Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/xB8FBjlDp1NXmFJ9_re_Zg2iYhU.roa
File:                     xB8FBjlDp1NXmFJ9_re_Zg2iYhU.roa (raw, json)
Hash identifier:          HvusSk6QspWFPicpCJ7NKwvnjfVH3kelcyA1fl1Qdi0=
Subject key identifier:   C4:1F:05:06:39:43:A7:53:57:98:52:7D:FE:B7:BF:66:0D:A2:62:15
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019D8319370172A1ADE6721FC5D536F8ABE5
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/xB8FBjlDp1NXmFJ9_re_Zg2iYhU.roa
Signing time:             Sun 12 Apr 2026 19:09:20 +0000
ROA not before:           Sun 12 Apr 2026 19:09:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210814
IP address blocks:        194.61.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:83:19:37:01:72:a1:ad:e6:72:1f:c5:d5:36:f8:ab:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Apr 12 19:09:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c41f05063943a7535798527dfeb7bf660da26215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:62:6c:42:e9:93:72:82:6d:5a:2d:75:21:f0:
                    11:a3:d1:0f:08:7c:43:ed:48:f1:c5:e9:2a:16:63:
                    4f:07:a8:99:48:10:01:64:61:b7:c0:53:6d:73:95:
                    a4:3f:7a:a4:18:08:cf:fe:72:ea:40:61:ab:3f:71:
                    08:d3:52:68:5e:aa:d6:e4:f5:44:27:c8:9b:6b:a6:
                    bd:95:25:e2:3e:54:fb:0e:e5:0d:1c:00:f1:7c:4d:
                    ab:17:8c:aa:46:ba:aa:64:2a:07:2b:a5:ab:f8:c7:
                    c6:62:c9:ef:f2:38:97:81:53:d8:50:0f:d5:f0:b7:
                    41:65:ab:bc:d2:18:35:c4:10:28:20:68:e8:48:ac:
                    36:a3:cb:29:53:d9:cc:7f:16:73:ee:0d:8c:8d:fe:
                    f6:a1:91:95:1c:f4:0f:24:24:0d:51:f3:fe:43:e5:
                    00:85:c1:a1:71:37:33:b9:f9:86:cc:51:c7:f8:b8:
                    48:ee:ad:9f:6e:9a:45:65:19:86:f8:12:69:8b:07:
                    d3:3d:a0:56:6a:c5:5b:41:a9:cc:93:4e:9f:8e:d5:
                    c2:e4:d0:98:e1:3d:72:e8:ac:de:42:d5:ad:61:57:
                    22:c5:d9:fd:07:7e:76:eb:f5:93:4c:4e:cf:39:4e:
                    73:ae:25:fd:d2:59:f5:55:6e:cf:c7:ec:18:87:5a:
                    0b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:1F:05:06:39:43:A7:53:57:98:52:7D:FE:B7:BF:66:0D:A2:62:15
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/xB8FBjlDp1NXmFJ9_re_Zg2iYhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:94:99:43:ec:86:02:cf:3d:99:89:6d:db:25:26:58:f3:56:
         2a:48:8d:cd:88:b8:e3:ae:31:98:78:4f:28:c9:7c:81:b6:bc:
         e7:27:13:59:ba:7b:d3:3f:d1:97:6e:52:11:bd:0e:68:de:c5:
         49:02:5e:42:7a:03:0c:8d:40:55:1e:b2:8a:72:fa:dd:7c:c3:
         a7:69:13:db:ad:39:74:b2:d3:bd:54:6d:b5:93:b1:3b:b1:e2:
         03:40:b4:6c:b7:25:e1:f0:65:ca:74:f0:e0:40:08:ef:86:a5:
         e3:69:6b:91:95:e9:e6:95:83:a5:cc:b9:9c:36:36:cb:e3:36:
         99:9b:57:23:81:bf:2e:32:c7:b6:7c:1a:4e:f2:bc:ef:60:7d:
         db:31:82:61:ff:70:42:25:99:7a:e5:02:89:c8:b5:68:d8:47:
         80:fa:eb:d4:ff:f5:9f:fd:dd:2d:04:31:2c:85:22:46:7a:58:
         4c:89:ba:1a:0c:1c:80:ff:9e:33:f6:6f:af:9f:5e:2e:58:4e:
         8e:aa:59:5a:0f:a4:fd:4f:13:55:46:17:a1:68:b5:0a:76:e3:
         3e:61:02:3a:2a:75:6f:74:51:02:90:7e:7d:01:d5:fb:4e:90:
         2e:1a:c8:f7:3b:9a:68:54:90:f8:e7:37:59:80:8e:8b:3e:17:
         b4:f6:a0:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2DGTcBcqGt5nIfxdU2+KvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNDEyMTkwOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDFmMDUwNjM5NDNhNzUzNTc5ODUyN2RmZWI3YmY2NjBkYTI2MjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGJsQumTcoJtWi11IfARo9EPCHxD
7UjxxekqFmNPB6iZSBABZGG3wFNtc5WkP3qkGAjP/nLqQGGrP3EI01JoXqrW5PVE
J8iba6a9lSXiPlT7DuUNHADxfE2rF4yqRrqqZCoHK6Wr+MfGYsnv8jiXgVPYUA/V
8LdBZau80hg1xBAoIGjoSKw2o8spU9nMfxZz7g2Mjf72oZGVHPQPJCQNUfP+Q+UA
hcGhcTczufmGzFHH+LhI7q2fbppFZRmG+BJpiwfTPaBWasVbQanMk06fjtXC5NCY
4T1y6KzeQtWtYVcixdn9B3526/WTTE7POU5zriX90ln1VW7Px+wYh1oLuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQfBQY5Q6dTV5hSff63v2YNomIVMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEveEI4RkJqbERwMU5YbUZKOV9yZV9aZzJpWWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj1JMA0G
CSqGSIb3DQEBCwUAA4IBAQAalJlD7IYCzz2ZiW3bJSZY81YqSI3NiLjjrjGYeE8o
yXyBtrznJxNZunvTP9GXblIRvQ5o3sVJAl5CegMMjUBVHrKKcvrdfMOnaRPbrTl0
stO9VG21k7E7seIDQLRstyXh8GXKdPDgQAjvhqXjaWuRlenmlYOlzLmcNjbL4zaZ
m1cjgb8uMse2fBpO8rzvYH3bMYJh/3BCJZl65QKJyLVo2EeA+uvU//Wf/d0tBDEs
hSJGelhMiboaDByA/54z9m+vn14uWE6OqllaD6T9TxNVRhehaLUKduM+YQI6KnVv
dFECkH59AdX7TpAuGsj3O5poVJD45zdZgI6LPhe09qCP
-----END CERTIFICATE-----