Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/L3_ye7DPVI366Ic6Ngz0rx8KNS0.roa
File:                     L3_ye7DPVI366Ic6Ngz0rx8KNS0.roa (raw, json)
Hash identifier:          M35zUOYT/3wfQtDZmc6mQI7KYPlIQlA+Fde0pk0Wiks=
Subject key identifier:   2F:7F:F2:7B:B0:CF:54:8D:FA:E8:87:3A:36:0C:F4:AF:1F:0A:35:2D
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       019D5A0CE07F44BBF2648364D93FF19F14A6
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/L3_ye7DPVI366Ic6Ngz0rx8KNS0.roa
Signing time:             Sat 04 Apr 2026 19:51:26 +0000
ROA not before:           Sat 04 Apr 2026 19:51:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197450
IP address blocks:        195.178.137.0/24 maxlen: 24
                          195.178.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5a:0c:e0:7f:44:bb:f2:64:83:64:d9:3f:f1:9f:14:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Apr  4 19:51:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f7ff27bb0cf548dfae8873a360cf4af1f0a352d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:52:97:2b:37:8d:4a:84:d7:10:6a:3d:f9:9c:
                    16:93:59:a3:d4:2c:a7:bf:dc:7a:69:d7:1f:a3:ac:
                    49:b6:5e:ee:d5:14:71:3c:c5:d7:52:f0:04:de:81:
                    44:f6:dc:f7:55:50:d9:a2:3f:2a:c8:3e:94:29:ba:
                    cb:59:96:09:55:2a:37:5e:6d:fc:18:3f:e9:63:1b:
                    a0:ee:ed:0e:a0:47:94:14:b8:b1:10:37:ff:41:f1:
                    a1:ef:a2:59:a1:db:52:87:b0:fa:af:07:c5:39:7a:
                    60:6e:7f:00:df:33:4b:aa:c1:a4:85:03:9c:b4:78:
                    5c:44:3d:50:c0:ff:6d:42:59:ee:73:b7:71:ff:4d:
                    40:17:52:f9:79:16:b8:a3:3f:b2:d9:90:eb:72:cb:
                    89:df:d5:a4:8c:b1:a7:31:1e:19:eb:25:27:dd:c5:
                    30:05:b9:02:be:81:64:2a:b6:c7:ba:81:7f:e9:83:
                    a6:0b:e9:d4:40:8b:79:3f:66:cc:07:94:df:0a:ea:
                    ed:b7:5b:26:34:fe:47:2f:53:9a:9f:8d:e6:08:10:
                    87:2f:16:23:76:09:f2:6b:00:be:50:04:df:87:97:
                    4a:42:47:c6:88:61:7e:36:bd:93:6f:ac:b3:28:ae:
                    11:6c:74:f8:a2:4c:f5:a4:de:06:84:f4:d4:7f:48:
                    44:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:7F:F2:7B:B0:CF:54:8D:FA:E8:87:3A:36:0C:F4:AF:1F:0A:35:2D
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/L3_ye7DPVI366Ic6Ngz0rx8KNS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.137.0-195.178.138.255

    Signature Algorithm: sha256WithRSAEncryption
         06:db:4c:01:04:9c:e0:b8:43:0d:be:44:61:c2:07:12:39:b7:
         6f:a5:03:67:16:f7:81:62:31:b1:8b:cf:4c:1e:6f:10:19:40:
         ae:58:76:63:4d:ea:60:89:1a:1c:de:9b:e4:4d:1f:ff:91:74:
         c0:18:91:59:45:f5:3d:bc:c3:5e:96:b7:d1:e3:07:e6:c8:04:
         59:8a:da:9f:dd:ed:6f:76:76:2f:4d:e7:18:8a:a2:9a:ef:d3:
         78:b1:80:fc:68:2a:27:15:41:ba:a9:4e:a8:8f:52:e4:e5:4e:
         45:61:52:83:17:71:d7:62:a6:6d:77:32:1f:b2:ee:90:c5:ee:
         66:f1:2e:b5:02:6d:bf:a1:79:3b:37:c4:bf:d5:23:93:36:18:
         56:d4:79:57:a9:29:ff:94:c9:f6:d6:3e:b6:a3:02:33:81:b3:
         31:96:d4:30:54:95:49:8e:36:1b:b6:0a:5a:42:0c:26:ca:bb:
         09:46:5a:a1:50:ac:c4:aa:db:98:1c:5a:ff:ec:a1:53:10:a4:
         6b:c9:b4:6d:c8:bb:f6:16:ca:bb:05:d6:66:36:eb:cb:ec:23:
         7b:e5:fc:b6:c4:84:0a:72:52:05:2d:c4:61:bb:42:a3:fb:f9:
         9a:97:37:68:2e:e6:6d:ab:5a:2c:c5:db:f3:cc:0b:04:d3:ea:
         7a:99:65:59
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ1aDOB/RLvyZINk2T/xnxSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjYwNDA0MTk1MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjdmZjI3YmIwY2Y1NDhkZmFlODg3M2EzNjBjZjRhZjFmMGEzNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVKXKzeNSoTXEGo9+ZwWk1mj1Cyn
v9x6adcfo6xJtl7u1RRxPMXXUvAE3oFE9tz3VVDZoj8qyD6UKbrLWZYJVSo3Xm38
GD/pYxug7u0OoEeUFLixEDf/QfGh76JZodtSh7D6rwfFOXpgbn8A3zNLqsGkhQOc
tHhcRD1QwP9tQlnuc7dx/01AF1L5eRa4oz+y2ZDrcsuJ39WkjLGnMR4Z6yUn3cUw
BbkCvoFkKrbHuoF/6YOmC+nUQIt5P2bMB5TfCurtt1smNP5HL1Oan43mCBCHLxYj
dgnyawC+UATfh5dKQkfGiGF+Nr2Tb6yzKK4RbHT4okz1pN4GhPTUf0hE/QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC9/8nuwz1SN+uiHOjYM9K8fCjUtMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvTDNfeWU3RFBWSTM2NkljNk5nejByeDhLTlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADDsokD
BADDsoowDQYJKoZIhvcNAQELBQADggEBAAbbTAEEnOC4Qw2+RGHCBxI5t2+lA2cW
94FiMbGLz0webxAZQK5YdmNN6mCJGhzem+RNH/+RdMAYkVlF9T28w16Wt9HjB+bI
BFmK2p/d7W92di9N5xiKoprv03ixgPxoKicVQbqpTqiPUuTlTkVhUoMXcddipm13
Mh+y7pDF7mbxLrUCbb+heTs3xL/VI5M2GFbUeVepKf+UyfbWPrajAjOBszGW1DBU
lUmONhu2ClpCDCbKuwlGWqFQrMSq25gcWv/soVMQpGvJtG3Iu/YWyrsF1mY268vs
I3vl/LbEhApyUgUtxGG7QqP7+ZqXN2gu5m2rWizF2/PMCwTT6nqZZVk=
-----END CERTIFICATE-----