Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/d4f92b-2d13-4f2c-ad54-3becddfccae6/1/_0n4FH1o6sJL4P8QXU-ZAykRuQQ.roa
File:                     _0n4FH1o6sJL4P8QXU-ZAykRuQQ.roa (raw, json)
Hash identifier:          NZVSea9jvUOffSyWCHRvNjbYhkJDAkXWayZMBQQWEXE=
Subject key identifier:   FF:49:F8:14:7D:68:EA:C2:4B:E0:FF:10:5D:4F:99:03:29:11:B9:04
Certificate issuer:       /CN=470bc021b657a594ee58d9d36d8d91831d085174
Certificate serial:       019B7DC9DBDF8B65D498DD8B29E34BBA70A8
Authority key identifier: 47:0B:C0:21:B6:57:A5:94:EE:58:D9:D3:6D:8D:91:83:1D:08:51:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RwvAIbZXpZTuWNnTbY2Rgx0IUXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/d4f92b-2d13-4f2c-ad54-3becddfccae6/1/_0n4FH1o6sJL4P8QXU-ZAykRuQQ.roa
Signing time:             Fri 02 Jan 2026 08:18:59 +0000
ROA not before:           Fri 02 Jan 2026 08:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15543
IP address blocks:        193.26.11.0/24 maxlen: 24
                          193.138.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/d4f92b-2d13-4f2c-ad54-3becddfccae6/1/RwvAIbZXpZTuWNnTbY2Rgx0IUXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/d4f92b-2d13-4f2c-ad54-3becddfccae6/1/RwvAIbZXpZTuWNnTbY2Rgx0IUXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RwvAIbZXpZTuWNnTbY2Rgx0IUXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:db:df:8b:65:d4:98:dd:8b:29:e3:4b:ba:70:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=470bc021b657a594ee58d9d36d8d91831d085174
        Validity
            Not Before: Jan  2 08:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff49f8147d68eac24be0ff105d4f99032911b904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:77:e0:2a:17:2e:68:1c:fc:24:4a:4d:d4:7d:
                    d3:b0:19:67:e7:25:86:ad:7a:b4:4e:fb:0c:9b:7e:
                    d3:ff:6f:e9:1e:78:1c:9b:b5:cd:00:78:1d:9a:1b:
                    89:3c:63:ea:69:a9:91:07:43:1a:8e:f5:fc:c3:44:
                    6e:7a:9d:2f:02:c9:08:a7:15:83:2a:9e:17:81:cf:
                    a6:e6:f4:92:29:bd:11:d1:ae:60:30:58:9a:31:da:
                    8f:0a:69:c3:b0:70:d9:a6:65:43:0f:c9:49:38:54:
                    4e:3f:55:8b:c5:03:1a:53:d6:0c:fb:dd:6b:97:4a:
                    bc:18:64:4b:6c:a7:c5:9d:ea:25:d5:1d:0a:44:bc:
                    fa:25:58:cf:dd:82:c5:7b:08:4f:0e:51:e0:8d:68:
                    30:b5:44:ac:51:27:61:9a:e0:33:92:76:46:6d:59:
                    84:e0:80:1a:9c:40:9e:81:66:58:c9:f0:f9:6f:bd:
                    37:70:45:3a:f4:3d:aa:77:58:5d:b8:6a:a5:bb:2b:
                    a6:4d:91:b7:d3:d0:83:7c:eb:12:81:37:98:67:12:
                    43:32:07:7f:54:c6:f8:d9:45:7c:31:77:12:5a:a5:
                    ac:73:11:f6:fe:1e:a9:63:36:62:6e:21:bf:23:b2:
                    39:6f:94:e5:ec:5b:b3:69:a7:98:9a:4a:73:d3:72:
                    3f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:49:F8:14:7D:68:EA:C2:4B:E0:FF:10:5D:4F:99:03:29:11:B9:04
            X509v3 Authority Key Identifier:
                keyid:47:0B:C0:21:B6:57:A5:94:EE:58:D9:D3:6D:8D:91:83:1D:08:51:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RwvAIbZXpZTuWNnTbY2Rgx0IUXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/d4f92b-2d13-4f2c-ad54-3becddfccae6/1/_0n4FH1o6sJL4P8QXU-ZAykRuQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/d4f92b-2d13-4f2c-ad54-3becddfccae6/1/RwvAIbZXpZTuWNnTbY2Rgx0IUXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.11.0/24
                  193.138.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:83:fc:d5:b3:cb:94:80:1b:54:ed:ac:b0:cc:b9:23:26:a3:
         10:3d:e0:f1:18:64:ea:3f:b9:01:c2:f9:9c:86:66:2d:45:ec:
         c5:40:92:83:27:b0:94:d2:e3:0a:5b:08:70:11:b1:55:56:93:
         c5:ff:1e:66:07:71:f2:e8:5b:db:57:b9:17:09:eb:29:d8:a4:
         8d:e7:8b:71:99:22:33:13:53:82:7a:e4:2a:b0:33:d7:ed:75:
         89:b3:46:0a:d0:74:89:83:af:bf:4b:1e:35:f2:2e:d0:af:c2:
         48:25:62:44:9a:d6:0a:79:99:4c:d2:86:1b:8a:a3:e0:2a:93:
         9e:35:d4:67:05:f9:fe:a4:95:36:4f:7d:de:22:f5:4c:85:be:
         3b:00:a4:26:8e:15:1d:11:3b:87:04:54:d8:1b:5d:24:0f:21:
         14:5b:fd:ec:6a:12:87:e5:95:00:b2:01:d6:19:8f:32:b5:13:
         0d:cb:dd:f4:2b:fc:31:e1:1b:da:46:ea:81:ae:f6:0c:9d:1e:
         b8:55:41:7e:d1:54:40:4f:cb:bf:91:61:5f:7b:40:67:2b:42:
         6a:29:01:f8:42:e4:47:a8:a2:83:fd:9c:0b:01:97:2b:66:e3:
         1a:f6:8b:b0:80:b7:47:b6:7f:3c:10:b4:b3:32:25:d7:43:df:
         91:5f:fb:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt9ydvfi2XUmN2LKeNLunCoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MGJjMDIxYjY1N2E1OTRlZTU4ZDlkMzZkOGQ5MTgzMWQw
ODUxNzQwHhcNMjYwMTAyMDgxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjQ5ZjgxNDdkNjhlYWMyNGJlMGZmMTA1ZDRmOTkwMzI5MTFiOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXfgKhcuaBz8JEpN1H3TsBln5yWG
rXq0TvsMm37T/2/pHngcm7XNAHgdmhuJPGPqaamRB0MajvX8w0Ruep0vAskIpxWD
Kp4Xgc+m5vSSKb0R0a5gMFiaMdqPCmnDsHDZpmVDD8lJOFROP1WLxQMaU9YM+91r
l0q8GGRLbKfFneol1R0KRLz6JVjP3YLFewhPDlHgjWgwtUSsUSdhmuAzknZGbVmE
4IAanECegWZYyfD5b703cEU69D2qd1hduGqluyumTZG309CDfOsSgTeYZxJDMgd/
VMb42UV8MXcSWqWscxH2/h6pYzZibiG/I7I5b5Tl7FuzaaeYmkpz03I/8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP9J+BR9aOrCS+D/EF1PmQMpEbkEMB8GA1UdIwQY
MBaAFEcLwCG2V6WU7ljZ022NkYMdCFF0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnd2QUliWlhwWlR1V05uVGJZMlJneDBJVVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9kNGY5MmItMmQxMy00ZjJjLWFkNTQt
M2JlY2RkZmNjYWU2LzEvXzBuNEZIMW82c0pMNFA4UVhVLVpBeWtSdVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9kNGY5MmItMmQxMy00ZjJjLWFkNTQtM2JlY2RkZmNjYWU2
LzEvUnd2QUliWlhwWlR1V05uVGJZMlJneDBJVVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRoLAwQA
wYpAMA0GCSqGSIb3DQEBCwUAA4IBAQCng/zVs8uUgBtU7aywzLkjJqMQPeDxGGTq
P7kBwvmchmYtRezFQJKDJ7CU0uMKWwhwEbFVVpPF/x5mB3Hy6FvbV7kXCesp2KSN
54txmSIzE1OCeuQqsDPX7XWJs0YK0HSJg6+/Sx418i7Qr8JIJWJEmtYKeZlM0oYb
iqPgKpOeNdRnBfn+pJU2T33eIvVMhb47AKQmjhUdETuHBFTYG10kDyEUW/3sahKH
5ZUAsgHWGY8ytRMNy930K/wx4RvaRuqBrvYMnR64VUF+0VRAT8u/kWFfe0BnK0Jq
KQH4QuRHqKKD/ZwLAZcrZuMa9ouwgLdHtn88ELSzMiXXQ9+RX/tf
-----END CERTIFICATE-----