Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/tcgRwXEPoiihCJhjD1oHcFIHHdY.roa
File:                     tcgRwXEPoiihCJhjD1oHcFIHHdY.roa (raw, json)
Hash identifier:          efVf0hrY1TqiclV4t2y1RBBFdevRrTR3XH8aA/JQadM=
Subject key identifier:   B5:C8:11:C1:71:0F:A2:28:A1:08:98:63:0F:5A:07:70:52:07:1D:D6
Certificate issuer:       /CN=02cc691476a6e7895b0e456116444f91937bf01e
Certificate serial:       019B7BA4F98055FB5476A19FECC03FBF4E66
Authority key identifier: 02:CC:69:14:76:A6:E7:89:5B:0E:45:61:16:44:4F:91:93:7B:F0:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AsxpFHam54lbDkVhFkRPkZN78B4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/tcgRwXEPoiihCJhjD1oHcFIHHdY.roa
Signing time:             Thu 01 Jan 2026 22:19:27 +0000
ROA not before:           Thu 01 Jan 2026 22:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29471
IP address blocks:        195.158.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/AsxpFHam54lbDkVhFkRPkZN78B4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/AsxpFHam54lbDkVhFkRPkZN78B4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AsxpFHam54lbDkVhFkRPkZN78B4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:f9:80:55:fb:54:76:a1:9f:ec:c0:3f:bf:4e:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02cc691476a6e7895b0e456116444f91937bf01e
        Validity
            Not Before: Jan  1 22:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5c811c1710fa228a10898630f5a077052071dd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:60:65:66:a6:5e:07:2a:1e:8e:d1:9c:57:b7:
                    37:ea:de:41:72:6b:27:d9:13:6c:11:1d:ad:17:2f:
                    05:c8:2e:80:90:f9:bf:2b:76:b1:d7:b8:9c:63:00:
                    70:10:b6:e0:1a:95:24:e9:05:07:ca:d2:54:1e:50:
                    05:0b:d0:57:00:df:75:02:71:07:94:79:1f:bd:9b:
                    39:24:a0:c2:ae:26:92:73:74:ee:cf:95:11:d5:b9:
                    7c:9b:6c:8b:c5:55:da:ef:17:b9:a9:28:e8:6b:90:
                    88:fd:27:1b:b5:32:34:14:cc:b9:31:60:e9:3e:92:
                    ad:69:0a:4b:4d:e2:f8:6c:94:a2:6b:d0:22:10:1d:
                    df:a2:c4:53:f6:c1:4e:db:e8:66:ea:8f:39:50:49:
                    36:e4:20:c2:4a:0e:11:a5:5d:33:e0:98:43:f1:52:
                    16:6b:05:2a:ae:f1:f2:5b:ae:c7:80:67:d5:9e:84:
                    eb:9c:c7:ce:62:30:a6:6a:70:52:4a:8c:f5:7b:07:
                    4c:6b:77:81:02:84:b2:0f:75:1d:92:27:6a:9d:2a:
                    6d:98:45:b2:19:d3:83:b4:dc:1c:7e:72:51:f6:c2:
                    07:6f:9b:13:13:53:96:ea:91:e1:4a:06:14:22:51:
                    7b:82:a8:35:e5:05:88:32:0a:91:94:ce:61:ca:75:
                    1c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:C8:11:C1:71:0F:A2:28:A1:08:98:63:0F:5A:07:70:52:07:1D:D6
            X509v3 Authority Key Identifier:
