Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/rRTCZ5FyRdDiK7BZGTzqpa0QNeg.roa
File:                     rRTCZ5FyRdDiK7BZGTzqpa0QNeg.roa (raw, json)
Hash identifier:          mji6QPUv0yUiA70EcUkHQFZ0veAkRZWxgnDOQwOKKtU=
Subject key identifier:   AD:14:C2:67:91:72:45:D0:E2:2B:B0:59:19:3C:EA:A5:AD:10:35:E8
Certificate issuer:       /CN=a59caa2a73680698b2c9e1a6c9641a74f3ce76e8
Certificate serial:       019B7CED4208E2CA042BB80B10EAD5ADDB81
Authority key identifier: A5:9C:AA:2A:73:68:06:98:B2:C9:E1:A6:C9:64:1A:74:F3:CE:76:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pZyqKnNoBpiyyeGmyWQadPPOdug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/rRTCZ5FyRdDiK7BZGTzqpa0QNeg.roa
Signing time:             Fri 02 Jan 2026 04:18:02 +0000
ROA not before:           Fri 02 Jan 2026 04:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202373
IP address blocks:        194.34.156.0/22 maxlen: 22
                          194.34.158.0/24 maxlen: 24
                          194.34.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/pZyqKnNoBpiyyeGmyWQadPPOdug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/pZyqKnNoBpiyyeGmyWQadPPOdug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pZyqKnNoBpiyyeGmyWQadPPOdug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:42:08:e2:ca:04:2b:b8:0b:10:ea:d5:ad:db:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a59caa2a73680698b2c9e1a6c9641a74f3ce76e8
        Validity
            Not Before: Jan  2 04:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad14c267917245d0e22bb059193ceaa5ad1035e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:59:c0:45:94:84:70:6b:42:8d:f9:6f:25:77:
                    37:b4:26:5f:81:19:c3:72:91:48:eb:b2:2e:79:e4:
                    9d:2e:5c:ef:00:af:70:80:54:fa:35:b8:56:c0:d7:
                    49:76:f4:fc:ac:6b:45:96:3a:ae:34:28:83:4f:e4:
                    71:76:47:30:a3:86:fe:98:6c:66:ef:a0:4e:6f:99:
                    3c:e7:07:ee:34:73:e8:53:e8:bf:e3:0a:cf:a8:55:
                    3f:62:04:45:a1:e1:fb:f9:2f:56:79:7b:da:e6:c6:
                    28:fb:3c:81:84:35:ba:66:43:93:a4:7a:dc:9b:3f:
                    ec:f5:00:59:1c:0a:3b:e6:9f:54:60:cc:35:38:b6:
                    fb:65:24:d2:57:6a:7f:5c:c9:4a:2e:4e:74:7f:5e:
                    f1:ef:f0:81:bc:f6:61:72:3a:71:74:c3:65:ff:73:
                    a4:99:ab:fc:8a:c3:66:09:0c:2a:ff:59:83:e4:10:
                    b6:32:df:da:63:a0:8b:d6:26:52:31:e5:55:5c:5c:
                    fa:e2:4d:be:88:42:b5:98:1d:96:0f:57:87:8c:ca:
                    13:7b:fc:31:55:31:72:68:5c:74:b0:b6:46:ec:57:
                    b6:55:cd:19:a3:63:78:7e:90:fe:dd:2a:60:64:a6:
                    89:e2:9f:c7:1d:54:ae:33:73:1a:31:6f:fb:cd:7d:
                    68:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:14:C2:67:91:72:45:D0:E2:2B:B0:59:19:3C:EA:A5:AD:10:35:E8
            X509v3 Authority Key Identifier:
