Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/K7cA3lhB3ofkC0PagVmjM9JrME0.roa
File:                     K7cA3lhB3ofkC0PagVmjM9JrME0.roa (raw, json)
Hash identifier:          E3Htq7fzwTAy8AhNmQDCTNU5myBeHlyDR2Q+KbnUQ+U=
Subject key identifier:   2B:B7:00:DE:58:41:DE:87:E4:0B:43:DA:81:59:A3:33:D2:6B:30:4D
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019C28F7547C5C3278A443549BC0676B271F
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/K7cA3lhB3ofkC0PagVmjM9JrME0.roa
Signing time:             Wed 04 Feb 2026 14:03:43 +0000
ROA not before:           Wed 04 Feb 2026 14:03:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208821
IP address blocks:        46.29.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:28:f7:54:7c:5c:32:78:a4:43:54:9b:c0:67:6b:27:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Feb  4 14:03:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bb700de5841de87e40b43da8159a333d26b304d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cf:0b:1d:7d:77:23:bc:a4:9b:4e:ec:1a:f6:
                    dc:16:31:03:df:66:99:b0:fa:0c:3a:19:66:e3:0c:
                    64:e4:06:d8:43:62:11:f9:d6:04:d4:00:dc:a2:47:
                    0c:de:6d:af:d3:1c:41:59:ef:50:32:10:fc:74:56:
                    e6:a9:ad:2d:ad:b8:af:d2:ca:6b:25:ee:01:b9:7f:
                    c2:2e:ce:05:e6:41:5b:06:09:89:fb:9d:09:95:11:
                    de:61:d6:b3:b4:20:a9:cb:5b:0f:71:f5:f3:fa:6d:
                    2c:67:49:4d:25:1e:3c:21:10:26:8b:ef:d7:e7:3e:
                    a0:2c:43:98:26:11:17:f0:1a:ad:94:e5:63:d9:ff:
                    5e:0c:51:96:f4:a7:51:b1:cc:39:fc:e4:41:da:11:
                    50:29:8b:32:33:a7:47:aa:ee:79:a6:ac:42:23:73:
                    7c:00:9f:54:37:fc:69:6f:88:82:7e:04:3a:9c:bc:
                    aa:aa:15:7a:93:bb:e0:e8:7a:d4:f5:2e:10:b5:ce:
                    cd:28:23:3f:d4:e7:08:25:bc:99:e2:4c:dc:3b:60:
                    69:a3:fd:3a:2c:98:a2:8d:70:9e:8c:b1:e4:7d:44:
                    ed:2c:67:8a:7a:88:05:57:9e:fd:cf:f5:2c:cf:8a:
                    8d:2a:91:5d:93:8e:92:9d:7c:5a:08:44:a7:6d:13:
                    9c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B7:00:DE:58:41:DE:87:E4:0B:43:DA:81:59:A3:33:D2:6B:30:4D
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/K7cA3lhB3ofkC0PagVmjM9JrME0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:ab:0b:7c:7a:ed:37:10:88:ba:cd:9d:f1:c0:a3:8f:f5:a4:
         38:1e:50:7b:0b:9d:4e:3e:76:e2:d8:c6:8b:a0:ea:b6:db:95:
         f1:d9:39:97:e7:ce:38:10:71:cb:46:96:55:ab:db:98:62:0c:
         c5:60:27:41:34:85:3b:1a:b7:d0:7c:c4:38:e5:3d:04:49:8c:
         ee:54:13:5d:1b:d5:49:8f:bd:c5:d2:8a:a5:0a:72:e0:92:bb:
         ce:11:86:35:b7:9a:52:98:2e:91:56:95:30:b7:15:60:99:3b:
         ba:ea:05:8e:64:df:89:19:1c:ab:aa:00:f6:ac:fe:65:29:c5:
         76:42:eb:c6:da:03:9f:71:ca:f6:ff:3a:79:e7:4e:94:46:13:
         b5:bd:b0:da:e9:82:1c:84:4e:9c:6c:ad:88:66:d9:e6:21:94:
         97:cb:c0:f7:1e:12:c4:6b:9e:f4:fc:2e:04:26:92:42:f3:fc:
         86:6a:88:fd:00:14:66:0b:92:07:37:7a:19:da:70:0d:a7:eb:
         15:5f:6c:51:8d:28:84:0c:d1:0e:39:1e:40:ef:b0:ff:98:dd:
         5c:a1:01:dc:87:6f:4d:f3:c8:a9:29:6d:a7:52:01:97:66:82:
         f2:3e:03:ce:61:f3:6c:42:7e:17:a9:39:35:fd:9d:28:91:ab:
         02:0d:99:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwo91R8XDJ4pENUm8BnaycfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMjA0MTQwMzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmI3MDBkZTU4NDFkZTg3ZTQwYjQzZGE4MTU5YTMzM2QyNmIzMDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyM8LHX13I7ykm07sGvbcFjED32aZ
sPoMOhlm4wxk5AbYQ2IR+dYE1ADcokcM3m2v0xxBWe9QMhD8dFbmqa0trbiv0spr
Je4BuX/CLs4F5kFbBgmJ+50JlRHeYdaztCCpy1sPcfXz+m0sZ0lNJR48IRAmi+/X
5z6gLEOYJhEX8BqtlOVj2f9eDFGW9KdRscw5/ORB2hFQKYsyM6dHqu55pqxCI3N8
AJ9UN/xpb4iCfgQ6nLyqqhV6k7vg6HrU9S4Qtc7NKCM/1OcIJbyZ4kzcO2Bpo/06
LJiijXCejLHkfUTtLGeKeogFV579z/Usz4qNKpFdk46SnXxaCESnbROcmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCu3AN5YQd6H5AtD2oFZozPSazBNMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvSzdjQTNsaEIzb2ZrQzBQYWdWbWpNOUpyTUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh0aMA0G
CSqGSIb3DQEBCwUAA4IBAQCAqwt8eu03EIi6zZ3xwKOP9aQ4HlB7C51OPnbi2MaL
oOq225Xx2TmX5844EHHLRpZVq9uYYgzFYCdBNIU7GrfQfMQ45T0ESYzuVBNdG9VJ
j73F0oqlCnLgkrvOEYY1t5pSmC6RVpUwtxVgmTu66gWOZN+JGRyrqgD2rP5lKcV2
QuvG2gOfccr2/zp5506URhO1vbDa6YIchE6cbK2IZtnmIZSXy8D3HhLEa570/C4E
JpJC8/yGaoj9ABRmC5IHN3oZ2nANp+sVX2xRjSiEDNEOOR5A77D/mN1coQHch29N
88ipKW2nUgGXZoLyPgPOYfNsQn4XqTk1/Z0okasCDZkN
-----END CERTIFICATE-----