                keyid:02:CC:69:14:76:A6:E7:89:5B:0E:45:61:16:44:4F:91:93:7B:F0:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AsxpFHam54lbDkVhFkRPkZN78B4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/tcgRwXEPoiihCJhjD1oHcFIHHdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/AsxpFHam54lbDkVhFkRPkZN78B4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.158.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:19:64:70:25:7d:5c:e4:28:d3:8e:9f:ad:84:40:b2:59:9c:
         c1:27:b2:be:07:f4:05:0b:08:d1:57:9f:b9:79:05:6a:6d:94:
         82:c2:f7:8d:ab:9a:31:33:02:b7:5c:36:8a:fc:b0:49:52:af:
         a9:83:87:3a:34:85:a8:8c:1b:a6:f3:ef:a0:ad:4e:e4:12:af:
         74:d5:3a:9c:13:1b:fb:34:d0:8b:00:22:58:7b:0f:13:84:d7:
         c0:c5:da:d2:8d:e7:a5:af:37:19:c4:11:11:06:3d:a6:78:43:
         77:0f:5e:bd:2b:cc:e7:ef:ee:b8:75:b2:f5:0b:d5:4b:5a:e2:
         73:4e:21:85:98:8b:ac:fd:1d:44:eb:a5:ec:3f:53:27:c0:51:
         69:df:21:d6:56:1f:c1:80:fe:24:63:38:55:0c:53:54:69:d7:
         b7:e1:3d:e5:85:f1:4f:33:b3:22:34:3f:58:5e:3a:cf:4c:6b:
         d8:0e:15:94:30:aa:93:d0:3b:22:b4:7c:03:07:59:26:97:3f:
         1d:86:e6:c6:84:1c:f8:09:46:13:18:a1:80:4d:3a:95:b7:94:
         7c:f1:8b:ca:d9:50:c5:0b:a0:af:db:af:94:aa:82:a9:0c:97:
         c7:42:8e:6a:64:87:3b:c8:5b:9a:d2:5d:d9:90:e0:71:bd:7c:
         8a:7e:00:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pPmAVftUdqGf7MA/v05mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyY2M2OTE0NzZhNmU3ODk1YjBlNDU2MTE2NDQ0ZjkxOTM3
YmYwMWUwHhcNMjYwMTAxMjIxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWM4MTFjMTcxMGZhMjI4YTEwODk4NjMwZjVhMDc3MDUyMDcxZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGBlZqZeByoejtGcV7c36t5Bcmsn
2RNsER2tFy8FyC6AkPm/K3ax17icYwBwELbgGpUk6QUHytJUHlAFC9BXAN91AnEH
lHkfvZs5JKDCriaSc3Tuz5UR1bl8m2yLxVXa7xe5qSjoa5CI/ScbtTI0FMy5MWDp
PpKtaQpLTeL4bJSia9AiEB3fosRT9sFO2+hm6o85UEk25CDCSg4RpV0z4JhD8VIW
awUqrvHyW67HgGfVnoTrnMfOYjCmanBSSoz1ewdMa3eBAoSyD3UdkidqnSptmEWy
GdODtNwcfnJR9sIHb5sTE1OW6pHhSgYUIlF7gqg15QWIMgqRlM5hynUc+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXIEcFxD6IooQiYYw9aB3BSBx3WMB8GA1UdIwQY
MBaAFALMaRR2pueJWw5FYRZET5GTe/AeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXN4cEZIYW01NGxiRGtWaEZrUlBrWk43OEI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS85YTY4NjAtMjI0Zi00YjM0LWE5YjYt
YmMxOTJiYjczMDI1LzEvdGNnUndYRVBvaWloQ0poakQxb0hjRklISGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS85YTY4NjAtMjI0Zi00YjM0LWE5YjYtYmMxOTJiYjczMDI1
LzEvQXN4cEZIYW01NGxiRGtWaEZrUlBrWk43OEI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw542MA0G
CSqGSIb3DQEBCwUAA4IBAQA/GWRwJX1c5CjTjp+thECyWZzBJ7K+B/QFCwjRV5+5
eQVqbZSCwveNq5oxMwK3XDaK/LBJUq+pg4c6NIWojBum8++grU7kEq901TqcExv7
NNCLACJYew8ThNfAxdrSjeelrzcZxBERBj2meEN3D169K8zn7+64dbL1C9VLWuJz
TiGFmIus/R1E66XsP1MnwFFp3yHWVh/BgP4kYzhVDFNUade34T3lhfFPM7MiND9Y
XjrPTGvYDhWUMKqT0DsitHwDB1kmlz8dhubGhBz4CUYTGKGATTqVt5R88YvK2VDF
C6Cv26+UqoKpDJfHQo5qZIc7yFua0l3ZkOBxvXyKfgC2
-----END CERTIFICATE-----