Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/li8qQSad2nEH9VdZEdASMOOcVYs.roa
File:                     li8qQSad2nEH9VdZEdASMOOcVYs.roa (raw, json)
Hash identifier:          Y/D8jzozS0kUYNTBh7PNAzFCxGW8QjAEr3OSj4+wOOs=
Subject key identifier:   96:2F:2A:41:26:9D:DA:71:07:F5:57:59:11:D0:12:30:E3:9C:55:8B
Certificate issuer:       /CN=6398ec15bc039c5a6042fbe90484456be02da7b9
Certificate serial:       019B7AC8ADDADFCB8A692F648AC21AFB71DA
Authority key identifier: 63:98:EC:15:BC:03:9C:5A:60:42:FB:E9:04:84:45:6B:E0:2D:A7:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/li8qQSad2nEH9VdZEdASMOOcVYs.roa
Signing time:             Thu 01 Jan 2026 18:18:50 +0000
ROA not before:           Thu 01 Jan 2026 18:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51284
IP address blocks:        193.161.0.0/24 maxlen: 24
                          193.201.146.128/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:ad:da:df:cb:8a:69:2f:64:8a:c2:1a:fb:71:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6398ec15bc039c5a6042fbe90484456be02da7b9
        Validity
            Not Before: Jan  1 18:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=962f2a41269dda7107f5575911d01230e39c558b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2a:61:8f:46:ac:74:91:25:f2:c9:a2:cd:72:
                    94:56:17:57:1d:00:c3:c1:69:86:55:06:a7:38:8f:
                    6d:35:cb:63:63:74:aa:f7:f1:36:1e:b1:1e:3d:65:
                    5c:c0:3e:ba:ae:8a:f5:ca:09:96:03:91:86:3c:28:
                    06:9f:96:3c:82:b4:5b:f3:48:b9:c2:7d:b8:88:99:
                    a3:6c:0c:9a:e7:fc:da:d0:f4:8d:58:7f:06:2a:a5:
                    9e:0d:09:28:41:8b:65:7d:62:e2:31:f7:b2:8a:29:
                    48:a2:46:39:d6:19:21:1d:95:03:7c:77:dc:42:66:
                    66:71:2d:96:ab:87:b7:6f:1e:0a:23:b4:f4:fa:86:
                    e9:82:90:09:17:96:09:88:9e:5e:66:48:e9:01:eb:
                    7a:f2:e6:2d:af:cb:c6:05:b8:48:fd:6d:ff:be:f5:
                    3f:c5:1a:57:8f:de:92:d3:08:2e:fc:b7:3d:1b:e3:
                    1b:1d:55:d6:fe:e1:c0:16:01:c5:9b:3c:d7:b3:1f:
                    bf:2f:bd:6e:bb:3a:4b:5b:ef:f7:93:46:be:82:d3:
                    41:23:45:9b:05:06:ec:21:ef:21:fc:81:87:c0:37:
                    97:d2:93:11:0f:1d:49:31:28:fd:82:62:42:9b:66:
                    01:8b:85:60:20:62:68:97:5e:f3:47:00:ae:f2:f0:
                    69:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:2F:2A:41:26:9D:DA:71:07:F5:57:59:11:D0:12:30:E3:9C:55:8B
            X509v3 Authority Key Identifier:
                keyid:63:98:EC:15:BC:03:9C:5A:60:42:FB:E9:04:84:45:6B:E0:2D:A7:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/li8qQSad2nEH9VdZEdASMOOcVYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.0.0/24
