Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/1-Ea5LT1K8F6WUZhY_U_lKnZaXcY.roa
File:                     1-Ea5LT1K8F6WUZhY_U_lKnZaXcY.roa (raw, json)
Hash identifier:          x7c/Qt2ZfBYPaYf0LxG+u+LvENTrFJB+iJAEDKpvDxM=
Subject key identifier:   F8:46:B9:2D:3D:4A:F0:5E:96:51:98:58:FD:4F:E5:2A:76:5A:5D:C6
Certificate issuer:       /CN=a4f131e3e15058d93ffddb60ac7083bef89d2e86
Certificate serial:       019B797EDE938FA60530AE321E666104C685
Authority key identifier: A4:F1:31:E3:E1:50:58:D9:3F:FD:DB:60:AC:70:83:BE:F8:9D:2E:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPEx4-FQWNk__dtgrHCDvvidLoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/1-Ea5LT1K8F6WUZhY_U_lKnZaXcY.roa
Signing time:             Thu 01 Jan 2026 12:18:36 +0000
ROA not before:           Thu 01 Jan 2026 12:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12628
IP address blocks:        194.153.117.0/24 maxlen: 24
                          2001:67c:2738::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/pPEx4-FQWNk__dtgrHCDvvidLoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/pPEx4-FQWNk__dtgrHCDvvidLoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPEx4-FQWNk__dtgrHCDvvidLoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:de:93:8f:a6:05:30:ae:32:1e:66:61:04:c6:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f131e3e15058d93ffddb60ac7083bef89d2e86
        Validity
            Not Before: Jan  1 12:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f846b92d3d4af05e96519858fd4fe52a765a5dc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e6:02:44:ad:cc:9d:2c:21:c0:76:90:a4:f1:
                    7c:39:e9:59:a2:cc:73:f5:9c:bb:40:cf:6a:c1:f5:
                    f3:23:80:fb:8c:76:f5:2b:61:e4:ff:c4:d5:83:fc:
                    c9:2f:1d:fe:07:2f:8d:22:49:ea:0b:88:3e:bc:1c:
                    50:b1:4f:2a:fa:20:ed:bf:9e:2d:83:24:54:6b:9a:
                    3b:0e:ae:6d:da:6c:a9:ed:e4:be:d6:5d:6c:ce:d6:
                    65:f0:ce:98:3c:36:ac:be:bd:9b:16:98:74:90:42:
                    62:b2:2c:7a:fa:7e:05:69:98:12:78:9f:3b:49:f2:
                    52:2e:a1:e3:f1:9f:3a:34:b8:65:4c:b2:d4:1f:4a:
                    a9:7c:8f:eb:c6:b6:67:0b:b3:01:ef:19:1e:a3:46:
                    b4:0c:4a:17:81:85:97:09:4a:6c:5e:cc:69:6c:0c:
                    ef:3f:e2:7b:a7:fd:4b:7f:31:9f:10:21:6f:31:4c:
                    2a:53:6d:e2:6a:20:43:da:a4:93:cc:7a:bb:a4:f2:
                    5d:2e:db:ed:a9:d3:88:97:b3:d6:94:f5:12:a4:05:
                    01:c3:d2:e0:24:44:44:d2:56:76:a8:95:c9:4e:c4:
                    81:1f:64:cb:5c:f5:90:b0:77:3e:34:cf:a6:c9:a2:
                    0d:f2:22:47:01:7f:60:db:d0:93:19:38:9f:c6:05:
                    a7:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:46:B9:2D:3D:4A:F0:5E:96:51:98:58:FD:4F:E5:2A:76:5A:5D:C6
            X509v3 Authority Key Identifier:
