Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/810BVakNXZc-eZCkm84wPbkx0zw.roa
File:                     810BVakNXZc-eZCkm84wPbkx0zw.roa (raw, json)
Hash identifier:          4W7QJcIB5zQfI2eP/65KAZgZifjdrkX8vzWfoESNuGg=
Subject key identifier:   F3:5D:01:55:A9:0D:5D:97:3E:79:90:A4:9B:CE:30:3D:B9:31:D3:3C
Certificate issuer:       /CN=f5132ad81a84a21121c50447b2089dce5e4b238a
Certificate serial:       019D8FD90E67D780308C6B77EF3BA5882A10
Authority key identifier: F5:13:2A:D8:1A:84:A2:11:21:C5:04:47:B2:08:9D:CE:5E:4B:23:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RMq2BqEohEhxQRHsgidzl5LI4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/810BVakNXZc-eZCkm84wPbkx0zw.roa
Signing time:             Wed 15 Apr 2026 06:34:19 +0000
ROA not before:           Wed 15 Apr 2026 06:34:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41887
IP address blocks:        195.72.120.0/23 maxlen: 23
                          2001:678:56c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/9RMq2BqEohEhxQRHsgidzl5LI4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/9RMq2BqEohEhxQRHsgidzl5LI4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9RMq2BqEohEhxQRHsgidzl5LI4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8f:d9:0e:67:d7:80:30:8c:6b:77:ef:3b:a5:88:2a:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5132ad81a84a21121c50447b2089dce5e4b238a
        Validity
            Not Before: Apr 15 06:34:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f35d0155a90d5d973e7990a49bce303db931d33c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8d:af:01:8c:cc:cd:3c:4b:4a:75:47:38:2d:
                    87:57:6d:b8:f3:6c:50:bd:e6:c9:f7:32:d0:39:4a:
                    06:00:84:9f:91:2c:5c:43:80:11:ad:ea:6f:09:18:
                    b5:c1:5b:37:a5:29:b3:73:1d:ad:d3:72:d6:c9:49:
                    0b:0b:2f:95:2e:53:7f:cf:26:ce:41:55:fe:5a:9e:
                    e0:a1:65:a7:2c:51:ad:d1:b9:01:46:b1:15:d3:d9:
                    44:00:be:94:72:9f:b3:05:17:66:58:8d:c1:dc:fd:
                    ed:bc:3d:f3:31:8b:d8:9f:45:a8:32:05:03:6e:67:
                    d8:65:3b:bb:bb:c3:a8:7f:ef:19:d6:14:aa:c3:05:
                    c6:0c:52:38:5c:03:bc:da:3e:9d:c2:5e:0b:06:1e:
                    04:d7:a5:c5:f5:b5:a8:f6:11:0c:af:29:6c:32:b4:
                    ad:43:64:b6:bb:9a:a9:43:3e:70:7a:44:7b:3d:a2:
                    17:b1:fc:a4:a1:b9:ae:ee:56:ce:5c:5a:e2:77:7d:
                    90:14:a0:1d:7a:e0:84:9f:cf:ba:88:99:46:c9:98:
                    94:fd:cb:95:99:50:35:f9:33:ec:ba:b9:ba:75:07:
                    c0:8d:d2:9a:cf:9e:e0:be:bc:e0:1b:94:81:3e:42:
                    43:95:a6:60:05:55:f8:6f:44:9a:d8:c4:39:87:35:
                    13:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:5D:01:55:A9:0D:5D:97:3E:79:90:A4:9B:CE:30:3D:B9:31:D3:3C
            X509v3 Authority Key Identifier:
