Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/J4ZfI_RfOrpmy1A2S2Vj8ciYG7U.roa
File:                     J4ZfI_RfOrpmy1A2S2Vj8ciYG7U.roa (raw, json)
Hash identifier:          xU01SBexU2pgq8GahrrSha80apeSc4qMCG32pF8S8lI=
Subject key identifier:   27:86:5F:23:F4:5F:3A:BA:66:CB:50:36:4B:65:63:F1:C8:98:1B:B5
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       019C47B77C31AA8B3A868164F19A721E7DB1
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/J4ZfI_RfOrpmy1A2S2Vj8ciYG7U.roa
Signing time:             Tue 10 Feb 2026 13:22:13 +0000
ROA not before:           Tue 10 Feb 2026 13:22:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        46.34.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:b7:7c:31:aa:8b:3a:86:81:64:f1:9a:72:1e:7d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Feb 10 13:22:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27865f23f45f3aba66cb50364b6563f1c8981bb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:00:c8:6a:1e:13:d9:80:30:b5:44:c3:77:11:
                    42:d1:fb:3a:8f:13:0c:a0:99:93:d8:db:0d:e5:89:
                    9b:53:4c:3b:26:4e:d1:df:c4:03:b8:16:3e:79:c9:
                    c4:92:27:d3:bd:20:bf:31:50:11:25:78:b4:51:59:
                    f2:08:eb:9f:74:fc:da:16:c7:5c:3c:4f:00:b4:61:
                    e3:ed:81:48:7f:04:c1:0c:11:52:21:be:f7:0d:cb:
                    a4:20:42:4e:5d:d3:dd:33:da:32:cc:76:d3:16:45:
                    4e:58:fd:ff:fd:3e:d4:eb:95:8c:31:9f:45:23:0c:
                    71:ea:32:58:61:7f:6a:65:c1:de:06:06:2e:25:31:
                    b4:94:e8:04:85:d1:3e:47:b0:69:6d:7d:a9:58:d4:
                    c9:04:4f:1a:19:78:09:d3:b4:21:b0:85:20:ac:fb:
                    2f:4c:e0:10:49:7d:90:12:5d:18:32:4f:60:1d:4c:
                    ee:9e:3d:3d:33:ab:2d:1d:d3:7e:6b:9a:b7:0e:1d:
                    a9:c4:ef:14:55:a0:65:84:fb:af:d6:5b:fe:4f:09:
                    34:f8:88:17:37:0f:ae:f2:3c:56:2f:49:69:b4:1f:
                    71:be:ea:a5:59:d2:b7:9b:4c:00:47:f7:8b:c3:f8:
                    15:31:13:2e:24:f1:e6:5e:da:f1:c5:9a:3b:b2:a3:
                    5c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:86:5F:23:F4:5F:3A:BA:66:CB:50:36:4B:65:63:F1:C8:98:1B:B5
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/J4ZfI_RfOrpmy1A2S2Vj8ciYG7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:4e:48:a5:0a:c7:f8:06:2a:e0:33:ab:63:d9:b0:de:5a:c2:
         ba:6f:d8:94:72:28:8c:61:56:29:34:43:b2:9c:1a:33:54:bb:
         82:af:a8:5a:ee:c5:db:9a:bf:01:01:47:91:a6:8c:b5:cb:f4:
         4c:81:db:1d:8e:1e:58:9b:69:0d:15:ff:96:78:ce:62:18:52:
         1f:ee:26:3e:37:9e:62:5f:e9:66:c0:2a:bc:00:29:70:bf:56:
         96:1c:ad:89:bc:2a:30:57:b2:5d:56:11:e7:81:45:cf:3c:c7:
         64:4f:12:e5:e5:75:f9:7e:cf:5d:62:16:00:95:a7:ed:51:87:
         f3:82:2b:8f:9a:3f:e4:95:a7:f5:b0:38:02:0c:0a:6e:a1:fe:
         34:ae:2f:f4:96:ff:f2:77:66:20:ff:63:7b:1b:2e:65:92:cc:
         16:04:92:1e:6f:2e:be:41:ce:78:6f:74:32:98:e7:55:14:fb:
         ff:12:e6:4c:1c:66:9f:88:03:6c:ea:f0:1c:77:d3:7a:ff:41:
         c1:18:17:3b:3e:79:c3:ba:c5:28:18:c4:c7:3f:bb:0b:02:0c:
         7d:54:8b:22:b2:01:6a:8c:29:d8:93:6a:a5:ee:a6:c3:4e:c6:
         7a:5d:6b:4c:c8:4b:bf:e8:45:84:b6:58:d0:8e:7e:6d:b9:70:
         65:a6:6f:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxHt3wxqos6hoFk8ZpyHn2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjYwMjEwMTMyMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzg2NWYyM2Y0NWYzYWJhNjZjYjUwMzY0YjY1NjNmMWM4OTgxYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzADIah4T2YAwtUTDdxFC0fs6jxMM
oJmT2NsN5YmbU0w7Jk7R38QDuBY+ecnEkifTvSC/MVARJXi0UVnyCOufdPzaFsdc
PE8AtGHj7YFIfwTBDBFSIb73DcukIEJOXdPdM9oyzHbTFkVOWP3//T7U65WMMZ9F
Iwxx6jJYYX9qZcHeBgYuJTG0lOgEhdE+R7BpbX2pWNTJBE8aGXgJ07QhsIUgrPsv
TOAQSX2QEl0YMk9gHUzunj09M6stHdN+a5q3Dh2pxO8UVaBlhPuv1lv+Twk0+IgX
Nw+u8jxWL0lptB9xvuqlWdK3m0wAR/eLw/gVMRMuJPHmXtrxxZo7sqNcAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeGXyP0Xzq6ZstQNktlY/HImBu1MB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvSjRaZklfUmZPcnBteTFBMlMyVmo4Y2lZRzdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiIuMA0G
CSqGSIb3DQEBCwUAA4IBAQBjTkilCsf4BirgM6tj2bDeWsK6b9iUciiMYVYpNEOy
nBozVLuCr6ha7sXbmr8BAUeRpoy1y/RMgdsdjh5Ym2kNFf+WeM5iGFIf7iY+N55i
X+lmwCq8AClwv1aWHK2JvCowV7JdVhHngUXPPMdkTxLl5XX5fs9dYhYAlaftUYfz
giuPmj/klaf1sDgCDApuof40ri/0lv/yd2Yg/2N7Gy5lkswWBJIeby6+Qc54b3Qy
mOdVFPv/EuZMHGafiANs6vAcd9N6/0HBGBc7PnnDusUoGMTHP7sLAgx9VIsisgFq
jCnYk2ql7qbDTsZ6XWtMyEu/6EWEtljQjn5tuXBlpm9e
-----END CERTIFICATE-----