Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/AuI9u736-sohmdb0tO6gmbwXyYo.roa
File:                     AuI9u736-sohmdb0tO6gmbwXyYo.roa (raw, json)
Hash identifier:          ufWpJSR2Bm86rLLI1bVTAvxAn87YfXUVHEm8NPBh9No=
Subject key identifier:   02:E2:3D:BB:BD:FA:FA:CA:21:99:D6:F4:B4:EE:A0:99:BC:17:C9:8A
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019C8FF3F38F43AAC670933AB451D07E257D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/AuI9u736-sohmdb0tO6gmbwXyYo.roa
Signing time:             Tue 24 Feb 2026 14:00:55 +0000
ROA not before:           Tue 24 Feb 2026 14:00:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202051
IP address blocks:        188.255.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:55:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:f3:f3:8f:43:aa:c6:70:93:3a:b4:51:d0:7e:25:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Feb 24 14:00:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02e23dbbbdfafaca2199d6f4b4eea099bc17c98a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:05:bc:25:c7:eb:d0:d0:36:ac:14:dc:72:64:
                    e9:17:72:df:a5:6a:de:3b:af:3a:ab:16:42:cb:ff:
                    9a:f6:d7:7e:71:b1:b3:63:e3:4b:79:9a:90:bc:9c:
                    70:56:e8:fc:0b:cd:d8:ff:62:6b:2f:93:90:76:8e:
                    0a:de:22:1b:77:03:f9:55:f8:81:30:91:03:f9:5d:
                    fa:35:93:d6:9d:50:43:63:61:b2:67:1f:1d:f4:25:
                    7d:50:3e:29:71:06:b5:67:e9:9b:a5:45:ca:d2:f9:
                    b6:70:1d:99:46:c4:74:1b:0a:a0:79:72:26:4f:68:
                    30:12:98:40:c2:f1:1f:d5:f9:f6:ee:fe:b1:d7:95:
                    70:3f:6a:ae:0d:fa:dd:e1:2a:70:a7:b5:f7:42:26:
                    95:4f:bb:eb:61:53:5b:5b:1a:08:5e:bb:e0:51:88:
                    67:2f:7f:e7:7c:c1:ed:04:53:19:f9:9f:6c:c2:7c:
                    cf:ab:e7:8a:9d:cb:64:ff:55:51:55:bb:4a:f6:e4:
                    01:b0:24:5a:17:8e:8f:26:41:7f:9f:73:1d:0a:b1:
                    b2:48:63:37:d8:2b:08:8e:3e:51:a7:89:4e:9c:70:
                    c2:71:8c:21:1e:52:26:3d:45:d7:77:2e:8f:39:82:
                    cd:9e:a7:2d:b9:18:6a:27:93:09:34:4f:bd:cb:59:
                    a4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E2:3D:BB:BD:FA:FA:CA:21:99:D6:F4:B4:EE:A0:99:BC:17:C9:8A
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/AuI9u736-sohmdb0tO6gmbwXyYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:e1:5c:b5:b4:70:9d:5b:73:55:81:5a:9d:1b:ae:9f:45:72:
         d0:44:a6:05:8c:d3:10:c8:6b:b3:29:f2:c9:55:13:21:db:b1:
         81:54:27:70:e9:8a:5c:9b:a5:23:6c:12:fb:5c:78:4b:56:43:
         3a:fd:96:2b:d1:84:9f:dd:ca:90:08:67:ad:fd:61:d4:d1:ce:
         ad:b6:f9:05:9d:d0:e3:df:0f:73:9b:6b:e4:56:11:2a:78:f5:
         94:eb:b9:50:19:d2:3c:b2:ff:ca:e2:48:fa:b1:7b:e1:db:a1:
         46:a1:a9:e2:44:0e:60:31:42:25:35:79:3b:ef:0b:6d:33:d3:
         f0:e3:22:92:8e:a5:9a:e7:5b:b6:94:76:cb:4f:44:90:4b:4b:
         03:98:3d:8a:bd:32:00:92:8a:d7:d3:b7:c9:32:09:94:c2:1a:
         86:6d:7f:51:da:cc:7e:51:20:a8:45:8c:21:df:e2:46:a7:4a:
         6d:3c:24:cd:13:77:6e:c2:ed:88:eb:29:e4:92:43:ce:6c:8f:
         63:33:5d:0b:fb:2a:46:74:b7:00:fc:72:2b:1f:07:17:e8:68:
         f4:fe:e8:01:79:e6:f6:65:bd:8e:71:47:68:26:44:1b:8d:9d:
         5d:d8:e6:5f:5b:73:93:c7:c8:a9:78:9a:85:d1:db:46:db:94:
         80:82:93:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyP8/OPQ6rGcJM6tFHQfiV9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMjI0MTQwMDU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmUyM2RiYmJkZmFmYWNhMjE5OWQ2ZjRiNGVlYTA5OWJjMTdjOThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgW8Jcfr0NA2rBTccmTpF3LfpWre
O686qxZCy/+a9td+cbGzY+NLeZqQvJxwVuj8C83Y/2JrL5OQdo4K3iIbdwP5VfiB
MJED+V36NZPWnVBDY2GyZx8d9CV9UD4pcQa1Z+mbpUXK0vm2cB2ZRsR0GwqgeXIm
T2gwEphAwvEf1fn27v6x15VwP2quDfrd4Spwp7X3QiaVT7vrYVNbWxoIXrvgUYhn
L3/nfMHtBFMZ+Z9swnzPq+eKnctk/1VRVbtK9uQBsCRaF46PJkF/n3MdCrGySGM3
2CsIjj5Rp4lOnHDCcYwhHlImPUXXdy6POYLNnqctuRhqJ5MJNE+9y1mkPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALiPbu9+vrKIZnW9LTuoJm8F8mKMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvQXVJOXU3MzYtc29obWRiMHRPNmdtYndYeVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+jMA0G
CSqGSIb3DQEBCwUAA4IBAQBt4Vy1tHCdW3NVgVqdG66fRXLQRKYFjNMQyGuzKfLJ
VRMh27GBVCdw6Ypcm6UjbBL7XHhLVkM6/ZYr0YSf3cqQCGet/WHU0c6ttvkFndDj
3w9zm2vkVhEqePWU67lQGdI8sv/K4kj6sXvh26FGoaniRA5gMUIlNXk77wttM9Pw
4yKSjqWa51u2lHbLT0SQS0sDmD2KvTIAkorX07fJMgmUwhqGbX9R2sx+USCoRYwh
3+JGp0ptPCTNE3duwu2I6ynkkkPObI9jM10L+ypGdLcA/HIrHwcX6Gj0/ugBeeb2
Zb2OcUdoJkQbjZ1d2OZfW3OTx8ipeJqF0dtG25SAgpMO
-----END CERTIFICATE-----