Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/af3667-e393-4cf8-94bb-ecc806775031/1/xtsoV3YrVhm4MKDjfu3IvjG7q1g.roa
File:                     xtsoV3YrVhm4MKDjfu3IvjG7q1g.roa (raw, json)
Hash identifier:          qMRfu2o1bzSJ1p0UvgBKjKi65ckvS8nI12aCVQ8a6vg=
Subject key identifier:   C6:DB:28:57:76:2B:56:19:B8:30:A0:E3:7E:ED:C8:BE:31:BB:AB:58
Certificate issuer:       /CN=df2de4a9f2bc523df5f0a7f5e432498a42c55f70
Certificate serial:       019D719408C140F9C68B88A55AF2121BAEA2
Authority key identifier: DF:2D:E4:A9:F2:BC:52:3D:F5:F0:A7:F5:E4:32:49:8A:42:C5:5F:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3y3kqfK8Uj318Kf15DJJikLFX3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/af3667-e393-4cf8-94bb-ecc806775031/1/xtsoV3YrVhm4MKDjfu3IvjG7q1g.roa
Signing time:             Thu 09 Apr 2026 09:30:20 +0000
ROA not before:           Thu 09 Apr 2026 09:30:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202914
IP address blocks:        195.190.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/af3667-e393-4cf8-94bb-ecc806775031/1/3y3kqfK8Uj318Kf15DJJikLFX3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/af3667-e393-4cf8-94bb-ecc806775031/1/3y3kqfK8Uj318Kf15DJJikLFX3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3y3kqfK8Uj318Kf15DJJikLFX3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:94:08:c1:40:f9:c6:8b:88:a5:5a:f2:12:1b:ae:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df2de4a9f2bc523df5f0a7f5e432498a42c55f70
        Validity
            Not Before: Apr  9 09:30:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6db2857762b5619b830a0e37eedc8be31bbab58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:62:73:d3:e4:64:84:0d:3e:11:ae:cd:f3:44:
                    f7:d7:59:be:fa:ce:ff:5a:9f:5e:cf:b7:24:79:cd:
                    ba:c9:9a:54:d0:18:be:6c:7c:82:27:87:62:68:a9:
                    a4:2e:9f:15:54:96:10:ec:0e:72:9b:29:11:f8:24:
                    57:2a:03:38:9f:a3:1c:0e:76:b2:da:76:ef:9c:85:
                    67:96:a3:76:fc:ca:13:b0:55:4d:d3:e7:57:96:45:
                    bb:0d:47:f5:45:d4:41:a3:8f:ed:f5:ac:30:60:93:
                    9e:b6:04:2b:fe:2c:4b:39:56:5f:20:ba:2e:77:28:
                    96:e8:3f:7e:3d:fd:d9:67:77:13:d5:45:e6:a3:e8:
                    ee:41:29:f7:33:18:ad:67:3b:2c:cf:bb:ba:86:c3:
                    21:30:9b:5c:48:ce:a6:cc:30:26:89:85:70:b8:b6:
                    80:83:06:c5:8c:07:f3:2c:b3:20:55:90:39:9b:82:
                    d7:54:da:21:aa:08:1e:e7:04:12:53:a4:a2:e8:cd:
                    25:42:12:b7:dc:b6:21:9d:76:b1:2f:8c:1c:30:df:
                    a9:f9:40:d0:d7:7e:80:04:5f:a9:a4:4b:44:ed:6b:
                    9f:ad:fa:10:86:fa:c6:9a:58:be:ab:68:f0:02:da:
                    8b:84:22:25:ac:d3:3c:a4:83:72:71:f8:23:67:5b:
                    30:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:DB:28:57:76:2B:56:19:B8:30:A0:E3:7E:ED:C8:BE:31:BB:AB:58
            X509v3 Authority Key Identifier:
                keyid:DF:2D:E4:A9:F2:BC:52:3D:F5:F0:A7:F5:E4:32:49:8A:42:C5:5F:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3y3kqfK8Uj318Kf15DJJikLFX3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/af3667-e393-4cf8-94bb-ecc806775031/1/xtsoV3YrVhm4MKDjfu3IvjG7q1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/af3667-e393-4cf8-94bb-ecc806775031/1/3y3kqfK8Uj318Kf15DJJikLFX3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:4b:63:81:e2:3b:21:db:7d:23:24:6c:be:ba:75:4e:a1:62:
         06:fb:32:c1:ef:86:53:89:ff:8f:52:97:38:30:92:68:6e:46:
         e1:04:f7:69:c1:65:49:8f:af:99:05:97:c3:f4:81:c6:33:36:
         e7:46:95:05:e8:75:b7:e0:e2:ac:cc:02:05:bf:49:88:da:c5:
         28:07:de:c4:eb:1d:7c:cf:01:04:03:fb:d9:86:a6:1d:96:f2:
         2c:d2:f2:9f:94:23:98:64:07:1e:a0:db:79:4e:a2:23:84:40:
         36:68:4d:a0:38:e0:bb:b3:8d:a0:20:51:74:93:d0:df:42:66:
         ff:19:70:81:16:09:0f:e3:dc:40:0d:46:7f:fc:62:cc:6b:83:
         85:b8:d1:53:13:43:c4:78:4e:83:dd:2d:b8:7b:2f:3e:9b:77:
         e0:a9:2d:6e:b7:b9:8d:64:0b:cd:21:16:48:14:ba:ce:24:45:
         8f:68:fa:c7:1f:39:8f:94:a6:28:7f:95:b5:5b:c7:6a:0a:56:
         7f:6c:a6:58:b3:83:63:85:a0:33:91:86:6c:e5:97:59:b6:21:
         a9:94:0b:cb:21:35:d8:86:23:ef:2e:15:8e:8b:9a:56:d0:11:
         9a:04:a3:fc:c7:75:fb:d5:0e:a8:17:42:48:6f:4e:6c:fd:68:
         c8:6e:7c:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1xlAjBQPnGi4ilWvISG66iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMmRlNGE5ZjJiYzUyM2RmNWYwYTdmNWU0MzI0OThhNDJj
NTVmNzAwHhcNMjYwNDA5MDkzMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmRiMjg1Nzc2MmI1NjE5YjgzMGEwZTM3ZWVkYzhiZTMxYmJhYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmJz0+RkhA0+Ea7N80T311m++s7/
Wp9ez7ckec26yZpU0Bi+bHyCJ4diaKmkLp8VVJYQ7A5ymykR+CRXKgM4n6McDnay
2nbvnIVnlqN2/MoTsFVN0+dXlkW7DUf1RdRBo4/t9awwYJOetgQr/ixLOVZfILou
dyiW6D9+Pf3ZZ3cT1UXmo+juQSn3MxitZzssz7u6hsMhMJtcSM6mzDAmiYVwuLaA
gwbFjAfzLLMgVZA5m4LXVNohqgge5wQSU6Si6M0lQhK33LYhnXaxL4wcMN+p+UDQ
136ABF+ppEtE7WufrfoQhvrGmli+q2jwAtqLhCIlrNM8pINycfgjZ1swjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbbKFd2K1YZuDCg437tyL4xu6tYMB8GA1UdIwQY
MBaAFN8t5KnyvFI99fCn9eQySYpCxV9wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3kza3FmSzhVajMxOEtmMTVESkppa0xGWDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9hZjM2NjctZTM5My00Y2Y4LTk0YmIt
ZWNjODA2Nzc1MDMxLzEveHRzb1YzWXJWaG00TUtEamZ1M0l2akc3cTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9hZjM2NjctZTM5My00Y2Y4LTk0YmItZWNjODA2Nzc1MDMx
LzEvM3kza3FmSzhVajMxOEtmMTVESkppa0xGWDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw74fMA0G
CSqGSIb3DQEBCwUAA4IBAQAyS2OB4jsh230jJGy+unVOoWIG+zLB74ZTif+PUpc4
MJJobkbhBPdpwWVJj6+ZBZfD9IHGMzbnRpUF6HW34OKszAIFv0mI2sUoB97E6x18
zwEEA/vZhqYdlvIs0vKflCOYZAceoNt5TqIjhEA2aE2gOOC7s42gIFF0k9DfQmb/
GXCBFgkP49xADUZ//GLMa4OFuNFTE0PEeE6D3S24ey8+m3fgqS1ut7mNZAvNIRZI
FLrOJEWPaPrHHzmPlKYof5W1W8dqClZ/bKZYs4NjhaAzkYZs5ZdZtiGplAvLITXY
hiPvLhWOi5pW0BGaBKP8x3X71Q6oF0JIb05s/WjIbnyv
-----END CERTIFICATE-----