Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/12c3e8-9c01-455b-b181-f4d7fdebf04d/1/I8rso1XHHs_G2n3Bf0ez8yM6EOo.roa
File:                     I8rso1XHHs_G2n3Bf0ez8yM6EOo.roa (raw, json)
Hash identifier:          hlyEsK6AFvAxueY2ITDcDncXLHyD3I173M2xknmBdkA=
Subject key identifier:   23:CA:EC:A3:55:C7:1E:CF:C6:DA:7D:C1:7F:47:B3:F3:23:3A:10:EA
Certificate issuer:       /CN=a4eb8eb7b4b62ed1254f00564e03c4067abfbfc9
Certificate serial:       019B7BA3B82899BEAFF1381390EC0A5B26B1
Authority key identifier: A4:EB:8E:B7:B4:B6:2E:D1:25:4F:00:56:4E:03:C4:06:7A:BF:BF:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pOuOt7S2LtElTwBWTgPEBnq_v8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/12c3e8-9c01-455b-b181-f4d7fdebf04d/1/I8rso1XHHs_G2n3Bf0ez8yM6EOo.roa
Signing time:             Thu 01 Jan 2026 22:18:05 +0000
ROA not before:           Thu 01 Jan 2026 22:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31671
IP address blocks:        194.150.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/12c3e8-9c01-455b-b181-f4d7fdebf04d/1/pOuOt7S2LtElTwBWTgPEBnq_v8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/12c3e8-9c01-455b-b181-f4d7fdebf04d/1/pOuOt7S2LtElTwBWTgPEBnq_v8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pOuOt7S2LtElTwBWTgPEBnq_v8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:b8:28:99:be:af:f1:38:13:90:ec:0a:5b:26:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4eb8eb7b4b62ed1254f00564e03c4067abfbfc9
        Validity
            Not Before: Jan  1 22:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23caeca355c71ecfc6da7dc17f47b3f3233a10ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:36:2d:ce:d1:f8:8e:1e:e4:56:e3:62:2c:3f:
                    a0:2a:1f:23:f9:18:cb:28:5a:2a:37:1d:5b:2b:b8:
                    83:d1:0a:b9:9a:ed:cc:54:81:36:0b:a3:2d:05:1d:
                    6a:f6:e6:79:8a:bc:01:f8:46:e5:92:ca:6d:09:ad:
                    55:ab:fc:d5:81:67:eb:c6:2e:fe:b4:fa:03:ac:4d:
                    74:04:48:d5:f6:70:3e:9e:46:d2:d8:46:eb:4b:84:
                    a5:7d:d3:63:f5:f2:46:33:31:7d:95:ef:85:a4:c1:
                    8d:54:c5:26:56:5f:4d:cc:91:a7:38:58:fc:09:dd:
                    ba:7b:e7:1a:1d:b9:02:f3:32:3a:89:ee:27:cf:19:
                    03:ab:39:07:ac:2b:3c:1b:c6:44:b1:1c:a6:33:01:
                    ec:16:92:9d:8d:8b:93:f2:b6:70:2d:85:d4:3b:3a:
                    f0:b2:ae:3f:29:2d:56:bf:64:7e:79:b8:93:63:b9:
                    3b:10:c3:a8:35:f4:27:e5:43:f7:4a:42:c9:0a:21:
                    60:1a:e3:bd:87:f5:c4:e7:f2:f9:71:69:2e:d0:82:
                    86:4b:27:1e:24:35:a3:a8:46:01:bc:a1:64:4a:b9:
                    0d:6b:31:fb:3e:0c:e2:5c:1d:3c:62:85:9e:23:e3:
                    f0:c2:fd:24:5d:52:26:1a:4d:1f:87:63:63:a2:4c:
                    7f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:CA:EC:A3:55:C7:1E:CF:C6:DA:7D:C1:7F:47:B3:F3:23:3A:10:EA
            X509v3 Authority Key Identifier:
