:24:
                    21:8d:90:48:47:98:b9:3e:ac:60:e8:31:85:2d:0a:
                    6f:ea:69:84:ef:3f:47:58:3b:6f:3b:d2:9e:c8:eb:
                    70:92:db:2c:65:a3:c8:0f:83:d9:e1:e8:e4:85:55:
                    2d:d5:53:3b:d6:fc:16:26:ee:20:1f:e2:db:1a:5f:
                    20:27:5e:53:2f:3a:6d:a3:4e:0d:54:3f:2b:e4:2c:
                    d1:8f:10:7f:cb:3a:c9:c3:c0:07:96:df:23:39:86:
                    b5:b6:25:3c:82:c3:4a:17:86:d1:8a:b1:4e:cb:1b:
                    d0:7c:80:8a:20:57:fb:2c:64:60:7b:e0:fc:98:8c:
                    96:20:f1:cc:c3:b9:b9:34:33:62:e7:32:4e:6f:1d:
                    35:43:f6:8e:a8:92:21:10:c0:63:d1:e9:9d:e3:1e:
                    3e:05:41:54:6c:5a:f1:5e:2a:ad:27:49:a5:89:c6:
                    e4:23:27:d2:ce:8f:3f:79:e2:cb:b0:c4:9c:08:6b:
                    7b:52:06:a8:ea:ad:2c:11:06:8b:de:9d:15:db:6f:
                    b0:7a:07:71:a5:cc:77:23:50:8c:55:1b:e0:ff:e8:
                    73:9d:d5:91:3a:d0:23:ce:e3:d9:b6:cf:78:9b:37:
                    df:25:4b:cd:41:91:49:df:49:63:61:0c:b4:47:8c:
                    c6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:FC:39:C7:02:59:F3:F1:5B:8A:36:35:51:6C:8E:88:26:CC:C0:0C
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/8Pw5xwJZ8_FbijY1UWyOiCbMwAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.233.0/24
                  80.71.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:23:73:4a:8b:ae:f1:07:8a:e7:d9:a6:0c:15:95:fc:0e:fc:
         81:6f:e5:9f:93:49:05:64:08:50:b0:45:62:1a:3d:b8:da:1b:
         75:05:2c:3c:19:1d:96:03:61:05:2f:e2:b4:8d:b5:90:90:4f:
         a0:22:44:70:f0:c4:29:5d:87:df:c2:c2:26:6c:c5:42:7b:bf:
         3d:38:d0:72:98:ce:32:f0:dc:6d:ef:0d:c1:d9:0f:a4:43:5b:
         49:2b:eb:01:4f:c8:6e:7c:41:40:7c:73:79:db:cc:22:96:bf:
         e7:ee:c2:2e:4e:46:bf:99:c5:8b:21:ed:a0:0e:a0:80:68:81:
         fa:c1:0c:c1:fb:11:24:97:73:d8:78:12:74:0c:aa:36:3a:aa:
         90:1f:b2:16:4f:50:b8:93:90:07:e8:f6:21:0f:4b:b4:ac:db:
         44:90:79:77:93:09:ee:d9:46:76:eb:b8:22:14:bd:8d:f4:0d:
         eb:88:b3:41:dc:33:ff:b2:e9:ef:42:a1:0b:9a:c3:20:08:67:
         0a:75:7e:af:aa:1b:ea:a4:53:e5:80:9c:fa:6c:f5:e8:b0:6c:
         f7:6a:a6:a1:9e:07:e4:5e:ca:4e:96:b7:07:ae:80:9b:2c:fd:
         5e:0a:dd:30:b6:a6:5b:bc:44:7d:ef:19:22:a8:d9:3d:75:b1:
         ca:13:b6:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ09ZJ9tLDvY8k7zPX1M7YCpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjYwMzMwMDYxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGZjMzljNzAyNTlmM2YxNWI4YTM2MzU1MTZjOGU4ODI2Y2NjMDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwan7x5+YNDQ3VaFZryQhjZBIR5i5
Pqxg6DGFLQpv6mmE7z9HWDtvO9KeyOtwktssZaPID4PZ4ejkhVUt1VM71vwWJu4g
H+LbGl8gJ15TLzpto04NVD8r5CzRjxB/yzrJw8AHlt8jOYa1tiU8gsNKF4bRirFO
yxvQfICKIFf7LGRge+D8mIyWIPHMw7m5NDNi5zJObx01Q/aOqJIhEMBj0emd4x4+
BUFUbFrxXiqtJ0mlicbkIyfSzo8/eeLLsMScCGt7Ugao6q0sEQaL3p0V22+wegdx
pcx3I1CMVRvg/+hzndWROtAjzuPZts94mzffJUvNQZFJ30ljYQy0R4zGBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPD8OccCWfPxW4o2NVFsjogmzMAMMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvOFB3NXh3Slo4X0ZiaWpZMVVXeU9pQ2JNd0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEfpAwQA
UEfuMA0GCSqGSIb3DQEBCwUAA4IBAQCHI3NKi67xB4rn2aYMFZX8DvyBb+Wfk0kF
ZAhQsEViGj242ht1BSw8GR2WA2EFL+K0jbWQkE+gIkRw8MQpXYffwsImbMVCe789
ONBymM4y8Nxt7w3B2Q+kQ1tJK+sBT8hufEFAfHN528wilr/n7sIuTka/mcWLIe2g
DqCAaIH6wQzB+xEkl3PYeBJ0DKo2OqqQH7IWT1C4k5AH6PYhD0u0rNtEkHl3kwnu
2UZ267giFL2N9A3riLNB3DP/sunvQqELmsMgCGcKdX6vqhvqpFPlgJz6bPXosGz3
aqahngfkXspOlrcHroCbLP1eCt0wtqZbvER97xkiqNk9dbHKE7Zm
-----END CERTIFICATE-----