Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/vpribrCpEbvNr3cwZUjmg9LnCIY.roa
File:                     vpribrCpEbvNr3cwZUjmg9LnCIY.roa (raw, json)
Hash identifier:          j2bn/dUe9sJUHA20nJ288peA7hZFwiuod1kVkbWfBAk=
Subject key identifier:   BE:9A:E2:6E:B0:A9:11:BB:CD:AF:77:30:65:48:E6:83:D2:E7:08:86
Certificate issuer:       /CN=e0866e5a7c725dcb6a138cc6c340cfdad4315d3e
Certificate serial:       019C8F77015624C6DEA5CC3B247EA3A19F1F
Authority key identifier: E0:86:6E:5A:7C:72:5D:CB:6A:13:8C:C6:C3:40:CF:DA:D4:31:5D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4IZuWnxyXctqE4zGw0DP2tQxXT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/vpribrCpEbvNr3cwZUjmg9LnCIY.roa
Signing time:             Tue 24 Feb 2026 11:44:26 +0000
ROA not before:           Tue 24 Feb 2026 11:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56740
IP address blocks:        79.98.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/4IZuWnxyXctqE4zGw0DP2tQxXT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/4IZuWnxyXctqE4zGw0DP2tQxXT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4IZuWnxyXctqE4zGw0DP2tQxXT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:77:01:56:24:c6:de:a5:cc:3b:24:7e:a3:a1:9f:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0866e5a7c725dcb6a138cc6c340cfdad4315d3e
        Validity
            Not Before: Feb 24 11:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be9ae26eb0a911bbcdaf77306548e683d2e70886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:68:e4:cb:f3:1e:47:6a:3a:12:0c:a4:7b:67:
                    48:de:a0:f7:6a:14:68:b1:b1:d4:6c:48:a5:23:bb:
                    40:0c:3f:fe:cd:66:93:48:5f:48:75:7a:37:a0:67:
                    a6:4f:91:4c:98:30:12:ce:65:94:5f:88:67:9e:f8:
                    df:da:3a:6c:5a:d5:f4:65:7e:42:e6:57:8e:69:4b:
                    e7:af:3c:9c:85:66:63:29:f1:c7:25:c6:51:88:48:
                    ea:ff:a1:0d:a6:41:a9:c4:02:fc:49:c0:55:e1:92:
                    9c:6e:57:b3:c0:a5:08:82:4e:b7:18:56:e9:ac:66:
                    4a:57:3b:62:e0:dc:32:1a:ff:46:49:64:64:9e:d7:
                    e1:2d:a1:f2:5d:90:13:e4:83:aa:31:cf:41:4f:2d:
                    07:69:50:e0:ce:72:ce:43:6e:c2:97:c6:70:0d:db:
                    f3:a5:6d:2a:38:7f:91:b2:0d:43:98:0c:e2:25:3d:
                    d4:6d:76:6e:e0:b8:01:ab:19:b9:06:bc:33:ca:d4:
                    48:2e:e9:2c:bb:f8:76:89:52:e6:c7:41:14:6a:0e:
                    05:fe:8a:86:c7:48:3d:7a:12:17:8a:38:6e:3d:24:
                    91:b7:6d:b7:27:d2:15:6d:06:01:27:6f:1b:61:d5:
                    1e:93:7a:fc:03:be:af:4e:6e:4b:9e:87:c8:6e:34:
                    56:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:9A:E2:6E:B0:A9:11:BB:CD:AF:77:30:65:48:E6:83:D2:E7:08:86
            X509v3 Authority Key Identifier:
                keyid:E0:86:6E:5A:7C:72:5D:CB:6A:13:8C:C6:C3:40:CF:DA:D4:31:5D:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4IZuWnxyXctqE4zGw0DP2tQxXT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/vpribrCpEbvNr3cwZUjmg9LnCIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/4IZuWnxyXctqE4zGw0DP2tQxXT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:b6:0f:30:44:62:74:aa:4d:ef:da:e4:24:c6:a3:f3:08:ba:
         5c:b3:2c:af:5f:b1:62:46:6f:03:e0:3e:3e:26:bf:f8:ad:54:
         78:3b:a7:b6:9a:33:41:87:2f:cc:28:49:94:51:14:5f:c0:4a:
         cc:28:be:46:7a:b6:e8:22:02:f8:f4:db:e6:92:5c:8f:65:65:
         7a:79:38:76:f6:71:6c:58:96:7d:12:38:80:9c:c8:f5:87:e5:
         d4:66:33:90:14:18:03:e3:c0:0e:23:b1:5f:ae:07:23:67:d5:
         c9:e0:58:a8:8e:bf:6c:35:02:3c:21:0e:d0:75:db:bb:95:a8:
         22:9f:21:b2:74:4c:ca:a1:28:b5:43:45:6a:3b:35:ba:3c:da:
         9c:91:da:bf:8c:8c:3b:c1:be:b6:9c:e2:ef:c0:0e:f9:47:2a:
         8a:6b:35:7b:2a:c3:e9:71:bc:65:14:89:1a:0a:85:d9:58:e2:
         8e:81:ab:12:38:45:68:41:1a:c5:73:7a:9e:18:59:f9:5a:82:
         70:db:fa:a8:c8:53:50:11:22:af:c1:00:9c:7f:57:a1:f2:2f:
         0e:4c:45:e2:27:67:3c:59:b6:46:9c:56:b4:e1:a3:fb:03:c4:
         dd:e4:2d:07:95:7a:db:98:16:ae:59:11:98:c0:cb:8f:8e:00:
         5f:9c:8f:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyPdwFWJMbepcw7JH6joZ8fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwODY2ZTVhN2M3MjVkY2I2YTEzOGNjNmMzNDBjZmRhZDQz
MTVkM2UwHhcNMjYwMjI0MTE0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTlhZTI2ZWIwYTkxMWJiY2RhZjc3MzA2NTQ4ZTY4M2QyZTcwODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGjky/MeR2o6Egyke2dI3qD3ahRo
sbHUbEilI7tADD/+zWaTSF9IdXo3oGemT5FMmDASzmWUX4hnnvjf2jpsWtX0ZX5C
5leOaUvnrzychWZjKfHHJcZRiEjq/6ENpkGpxAL8ScBV4ZKcblezwKUIgk63GFbp
rGZKVzti4NwyGv9GSWRkntfhLaHyXZAT5IOqMc9BTy0HaVDgznLOQ27Cl8ZwDdvz
pW0qOH+Rsg1DmAziJT3UbXZu4LgBqxm5BrwzytRILuksu/h2iVLmx0EUag4F/oqG
x0g9ehIXijhuPSSRt223J9IVbQYBJ28bYdUek3r8A76vTm5LnofIbjRWEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6a4m6wqRG7za93MGVI5oPS5wiGMB8GA1UdIwQY
MBaAFOCGblp8cl3LahOMxsNAz9rUMV0+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEladVdueHlYY3RxRTR6R3cwRFAydFF4WFQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83YmE4NzctNDgzOS00NzE3LThhYTQt
MjQ0MTliODc2ZjA4LzEvdnByaWJyQ3BFYnZOcjNjd1pVam1nOUxuQ0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83YmE4NzctNDgzOS00NzE3LThhYTQtMjQ0MTliODc2ZjA4
LzEvNEladVdueHlYY3RxRTR6R3cwRFAydFF4WFQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2I2MA0G
CSqGSIb3DQEBCwUAA4IBAQA6tg8wRGJ0qk3v2uQkxqPzCLpcsyyvX7FiRm8D4D4+
Jr/4rVR4O6e2mjNBhy/MKEmUURRfwErMKL5GerboIgL49NvmklyPZWV6eTh29nFs
WJZ9EjiAnMj1h+XUZjOQFBgD48AOI7FfrgcjZ9XJ4Fiojr9sNQI8IQ7Qddu7lagi
nyGydEzKoSi1Q0VqOzW6PNqckdq/jIw7wb62nOLvwA75RyqKazV7KsPpcbxlFIka
CoXZWOKOgasSOEVoQRrFc3qeGFn5WoJw2/qoyFNQESKvwQCcf1eh8i8OTEXiJ2c8
WbZGnFa04aP7A8Td5C0HlXrbmBauWRGYwMuPjgBfnI8O
-----END CERTIFICATE-----