Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/R92c8_GawIo0zWCVe3KEMHOfXwg.roa
File:                     R92c8_GawIo0zWCVe3KEMHOfXwg.roa (raw, json)
Hash identifier:          85SuJiAaE3EW56KnlIdwUAzGkX32KcSjQ5U5FCiJonM=
Subject key identifier:   47:DD:9C:F3:F1:9A:C0:8A:34:CD:60:95:7B:72:84:30:73:9F:5F:08
Certificate issuer:       /CN=3c4ee9110b85fdde3eb6e4462541babc3236e8ba
Certificate serial:       019B7C80BB803D31F99DE20B488C9603E1ED
Authority key identifier: 3C:4E:E9:11:0B:85:FD:DE:3E:B6:E4:46:25:41:BA:BC:32:36:E8:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE7pEQuF_d4-tuRGJUG6vDI26Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/R92c8_GawIo0zWCVe3KEMHOfXwg.roa
Signing time:             Fri 02 Jan 2026 02:19:29 +0000
ROA not before:           Fri 02 Jan 2026 02:19:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8515
IP address blocks:        195.42.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/PE7pEQuF_d4-tuRGJUG6vDI26Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/PE7pEQuF_d4-tuRGJUG6vDI26Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PE7pEQuF_d4-tuRGJUG6vDI26Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:bb:80:3d:31:f9:9d:e2:0b:48:8c:96:03:e1:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4ee9110b85fdde3eb6e4462541babc3236e8ba
        Validity
            Not Before: Jan  2 02:19:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47dd9cf3f19ac08a34cd60957b728430739f5f08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:1a:7d:2a:19:66:13:1d:e7:3f:9f:04:52:fe:
                    58:f4:a7:94:31:77:c8:25:f4:be:44:2d:b0:d5:61:
                    a7:e4:32:80:44:6a:e5:50:e9:a0:22:7f:a1:aa:d0:
                    92:ec:26:e9:8f:49:c2:fb:73:40:45:5f:4c:74:65:
                    50:86:75:c8:d0:66:a4:85:33:b3:34:54:8c:fe:4c:
                    2d:11:bd:c9:05:c9:7c:cb:ef:51:58:fd:fe:78:ef:
                    b6:b5:25:01:71:ac:12:9f:73:0d:09:f2:e4:b9:3d:
                    69:62:c9:41:65:05:2b:9c:43:06:2f:56:79:6e:49:
                    3a:4d:f5:08:7e:bf:f0:4d:a8:63:4a:ba:f6:ce:1f:
                    26:17:8a:34:78:29:9f:64:60:5a:55:b9:f2:ba:67:
                    1e:ae:a0:60:c3:23:58:aa:90:38:02:39:29:da:bc:
                    0d:0f:c9:c8:1e:71:c2:da:f9:84:d5:7e:e5:67:eb:
                    bb:fa:80:63:30:9e:5d:20:32:bc:3e:c3:ea:02:78:
                    2d:d6:48:73:6a:de:65:5f:31:ea:23:13:68:21:91:
                    7c:0e:a7:9e:09:ac:9a:df:c0:db:18:e3:c7:57:a2:
                    4a:38:0f:9b:52:5e:00:f1:c8:51:b7:60:c0:d6:9c:
                    f1:57:96:d6:05:ed:e0:41:d5:70:0b:3d:a8:77:0b:
                    c3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:DD:9C:F3:F1:9A:C0:8A:34:CD:60:95:7B:72:84:30:73:9F:5F:08
            X509v3 Authority Key Identifier:
                keyid:3C:4E:E9:11:0B:85:FD:DE:3E:B6:E4:46:25:41:BA:BC:32:36:E8:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7pEQuF_d4-tuRGJUG6vDI26Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/R92c8_GawIo0zWCVe3KEMHOfXwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/PE7pEQuF_d4-tuRGJUG6vDI26Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         59:95:a8:bc:d4:85:27:7c:cb:24:1c:fc:67:4d:2c:0e:7f:4b:
         77:b8:25:66:b4:b6:dd:44:92:50:31:2e:d1:5c:28:6f:5c:b1:
         91:e6:cf:4a:d2:89:bd:4a:3c:ef:c6:02:39:e1:27:f9:12:03:
         77:5d:2e:49:60:17:a7:f3:69:0a:b1:a3:46:f5:7a:80:8e:3f:
         a8:ce:bc:a4:cd:e2:40:68:f4:a5:1b:52:25:23:a3:27:94:f5:
         bb:e5:5f:8c:15:a5:93:8f:97:d7:9a:10:96:15:38:ba:bb:fa:
         86:b3:02:c3:e2:3c:70:47:be:ef:2e:a5:9a:0f:43:ff:fb:0d:
         b7:e1:e1:72:82:1a:ec:11:32:48:38:37:db:d3:d6:c8:df:be:
         d1:11:54:20:f4:3f:26:d3:59:c7:d5:70:5c:d5:53:d4:f3:16:
         09:35:88:d4:2e:58:07:b2:47:06:23:86:50:00:4e:05:e8:9e:
         1b:5d:64:01:8b:72:4d:4c:ce:c5:e6:53:45:11:cd:44:c5:27:
         1b:de:28:81:40:1a:65:04:d9:a3:18:c4:9c:bb:64:15:fa:8c:
         9d:c3:e2:72:08:18:9c:39:2a:4f:ec:05:cf:68:fe:85:e2:f3:
         9a:1c:07:71:36:b7:20:d3:83:09:1f:be:fa:0e:bc:c9:00:ef:
         8b:e6:e5:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gLuAPTH5neILSIyWA+HtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVlOTExMGI4NWZkZGUzZWI2ZTQ0NjI1NDFiYWJjMzIz
NmU4YmEwHhcNMjYwMTAyMDIxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2RkOWNmM2YxOWFjMDhhMzRjZDYwOTU3YjcyODQzMDczOWY1ZjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBp9KhlmEx3nP58EUv5Y9KeUMXfI
JfS+RC2w1WGn5DKARGrlUOmgIn+hqtCS7Cbpj0nC+3NARV9MdGVQhnXI0GakhTOz
NFSM/kwtEb3JBcl8y+9RWP3+eO+2tSUBcawSn3MNCfLkuT1pYslBZQUrnEMGL1Z5
bkk6TfUIfr/wTahjSrr2zh8mF4o0eCmfZGBaVbnyumcerqBgwyNYqpA4Ajkp2rwN
D8nIHnHC2vmE1X7lZ+u7+oBjMJ5dIDK8PsPqAngt1khzat5lXzHqIxNoIZF8Dqee
Caya38DbGOPHV6JKOA+bUl4A8chRt2DA1pzxV5bWBe3gQdVwCz2odwvDUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfdnPPxmsCKNM1glXtyhDBzn18IMB8GA1UdIwQY
MBaAFDxO6RELhf3ePrbkRiVBurwyNui6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3cEVRdUZfZDQtdHVSR0pVRzZ2REkyNkxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9kZDE4ZDAtZDFhMi00NmQ0LTg0NjQt
Yzk0YThmMmUzMjMwLzEvUjkyYzhfR2F3SW8weldDVmUzS0VNSE9mWHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9kZDE4ZDAtZDFhMi00NmQ0LTg0NjQtYzk0YThmMmUzMjMw
LzEvUEU3cEVRdUZfZDQtdHVSR0pVRzZ2REkyNkxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwyqgMA0G
CSqGSIb3DQEBCwUAA4IBAQBZlai81IUnfMskHPxnTSwOf0t3uCVmtLbdRJJQMS7R
XChvXLGR5s9K0om9SjzvxgI54Sf5EgN3XS5JYBen82kKsaNG9XqAjj+ozrykzeJA
aPSlG1IlI6MnlPW75V+MFaWTj5fXmhCWFTi6u/qGswLD4jxwR77vLqWaD0P/+w23
4eFyghrsETJIODfb09bI377REVQg9D8m01nH1XBc1VPU8xYJNYjULlgHskcGI4ZQ
AE4F6J4bXWQBi3JNTM7F5lNFEc1ExScb3iiBQBplBNmjGMScu2QV+oydw+JyCBic
OSpP7AXPaP6F4vOaHAdxNrcg04MJH776DrzJAO+L5uUk
-----END CERTIFICATE-----