                keyid:A4:F1:31:E3:E1:50:58:D9:3F:FD:DB:60:AC:70:83:BE:F8:9D:2E:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPEx4-FQWNk__dtgrHCDvvidLoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/1-Ea5LT1K8F6WUZhY_U_lKnZaXcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/pPEx4-FQWNk__dtgrHCDvvidLoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.117.0/24
                IPv6:
                  2001:67c:2738::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:c1:d6:96:1a:d3:a4:cf:94:4d:e1:d8:55:06:22:20:5a:e9:
         3e:d2:8b:1c:de:a4:d0:c7:5e:96:f0:1b:77:1a:77:22:bf:31:
         dd:cf:24:cb:d9:42:d7:74:2f:5d:e0:97:25:cb:1c:d3:10:38:
         47:87:c0:a3:0b:49:44:b9:b9:da:40:5a:0b:43:76:5b:f9:f5:
         ff:d0:01:f2:0b:d6:f0:ea:7e:cb:de:52:cb:da:d7:f4:a8:07:
         e9:bb:ff:dd:9f:22:24:04:dd:b1:90:1e:50:3e:23:35:31:67:
         af:5a:b9:bb:f6:91:2e:38:9b:27:e1:27:a4:5a:95:01:b9:e1:
         e9:f9:98:6a:01:fb:7c:d9:89:f4:53:53:f3:dd:3b:4d:4f:bc:
         97:40:53:1c:36:9b:63:1f:63:61:06:ad:56:ee:3e:93:60:35:
         a6:b7:09:1f:92:83:1c:e6:ab:44:b4:d2:39:10:3f:9c:4a:8d:
         ff:c0:6e:fe:4d:ab:75:00:30:6b:1e:37:68:7a:6a:2d:ed:b6:
         b5:7b:2f:9d:6d:5a:7d:f3:44:e6:64:d6:5f:57:4e:17:80:01:
         19:56:89:42:76:f0:16:76:1a:97:93:9f:d2:be:e0:05:b9:d0:
         53:d3:c6:f5:cc:8d:77:2e:fd:cc:ac:20:fe:1f:ec:5c:22:60:
         86:2c:7f:60
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZt5ft6Tj6YFMK4yHmZhBMaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZjEzMWUzZTE1MDU4ZDkzZmZkZGI2MGFjNzA4M2JlZjg5
ZDJlODYwHhcNMjYwMTAxMTIxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODQ2YjkyZDNkNGFmMDVlOTY1MTk4NThmZDRmZTUyYTc2NWE1ZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeYCRK3MnSwhwHaQpPF8OelZosxz
9Zy7QM9qwfXzI4D7jHb1K2Hk/8TVg/zJLx3+By+NIknqC4g+vBxQsU8q+iDtv54t
gyRUa5o7Dq5t2myp7eS+1l1sztZl8M6YPDasvr2bFph0kEJisix6+n4FaZgSeJ87
SfJSLqHj8Z86NLhlTLLUH0qpfI/rxrZnC7MB7xkeo0a0DEoXgYWXCUpsXsxpbAzv
P+J7p/1LfzGfECFvMUwqU23iaiBD2qSTzHq7pPJdLtvtqdOIl7PWlPUSpAUBw9Lg
JERE0lZ2qJXJTsSBH2TLXPWQsHc+NM+myaIN8iJHAX9g29CTGTifxgWn+QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPhGuS09SvBellGYWP1P5Sp2Wl3GMB8GA1UdIwQY
MBaAFKTxMePhUFjZP/3bYKxwg774nS6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBFeDQtRlFXTmtfX2R0Z3JIQ0R2dmlkTG9ZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84NDJlN2YtMDM1MC00YjAyLWE5OTQt
ZjcxYTQ5ZWJhNDhhLzEvMS1FYTVMVDFLOEY2V1VaaFlfVV9sS25aYVhjWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTYvODQyZTdmLTAzNTAtNGIwMi1hOTk0LWY3MWE0OWViYTQ4
YS8xL3BQRXg0LUZRV05rX19kdGdySENEdnZpZExvWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMKZdTAP
BAIAAjAJAwcAIAEGfCc4MA0GCSqGSIb3DQEBCwUAA4IBAQAjwdaWGtOkz5RN4dhV
BiIgWuk+0osc3qTQx16W8Bt3GncivzHdzyTL2ULXdC9d4JclyxzTEDhHh8CjC0lE
ubnaQFoLQ3Zb+fX/0AHyC9bw6n7L3lLL2tf0qAfpu//dnyIkBN2xkB5QPiM1MWev
Wrm79pEuOJsn4SekWpUBueHp+ZhqAft82Yn0U1Pz3TtNT7yXQFMcNptjH2NhBq1W
7j6TYDWmtwkfkoMc5qtEtNI5ED+cSo3/wG7+Tat1ADBrHjdoemot7ba1ey+dbVp9
80TmZNZfV04XgAEZVolCdvAWdhqXk5/SvuAFudBT08b1zI13Lv3MrCD+H+xcImCG
LH9g
-----END CERTIFICATE-----