                keyid:F5:13:2A:D8:1A:84:A2:11:21:C5:04:47:B2:08:9D:CE:5E:4B:23:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RMq2BqEohEhxQRHsgidzl5LI4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/810BVakNXZc-eZCkm84wPbkx0zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/9RMq2BqEohEhxQRHsgidzl5LI4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.72.120.0/23
                IPv6:
                  2001:678:56c::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:70:60:a6:5b:85:02:0e:c1:59:db:bd:57:68:34:98:2d:50:
         80:5a:12:8a:07:b3:47:db:32:f0:3a:c0:4b:f4:e8:3d:ec:14:
         9b:d7:35:dc:d6:49:45:3f:87:da:76:1f:20:29:ca:96:c0:f2:
         39:f0:e0:ad:93:7d:ab:42:6b:2b:ef:1b:67:3c:03:7b:51:5a:
         13:a8:ab:3a:a7:b1:68:49:1d:4f:d8:d5:43:fb:0b:64:28:47:
         84:b0:54:1c:74:df:f6:55:46:f8:7f:5c:bf:2a:c5:86:49:8d:
         20:35:6f:47:6d:a1:0b:26:0f:97:00:7c:2b:20:9b:40:fc:27:
         ed:50:7b:1d:0c:73:8a:09:49:90:a4:90:8b:01:33:e3:b9:fb:
         5e:ef:d8:0a:b8:d5:38:3d:8d:b0:41:f0:ea:ac:7f:63:d2:9b:
         1c:88:f3:3b:be:32:c9:26:3d:f6:36:43:a8:e9:ab:ea:68:d2:
         af:63:1d:7c:27:2c:98:79:31:61:57:86:15:78:0f:7b:f9:55:
         85:25:8a:29:c2:c1:24:01:ca:41:7e:e9:d2:93:a6:14:e5:ab:
         58:30:d2:0d:3c:c1:cd:96:fe:6d:b0:fd:ec:eb:d3:58:67:d2:
         59:35:61:20:e8:32:47:42:b0:df:4d:46:80:28:32:a8:3f:a2:
         6d:87:cc:ed
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ2P2Q5n14AwjGt37zuliCoQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTMyYWQ4MWE4NGEyMTEyMWM1MDQ0N2IyMDg5ZGNlNWU0
YjIzOGEwHhcNMjYwNDE1MDYzNDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzVkMDE1NWE5MGQ1ZDk3M2U3OTkwYTQ5YmNlMzAzZGI5MzFkMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY2vAYzMzTxLSnVHOC2HV22482xQ
vebJ9zLQOUoGAISfkSxcQ4ARrepvCRi1wVs3pSmzcx2t03LWyUkLCy+VLlN/zybO
QVX+Wp7goWWnLFGt0bkBRrEV09lEAL6Ucp+zBRdmWI3B3P3tvD3zMYvYn0WoMgUD
bmfYZTu7u8Oof+8Z1hSqwwXGDFI4XAO82j6dwl4LBh4E16XF9bWo9hEMrylsMrSt
Q2S2u5qpQz5wekR7PaIXsfykobmu7lbOXFrid32QFKAdeuCEn8+6iJlGyZiU/cuV
mVA1+TPsurm6dQfAjdKaz57gvrzgG5SBPkJDlaZgBVX4b0Sa2MQ5hzUTHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPNdAVWpDV2XPnmQpJvOMD25MdM8MB8GA1UdIwQY
MBaAFPUTKtgahKIRIcUER7IInc5eSyOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJNcTJCcUVvaEVoeFFSSHNnaWR6bDVMSTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85ZThiNGItMDkyMC00ZmM3LTg5NzIt
ZWE4NDFlNjdjNWQ2LzEvODEwQlZha05YWmMtZVpDa204NHdQYmt4MHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85ZThiNGItMDkyMC00ZmM3LTg5NzItZWE4NDFlNjdjNWQ2
LzEvOVJNcTJCcUVvaEVoeFFSSHNnaWR6bDVMSTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw0h4MA8E
AgACMAkDBwAgAQZ4BWwwDQYJKoZIhvcNAQELBQADggEBAD1wYKZbhQIOwVnbvVdo
NJgtUIBaEooHs0fbMvA6wEv06D3sFJvXNdzWSUU/h9p2HyApypbA8jnw4K2TfatC
ayvvG2c8A3tRWhOoqzqnsWhJHU/Y1UP7C2QoR4SwVBx03/ZVRvh/XL8qxYZJjSA1
b0dtoQsmD5cAfCsgm0D8J+1Qex0Mc4oJSZCkkIsBM+O5+17v2Aq41Tg9jbBB8Oqs
f2PSmxyI8zu+MskmPfY2Q6jpq+po0q9jHXwnLJh5MWFXhhV4D3v5VYUliinCwSQB
ykF+6dKTphTlq1gw0g08wc2W/m2w/ezr01hn0lk1YSDoMkdCsN9NRoAoMqg/om2H
zO0=
-----END CERTIFICATE-----