Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/F8emzs3_B0YGWDwCVloq5B3EHIg.roa
File:                     F8emzs3_B0YGWDwCVloq5B3EHIg.roa (raw, json)
Hash identifier:          BMRGJRbw9tzwz0dEpd1mJdklDFG0Z3cF3+GRrdDYqgU=
Subject key identifier:   17:C7:A6:CE:CD:FF:07:46:06:58:3C:02:56:5A:2A:E4:1D:C4:1C:88
Certificate issuer:       /CN=95d108f0e85868c2bbe7db6d7377034c131eb224
Certificate serial:       019EA6FABA2F79A4FAB82FD5B2915E67F8F7
Authority key identifier: 95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/F8emzs3_B0YGWDwCVloq5B3EHIg.roa
Signing time:             Mon 08 Jun 2026 11:25:10 +0000
ROA not before:           Mon 08 Jun 2026 11:25:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214822
IP address blocks:        189.74.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a6:fa:ba:2f:79:a4:fa:b8:2f:d5:b2:91:5e:67:f8:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d108f0e85868c2bbe7db6d7377034c131eb224
        Validity
            Not Before: Jun  8 11:25:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17c7a6cecdff074606583c02565a2ae41dc41c88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4e:0d:6b:12:7d:49:43:f8:e1:dd:0a:e2:38:
                    f5:86:9b:58:4e:f3:4a:f9:63:e1:36:cf:c3:81:32:
                    8d:cf:bd:5b:48:fa:0c:28:6b:2e:78:e6:e6:c8:b7:
                    03:ec:85:69:02:35:68:dc:be:b0:b6:0c:a4:0d:7d:
                    7d:b6:42:8b:d7:9c:3f:c0:fc:5a:39:f2:f9:1f:af:
                    10:21:2f:d2:b5:41:20:e2:ab:37:d8:95:64:02:b8:
                    fd:d2:84:cc:26:5c:ce:3f:16:2a:98:b6:df:45:b0:
                    8e:ec:c1:a2:f4:e2:58:d2:5a:93:75:fd:8a:63:06:
                    1e:bd:47:23:7f:e9:2c:df:8b:d1:0c:bd:d8:33:d2:
                    8d:21:94:b2:48:36:72:25:ea:a6:84:9e:4c:fa:2d:
                    e4:5e:f8:35:72:37:18:73:15:75:66:39:af:15:7f:
                    27:43:c2:53:83:ef:9b:50:b8:a9:e8:a1:08:fc:1a:
                    10:ac:51:a3:1e:d0:57:2d:71:96:56:12:fc:ca:e0:
                    c6:a2:46:85:51:00:f3:9f:b9:c5:35:b8:57:b5:f1:
                    61:21:8d:6a:6c:86:75:6b:5a:a3:60:0e:14:b6:5d:
                    e9:90:95:0a:c2:33:0e:e9:7d:5b:b1:30:29:09:e9:
                    2f:66:5b:46:83:e3:5e:a9:99:14:20:90:d5:18:de:
                    93:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:C7:A6:CE:CD:FF:07:46:06:58:3C:02:56:5A:2A:E4:1D:C4:1C:88
            X509v3 Authority Key Identifier:
                keyid:95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/F8emzs3_B0YGWDwCVloq5B3EHIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.74.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:a6:27:59:87:f0:cb:ea:df:72:eb:5e:6b:75:dd:86:93:24:
         61:d0:d7:22:9b:ed:1f:4c:54:7f:fb:20:4b:0d:cd:fd:ca:05:
         5d:1b:f3:a3:67:60:c6:f8:1f:a5:89:66:05:af:81:2c:7e:47:
         e8:10:6d:a8:41:aa:e7:00:57:2e:91:ca:24:60:71:27:ca:4c:
         c1:84:19:8e:7a:f9:99:68:9c:c2:ec:ad:98:b2:ef:55:a3:14:
         a2:28:ff:97:52:dd:3c:a0:07:94:12:32:89:e8:d0:9d:d9:5d:
         d5:a8:97:cc:b0:c2:4a:bf:80:76:04:c3:17:8a:6f:95:23:05:
         60:d3:c3:37:20:3e:31:fb:5b:f6:15:28:10:1d:11:49:05:bd:
         69:af:ce:78:81:64:df:ff:67:9d:1f:00:9f:0a:42:3d:40:b4:
         12:00:cd:68:39:21:d7:d7:69:52:6a:0a:e6:32:f5:94:f6:40:
         ae:7a:5b:77:29:4c:ea:99:28:68:c9:27:41:b4:f1:53:82:22:
         c3:48:aa:3d:68:c5:ee:9b:fa:27:3c:2c:47:34:bf:21:32:a1:
         d7:3b:85:85:06:c4:2d:62:a5:ad:3a:c5:d6:28:f2:dc:84:39:
         1d:d6:fb:a8:25:5f:ee:3e:db:3b:92:bc:02:af:30:93:49:ff:
         c2:9d:1e:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6m+roveaT6uC/VspFeZ/j3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDEwOGYwZTg1ODY4YzJiYmU3ZGI2ZDczNzcwMzRjMTMx
ZWIyMjQwHhcNMjYwNjA4MTEyNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2M3YTZjZWNkZmYwNzQ2MDY1ODNjMDI1NjVhMmFlNDFkYzQxYzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU4NaxJ9SUP44d0K4jj1hptYTvNK
+WPhNs/DgTKNz71bSPoMKGsueObmyLcD7IVpAjVo3L6wtgykDX19tkKL15w/wPxa
OfL5H68QIS/StUEg4qs32JVkArj90oTMJlzOPxYqmLbfRbCO7MGi9OJY0lqTdf2K
YwYevUcjf+ks34vRDL3YM9KNIZSySDZyJeqmhJ5M+i3kXvg1cjcYcxV1ZjmvFX8n
Q8JTg++bULip6KEI/BoQrFGjHtBXLXGWVhL8yuDGokaFUQDzn7nFNbhXtfFhIY1q
bIZ1a1qjYA4Utl3pkJUKwjMO6X1bsTApCekvZltGg+NeqZkUIJDVGN6TZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfHps7N/wdGBlg8AlZaKuQdxByIMB8GA1UdIwQY
MBaAFJXRCPDoWGjCu+fbbXN3A0wTHrIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYt
NzJmYjk3ZDU5Y2U0LzEvRjhlbXpzM19CMFlHV0R3Q1Zsb3E1QjNFSElnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYtNzJmYjk3ZDU5Y2U0
LzEvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvUp9MA0G
CSqGSIb3DQEBCwUAA4IBAQAnpidZh/DL6t9y615rdd2GkyRh0Ncim+0fTFR/+yBL
Dc39ygVdG/OjZ2DG+B+liWYFr4EsfkfoEG2oQarnAFcukcokYHEnykzBhBmOevmZ
aJzC7K2Ysu9VoxSiKP+XUt08oAeUEjKJ6NCd2V3VqJfMsMJKv4B2BMMXim+VIwVg
08M3ID4x+1v2FSgQHRFJBb1pr854gWTf/2edHwCfCkI9QLQSAM1oOSHX12lSagrm
MvWU9kCuelt3KUzqmShoySdBtPFTgiLDSKo9aMXum/onPCxHNL8hMqHXO4WFBsQt
YqWtOsXWKPLchDkd1vuoJV/uPts7krwCrzCTSf/CnR5q
-----END CERTIFICATE-----