Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/3e1aB77stWTp_pcWReBzNO2IJyQ.roa
File:                     3e1aB77stWTp_pcWReBzNO2IJyQ.roa (raw, json)
Hash identifier:          y600ju7YKSbJWZwn4QGcu4eyhB4Kn+pcLohTFXP1j3U=
Subject key identifier:   DD:ED:5A:07:BE:EC:B5:64:E9:FE:97:16:45:E0:73:34:ED:88:27:24
Certificate issuer:       /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial:       019C9E2F594362CF90DF4DB8C10C8ACAB4EE
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/3e1aB77stWTp_pcWReBzNO2IJyQ.roa
Signing time:             Fri 27 Feb 2026 08:20:29 +0000
ROA not before:           Fri 27 Feb 2026 08:20:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49632
IP address blocks:        188.125.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9e:2f:59:43:62:cf:90:df:4d:b8:c1:0c:8a:ca:b4:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
        Validity
            Not Before: Feb 27 08:20:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dded5a07beecb564e9fe971645e07334ed882724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e8:52:37:48:72:e7:ca:e4:fe:1c:f3:72:b5:
                    41:62:56:ed:af:c4:fe:fd:ca:aa:71:23:68:48:11:
                    0d:ab:37:19:9d:7f:1e:05:6f:f6:dc:b5:6f:1e:2e:
                    33:e5:ab:50:7e:83:a5:12:b8:8c:32:3b:73:0e:fd:
                    e9:62:85:68:a4:76:73:32:ba:5b:3c:e4:dc:f6:6a:
                    ca:56:e4:6f:58:75:25:09:a0:e4:27:17:eb:bd:6b:
                    8f:6a:57:7a:76:de:12:09:50:db:24:3b:40:41:6d:
                    f2:78:be:d3:89:64:39:df:d3:c5:a4:56:3c:5f:cc:
                    3c:d4:1f:fe:05:7b:22:24:bb:42:45:2d:f7:57:e6:
                    1d:7c:fe:9b:6a:aa:34:eb:18:4b:2c:bb:ae:b2:3c:
                    0c:41:bf:61:1d:53:9e:d8:62:ba:80:07:a3:d7:b2:
                    2f:f9:08:0b:0e:55:f8:65:fc:86:e3:ab:95:99:03:
                    1a:6b:a1:a0:57:c2:b6:23:87:af:1d:9a:73:8e:ee:
                    9e:88:34:96:b6:bd:07:12:69:36:02:89:f1:98:9f:
                    e0:36:05:16:da:19:a9:d4:76:5e:07:76:67:1a:7a:
                    e7:7a:64:9e:e3:9c:07:27:4d:a6:38:d2:89:c3:6b:
                    0a:0d:d4:1e:5b:5f:45:4e:53:87:1f:ce:b2:2a:e1:
                    0a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:ED:5A:07:BE:EC:B5:64:E9:FE:97:16:45:E0:73:34:ED:88:27:24
            X509v3 Authority Key Identifier:
                keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/3e1aB77stWTp_pcWReBzNO2IJyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:d8:99:80:4f:fc:86:55:a9:02:61:37:12:fd:93:92:5e:0c:
         64:e3:51:70:07:96:b3:c4:2b:c6:58:3d:4b:e6:7e:32:f0:70:
         43:7b:81:bb:24:25:5d:e3:63:68:aa:a3:80:82:e4:ba:eb:88:
         8b:b8:e7:ae:ac:20:0d:9e:a7:8e:90:40:0c:c1:2b:1a:7c:46:
         3d:e6:a9:81:6d:93:99:99:bf:83:e7:a8:e9:76:09:f4:c7:d0:
         7f:20:bf:9d:ac:f4:58:49:7a:b0:7b:73:e1:c3:fd:d4:78:19:
         d0:a0:0b:e3:8f:43:8e:3a:c9:86:9f:b9:a8:ca:85:65:ac:ac:
         3f:2e:3f:57:3f:98:98:98:30:bf:6f:7f:23:bc:6b:5c:18:84:
         7b:c8:01:f0:a6:e4:a1:82:6d:a3:6e:11:1e:59:03:e0:cb:fa:
         13:0c:f4:27:09:01:af:e1:78:04:26:6c:63:f2:98:3f:f9:5b:
         d0:f3:94:a3:f9:7b:6c:16:61:77:9a:e2:25:13:ab:81:b2:3c:
         cc:e8:2d:33:fd:7e:20:ba:d7:c6:6b:b9:35:4e:7b:cb:c2:48:
         c2:a3:e9:67:be:81:37:8e:da:b8:91:42:c5:f3:0e:ff:bb:1e:
         58:36:f4:ed:0e:fc:30:31:96:23:28:3b:f3:db:a0:3e:66:68:
         ab:11:f6:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyeL1lDYs+Q3024wQyKyrTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjYwMjI3MDgyMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGVkNWEwN2JlZWNiNTY0ZTlmZTk3MTY0NWUwNzMzNGVkODgyNzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmehSN0hy58rk/hzzcrVBYlbtr8T+
/cqqcSNoSBENqzcZnX8eBW/23LVvHi4z5atQfoOlEriMMjtzDv3pYoVopHZzMrpb
POTc9mrKVuRvWHUlCaDkJxfrvWuPald6dt4SCVDbJDtAQW3yeL7TiWQ539PFpFY8
X8w81B/+BXsiJLtCRS33V+YdfP6baqo06xhLLLuusjwMQb9hHVOe2GK6gAej17Iv
+QgLDlX4ZfyG46uVmQMaa6GgV8K2I4evHZpzju6eiDSWtr0HEmk2AonxmJ/gNgUW
2hmp1HZeB3ZnGnrnemSe45wHJ02mONKJw2sKDdQeW19FTlOHH86yKuEKywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3tWge+7LVk6f6XFkXgczTtiCckMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvM2UxYUI3N3N0V1RwX3BjV1JlQnpOTzJJSnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH2gMA0G
CSqGSIb3DQEBCwUAA4IBAQBD2JmAT/yGVakCYTcS/ZOSXgxk41FwB5azxCvGWD1L
5n4y8HBDe4G7JCVd42NoqqOAguS664iLuOeurCANnqeOkEAMwSsafEY95qmBbZOZ
mb+D56jpdgn0x9B/IL+drPRYSXqwe3Phw/3UeBnQoAvjj0OOOsmGn7moyoVlrKw/
Lj9XP5iYmDC/b38jvGtcGIR7yAHwpuShgm2jbhEeWQPgy/oTDPQnCQGv4XgEJmxj
8pg/+VvQ85Sj+XtsFmF3muIlE6uBsjzM6C0z/X4gutfGa7k1TnvLwkjCo+lnvoE3
jtq4kULF8w7/ux5YNvTtDvwwMZYjKDvz26A+ZmirEfYY
-----END CERTIFICATE-----