Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/078JTG5aC7kT5hpXnvM9TEHYqCs.roa
File:                     078JTG5aC7kT5hpXnvM9TEHYqCs.roa (raw, json)
Hash identifier:          w5aP29yr0A3HT+G60IqAWj6UVNMXP2SYbaHF/75q+GE=
Subject key identifier:   D3:BF:09:4C:6E:5A:0B:B9:13:E6:1A:57:9E:F3:3D:4C:41:D8:A8:2B
Certificate issuer:       /CN=b14aba8b60749393478e83c360e6cbd75d156f89
Certificate serial:       019C1D96D6368135BC737709CE9C09328CC4
Authority key identifier: B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/078JTG5aC7kT5hpXnvM9TEHYqCs.roa
Signing time:             Mon 02 Feb 2026 09:02:30 +0000
ROA not before:           Mon 02 Feb 2026 09:02:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202233
IP address blocks:        188.124.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1d:96:d6:36:81:35:bc:73:77:09:ce:9c:09:32:8c:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b14aba8b60749393478e83c360e6cbd75d156f89
        Validity
            Not Before: Feb  2 09:02:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3bf094c6e5a0bb913e61a579ef33d4c41d8a82b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:17:72:40:ac:76:7f:75:55:8e:52:03:ff:22:
                    5f:12:4a:93:34:29:a7:11:4e:32:ed:64:08:8d:4a:
                    1a:85:86:1d:c8:3a:99:85:ab:96:ad:28:af:67:f8:
                    f4:95:84:68:c9:48:e6:aa:17:33:a1:2d:c4:87:fa:
                    42:4e:6b:b9:31:5f:03:62:a6:ca:61:72:b4:10:38:
                    c1:7f:36:6d:00:8d:85:c2:3f:1c:3b:d5:5f:0c:ee:
                    c7:18:1d:35:03:d9:91:5c:51:69:fa:b1:21:31:29:
                    c3:91:cd:d1:f0:f0:fc:b0:7a:56:dd:36:cc:fa:77:
                    da:d8:a4:ce:f3:07:a0:c1:22:17:9e:8b:9f:3e:1e:
                    d9:6d:e7:97:79:5d:9b:dc:65:90:7d:6d:dc:3b:35:
                    4d:7c:19:9f:62:b2:19:52:01:cf:1c:dc:90:03:bd:
                    5e:7d:d4:6d:56:b8:57:84:a8:50:8e:78:ee:79:61:
                    8c:a9:28:f6:97:57:19:da:cf:55:43:38:36:83:01:
                    50:1a:21:53:b0:74:ae:17:4d:9c:e1:be:74:76:ee:
                    37:cc:4c:e8:1d:ad:44:0b:fb:70:fa:76:95:02:96:
                    be:ea:93:fa:90:89:f3:57:76:e2:87:06:b5:0a:60:
                    b1:97:02:2d:6a:ca:45:5e:f0:15:ba:4d:89:cd:d0:
                    15:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:BF:09:4C:6E:5A:0B:B9:13:E6:1A:57:9E:F3:3D:4C:41:D8:A8:2B
            X509v3 Authority Key Identifier:
                keyid:B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/078JTG5aC7kT5hpXnvM9TEHYqCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.124.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:e2:fd:f9:09:68:df:a2:a1:4f:f3:7a:93:05:51:ca:da:7c:
         68:7a:3b:17:47:96:4f:32:05:cd:74:6b:05:48:5a:bf:ad:4d:
         5c:ff:44:7c:a7:ba:97:6f:78:d3:dd:a2:95:1e:36:41:3a:a9:
         7f:e9:40:2d:f3:7d:18:bc:69:7d:4c:f6:8f:b7:cb:18:88:5d:
         23:a7:5a:42:40:dd:ca:4b:8a:5f:f9:37:42:fc:af:6f:cd:22:
         52:ee:d4:07:81:de:fe:5c:04:58:c4:6f:6c:54:64:19:40:ac:
         92:46:67:ca:f3:5a:e5:e2:5e:c0:4f:7a:f2:c6:6c:95:c6:40:
         c0:c9:1f:7c:b0:dc:4b:95:8e:29:8c:e2:3b:c1:5e:39:53:9f:
         33:e7:0a:d3:0c:75:f7:1f:94:1b:58:85:fd:a6:f9:ac:c9:cd:
         4e:86:47:c3:7c:0e:43:61:da:f0:ef:3c:13:ec:06:63:c5:97:
         63:2a:73:b6:7e:3a:f5:8f:ea:06:a5:6e:5f:06:0c:48:fc:77:
         0f:84:4f:6e:5b:07:75:5c:48:2c:4a:f7:82:93:4a:e5:c7:ca:
         54:a9:07:6d:3c:56:ac:54:7a:1a:c6:cc:ab:5b:68:3f:d5:a7:
         8a:cf:73:00:5f:8a:1a:ea:c3:85:76:9b:9e:c1:ec:a6:34:4a:
         e3:21:07:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwdltY2gTW8c3cJzpwJMozEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNGFiYThiNjA3NDkzOTM0NzhlODNjMzYwZTZjYmQ3NWQx
NTZmODkwHhcNMjYwMjAyMDkwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2JmMDk0YzZlNWEwYmI5MTNlNjFhNTc5ZWYzM2Q0YzQxZDhhODJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhdyQKx2f3VVjlID/yJfEkqTNCmn
EU4y7WQIjUoahYYdyDqZhauWrSivZ/j0lYRoyUjmqhczoS3Eh/pCTmu5MV8DYqbK
YXK0EDjBfzZtAI2Fwj8cO9VfDO7HGB01A9mRXFFp+rEhMSnDkc3R8PD8sHpW3TbM
+nfa2KTO8wegwSIXnoufPh7ZbeeXeV2b3GWQfW3cOzVNfBmfYrIZUgHPHNyQA71e
fdRtVrhXhKhQjnjueWGMqSj2l1cZ2s9VQzg2gwFQGiFTsHSuF02c4b50du43zEzo
Ha1EC/tw+naVApa+6pP6kInzV3bihwa1CmCxlwItaspFXvAVuk2JzdAVhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNO/CUxuWgu5E+YaV57zPUxB2KgrMB8GA1UdIwQY
MBaAFLFKuotgdJOTR46Dw2Dmy9ddFW+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYt
Y2Y2YzMwNTIxMmViLzEvMDc4SlRHNWFDN2tUNWhwWG52TTlURUhZcUNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYtY2Y2YzMwNTIxMmVi
LzEvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHwfMA0G
CSqGSIb3DQEBCwUAA4IBAQBR4v35CWjfoqFP83qTBVHK2nxoejsXR5ZPMgXNdGsF
SFq/rU1c/0R8p7qXb3jT3aKVHjZBOql/6UAt830YvGl9TPaPt8sYiF0jp1pCQN3K
S4pf+TdC/K9vzSJS7tQHgd7+XARYxG9sVGQZQKySRmfK81rl4l7AT3ryxmyVxkDA
yR98sNxLlY4pjOI7wV45U58z5wrTDHX3H5QbWIX9pvmsyc1OhkfDfA5DYdrw7zwT
7AZjxZdjKnO2fjr1j+oGpW5fBgxI/HcPhE9uWwd1XEgsSveCk0rlx8pUqQdtPFas
VHoaxsyrW2g/1aeKz3MAX4oa6sOFdpueweymNErjIQfy
-----END CERTIFICATE-----