Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BYExKU3Ob9pu88TzD8Cv46pc6Uw.roa
File:                     BYExKU3Ob9pu88TzD8Cv46pc6Uw.roa (raw, json)
Hash identifier:          Otli+l9pMkr5EczNnoL+VXA8KT8QOiU1WEo/exOM2Nw=
Subject key identifier:   05:81:31:29:4D:CE:6F:DA:6E:F3:C4:F3:0F:C0:AF:E3:AA:5C:E9:4C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C914E843871C81A7C12E55C89113E8634
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BYExKU3Ob9pu88TzD8Cv46pc6Uw.roa
Signing time:             Tue 24 Feb 2026 20:19:27 +0000
ROA not before:           Tue 24 Feb 2026 20:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214192
IP address blocks:        94.183.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:91:4e:84:38:71:c8:1a:7c:12:e5:5c:89:11:3e:86:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 24 20:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=058131294dce6fda6ef3c4f30fc0afe3aa5ce94c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ad:02:e2:c4:49:41:0d:db:cd:f8:3f:2c:7f:
                    b9:f0:2e:1e:b7:0f:d8:2f:0b:5f:9b:54:40:6d:03:
                    ac:69:e9:8d:98:61:b2:58:02:51:e2:aa:fd:80:20:
                    6b:3c:9f:7b:26:ac:ad:7d:6b:d0:75:f9:17:d6:1c:
                    7d:c9:fb:26:15:9e:92:f5:fc:cd:d1:ec:14:94:1f:
                    0f:02:5c:0f:79:27:c2:6f:2d:d3:79:f4:09:83:61:
                    11:0e:00:d3:82:98:a9:98:36:33:89:4c:12:a9:09:
                    93:f5:95:47:7b:30:7a:94:46:14:b3:2b:bc:e2:41:
                    1d:1f:5c:06:69:85:cf:7d:83:c4:4d:29:a9:2d:b8:
                    41:77:25:3d:ef:96:00:61:da:fb:14:6b:f5:6d:81:
                    fa:ee:29:ef:1f:96:3e:21:76:21:a0:00:d3:8c:92:
                    a5:fe:da:26:d6:c6:95:f5:3a:35:c9:c4:2d:f5:27:
                    99:3c:bd:b9:dc:f5:41:71:27:9c:af:eb:56:2e:5b:
                    ee:bf:6e:c6:03:72:26:f9:89:a0:7b:90:d1:95:7e:
                    45:3f:ea:d5:52:9b:cc:1f:ae:2d:f3:af:9b:fa:d5:
                    c1:ef:fa:97:fd:2b:66:38:bc:a3:e6:15:1a:36:61:
                    6c:9c:59:6a:56:02:e8:2e:8f:a5:31:0a:f9:ca:5b:
                    ef:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:81:31:29:4D:CE:6F:DA:6E:F3:C4:F3:0F:C0:AF:E3:AA:5C:E9:4C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BYExKU3Ob9pu88TzD8Cv46pc6Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:de:6f:95:f5:15:57:a6:dc:3c:14:05:14:fb:2a:a6:e2:f6:
         9f:28:20:34:40:b6:b3:76:4f:82:72:58:7d:40:0b:43:f6:a4:
         b7:cc:61:74:31:2c:5a:7d:10:28:b8:df:b6:0f:18:1a:aa:b1:
         8c:7a:11:b6:e8:f8:6d:0f:60:2e:cc:c0:1f:7a:55:d7:d3:7d:
         8c:a8:d8:31:90:f4:25:63:a5:75:94:3d:ba:84:c8:35:f7:5c:
         80:91:89:25:78:64:52:d3:9b:31:06:c2:35:a0:b1:27:aa:4c:
         af:dc:0c:c4:1a:36:69:c9:69:12:8b:7b:28:63:5a:b9:69:33:
         74:5d:d7:10:25:b5:e2:e8:9b:77:c2:bc:d4:04:c9:36:c0:88:
         5b:00:f0:0b:25:f2:52:fe:aa:6c:44:a1:75:67:09:4c:32:9c:
         3f:b8:70:22:6a:bd:40:2a:17:ba:52:1e:dd:fa:2a:c0:be:36:
         fc:47:9b:ef:f9:82:4f:11:11:1b:0b:31:72:94:da:41:13:78:
         1f:6c:53:6e:bb:ab:f7:49:75:4a:ff:b1:d5:1d:5d:a9:12:9b:
         2f:69:63:53:6d:7c:80:c3:a0:f2:59:af:9d:fe:76:9e:25:a3:
         06:94:de:fc:63:aa:20:61:47:ba:eb:ea:31:55:6e:cc:29:bb:
         80:d9:1b:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyRToQ4ccgafBLlXIkRPoY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjI0MjAxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTgxMzEyOTRkY2U2ZmRhNmVmM2M0ZjMwZmMwYWZlM2FhNWNlOTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA060C4sRJQQ3bzfg/LH+58C4etw/Y
Lwtfm1RAbQOsaemNmGGyWAJR4qr9gCBrPJ97JqytfWvQdfkX1hx9yfsmFZ6S9fzN
0ewUlB8PAlwPeSfCby3TefQJg2ERDgDTgpipmDYziUwSqQmT9ZVHezB6lEYUsyu8
4kEdH1wGaYXPfYPETSmpLbhBdyU975YAYdr7FGv1bYH67invH5Y+IXYhoADTjJKl
/tom1saV9To1ycQt9SeZPL253PVBcSecr+tWLlvuv27GA3Im+Ymge5DRlX5FP+rV
UpvMH64t86+b+tXB7/qX/StmOLyj5hUaNmFsnFlqVgLoLo+lMQr5ylvvfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWBMSlNzm/abvPE8w/Ar+OqXOlMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQllFeEtVM09iOXB1ODhUekQ4Q3Y0NnBjNlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrfwMA0G
CSqGSIb3DQEBCwUAA4IBAQB73m+V9RVXptw8FAUU+yqm4vafKCA0QLazdk+Cclh9
QAtD9qS3zGF0MSxafRAouN+2DxgaqrGMehG26PhtD2AuzMAfelXX032MqNgxkPQl
Y6V1lD26hMg191yAkYkleGRS05sxBsI1oLEnqkyv3AzEGjZpyWkSi3soY1q5aTN0
XdcQJbXi6Jt3wrzUBMk2wIhbAPALJfJS/qpsRKF1ZwlMMpw/uHAiar1AKhe6Uh7d
+irAvjb8R5vv+YJPEREbCzFylNpBE3gfbFNuu6v3SXVK/7HVHV2pEpsvaWNTbXyA
w6DyWa+d/naeJaMGlN78Y6ogYUe66+oxVW7MKbuA2Rvw
-----END CERTIFICATE-----