Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/8lO_H4hOHoON1dWUWaop2xG_b_I.roa
File:                     8lO_H4hOHoON1dWUWaop2xG_b_I.roa (raw, json)
Hash identifier:          90AyhJi0wELEqJw6BDuoQqDPuxv8jeJRieXX/c/ZuCo=
Subject key identifier:   F2:53:BF:1F:88:4E:1E:83:8D:D5:D5:94:59:AA:29:DB:11:BF:6F:F2
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019D8B96AB58479CFDCCC134630F08A6E6EB
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/8lO_H4hOHoON1dWUWaop2xG_b_I.roa
Signing time:             Tue 14 Apr 2026 10:43:20 +0000
ROA not before:           Tue 14 Apr 2026 10:43:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29226
IP address blocks:        2a13:93c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8b:96:ab:58:47:9c:fd:cc:c1:34:63:0f:08:a6:e6:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Apr 14 10:43:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f253bf1f884e1e838dd5d59459aa29db11bf6ff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4b:b2:93:c1:ae:09:cd:11:9c:36:7f:ea:e9:
                    d2:e0:49:06:29:4d:ae:2a:6f:78:23:d9:ea:6b:ee:
                    0d:73:10:6e:37:80:2c:14:39:c5:e4:77:66:26:fe:
                    ad:e8:f7:da:11:fc:94:27:c5:30:39:89:a6:e2:5d:
                    28:86:c2:67:0b:47:10:a5:12:db:17:d3:54:8e:89:
                    29:63:a9:d8:ce:dd:9c:8d:0d:6d:3e:e9:b6:3f:00:
                    2d:3e:9d:92:ce:0d:b8:d1:2d:1c:0c:42:8a:2f:56:
                    34:a3:2b:c4:c2:82:ca:08:36:6d:90:17:e2:fc:d8:
                    5b:81:4f:35:9e:8e:8c:19:66:5e:dd:53:f2:7b:16:
                    54:95:05:7a:f5:f8:a6:30:8a:51:d1:a6:43:f4:28:
                    fa:7d:be:ec:13:cb:82:49:b4:c7:5c:dc:6f:4f:32:
                    38:eb:41:95:68:ae:ba:d8:a6:86:a2:ae:25:4c:5e:
                    72:fb:10:e8:25:eb:10:f2:f4:13:bd:da:1d:de:70:
                    06:9b:c4:0c:f3:d8:05:67:cc:8b:26:c9:16:8d:3d:
                    8a:fd:0c:33:56:d1:07:55:8c:57:e6:6d:0b:eb:0d:
                    c7:0e:5e:32:3e:01:12:de:2b:60:35:ae:f1:e2:ce:
                    92:a9:5a:9d:73:25:ef:c4:f2:04:42:bc:d4:e2:de:
                    5c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:53:BF:1F:88:4E:1E:83:8D:D5:D5:94:59:AA:29:DB:11:BF:6F:F2
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/8lO_H4hOHoON1dWUWaop2xG_b_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:93c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:08:e1:b3:15:7a:6b:01:c3:90:9d:52:2f:5c:35:01:18:81:
         82:73:90:07:96:38:ef:ef:d2:47:59:ea:8c:22:0e:ce:08:09:
         9a:2d:c9:fa:82:07:af:bb:e3:a8:0b:8d:5b:e7:a5:29:37:b8:
         5e:aa:08:f8:b1:0e:ca:f5:c8:b0:64:14:7d:41:85:63:c7:09:
         32:d5:ab:79:79:2e:b1:e8:79:b6:c0:83:cf:4e:21:f6:63:90:
         69:25:81:92:ce:91:01:da:58:e9:87:58:e4:46:88:ea:99:1d:
         98:52:55:a1:a6:a9:a8:df:05:6d:99:29:37:a7:1d:0b:19:1f:
         e2:b2:49:af:ff:63:d3:af:90:77:83:c9:ee:9f:09:53:50:42:
         88:cb:50:50:b8:76:45:4a:f3:47:cc:6f:dc:d5:5e:a9:1c:17:
         b4:04:a5:20:e7:35:19:7e:0e:c7:f1:3e:1c:3e:f7:ea:bb:a5:
         ad:88:e5:67:17:e3:4d:4a:89:59:a7:70:1e:3e:1b:aa:11:ae:
         83:48:b8:a7:5c:ed:ad:e3:e4:cf:15:af:38:fe:48:63:d2:ae:
         a6:ac:a5:3c:8d:b7:b5:99:63:dd:21:7e:3c:5b:24:bc:fe:1e:
         73:5e:c1:cb:e1:f6:ee:6f:20:b9:f6:7d:30:6c:3e:2d:e1:54:
         1e:b9:6e:c1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2LlqtYR5z9zME0Yw8IpubrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjYwNDE0MTA0MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjUzYmYxZjg4NGUxZTgzOGRkNWQ1OTQ1OWFhMjlkYjExYmY2ZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikuyk8GuCc0RnDZ/6unS4EkGKU2u
Km94I9nqa+4NcxBuN4AsFDnF5HdmJv6t6PfaEfyUJ8UwOYmm4l0ohsJnC0cQpRLb
F9NUjokpY6nYzt2cjQ1tPum2PwAtPp2Szg240S0cDEKKL1Y0oyvEwoLKCDZtkBfi
/NhbgU81no6MGWZe3VPyexZUlQV69fimMIpR0aZD9Cj6fb7sE8uCSbTHXNxvTzI4
60GVaK662KaGoq4lTF5y+xDoJesQ8vQTvdod3nAGm8QM89gFZ8yLJskWjT2K/Qwz
VtEHVYxX5m0L6w3HDl4yPgES3itgNa7x4s6SqVqdcyXvxPIEQrzU4t5cZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPJTvx+ITh6DjdXVlFmqKdsRv2/yMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvOGxPX0g0aE9Ib09OMWRXVVdhb3AyeEdfYl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOTxTAN
BgkqhkiG9w0BAQsFAAOCAQEAdwjhsxV6awHDkJ1SL1w1ARiBgnOQB5Y47+/SR1nq
jCIOzggJmi3J+oIHr7vjqAuNW+elKTe4XqoI+LEOyvXIsGQUfUGFY8cJMtWreXku
seh5tsCDz04h9mOQaSWBks6RAdpY6YdY5EaI6pkdmFJVoaapqN8FbZkpN6cdCxkf
4rJJr/9j06+Qd4PJ7p8JU1BCiMtQULh2RUrzR8xv3NVeqRwXtASlIOc1GX4Ox/E+
HD736rulrYjlZxfjTUqJWadwHj4bqhGug0i4p1ztrePkzxWvOP5IY9KupqylPI23
tZlj3SF+PFskvP4ec17By+H27m8gufZ9MGw+LeFUHrluwQ==
-----END CERTIFICATE-----