                  193.201.146.128/25

    Signature Algorithm: sha256WithRSAEncryption
         0c:9e:cb:88:4f:0f:ce:62:ff:e5:1e:ba:ae:4b:2e:06:d8:d8:
         08:ef:2f:92:ee:ae:78:5e:d4:8a:ce:93:07:b0:b2:00:40:7c:
         f7:74:95:43:0d:2e:9a:2e:de:b8:bb:26:ed:0d:57:8d:7b:3f:
         f4:ea:29:35:c2:37:8d:3d:e9:55:d8:54:2f:52:9f:89:29:ae:
         4c:3c:82:c6:0c:d3:20:b5:66:39:17:8d:41:79:a9:73:b4:77:
         94:5b:21:11:2b:bf:67:bb:9c:15:95:31:39:c3:57:89:fb:92:
         c3:4f:d2:d9:90:e0:28:4b:da:04:8b:26:63:8f:df:33:68:6e:
         0a:3a:df:92:47:17:13:9d:d6:71:fb:29:a9:bf:6f:42:38:1a:
         32:8e:dc:10:ce:29:82:b5:2a:85:45:c3:09:90:a8:62:09:01:
         56:26:87:8c:e0:5f:42:b5:98:e9:bb:9b:3f:20:9d:56:be:dd:
         12:23:ab:94:3b:20:9c:32:18:06:2c:80:5a:9f:74:26:d6:46:
         0d:18:09:75:ce:56:27:8e:d7:24:d5:21:4d:09:96:0d:76:44:
         27:76:98:36:35:e3:fd:e5:95:c3:64:b6:f4:ed:4e:c8:dc:47:
         7c:02:a8:5d:59:fc:90:61:8a:1d:6f:06:18:21:fc:3b:97:08:
         58:fc:08:06
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZt6yK3a38uKaS9kisIa+3HaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzOThlYzE1YmMwMzljNWE2MDQyZmJlOTA0ODQ0NTZiZTAy
ZGE3YjkwHhcNMjYwMTAxMTgxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjJmMmE0MTI2OWRkYTcxMDdmNTU3NTkxMWQwMTIzMGUzOWM1NThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiphj0asdJEl8smizXKUVhdXHQDD
wWmGVQanOI9tNctjY3Sq9/E2HrEePWVcwD66ror1ygmWA5GGPCgGn5Y8grRb80i5
wn24iJmjbAya5/za0PSNWH8GKqWeDQkoQYtlfWLiMfeyiilIokY51hkhHZUDfHfc
QmZmcS2Wq4e3bx4KI7T0+obpgpAJF5YJiJ5eZkjpAet68uYtr8vGBbhI/W3/vvU/
xRpXj96S0wgu/Lc9G+MbHVXW/uHAFgHFmzzXsx+/L71uuzpLW+/3k0a+gtNBI0Wb
BQbsIe8h/IGHwDeX0pMRDx1JMSj9gmJCm2YBi4VgIGJol17zRwCu8vBpWwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFJYvKkEmndpxB/VXWRHQEjDjnFWLMB8GA1UdIwQY
MBaAFGOY7BW8A5xaYEL76QSERWvgLae5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTVqc0Zid0RuRnBnUXZ2cEJJUkZhLUF0cDdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83NzExZDktN2Y3Yy00ZWRiLWE2ODct
ZDZmMDRlNzA4NDU0LzEvbGk4cVFTYWQybkVIOVZkWkVkQVNNT09jVllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83NzExZDktN2Y3Yy00ZWRiLWE2ODctZDZmMDRlNzA4NDU0
LzEvWTVqc0Zid0RuRnBnUXZ2cEJJUkZhLUF0cDdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwQAwaEAAwUH
wcmSgDANBgkqhkiG9w0BAQsFAAOCAQEADJ7LiE8PzmL/5R66rksuBtjYCO8vku6u
eF7Uis6TB7CyAEB893SVQw0umi7euLsm7Q1XjXs/9OopNcI3jT3pVdhUL1KfiSmu
TDyCxgzTILVmOReNQXmpc7R3lFshESu/Z7ucFZUxOcNXifuSw0/S2ZDgKEvaBIsm
Y4/fM2huCjrfkkcXE53Wcfspqb9vQjgaMo7cEM4pgrUqhUXDCZCoYgkBViaHjOBf
QrWY6bubPyCdVr7dEiOrlDsgnDIYBiyAWp90JtZGDRgJdc5WJ47XJNUhTQmWDXZE
J3aYNjXj/eWVw2S29O1OyNxHfAKoXVn8kGGKHW8GGCH8O5cIWPwIBg==
-----END CERTIFICATE-----