Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/71015d-d0c7-4fa4-a56c-ced2e4128e85/1/Sxkhw8Fa5pO8BhRGtQeTU8fdya8.roa
File:                     Sxkhw8Fa5pO8BhRGtQeTU8fdya8.roa (raw, json)
Hash identifier:          l1dlDAqaaU0qfv4ZGVF35Fo37aw65NRWppLOtUVD5ug=
Subject key identifier:   4B:19:21:C3:C1:5A:E6:93:BC:06:14:46:B5:07:93:53:C7:DD:C9:AF
Certificate issuer:       /CN=8a9f5dc14f7076811491628ca1882150bd5f010f
Certificate serial:       019B7DCA642006B880242D5958FB0E6A9C0A
Authority key identifier: 8A:9F:5D:C1:4F:70:76:81:14:91:62:8C:A1:88:21:50:BD:5F:01:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ip9dwU9wdoEUkWKMoYghUL1fAQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/71015d-d0c7-4fa4-a56c-ced2e4128e85/1/Sxkhw8Fa5pO8BhRGtQeTU8fdya8.roa
Signing time:             Fri 02 Jan 2026 08:19:34 +0000
ROA not before:           Fri 02 Jan 2026 08:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202794
IP address blocks:        195.222.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/71015d-d0c7-4fa4-a56c-ced2e4128e85/1/ip9dwU9wdoEUkWKMoYghUL1fAQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/71015d-d0c7-4fa4-a56c-ced2e4128e85/1/ip9dwU9wdoEUkWKMoYghUL1fAQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ip9dwU9wdoEUkWKMoYghUL1fAQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:64:20:06:b8:80:24:2d:59:58:fb:0e:6a:9c:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a9f5dc14f7076811491628ca1882150bd5f010f
        Validity
            Not Before: Jan  2 08:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b1921c3c15ae693bc061446b5079353c7ddc9af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:e2:a7:af:e1:85:59:f5:a3:d1:07:cf:7f:85:
                    f2:7e:f6:47:1f:4e:31:3a:3e:98:8c:04:a7:ba:6d:
                    85:f8:bf:fe:11:1c:81:b0:ac:e6:36:a0:ab:e8:3d:
                    b9:3c:66:7c:74:39:28:93:3e:24:fc:af:ab:76:a4:
                    70:5f:cc:02:8f:e4:9a:74:6a:9e:39:45:4f:02:cc:
                    db:06:4b:51:6f:f7:9f:ac:31:de:5e:4e:3e:cc:d6:
                    1a:5e:a1:59:e6:34:96:41:59:a9:48:32:ff:c8:fa:
                    bd:f8:33:50:58:43:9a:f1:31:00:fe:dd:aa:11:be:
                    8c:9c:25:11:d6:44:36:e1:aa:24:84:7c:cc:e0:b5:
                    1b:a1:52:db:4e:56:7b:e1:5c:90:2d:31:47:dc:bd:
                    64:cf:cb:68:5e:53:5b:e1:f7:ba:94:f3:fb:b0:19:
                    32:4f:5b:a6:ca:d9:f0:02:a6:8d:d4:34:43:6c:61:
                    e7:75:4f:13:3a:6e:2d:1e:4c:39:66:88:5c:82:63:
                    20:8a:ef:6d:57:df:dc:47:c7:ca:b1:0a:be:7a:2a:
                    45:2e:66:d9:b7:b6:85:bc:6c:c7:94:d7:17:76:cc:
                    f6:89:da:5a:53:69:df:09:8d:4d:34:91:5c:6c:29:
                    eb:95:6c:be:fc:59:1f:21:87:4e:9b:51:3b:c1:c0:
                    fd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:19:21:C3:C1:5A:E6:93:BC:06:14:46:B5:07:93:53:C7:DD:C9:AF
            X509v3 Authority Key Identifier:
                keyid:8A:9F:5D:C1:4F:70:76:81:14:91:62:8C:A1:88:21:50:BD:5F:01:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ip9dwU9wdoEUkWKMoYghUL1fAQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/71015d-d0c7-4fa4-a56c-ced2e4128e85/1/Sxkhw8Fa5pO8BhRGtQeTU8fdya8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/71015d-d0c7-4fa4-a56c-ced2e4128e85/1/ip9dwU9wdoEUkWKMoYghUL1fAQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.222.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:2b:ac:96:cd:73:59:b1:49:6a:9f:ab:8a:4e:2f:8a:a7:d5:
         8c:e7:90:79:94:0b:ae:9f:87:4e:03:68:f7:62:90:a6:42:39:
         81:6c:16:5b:60:34:4a:0e:77:a3:51:29:a9:0e:65:35:c0:08:
         db:02:1f:c7:6c:85:49:57:5f:e4:4b:46:c0:af:42:e0:ae:cb:
         39:3b:28:e6:99:4f:6f:24:de:53:27:cb:6c:38:51:8b:26:e3:
         b1:e7:13:b7:2f:a9:e5:a1:12:39:88:b5:cc:6c:00:da:ca:df:
         bf:4a:4a:e7:e2:7b:a5:95:f1:6d:96:a4:a2:64:10:e8:95:23:
         b8:b0:71:11:f6:f3:14:52:88:ec:94:74:04:70:06:f4:0b:0f:
         49:19:60:8c:4f:61:0d:06:80:e8:45:48:21:4d:73:fe:e7:93:
         ed:71:bf:ad:78:f6:77:9e:70:de:fe:43:40:33:98:b9:78:d5:
         1d:39:cc:55:73:7b:a3:ac:cc:c3:7b:05:6a:43:9c:20:02:c3:
         c8:0e:e4:62:b6:b5:9f:5e:72:22:0c:ac:60:4e:1f:19:16:92:
         57:ac:0a:b7:0f:20:f8:67:ca:0a:65:65:cf:a0:0a:8f:2c:1c:
         5a:2c:ff:73:97:bc:fd:c2:06:e7:ec:af:66:dd:8a:4a:69:e6:
         82:80:94:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ymQgBriAJC1ZWPsOapwKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhOWY1ZGMxNGY3MDc2ODExNDkxNjI4Y2ExODgyMTUwYmQ1
ZjAxMGYwHhcNMjYwMTAyMDgxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjE5MjFjM2MxNWFlNjkzYmMwNjE0NDZiNTA3OTM1M2M3ZGRjOWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uKnr+GFWfWj0QfPf4XyfvZHH04x
Oj6YjASnum2F+L/+ERyBsKzmNqCr6D25PGZ8dDkokz4k/K+rdqRwX8wCj+SadGqe
OUVPAszbBktRb/efrDHeXk4+zNYaXqFZ5jSWQVmpSDL/yPq9+DNQWEOa8TEA/t2q
Eb6MnCUR1kQ24aokhHzM4LUboVLbTlZ74VyQLTFH3L1kz8toXlNb4fe6lPP7sBky
T1umytnwAqaN1DRDbGHndU8TOm4tHkw5ZohcgmMgiu9tV9/cR8fKsQq+eipFLmbZ
t7aFvGzHlNcXdsz2idpaU2nfCY1NNJFcbCnrlWy+/FkfIYdOm1E7wcD9qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsZIcPBWuaTvAYURrUHk1PH3cmvMB8GA1UdIwQY
MBaAFIqfXcFPcHaBFJFijKGIIVC9XwEPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXA5ZHdVOXdkb0VVa1dLTW9ZZ2hVTDFmQVE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni83MTAxNWQtZDBjNy00ZmE0LWE1NmMt
Y2VkMmU0MTI4ZTg1LzEvU3hraHc4RmE1cE84QmhSR3RRZVRVOGZkeWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni83MTAxNWQtZDBjNy00ZmE0LWE1NmMtY2VkMmU0MTI4ZTg1
LzEvaXA5ZHdVOXdkb0VVa1dLTW9ZZ2hVTDFmQVE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw95qMA0G
CSqGSIb3DQEBCwUAA4IBAQCRK6yWzXNZsUlqn6uKTi+Kp9WM55B5lAuun4dOA2j3
YpCmQjmBbBZbYDRKDnejUSmpDmU1wAjbAh/HbIVJV1/kS0bAr0Lgrss5OyjmmU9v
JN5TJ8tsOFGLJuOx5xO3L6nloRI5iLXMbADayt+/Skrn4nullfFtlqSiZBDolSO4
sHER9vMUUojslHQEcAb0Cw9JGWCMT2ENBoDoRUghTXP+55Ptcb+tePZ3nnDe/kNA
M5i5eNUdOcxVc3ujrMzDewVqQ5wgAsPIDuRitrWfXnIiDKxgTh8ZFpJXrAq3DyD4
Z8oKZWXPoAqPLBxaLP9zl7z9wgbn7K9m3YpKaeaCgJRl
-----END CERTIFICATE-----