Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/AjOeFVcLciinUkSYuM-ivopf7bY.roa
File:                     AjOeFVcLciinUkSYuM-ivopf7bY.roa (raw, json)
Hash identifier:          dujHfSK3JJ1Up1sejLmok+P4uElPn9XkqC3TePll1TY=
Subject key identifier:   02:33:9E:15:57:0B:72:28:A7:52:44:98:B8:CF:A2:BE:8A:5F:ED:B6
Certificate issuer:       /CN=3c8a0498ec3b4eb44f4df2541ae39180abb65f44
Certificate serial:       019C37D1F777E582C1154E4715ACF2A996AE
Authority key identifier: 3C:8A:04:98:EC:3B:4E:B4:4F:4D:F2:54:1A:E3:91:80:AB:B6:5F:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PIoEmOw7TrRPTfJUGuORgKu2X0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/AjOeFVcLciinUkSYuM-ivopf7bY.roa
Signing time:             Sat 07 Feb 2026 11:17:13 +0000
ROA not before:           Sat 07 Feb 2026 11:17:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213644
IP address blocks:        92.42.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/PIoEmOw7TrRPTfJUGuORgKu2X0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/PIoEmOw7TrRPTfJUGuORgKu2X0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PIoEmOw7TrRPTfJUGuORgKu2X0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:37:d1:f7:77:e5:82:c1:15:4e:47:15:ac:f2:a9:96:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c8a0498ec3b4eb44f4df2541ae39180abb65f44
        Validity
            Not Before: Feb  7 11:17:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02339e15570b7228a7524498b8cfa2be8a5fedb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:21:f8:ad:19:11:b1:ac:4b:b4:8c:e7:43:99:
                    77:94:2b:fd:05:22:b6:b6:5b:53:48:a0:dc:5f:93:
                    ca:f4:e9:dd:cd:b2:6c:d5:56:d5:c7:cb:0a:4f:48:
                    da:4e:81:ab:8b:60:97:bf:95:c9:06:1b:bb:90:2b:
                    20:a6:b0:49:d6:48:a8:99:ba:ed:5a:c6:0f:bd:8a:
                    0f:09:9b:fb:9c:b3:fa:97:e3:56:54:6d:c0:19:2c:
                    c9:b5:91:e3:dc:0c:63:95:01:5c:f9:66:a0:15:aa:
                    e3:bb:bc:90:71:ca:1a:2e:1c:f1:39:53:fd:a4:f2:
                    79:52:d7:7a:18:c8:4b:c6:53:90:36:7c:f1:12:73:
                    54:1c:03:21:e7:88:21:93:85:20:8f:27:a3:3b:8d:
                    75:fd:b6:7a:c2:e5:e6:63:72:66:57:58:32:f5:8c:
                    ca:b4:eb:06:82:b2:46:57:84:6e:b2:9f:17:04:8d:
                    c4:33:1e:12:3e:15:ab:57:2f:a6:33:58:f1:dc:03:
                    21:7f:2e:e5:69:ef:6a:1a:81:1b:0f:29:3f:58:df:
                    66:b4:0c:a5:91:f2:54:7c:be:f2:46:f9:65:bd:73:
                    1a:70:1a:f2:8e:64:3d:a1:2b:0c:ae:63:34:5d:e6:
                    8e:e9:8b:15:15:99:59:bb:ad:3c:4f:72:5f:46:77:
                    4b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:33:9E:15:57:0B:72:28:A7:52:44:98:B8:CF:A2:BE:8A:5F:ED:B6
            X509v3 Authority Key Identifier:
                keyid:3C:8A:04:98:EC:3B:4E:B4:4F:4D:F2:54:1A:E3:91:80:AB:B6:5F:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PIoEmOw7TrRPTfJUGuORgKu2X0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/AjOeFVcLciinUkSYuM-ivopf7bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/PIoEmOw7TrRPTfJUGuORgKu2X0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:20:49:2c:e4:28:61:45:98:a3:bb:cc:43:30:b0:9c:ab:c3:
         34:70:ee:5b:fc:4e:28:d2:4c:e8:a4:8c:3e:4a:8e:bd:1a:6d:
         1a:54:0c:2f:b8:88:37:77:42:9a:0d:10:93:07:19:6a:43:c6:
         2e:63:14:53:64:56:df:fd:37:55:fe:d7:82:8b:10:9d:27:2f:
         fe:25:76:40:53:72:84:aa:e6:3d:49:d4:ee:1f:0c:b6:e5:93:
         db:a2:4d:10:e4:76:b1:b9:26:30:8f:91:b9:9c:5c:65:e6:2c:
         a2:d5:57:74:12:2e:74:62:ef:e7:79:89:8e:c0:c2:e0:ad:78:
         31:d0:b0:19:74:68:1a:2c:23:ed:62:f7:a6:f1:c6:4e:d9:00:
         e6:d8:68:1a:09:65:ae:de:63:e8:05:7d:65:8e:7b:1f:7f:08:
         ab:81:2c:b3:82:70:a6:c6:4e:cd:f3:ad:f1:d4:b0:51:51:5c:
         19:3c:5a:2f:14:27:63:5b:ee:e1:1c:2d:5d:dc:c3:7f:37:3a:
         6d:2a:d4:51:d8:f7:8a:e5:d3:72:05:38:11:8a:01:19:d3:f2:
         e7:2c:78:85:a0:8b:72:9a:08:fa:c4:cf:06:c9:21:00:53:49:
         7d:85:83:43:d9:30:dd:18:fd:cd:2f:08:85:3c:97:49:3d:3c:
         16:26:7a:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZw30fd35YLBFU5HFazyqZauMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjOGEwNDk4ZWMzYjRlYjQ0ZjRkZjI1NDFhZTM5MTgwYWJi
NjVmNDQwHhcNMjYwMjA3MTExNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjMzOWUxNTU3MGI3MjI4YTc1MjQ0OThiOGNmYTJiZThhNWZlZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCH4rRkRsaxLtIznQ5l3lCv9BSK2
tltTSKDcX5PK9OndzbJs1VbVx8sKT0jaToGri2CXv5XJBhu7kCsgprBJ1kiombrt
WsYPvYoPCZv7nLP6l+NWVG3AGSzJtZHj3AxjlQFc+WagFarju7yQccoaLhzxOVP9
pPJ5Utd6GMhLxlOQNnzxEnNUHAMh54ghk4UgjyejO411/bZ6wuXmY3JmV1gy9YzK
tOsGgrJGV4Rusp8XBI3EMx4SPhWrVy+mM1jx3AMhfy7lae9qGoEbDyk/WN9mtAyl
kfJUfL7yRvllvXMacBryjmQ9oSsMrmM0XeaO6YsVFZlZu608T3JfRndLdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIznhVXC3Iop1JEmLjPor6KX+22MB8GA1UdIwQY
MBaAFDyKBJjsO060T03yVBrjkYCrtl9EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUElvRW1PdzdUclJQVGZKVUd1T1JnS3UyWDBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wMmY2M2UtNGVhMi00M2FjLWFiZDUt
MGRhYjIzMTI5MDJhLzEvQWpPZUZWY0xjaWluVWtTWXVNLWl2b3BmN2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wMmY2M2UtNGVhMi00M2FjLWFiZDUtMGRhYjIzMTI5MDJh
LzEvUElvRW1PdzdUclJQVGZKVUd1T1JnS3UyWDBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCrLMA0G
CSqGSIb3DQEBCwUAA4IBAQALIEks5ChhRZiju8xDMLCcq8M0cO5b/E4o0kzopIw+
So69Gm0aVAwvuIg3d0KaDRCTBxlqQ8YuYxRTZFbf/TdV/teCixCdJy/+JXZAU3KE
quY9SdTuHwy25ZPbok0Q5HaxuSYwj5G5nFxl5iyi1Vd0Ei50Yu/neYmOwMLgrXgx
0LAZdGgaLCPtYvem8cZO2QDm2GgaCWWu3mPoBX1ljnsffwirgSyzgnCmxk7N863x
1LBRUVwZPFovFCdjW+7hHC1d3MN/NzptKtRR2PeK5dNyBTgRigEZ0/LnLHiFoIty
mgj6xM8GySEAU0l9hYND2TDdGP3NLwiFPJdJPTwWJnrh
-----END CERTIFICATE-----