Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/eca327-d58f-491c-94c8-e3d045483412/1/2qeXnV7d55wsyTxXPZhmXkTZqtI.roa
File:                     2qeXnV7d55wsyTxXPZhmXkTZqtI.roa (raw, json)
Hash identifier:          N5i/RmZVF7k/2lLz1w31AlHZluiVFO2dv4zutOE7K+A=
Subject key identifier:   DA:A7:97:9D:5E:DD:E7:9C:2C:C9:3C:57:3D:98:66:5E:44:D9:AA:D2
Certificate issuer:       /CN=9e61403ac69e2874f5622d7ee568e8e49f064c2e
Certificate serial:       019B7AC7EE6DDDC7EAA5D401CCB26AACE7F4
Authority key identifier: 9E:61:40:3A:C6:9E:28:74:F5:62:2D:7E:E5:68:E8:E4:9F:06:4C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nmFAOsaeKHT1Yi1-5Wjo5J8GTC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/eca327-d58f-491c-94c8-e3d045483412/1/2qeXnV7d55wsyTxXPZhmXkTZqtI.roa
Signing time:             Thu 01 Jan 2026 18:18:01 +0000
ROA not before:           Thu 01 Jan 2026 18:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51038
IP address blocks:        195.254.160.0/23 maxlen: 24
                          2001:67c:200::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/eca327-d58f-491c-94c8-e3d045483412/1/nmFAOsaeKHT1Yi1-5Wjo5J8GTC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/eca327-d58f-491c-94c8-e3d045483412/1/nmFAOsaeKHT1Yi1-5Wjo5J8GTC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nmFAOsaeKHT1Yi1-5Wjo5J8GTC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 18:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:ee:6d:dd:c7:ea:a5:d4:01:cc:b2:6a:ac:e7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e61403ac69e2874f5622d7ee568e8e49f064c2e
        Validity
            Not Before: Jan  1 18:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=daa7979d5edde79c2cc93c573d98665e44d9aad2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d2:25:c0:8a:76:f7:3d:80:8f:4f:6b:4a:b4:
                    35:68:8c:ed:5f:27:5c:0d:62:06:82:97:46:17:a7:
                    e1:6c:75:1b:6d:62:fd:5f:b8:3f:35:4f:67:78:69:
                    44:7a:67:67:75:f7:ad:64:7f:56:1b:83:4c:d7:33:
                    fc:ca:9c:72:0b:9d:17:ea:6b:53:15:98:a5:fb:46:
                    d0:90:48:0e:2a:26:2d:a7:2e:5f:21:25:95:08:f6:
                    41:7e:82:2f:dc:dc:de:1c:9b:d1:ac:9f:04:b6:04:
                    e2:2f:3c:cc:02:ce:9e:cf:2f:6d:f4:04:78:83:93:
                    9a:65:00:ca:45:c1:7b:c9:c2:b8:87:05:c5:c4:d3:
                    98:42:66:8a:c4:12:d7:35:c1:95:fd:37:bd:3f:4b:
                    c9:73:6c:ba:2f:4b:b2:d5:fe:9a:3c:4b:57:66:1c:
                    43:d1:f9:f9:dd:a5:a6:45:19:c5:6a:bc:31:93:69:
                    c3:0a:a2:6f:67:74:71:c2:04:af:b1:c2:11:58:87:
                    ef:0b:33:0f:f8:2b:02:53:7f:b3:64:5b:f1:be:5e:
                    5d:74:0f:ff:8c:cf:11:fd:6d:f0:91:2b:72:5d:30:
                    21:ed:88:38:84:48:ff:ab:12:f4:2c:6a:09:a5:fe:
                    12:c3:fd:a1:be:3f:16:17:c6:e0:4b:95:95:d3:31:
                    38:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A7:97:9D:5E:DD:E7:9C:2C:C9:3C:57:3D:98:66:5E:44:D9:AA:D2
            X509v3 Authority Key Identifier:
                keyid:9E:61:40:3A:C6:9E:28:74:F5:62:2D:7E:E5:68:E8:E4:9F:06:4C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nmFAOsaeKHT1Yi1-5Wjo5J8GTC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/eca327-d58f-491c-94c8-e3d045483412/1/2qeXnV7d55wsyTxXPZhmXkTZqtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/eca327-d58f-491c-94c8-e3d045483412/1/nmFAOsaeKHT1Yi1-5Wjo5J8GTC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.160.0/23
                IPv6:
                  2001:67c:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:fe:95:d2:d6:aa:9c:0a:fa:94:a6:81:5a:45:12:f2:e4:b8:
         68:dd:88:ca:ab:3a:07:f5:c8:22:ee:0c:28:83:9e:4a:97:16:
         6a:a5:de:7d:ce:2b:d9:fc:f3:ec:bd:93:5c:b3:f6:d0:70:c5:
         46:ba:89:2d:d2:5b:70:0a:46:a0:35:6d:25:da:20:08:a7:8a:
         61:e3:9d:ba:ed:da:15:3c:86:dd:bc:50:48:83:f3:9f:5d:9c:
         c4:19:3e:af:99:e5:9c:87:cb:fd:eb:4e:16:d8:24:ab:8c:2c:
         3c:d8:17:e5:9e:bb:44:91:a5:21:5b:74:cb:fe:60:b6:d1:fe:
         8a:7e:21:3c:41:54:47:24:62:27:e0:57:d9:f1:44:39:6c:c8:
         a9:fe:67:a4:6b:c5:74:0f:1f:8a:60:ca:2e:8a:c5:a4:78:48:
         65:cd:fa:28:62:f4:38:65:2b:ff:aa:23:d8:d5:aa:58:8f:7b:
         38:7d:d8:0f:ef:3b:1c:af:32:cd:96:0c:e3:22:94:56:c4:f2:
         cf:07:b0:a6:9f:5b:be:f2:19:a6:fb:51:ee:ee:4c:3e:0d:3d:
         11:c0:80:00:f8:3b:b6:a1:27:1b:28:62:a6:f8:77:95:eb:a9:
         97:42:7e:b0:1c:e1:07:a4:2c:41:3b:8f:2e:01:43:12:a3:94:
         65:5e:ab:b3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt6x+5t3cfqpdQBzLJqrOf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNjE0MDNhYzY5ZTI4NzRmNTYyMmQ3ZWU1NjhlOGU0OWYw
NjRjMmUwHhcNMjYwMTAxMTgxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWE3OTc5ZDVlZGRlNzljMmNjOTNjNTczZDk4NjY1ZTQ0ZDlhYWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NIlwIp29z2Aj09rSrQ1aIztXydc
DWIGgpdGF6fhbHUbbWL9X7g/NU9neGlEemdndfetZH9WG4NM1zP8ypxyC50X6mtT
FZil+0bQkEgOKiYtpy5fISWVCPZBfoIv3NzeHJvRrJ8EtgTiLzzMAs6ezy9t9AR4
g5OaZQDKRcF7ycK4hwXFxNOYQmaKxBLXNcGV/Te9P0vJc2y6L0uy1f6aPEtXZhxD
0fn53aWmRRnFarwxk2nDCqJvZ3RxwgSvscIRWIfvCzMP+CsCU3+zZFvxvl5ddA//
jM8R/W3wkStyXTAh7Yg4hEj/qxL0LGoJpf4Sw/2hvj8WF8bgS5WV0zE4pQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNqnl51e3eecLMk8Vz2YZl5E2arSMB8GA1UdIwQY
MBaAFJ5hQDrGnih09WItfuVo6OSfBkwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm1GQU9zYWVLSFQxWWkxLTVXam81SjhHVEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9lY2EzMjctZDU4Zi00OTFjLTk0Yzgt
ZTNkMDQ1NDgzNDEyLzEvMnFlWG5WN2Q1NXdzeVR4WFBaaG1Ya1RacXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9lY2EzMjctZDU4Zi00OTFjLTk0YzgtZTNkMDQ1NDgzNDEy
LzEvbm1GQU9zYWVLSFQxWWkxLTVXam81SjhHVEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw/6gMA8E
AgACMAkDBwAgAQZ8AgAwDQYJKoZIhvcNAQELBQADggEBALf+ldLWqpwK+pSmgVpF
EvLkuGjdiMqrOgf1yCLuDCiDnkqXFmql3n3OK9n88+y9k1yz9tBwxUa6iS3SW3AK
RqA1bSXaIAinimHjnbrt2hU8ht28UEiD859dnMQZPq+Z5ZyHy/3rThbYJKuMLDzY
F+Weu0SRpSFbdMv+YLbR/op+ITxBVEckYifgV9nxRDlsyKn+Z6RrxXQPH4pgyi6K
xaR4SGXN+ihi9DhlK/+qI9jVqliPezh92A/vOxyvMs2WDOMilFbE8s8HsKafW77y
Gab7Ue7uTD4NPRHAgAD4O7ahJxsoYqb4d5XrqZdCfrAc4QekLEE7jy4BQxKjlGVe
q7M=
-----END CERTIFICATE-----