Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/FH_80jMPKL9spaQFMKL0FymFhtc.roa
File:                     FH_80jMPKL9spaQFMKL0FymFhtc.roa (raw, json)
Hash identifier:          oUYz8P6/ozfIRV+WS+r8nJ+ZAnznPQME4aSk8skvvTg=
Subject key identifier:   14:7F:FC:D2:33:0F:28:BF:6C:A5:A4:05:30:A2:F4:17:29:85:86:D7
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019D5D127C8D2E7CF4F5C8D4FF1EA022EEDC
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/FH_80jMPKL9spaQFMKL0FymFhtc.roa
Signing time:             Sun 05 Apr 2026 09:56:25 +0000
ROA not before:           Sun 05 Apr 2026 09:56:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209378
IP address blocks:        91.108.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5d:12:7c:8d:2e:7c:f4:f5:c8:d4:ff:1e:a0:22:ee:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Apr  5 09:56:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=147ffcd2330f28bf6ca5a40530a2f417298586d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:31:53:39:a9:7e:80:94:2e:9b:8e:67:90:f6:
                    3e:bd:ae:21:1f:e3:f3:c0:22:93:1f:3a:8a:02:87:
                    03:fd:27:9f:12:81:c7:89:f8:e0:03:c9:c8:26:23:
                    5d:39:50:9f:b1:f0:3a:4e:14:20:cd:8c:e3:b3:9d:
                    de:8c:fb:45:3f:17:80:57:2e:59:2c:b8:ab:6f:09:
                    51:d5:c5:14:cf:7a:10:8c:53:52:3f:80:3a:08:4d:
                    17:ce:ef:99:ce:8a:ab:e5:1a:6a:b7:7e:21:d2:4b:
                    01:04:10:67:90:41:47:1f:7c:1e:2a:80:ab:38:72:
                    3a:09:d6:61:6b:4c:16:95:6f:88:f1:33:57:ae:ca:
                    0b:35:6e:96:30:ed:06:fe:c7:0e:f4:48:6a:18:f4:
                    48:fb:c0:a3:cc:2c:e9:02:1c:0d:78:10:75:6d:40:
                    5f:f3:97:c1:66:9e:a3:af:0b:66:c6:53:8e:17:db:
                    3e:59:c2:95:3a:cf:aa:b9:b1:f9:07:80:41:f3:1f:
                    c7:52:c3:29:a8:23:a1:15:da:9d:8e:f5:aa:d9:83:
                    9b:7b:51:3d:8d:2e:9a:08:e4:6e:26:35:04:b1:bf:
                    3a:f7:be:1b:bd:bb:79:d2:69:1d:7d:3a:c6:4d:9c:
                    d2:16:98:3d:e1:df:1d:3e:8a:e1:f6:ba:23:f1:46:
                    f3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7F:FC:D2:33:0F:28:BF:6C:A5:A4:05:30:A2:F4:17:29:85:86:D7
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/FH_80jMPKL9spaQFMKL0FymFhtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:51:06:70:52:e9:b8:8a:17:6a:2b:42:3f:bb:13:b0:55:c4:
         da:a0:4c:76:85:44:e2:c1:10:12:72:63:56:cd:46:96:e4:c4:
         0f:49:3d:f8:33:46:ae:7a:38:e9:2b:d4:0b:75:d2:a0:93:f6:
         55:45:fb:6e:dc:af:9d:dc:45:e7:82:74:ff:3f:42:dc:cf:19:
         01:b3:63:72:a3:99:3d:3a:b4:2f:f6:d0:5a:1f:05:f1:ec:e0:
         55:43:63:f0:8e:a9:76:f2:2c:00:e5:ee:a4:c0:8c:bb:15:52:
         85:d0:87:83:f6:8c:2a:29:f0:5c:49:ee:d9:8c:d0:21:3b:9c:
         bc:24:2b:f8:4d:0d:69:de:f5:45:8b:cd:85:3f:05:18:34:da:
         92:f4:68:01:c9:1e:f7:19:7d:28:a5:64:e4:01:3e:53:0c:9c:
         d9:c1:c2:9d:b1:ab:2f:23:78:d4:7f:07:93:c9:4f:f3:9e:55:
         60:60:37:fe:27:59:80:b1:7c:1c:d2:15:99:79:58:18:5a:ce:
         23:ae:c9:f4:be:ea:8e:ca:a9:c7:b3:8f:00:a1:cf:72:9b:40:
         c6:3c:2a:6a:65:1d:47:bb:52:e6:7b:ff:88:57:53:c1:14:85:
         89:32:a0:19:81:5f:bc:5e:1a:37:fd:bb:cc:19:42:20:a4:96:
         62:c4:75:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1dEnyNLnz09cjU/x6gIu7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjYwNDA1MDk1NjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDdmZmNkMjMzMGYyOGJmNmNhNWE0MDUzMGEyZjQxNzI5ODU4NmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DFTOal+gJQum45nkPY+va4hH+Pz
wCKTHzqKAocD/SefEoHHifjgA8nIJiNdOVCfsfA6ThQgzYzjs53ejPtFPxeAVy5Z
LLirbwlR1cUUz3oQjFNSP4A6CE0Xzu+Zzoqr5Rpqt34h0ksBBBBnkEFHH3weKoCr
OHI6CdZha0wWlW+I8TNXrsoLNW6WMO0G/scO9EhqGPRI+8CjzCzpAhwNeBB1bUBf
85fBZp6jrwtmxlOOF9s+WcKVOs+qubH5B4BB8x/HUsMpqCOhFdqdjvWq2YObe1E9
jS6aCORuJjUEsb86974bvbt50mkdfTrGTZzSFpg94d8dPorh9roj8UbzhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR//NIzDyi/bKWkBTCi9BcphYbXMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvRkhfODBqTVBLTDlzcGFRRk1LTDBGeW1GaHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2zvMA0G
CSqGSIb3DQEBCwUAA4IBAQCkUQZwUum4ihdqK0I/uxOwVcTaoEx2hUTiwRAScmNW
zUaW5MQPST34M0auejjpK9QLddKgk/ZVRftu3K+d3EXngnT/P0LczxkBs2Nyo5k9
OrQv9tBaHwXx7OBVQ2Pwjql28iwA5e6kwIy7FVKF0IeD9owqKfBcSe7ZjNAhO5y8
JCv4TQ1p3vVFi82FPwUYNNqS9GgByR73GX0opWTkAT5TDJzZwcKdsasvI3jUfweT
yU/znlVgYDf+J1mAsXwc0hWZeVgYWs4jrsn0vuqOyqnHs48Aoc9ym0DGPCpqZR1H
u1Lme/+IV1PBFIWJMqAZgV+8Xho3/bvMGUIgpJZixHU+
-----END CERTIFICATE-----