                keyid:A5:9C:AA:2A:73:68:06:98:B2:C9:E1:A6:C9:64:1A:74:F3:CE:76:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pZyqKnNoBpiyyeGmyWQadPPOdug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/rRTCZ5FyRdDiK7BZGTzqpa0QNeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/pZyqKnNoBpiyyeGmyWQadPPOdug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:ee:2d:72:1b:e8:45:9d:2c:d4:e4:46:54:04:be:2c:11:70:
         3f:f7:87:65:f1:bf:78:36:ee:08:d7:ed:5d:83:df:df:6c:ee:
         1c:07:c9:54:65:1d:88:0f:0c:ee:49:95:d5:ac:ed:2a:6c:1a:
         c2:a6:f3:0f:86:5a:19:bd:d0:c1:d8:22:54:2f:b7:6b:2a:41:
         20:c0:59:b1:90:f4:ad:25:eb:59:6f:4d:e9:b7:35:e4:ed:00:
         1c:ca:eb:43:0f:38:b7:28:c8:c7:02:67:ca:88:1b:16:7d:75:
         b0:42:47:a1:45:2b:b3:04:0e:6a:9a:f4:40:5e:3f:68:31:24:
         0d:2c:43:1f:1f:f0:38:8e:b5:0e:83:7f:88:61:b5:ac:2d:55:
         9b:fd:fc:4a:68:ea:35:f1:cd:f7:fc:48:4a:17:51:ae:14:d6:
         10:1b:80:0b:ae:21:47:c1:43:e6:f5:96:7a:2c:49:36:5e:85:
         70:45:b9:41:19:1d:03:fe:c5:63:d0:71:12:02:85:7f:9b:4e:
         aa:d1:8c:53:50:8e:90:78:89:f4:10:31:54:21:a3:a2:0a:92:
         9b:ce:4a:2d:4d:b9:bc:fc:7e:bb:ee:ce:a5:1b:d3:be:05:3b:
         29:de:82:ca:17:e5:86:3d:2c:0b:31:eb:45:0c:2b:1b:34:56:
         2b:89:2a:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87UII4soEK7gLEOrVrduBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1OWNhYTJhNzM2ODA2OThiMmM5ZTFhNmM5NjQxYTc0ZjNj
ZTc2ZTgwHhcNMjYwMTAyMDQxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDE0YzI2NzkxNzI0NWQwZTIyYmIwNTkxOTNjZWFhNWFkMTAzNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFnARZSEcGtCjflvJXc3tCZfgRnD
cpFI67IueeSdLlzvAK9wgFT6NbhWwNdJdvT8rGtFljquNCiDT+Rxdkcwo4b+mGxm
76BOb5k85wfuNHPoU+i/4wrPqFU/YgRFoeH7+S9WeXva5sYo+zyBhDW6ZkOTpHrc
mz/s9QBZHAo75p9UYMw1OLb7ZSTSV2p/XMlKLk50f17x7/CBvPZhcjpxdMNl/3Ok
mav8isNmCQwq/1mD5BC2Mt/aY6CL1iZSMeVVXFz64k2+iEK1mB2WD1eHjMoTe/wx
VTFyaFx0sLZG7Fe2Vc0Zo2N4fpD+3SpgZKaJ4p/HHVSuM3MaMW/7zX1oIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0UwmeRckXQ4iuwWRk86qWtEDXoMB8GA1UdIwQY
MBaAFKWcqipzaAaYssnhpslkGnTzznboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFp5cUtuTm9CcGl5eWVHbXlXUWFkUFBPZHVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9kZDY3MmYtNTMzNi00ZjM1LWIzZWYt
YWU5MWFiMzQyYmUxLzEvclJUQ1o1RnlSZERpSzdCWkdUenFwYTBRTmVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9kZDY3MmYtNTMzNi00ZjM1LWIzZWYtYWU5MWFiMzQyYmUx
LzEvcFp5cUtuTm9CcGl5eWVHbXlXUWFkUFBPZHVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiKcMA0G
CSqGSIb3DQEBCwUAA4IBAQBP7i1yG+hFnSzU5EZUBL4sEXA/94dl8b94Nu4I1+1d
g9/fbO4cB8lUZR2IDwzuSZXVrO0qbBrCpvMPhloZvdDB2CJUL7drKkEgwFmxkPSt
JetZb03ptzXk7QAcyutDDzi3KMjHAmfKiBsWfXWwQkehRSuzBA5qmvRAXj9oMSQN
LEMfH/A4jrUOg3+IYbWsLVWb/fxKaOo18c33/EhKF1GuFNYQG4ALriFHwUPm9ZZ6
LEk2XoVwRblBGR0D/sVj0HESAoV/m06q0YxTUI6QeIn0EDFUIaOiCpKbzkotTbm8
/H677s6lG9O+BTsp3oLKF+WGPSwLMetFDCsbNFYriSo3
-----END CERTIFICATE-----