Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/XBx3ZjkQBmOob1C1AQifpzrj3Es.roa
File:                     XBx3ZjkQBmOob1C1AQifpzrj3Es.roa (raw, json)
Hash identifier:          toUyH2dFBi0jUqBudUbZQlU2ok2/b2pqbfdKdGPRAog=
Subject key identifier:   5C:1C:77:66:39:10:06:63:A8:6F:50:B5:01:08:9F:A7:3A:E3:DC:4B
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       019D8CC69DE7BBA119E4DA1F752CFDB39B39
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/XBx3ZjkQBmOob1C1AQifpzrj3Es.roa
Signing time:             Tue 14 Apr 2026 16:15:20 +0000
ROA not before:           Tue 14 Apr 2026 16:15:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212477
IP address blocks:        212.124.94.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8c:c6:9d:e7:bb:a1:19:e4:da:1f:75:2c:fd:b3:9b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Apr 14 16:15:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c1c776639100663a86f50b501089fa73ae3dc4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4b:4f:6d:79:1b:17:7b:3b:ec:d1:1a:1d:c5:
                    6e:f1:82:aa:02:87:ad:d4:a3:7a:59:43:91:cb:53:
                    78:1b:3b:c0:62:2a:5d:4f:2d:a2:1e:df:a2:7e:2d:
                    32:58:97:ed:c2:ff:8b:b2:e7:51:20:01:45:e2:b0:
                    77:27:fe:da:2e:90:7e:76:02:61:aa:ab:1f:a3:5b:
                    54:f1:b6:d5:9b:7b:7d:24:23:ea:24:99:ad:c1:2b:
                    50:f4:a0:7b:45:c7:06:d3:88:ec:3c:76:a2:a9:fe:
                    5c:c1:f7:76:84:6c:8b:a6:8e:26:3f:92:87:d1:8f:
                    b5:f2:37:4f:31:7f:3c:2d:1d:42:6b:00:bb:35:c9:
                    71:5d:55:91:ad:fd:62:dc:e6:08:b6:82:f9:e3:10:
                    2b:a2:dd:0d:61:b7:05:19:48:00:cf:cc:59:07:e2:
                    3d:32:90:3c:47:c7:9a:77:67:65:35:b8:29:69:fa:
                    a6:67:7d:c9:5a:57:78:b6:c2:af:ee:c0:14:7f:01:
                    bd:bc:d5:83:c7:e7:f4:8b:cf:4b:b0:67:0c:29:a7:
                    9b:33:fe:65:1d:8d:5b:fc:2b:1c:26:c6:cf:11:42:
                    fe:76:ed:f9:fa:e9:0a:6c:3e:2a:34:20:c1:54:5f:
                    95:62:da:f7:fd:e0:13:4f:73:1b:47:e2:fb:84:6a:
                    9b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:1C:77:66:39:10:06:63:A8:6F:50:B5:01:08:9F:A7:3A:E3:DC:4B
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/XBx3ZjkQBmOob1C1AQifpzrj3Es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.124.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:ac:75:c9:20:3d:9c:33:70:28:14:00:3c:1b:c6:64:14:9c:
         22:cb:1a:9c:de:87:81:cb:48:67:fe:ac:64:a8:40:db:93:bd:
         4b:c3:ab:06:45:0c:98:3f:2c:64:08:fc:8b:1b:00:a8:b5:4e:
         28:34:bc:33:26:b8:02:2e:fb:d4:f6:af:1d:78:26:99:ef:99:
         ad:a0:4a:6d:c4:df:47:a6:0c:8c:67:b4:84:11:98:d6:de:fd:
         50:13:20:49:48:33:66:be:29:80:11:b8:df:0c:ba:41:de:69:
         5c:75:18:e2:49:be:45:2d:51:7f:17:df:8c:a0:d8:6b:b5:d8:
         b2:86:f7:da:d5:62:4c:75:3a:4a:e3:e6:ae:a3:5c:13:cf:f2:
         66:8b:f4:ea:59:53:69:e6:86:04:f4:70:ee:46:7e:2b:1f:62:
         99:7c:5a:f1:6d:a5:ac:c7:30:41:d9:78:1a:ec:0b:91:25:a3:
         09:5c:cd:88:9d:38:19:2f:01:0e:af:4c:5d:31:82:36:64:53:
         d4:5b:db:3b:4b:b5:67:7a:85:96:b6:9d:95:17:76:fb:4f:68:
         4f:48:b2:91:4b:74:70:9c:5c:9a:c5:43:9e:24:6e:16:9e:bb:
         76:4b:70:93:7b:77:6d:6a:20:4f:e3:68:ca:58:42:9b:61:e6:
         a0:a2:92:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Mxp3nu6EZ5NofdSz9s5s5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjYwNDE0MTYxNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzFjNzc2NjM5MTAwNjYzYTg2ZjUwYjUwMTA4OWZhNzNhZTNkYzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEtPbXkbF3s77NEaHcVu8YKqAoet
1KN6WUORy1N4GzvAYipdTy2iHt+ifi0yWJftwv+LsudRIAFF4rB3J/7aLpB+dgJh
qqsfo1tU8bbVm3t9JCPqJJmtwStQ9KB7RccG04jsPHaiqf5cwfd2hGyLpo4mP5KH
0Y+18jdPMX88LR1CawC7NclxXVWRrf1i3OYItoL54xArot0NYbcFGUgAz8xZB+I9
MpA8R8ead2dlNbgpafqmZ33JWld4tsKv7sAUfwG9vNWDx+f0i89LsGcMKaebM/5l
HY1b/CscJsbPEUL+du35+ukKbD4qNCDBVF+VYtr3/eATT3MbR+L7hGqb2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwcd2Y5EAZjqG9QtQEIn6c649xLMB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvWEJ4M1pqa1FCbU9vYjFDMUFRaWZwenJqM0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HxeMA0G
CSqGSIb3DQEBCwUAA4IBAQBerHXJID2cM3AoFAA8G8ZkFJwiyxqc3oeBy0hn/qxk
qEDbk71Lw6sGRQyYPyxkCPyLGwCotU4oNLwzJrgCLvvU9q8deCaZ75mtoEptxN9H
pgyMZ7SEEZjW3v1QEyBJSDNmvimAEbjfDLpB3mlcdRjiSb5FLVF/F9+MoNhrtdiy
hvfa1WJMdTpK4+auo1wTz/Jmi/TqWVNp5oYE9HDuRn4rH2KZfFrxbaWsxzBB2Xga
7AuRJaMJXM2InTgZLwEOr0xdMYI2ZFPUW9s7S7VneoWWtp2VF3b7T2hPSLKRS3Rw
nFyaxUOeJG4Wnrt2S3CTe3dtaiBP42jKWEKbYeagopIk
-----END CERTIFICATE-----