                keyid:A4:EB:8E:B7:B4:B6:2E:D1:25:4F:00:56:4E:03:C4:06:7A:BF:BF:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pOuOt7S2LtElTwBWTgPEBnq_v8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/12c3e8-9c01-455b-b181-f4d7fdebf04d/1/I8rso1XHHs_G2n3Bf0ez8yM6EOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/12c3e8-9c01-455b-b181-f4d7fdebf04d/1/pOuOt7S2LtElTwBWTgPEBnq_v8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:12:9c:7d:ce:66:3e:1b:a4:41:6a:44:53:2c:ee:0a:09:d4:
         6c:f9:e3:bb:ff:b3:d1:ea:4f:3d:e4:44:0a:34:82:37:93:5d:
         93:3b:69:82:c8:a2:f4:6a:dd:08:4b:45:06:68:a7:6b:b7:4a:
         bf:65:5b:93:90:55:c7:32:a5:09:82:00:ad:03:ee:42:a6:bd:
         08:46:34:4b:07:53:23:52:a5:af:3f:42:ae:96:ba:ff:eb:e1:
         e9:3d:b0:00:c0:b6:c8:f1:9d:ea:3c:98:b9:8a:a1:08:4f:d0:
         4a:5a:11:c7:28:f1:43:5c:7f:4a:73:da:03:5e:61:2b:4c:f0:
         bf:8e:d5:bd:7c:4f:7b:da:96:fc:a3:65:de:2e:ee:1a:6b:9d:
         48:51:fd:49:66:d1:3f:f0:c4:20:87:69:d7:0e:af:64:7e:d0:
         08:5d:fc:05:84:f3:c2:bf:02:26:21:fa:71:a0:e0:ac:03:87:
         c4:3d:e7:16:30:30:66:8b:46:d6:7b:e2:84:41:98:97:0a:ed:
         c7:b7:dc:0a:0b:44:ac:5d:b6:ed:6f:1f:86:0b:f5:32:17:bb:
         9c:fe:4e:02:77:17:bc:aa:1e:e5:f5:3e:43:50:58:9c:f0:c7:
         a8:4a:1d:0c:62:96:78:f4:dd:23:67:4e:aa:4c:dc:46:83:0f:
         3e:34:ea:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o7gomb6v8TgTkOwKWyaxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZWI4ZWI3YjRiNjJlZDEyNTRmMDA1NjRlMDNjNDA2N2Fi
ZmJmYzkwHhcNMjYwMTAxMjIxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2NhZWNhMzU1YzcxZWNmYzZkYTdkYzE3ZjQ3YjNmMzIzM2ExMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjYtztH4jh7kVuNiLD+gKh8j+RjL
KFoqNx1bK7iD0Qq5mu3MVIE2C6MtBR1q9uZ5irwB+EblksptCa1Vq/zVgWfrxi7+
tPoDrE10BEjV9nA+nkbS2EbrS4SlfdNj9fJGMzF9le+FpMGNVMUmVl9NzJGnOFj8
Cd26e+caHbkC8zI6ie4nzxkDqzkHrCs8G8ZEsRymMwHsFpKdjYuT8rZwLYXUOzrw
sq4/KS1Wv2R+ebiTY7k7EMOoNfQn5UP3SkLJCiFgGuO9h/XE5/L5cWku0IKGSyce
JDWjqEYBvKFkSrkNazH7PgziXB08YoWeI+Pwwv0kXVImGk0fh2Njokx/6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPK7KNVxx7Pxtp9wX9Hs/MjOhDqMB8GA1UdIwQY
MBaAFKTrjre0ti7RJU8AVk4DxAZ6v7/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE91T3Q3UzJMdEVsVHdCV1RnUEVCbnFfdjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8xMmMzZTgtOWMwMS00NTViLWIxODEt
ZjRkN2ZkZWJmMDRkLzEvSThyc28xWEhIc19HMm4zQmYwZXo4eU02RU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8xMmMzZTgtOWMwMS00NTViLWIxODEtZjRkN2ZkZWJmMDRk
LzEvcE91T3Q3UzJMdEVsVHdCV1RnUEVCbnFfdjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpbwMA0G
CSqGSIb3DQEBCwUAA4IBAQBnEpx9zmY+G6RBakRTLO4KCdRs+eO7/7PR6k895EQK
NII3k12TO2mCyKL0at0IS0UGaKdrt0q/ZVuTkFXHMqUJggCtA+5Cpr0IRjRLB1Mj
UqWvP0Kulrr/6+HpPbAAwLbI8Z3qPJi5iqEIT9BKWhHHKPFDXH9Kc9oDXmErTPC/
jtW9fE972pb8o2XeLu4aa51IUf1JZtE/8MQgh2nXDq9kftAIXfwFhPPCvwImIfpx
oOCsA4fEPecWMDBmi0bWe+KEQZiXCu3Ht9wKC0SsXbbtbx+GC/UyF7uc/k4Cdxe8
qh7l9T5DUFic8MeoSh0MYpZ49N0jZ06qTNxGgw8+NOrD
-----END CERTIFICATE-----