Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/buFP3YQ0XQZEaAumgm6mnH5J-yE.roa
File:                     buFP3YQ0XQZEaAumgm6mnH5J-yE.roa (raw, json)
Hash identifier:          AaWeY9oJG2eNuVhrXCNjBk4XbOhPTbIi+u4Z+27Es7I=
Subject key identifier:   6E:E1:4F:DD:84:34:5D:06:44:68:0B:A6:82:6E:A6:9C:7E:49:FB:21
Certificate issuer:       /CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
Certificate serial:       019D8B5115460C757613A000C7FFD2FE8E21
Authority key identifier: DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/buFP3YQ0XQZEaAumgm6mnH5J-yE.roa
Signing time:             Tue 14 Apr 2026 09:27:20 +0000
ROA not before:           Tue 14 Apr 2026 09:27:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135392
IP address blocks:        94.26.3.0/24 maxlen: 24
                          192.109.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8b:51:15:46:0c:75:76:13:a0:00:c7:ff:d2:fe:8e:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
        Validity
            Not Before: Apr 14 09:27:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ee14fdd84345d0644680ba6826ea69c7e49fb21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:45:c3:d0:0e:87:75:4d:3f:c9:6f:6e:63:2e:
                    16:35:a6:20:3c:be:48:36:3a:f5:b2:8d:11:55:2a:
                    38:13:a1:4d:61:e8:0d:c2:60:1f:14:6f:d2:30:02:
                    9b:08:4a:6c:8f:ad:42:98:84:0e:ed:fe:21:5e:0d:
                    cc:dc:3f:6f:da:ca:38:f3:4a:c8:c2:27:65:ed:74:
                    5c:64:1d:45:fc:d1:63:07:5b:9d:32:cb:e3:b6:1c:
                    47:d4:d1:22:7e:03:b5:a5:75:80:60:e1:31:e1:af:
                    8e:57:1d:2f:50:82:6a:4b:4c:b8:6d:79:5d:52:65:
                    57:16:2e:2e:26:da:11:3e:f0:77:48:07:50:4b:ea:
                    6e:c8:d3:79:f5:2e:7b:e6:4c:6c:09:88:c4:f4:f1:
                    60:54:29:ad:37:92:c4:68:e4:de:8b:e6:af:e3:a5:
                    da:12:e3:57:ce:ca:9c:38:8d:9e:99:9e:85:04:0b:
                    36:82:47:c7:ad:56:cb:68:6a:e5:ec:9a:7a:88:9f:
                    c1:19:10:68:48:81:23:bd:11:51:29:c0:1f:68:c1:
                    5c:29:f2:44:a0:a1:b4:30:51:61:f7:b9:b5:22:20:
                    f6:5b:75:ef:fe:ff:40:17:bd:90:fa:d0:07:ef:cc:
                    e7:27:61:a2:ef:19:c3:dd:35:87:a7:9c:85:91:77:
                    ad:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:E1:4F:DD:84:34:5D:06:44:68:0B:A6:82:6E:A6:9C:7E:49:FB:21
            X509v3 Authority Key Identifier:
                keyid:DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/buFP3YQ0XQZEaAumgm6mnH5J-yE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.26.3.0/24
                  192.109.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:85:96:41:e8:22:1c:7a:66:61:ff:c6:88:0a:50:eb:a5:2c:
         ed:13:3d:fe:0c:b0:b1:db:d6:0f:2b:1a:27:5e:98:96:60:1e:
         8a:0f:a7:81:2a:7e:6d:cb:c2:a4:f4:0e:89:67:25:a1:6c:01:
         ef:53:b7:24:be:c3:58:41:91:44:2a:e8:96:d1:60:ef:6e:29:
         92:a3:c1:c3:81:df:09:58:29:d0:bc:bd:cf:43:cc:f7:5d:d9:
         3b:39:ea:67:3e:ad:91:7c:f8:f9:f8:34:ba:5d:2c:e2:a7:4b:
         81:aa:e6:af:fc:45:1f:49:2e:b5:9d:80:cd:68:80:97:48:22:
         78:20:f0:43:c5:c1:66:fa:06:f6:d8:2c:49:88:8c:27:31:44:
         f1:04:6d:56:c2:95:4e:de:b1:d6:dc:56:f3:59:d6:2f:06:19:
         06:94:1a:3a:26:4b:f4:d6:5d:1d:31:b6:13:30:fb:b3:87:98:
         14:19:f1:87:c6:90:49:9b:2b:09:20:e6:02:4c:85:65:67:ee:
         05:7d:d1:65:06:96:f2:7a:9e:3a:c4:3f:43:6f:a7:0b:93:30:
         a6:13:35:dd:9a:68:be:69:cd:5e:05:43:a7:8c:28:7b:c1:cb:
         1c:a7:43:5d:a4:3e:b2:1d:2b:2d:6c:53:6c:5f:a8:6b:58:e0:
         91:40:5e:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2LURVGDHV2E6AAx//S/o4hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTJlYjljNzVkMzU5ZDI1MTM3YjVlZjRlMTc2ZjVlZWI2
YzQzNDIwHhcNMjYwNDE0MDkyNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWUxNGZkZDg0MzQ1ZDA2NDQ2ODBiYTY4MjZlYTY5YzdlNDlmYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEXD0A6HdU0/yW9uYy4WNaYgPL5I
Njr1so0RVSo4E6FNYegNwmAfFG/SMAKbCEpsj61CmIQO7f4hXg3M3D9v2so480rI
widl7XRcZB1F/NFjB1udMsvjthxH1NEifgO1pXWAYOEx4a+OVx0vUIJqS0y4bXld
UmVXFi4uJtoRPvB3SAdQS+puyNN59S575kxsCYjE9PFgVCmtN5LEaOTei+av46Xa
EuNXzsqcOI2emZ6FBAs2gkfHrVbLaGrl7Jp6iJ/BGRBoSIEjvRFRKcAfaMFcKfJE
oKG0MFFh97m1IiD2W3Xv/v9AF72Q+tAH78znJ2Gi7xnD3TWHp5yFkXetnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG7hT92ENF0GRGgLpoJuppx+SfshMB8GA1UdIwQY
MBaAFN4S65x101nSUTe1704Xb17rbENCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQt
YzE2Nzg3MjcyMDQ5LzEvYnVGUDNZUTBYUVpFYUF1bWdtNm1uSDVKLXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQtYzE2Nzg3MjcyMDQ5
LzEvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXhoDAwQA
wG2LMA0GCSqGSIb3DQEBCwUAA4IBAQB5hZZB6CIcemZh/8aIClDrpSztEz3+DLCx
29YPKxonXpiWYB6KD6eBKn5ty8Kk9A6JZyWhbAHvU7ckvsNYQZFEKuiW0WDvbimS
o8HDgd8JWCnQvL3PQ8z3Xdk7OepnPq2RfPj5+DS6XSzip0uBquav/EUfSS61nYDN
aICXSCJ4IPBDxcFm+gb22CxJiIwnMUTxBG1WwpVO3rHW3FbzWdYvBhkGlBo6Jkv0
1l0dMbYTMPuzh5gUGfGHxpBJmysJIOYCTIVlZ+4FfdFlBpbyep46xD9Db6cLkzCm
EzXdmmi+ac1eBUOnjCh7wcscp0NdpD6yHSstbFNsX6hrWOCRQF7r
-----END CERTIFICATE-----