Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/t1vvR2etKWem9U1A-ahbjlUHopg.roa
File:                     t1vvR2etKWem9U1A-ahbjlUHopg.roa (raw, json)
Hash identifier:          G0AJWIVPkm4mok9di6lghZD1/XZGAXhTR1Pi6vIGk0I=
Subject key identifier:   B7:5B:EF:47:67:AD:29:67:A6:F5:4D:40:F9:A8:5B:8E:55:07:A2:98
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019C909DCF3E5E77BC0281AE6FD958D1833F
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/t1vvR2etKWem9U1A-ahbjlUHopg.roa
Signing time:             Tue 24 Feb 2026 17:06:27 +0000
ROA not before:           Tue 24 Feb 2026 17:06:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214351
IP address blocks:        192.162.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:9d:cf:3e:5e:77:bc:02:81:ae:6f:d9:58:d1:83:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Feb 24 17:06:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b75bef4767ad2967a6f54d40f9a85b8e5507a298
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:94:08:c8:d0:ff:4b:b2:c2:49:89:a3:f8:2c:
                    04:45:89:7a:6b:5c:84:cb:97:41:4b:d9:0b:1f:04:
                    08:42:a4:24:6f:d1:58:6c:07:c9:b3:da:0b:19:11:
                    27:7b:dc:cc:f1:24:cd:9c:a8:82:f1:9c:4b:cf:ab:
                    2b:f9:59:c7:a4:9f:46:4b:88:c8:b8:a0:e1:95:2d:
                    16:96:de:0d:9f:4d:e2:98:af:cd:54:16:c3:aa:f6:
                    a3:45:57:e6:a3:67:a2:24:fd:8d:93:cc:63:fa:a6:
                    c5:d3:6d:8c:96:ac:d4:55:13:9a:fb:e3:61:5b:5d:
                    f6:be:ad:f0:c0:13:3b:b7:ae:28:22:cb:19:e0:49:
                    a5:08:1e:37:b3:b9:f1:48:64:d7:16:33:5f:ed:86:
                    af:3b:bc:69:5a:95:4d:4d:cb:7b:cb:c5:e4:64:27:
                    59:9a:9c:11:01:9b:95:9f:04:22:89:bc:df:c5:bd:
                    14:74:63:a6:00:17:dc:f3:29:ec:62:53:37:56:3a:
                    25:e0:59:79:62:9f:b1:57:e3:fa:04:ce:d4:b4:28:
                    c9:e0:25:61:88:ee:07:ff:c1:7a:1c:11:93:d0:b2:
                    05:fc:09:db:a5:96:c1:86:9c:ac:c3:b2:c4:e1:82:
                    43:cf:ae:13:9e:f5:1d:01:53:48:30:80:dd:73:51:
                    31:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:5B:EF:47:67:AD:29:67:A6:F5:4D:40:F9:A8:5B:8E:55:07:A2:98
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/t1vvR2etKWem9U1A-ahbjlUHopg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:46:5d:58:3b:e9:fa:0a:52:d2:c8:19:43:59:7a:a3:ea:5e:
         47:1a:f0:91:d8:71:ec:12:b1:4b:af:d6:90:97:30:4d:ce:5b:
         3f:23:ab:9b:01:11:83:b4:9b:c5:cd:a6:27:0a:f8:20:fb:5d:
         d6:7e:9a:8a:d2:4e:28:e7:dd:ab:61:cb:c4:08:28:78:47:24:
         db:2d:ce:1f:83:52:d9:2f:c7:4e:f3:3a:62:57:50:e9:e8:b0:
         be:19:07:09:d4:37:d5:90:3b:db:64:7c:ba:80:da:ff:d9:53:
         cf:98:b2:19:46:bd:13:01:5a:d7:13:98:55:96:bd:ed:70:fd:
         84:6c:21:58:55:56:da:f9:58:5b:2c:c5:71:01:aa:8f:0b:f9:
         31:65:79:09:2c:52:b9:61:db:f0:08:d7:79:27:ed:81:d8:64:
         f9:b3:10:3f:3b:45:a7:3d:76:e0:df:b0:0e:01:f9:42:37:60:
         9a:87:10:de:7e:b7:b9:9a:d8:e1:68:46:76:b2:d5:a8:ba:fe:
         f8:aa:43:82:6f:e9:b2:02:99:4a:2e:15:a9:21:c6:70:4e:29:
         05:5f:66:f6:a9:a0:6b:23:ee:a8:0e:f6:2b:06:28:7d:e6:ac:
         c9:a4:57:a5:d7:28:93:cd:36:c5:ba:25:60:62:02:1e:aa:48:
         4f:86:64:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyQnc8+Xne8AoGub9lY0YM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwMjI0MTcwNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzViZWY0NzY3YWQyOTY3YTZmNTRkNDBmOWE4NWI4ZTU1MDdhMjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpQIyND/S7LCSYmj+CwERYl6a1yE
y5dBS9kLHwQIQqQkb9FYbAfJs9oLGREne9zM8STNnKiC8ZxLz6sr+VnHpJ9GS4jI
uKDhlS0Wlt4Nn03imK/NVBbDqvajRVfmo2eiJP2Nk8xj+qbF022MlqzUVROa++Nh
W132vq3wwBM7t64oIssZ4EmlCB43s7nxSGTXFjNf7YavO7xpWpVNTct7y8XkZCdZ
mpwRAZuVnwQiibzfxb0UdGOmABfc8ynsYlM3Vjol4Fl5Yp+xV+P6BM7UtCjJ4CVh
iO4H/8F6HBGT0LIF/AnbpZbBhpysw7LE4YJDz64TnvUdAVNIMIDdc1ExuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdb70dnrSlnpvVNQPmoW45VB6KYMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvdDF2dlIyZXRLV2VtOVUxQS1haGJqbFVIb3BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKLHMA0G
CSqGSIb3DQEBCwUAA4IBAQCjRl1YO+n6ClLSyBlDWXqj6l5HGvCR2HHsErFLr9aQ
lzBNzls/I6ubARGDtJvFzaYnCvgg+13WfpqK0k4o592rYcvECCh4RyTbLc4fg1LZ
L8dO8zpiV1Dp6LC+GQcJ1DfVkDvbZHy6gNr/2VPPmLIZRr0TAVrXE5hVlr3tcP2E
bCFYVVba+VhbLMVxAaqPC/kxZXkJLFK5YdvwCNd5J+2B2GT5sxA/O0WnPXbg37AO
AflCN2CahxDefre5mtjhaEZ2stWouv74qkOCb+myAplKLhWpIcZwTikFX2b2qaBr
I+6oDvYrBih95qzJpFel1yiTzTbFuiVgYgIeqkhPhmRN
-----END CERTIFICATE-----