Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/1ebcb2-4ef0-42ff-81b5-9b17def9c233/1/sfmIc9gq5iDCMduVv_7--cWSu5U.roa
File:                     sfmIc9gq5iDCMduVv_7--cWSu5U.roa (raw, json)
Hash identifier:          o6P8lrqhFhaoqVSr9JiiRBUP/HqFrxkLK5sB6PXFGw8=
Subject key identifier:   B1:F9:88:73:D8:2A:E6:20:C2:31:DB:95:BF:FE:FE:F9:C5:92:BB:95
Certificate issuer:       /CN=c741c44a9cd58e1256906637d935c3190f7feb1a
Certificate serial:       019B7F80ED6E800C27811136A3751EFAD3E2
Authority key identifier: C7:41:C4:4A:9C:D5:8E:12:56:90:66:37:D9:35:C3:19:0F:7F:EB:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0HESpzVjhJWkGY32TXDGQ9_6xo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/1ebcb2-4ef0-42ff-81b5-9b17def9c233/1/sfmIc9gq5iDCMduVv_7--cWSu5U.roa
Signing time:             Fri 02 Jan 2026 16:18:34 +0000
ROA not before:           Fri 02 Jan 2026 16:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212649
IP address blocks:        194.152.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/1ebcb2-4ef0-42ff-81b5-9b17def9c233/1/x0HESpzVjhJWkGY32TXDGQ9_6xo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/1ebcb2-4ef0-42ff-81b5-9b17def9c233/1/x0HESpzVjhJWkGY32TXDGQ9_6xo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0HESpzVjhJWkGY32TXDGQ9_6xo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:ed:6e:80:0c:27:81:11:36:a3:75:1e:fa:d3:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c741c44a9cd58e1256906637d935c3190f7feb1a
        Validity
            Not Before: Jan  2 16:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1f98873d82ae620c231db95bffefef9c592bb95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:61:f5:78:ea:32:26:92:01:91:27:ba:4b:89:
                    d8:ee:4a:09:11:2a:80:56:67:32:26:a0:05:51:99:
                    71:8d:38:82:7b:98:5f:08:4f:40:d8:56:77:7d:1f:
                    93:78:5f:4d:75:13:55:36:94:cf:83:d0:25:62:62:
                    1d:a0:84:41:5b:e4:45:aa:84:9f:86:60:83:4c:9f:
                    3f:cb:4e:c2:a4:e1:c5:e7:46:bb:66:42:f5:ea:4f:
                    98:ec:e7:30:ba:a0:55:f4:af:8c:ac:8e:37:bc:9d:
                    db:c0:4f:29:2f:03:8b:8c:c5:69:01:3f:00:95:73:
                    ed:51:c4:f5:18:7a:87:35:c8:26:6a:fa:43:ef:50:
                    41:fb:12:e5:4f:86:fd:d0:5e:d2:f0:54:45:0f:4c:
                    4a:8f:83:16:5e:1b:56:1a:3c:9c:00:59:f9:25:fc:
                    61:5d:39:81:2c:d5:88:4d:8d:32:82:c0:a7:eb:c4:
                    4c:55:72:8a:6f:0c:48:e0:7e:13:9b:bf:5d:e5:16:
                    91:72:5b:72:92:73:a7:d9:7e:f3:12:10:1e:f6:a1:
                    30:58:62:be:62:ae:0f:41:84:2b:29:fd:c5:28:50:
                    03:2e:04:cd:be:99:ec:8c:b5:ca:20:b1:b0:76:d3:
                    46:e9:76:bd:55:be:f7:d5:50:e6:f0:61:05:0c:4a:
                    11:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F9:88:73:D8:2A:E6:20:C2:31:DB:95:BF:FE:FE:F9:C5:92:BB:95
            X509v3 Authority Key Identifier:
                keyid:C7:41:C4:4A:9C:D5:8E:12:56:90:66:37:D9:35:C3:19:0F:7F:EB:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0HESpzVjhJWkGY32TXDGQ9_6xo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/1ebcb2-4ef0-42ff-81b5-9b17def9c233/1/sfmIc9gq5iDCMduVv_7--cWSu5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/1ebcb2-4ef0-42ff-81b5-9b17def9c233/1/x0HESpzVjhJWkGY32TXDGQ9_6xo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.152.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:22:a0:9c:a0:9d:55:a1:99:d3:ac:44:13:f3:bd:88:90:dd:
         c2:a6:dd:41:4b:b6:37:67:41:e3:ed:77:ac:02:6a:29:1e:af:
         85:69:54:a9:c3:63:9d:e8:e9:84:4a:5d:08:f9:76:8e:6a:d8:
         a0:10:88:74:2f:dd:5b:c0:56:5b:c5:a0:9f:dd:3a:f1:56:46:
         57:a5:44:48:0d:25:fb:08:c1:73:9a:c0:98:70:9a:30:e6:ba:
         be:5f:3a:dd:2a:85:ae:46:26:94:85:fd:f1:9e:99:ae:6e:27:
         3d:73:e2:9a:95:7f:88:05:f1:7e:94:69:4c:ed:e1:7f:25:15:
         ee:bd:c9:f1:ba:18:bd:54:c9:58:65:d7:72:ad:e4:3e:29:25:
         31:67:1d:4b:97:39:a1:7e:14:f8:c6:40:3b:a6:c0:76:2a:77:
         72:98:34:af:6b:fc:7c:09:79:df:ee:80:bf:ae:60:eb:98:44:
         97:e4:77:a3:6d:7f:ed:e6:31:e0:99:e6:70:31:d2:b6:8f:a6:
         da:a2:94:40:83:c4:59:b5:2d:b8:aa:b3:68:86:19:1c:ac:08:
         4e:23:8d:6b:eb:58:60:92:b4:5c:4a:36:a4:18:c7:53:6e:1a:
         64:98:49:df:32:85:56:9a:75:98:12:b8:a1:35:ac:57:11:1e:
         a8:a4:f4:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gO1ugAwngRE2o3Ue+tPiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NDFjNDRhOWNkNThlMTI1NjkwNjYzN2Q5MzVjMzE5MGY3
ZmViMWEwHhcNMjYwMTAyMTYxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY5ODg3M2Q4MmFlNjIwYzIzMWRiOTViZmZlZmVmOWM1OTJiYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWH1eOoyJpIBkSe6S4nY7koJESqA
VmcyJqAFUZlxjTiCe5hfCE9A2FZ3fR+TeF9NdRNVNpTPg9AlYmIdoIRBW+RFqoSf
hmCDTJ8/y07CpOHF50a7ZkL16k+Y7OcwuqBV9K+MrI43vJ3bwE8pLwOLjMVpAT8A
lXPtUcT1GHqHNcgmavpD71BB+xLlT4b90F7S8FRFD0xKj4MWXhtWGjycAFn5Jfxh
XTmBLNWITY0ygsCn68RMVXKKbwxI4H4Tm79d5RaRcltyknOn2X7zEhAe9qEwWGK+
Yq4PQYQrKf3FKFADLgTNvpnsjLXKILGwdtNG6Xa9Vb731VDm8GEFDEoRHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLH5iHPYKuYgwjHblb/+/vnFkruVMB8GA1UdIwQY
MBaAFMdBxEqc1Y4SVpBmN9k1wxkPf+saMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDBIRVNwelZqaEpXa0dZMzJUWERHUTlfNnhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8xZWJjYjItNGVmMC00MmZmLTgxYjUt
OWIxN2RlZjljMjMzLzEvc2ZtSWM5Z3E1aURDTWR1VnZfNy0tY1dTdTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8xZWJjYjItNGVmMC00MmZmLTgxYjUtOWIxN2RlZjljMjMz
LzEveDBIRVNwelZqaEpXa0dZMzJUWERHUTlfNnhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpgtMA0G
CSqGSIb3DQEBCwUAA4IBAQCsIqCcoJ1VoZnTrEQT872IkN3Cpt1BS7Y3Z0Hj7Xes
AmopHq+FaVSpw2Od6OmESl0I+XaOatigEIh0L91bwFZbxaCf3TrxVkZXpURIDSX7
CMFzmsCYcJow5rq+XzrdKoWuRiaUhf3xnpmubic9c+KalX+IBfF+lGlM7eF/JRXu
vcnxuhi9VMlYZddyreQ+KSUxZx1LlzmhfhT4xkA7psB2KndymDSva/x8CXnf7oC/
rmDrmESX5HejbX/t5jHgmeZwMdK2j6baopRAg8RZtS24qrNohhkcrAhOI41r61hg
krRcSjakGMdTbhpkmEnfMoVWmnWYErihNaxXER6opPTH
-----END CERTIFICATE-----