Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/XFOa95Hmr4CByNvznzIneAqDb1g.roa
File:                     XFOa95Hmr4CByNvznzIneAqDb1g.roa (raw, json)
Hash identifier:          hK/lKjFmBpi6wLUNzb5GFatMcbAHyf58bxYH2vWLEbg=
Subject key identifier:   5C:53:9A:F7:91:E6:AF:80:81:C8:DB:F3:9F:32:27:78:0A:83:6F:58
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019E4FF6862252C122B25F50DC1A64F19098
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/XFOa95Hmr4CByNvznzIneAqDb1g.roa
Signing time:             Fri 22 May 2026 13:53:36 +0000
ROA not before:           Fri 22 May 2026 13:53:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        195.216.186.0/24 maxlen: 24
                          213.182.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:f6:86:22:52:c1:22:b2:5f:50:dc:1a:64:f1:90:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: May 22 13:53:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c539af791e6af8081c8dbf39f3227780a836f58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d2:21:bd:77:ed:ef:c4:f1:04:b6:33:43:3e:
                    a5:b5:25:50:c1:1e:22:0b:c1:40:d7:0d:98:18:5a:
                    b3:33:3c:17:20:d5:81:11:74:57:52:5a:71:9e:86:
                    49:62:20:a5:ee:68:8f:2b:01:8d:f8:33:b7:79:0f:
                    ea:91:39:a6:d4:09:bf:7e:30:16:f5:e4:86:c8:e6:
                    68:2c:af:d1:64:46:29:6c:19:86:44:65:df:3f:4d:
                    70:e3:38:73:a8:fb:6d:f4:96:41:5a:47:4a:14:ee:
                    11:87:96:18:30:2b:e3:93:04:13:c7:f9:c1:30:ba:
                    c7:c2:b6:92:52:90:3b:78:7d:e2:97:2b:a3:c0:b1:
                    21:64:f1:af:df:d7:5e:86:53:80:09:dc:c2:8a:70:
                    64:32:76:2a:15:9a:16:ff:25:80:f7:39:cc:10:9f:
                    5e:f1:31:5e:e5:b7:ed:6a:3b:df:3c:27:c8:11:90:
                    cb:43:47:10:3c:af:53:ff:6b:89:83:e6:fd:b1:4c:
                    e7:c4:ee:06:d1:b8:69:77:c6:bc:f5:96:46:4e:fb:
                    2f:ec:e2:df:22:1d:1c:96:7f:67:84:44:f2:c8:b0:
                    0f:cb:79:5a:2a:77:2a:00:12:de:0a:13:49:62:d0:
                    48:6c:c3:ee:56:d7:d2:3d:55:71:ba:ee:38:fb:46:
                    ff:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:53:9A:F7:91:E6:AF:80:81:C8:DB:F3:9F:32:27:78:0A:83:6F:58
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/XFOa95Hmr4CByNvznzIneAqDb1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.186.0/24
                  213.182.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:94:23:96:a2:84:09:aa:0f:f3:6b:14:f1:b7:92:2a:90:b5:
         49:79:7b:6c:56:5d:16:c8:4d:83:2d:71:c0:5e:f1:de:5c:bc:
         40:4d:b7:1e:eb:26:bc:1a:29:95:72:a2:b1:4e:f9:9a:62:6a:
         64:08:fb:88:48:7c:0c:aa:07:2c:ae:f5:d2:12:5c:71:be:bf:
         41:87:a4:bb:c0:fb:cc:8a:fa:fb:68:7a:c0:63:77:8f:59:c8:
         48:31:99:d0:22:0e:53:d2:88:3e:c0:6a:a0:00:83:d3:e2:e9:
         65:0e:36:98:b0:b4:a7:8c:23:cb:7f:5d:04:53:b3:19:74:a7:
         74:87:8f:8f:06:47:06:63:7f:e7:88:8f:66:ee:fc:a0:5e:7e:
         47:eb:ca:76:23:b4:c9:84:17:ef:69:25:fc:9c:0d:5c:e9:f6:
         e7:89:f1:d6:6e:b7:c1:d7:88:f7:bb:58:37:5b:48:c1:9f:ef:
         80:e1:df:6e:b1:8f:e4:91:fb:b1:79:00:ad:2e:77:2a:3e:35:
         af:30:53:b4:ed:c4:4d:f2:4c:eb:17:01:60:29:28:11:6f:d3:
         09:de:12:9d:a4:ee:ad:66:21:52:c9:53:8e:fd:2e:86:f1:d4:
         13:49:66:e4:eb:6c:c2:14:6d:d5:8d:d6:6d:71:5f:0b:61:82:
         ce:19:1d:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5P9oYiUsEisl9Q3Bpk8ZCYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjYwNTIyMTM1MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzUzOWFmNzkxZTZhZjgwODFjOGRiZjM5ZjMyMjc3ODBhODM2ZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9IhvXft78TxBLYzQz6ltSVQwR4i
C8FA1w2YGFqzMzwXINWBEXRXUlpxnoZJYiCl7miPKwGN+DO3eQ/qkTmm1Am/fjAW
9eSGyOZoLK/RZEYpbBmGRGXfP01w4zhzqPtt9JZBWkdKFO4Rh5YYMCvjkwQTx/nB
MLrHwraSUpA7eH3ilyujwLEhZPGv39dehlOACdzCinBkMnYqFZoW/yWA9znMEJ9e
8TFe5bftajvfPCfIEZDLQ0cQPK9T/2uJg+b9sUznxO4G0bhpd8a89ZZGTvsv7OLf
Ih0cln9nhETyyLAPy3laKncqABLeChNJYtBIbMPuVtfSPVVxuu44+0b/JQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFxTmveR5q+Agcjb858yJ3gKg29YMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvWEZPYTk1SG1yNENCeU52em56SW5lQXFEYjFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw9i6AwQA
1bbKMA0GCSqGSIb3DQEBCwUAA4IBAQBblCOWooQJqg/zaxTxt5IqkLVJeXtsVl0W
yE2DLXHAXvHeXLxATbce6ya8GimVcqKxTvmaYmpkCPuISHwMqgcsrvXSElxxvr9B
h6S7wPvMivr7aHrAY3ePWchIMZnQIg5T0og+wGqgAIPT4ullDjaYsLSnjCPLf10E
U7MZdKd0h4+PBkcGY3/niI9m7vygXn5H68p2I7TJhBfvaSX8nA1c6fbnifHWbrfB
14j3u1g3W0jBn++A4d9usY/kkfuxeQCtLncqPjWvMFO07cRN8kzrFwFgKSgRb9MJ
3hKdpO6tZiFSyVOO/S6G8dQTSWbk62zCFG3VjdZtcV8LYYLOGR3M
-----END CERTIFICATE-----