Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/56EYdVdPARTza2xcs8WALSYXTOQ.roa
File:                     56EYdVdPARTza2xcs8WALSYXTOQ.roa (raw, json)
Hash identifier:          zmgqXldif1WCq/XR13fNKgAfLW2J2LNZ/H94SIzJybg=
Subject key identifier:   E7:A1:18:75:57:4F:01:14:F3:6B:6C:5C:B3:C5:80:2D:26:17:4C:E4
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       019B7EA72D8535563B91D73110E4AC869A75
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/56EYdVdPARTza2xcs8WALSYXTOQ.roa
Signing time:             Fri 02 Jan 2026 12:20:43 +0000
ROA not before:           Fri 02 Jan 2026 12:20:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200333
IP address blocks:        194.156.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:2d:85:35:56:3b:91:d7:31:10:e4:ac:86:9a:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Jan  2 12:20:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e7a11875574f0114f36b6c5cb3c5802d26174ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:dd:64:c3:f9:f8:f6:4a:5a:1b:16:fe:ec:c1:
                    96:92:c2:55:96:8f:ee:12:e1:5b:1e:d6:db:53:f3:
                    58:0c:be:5b:b6:21:73:3d:79:08:d7:64:61:9e:ad:
                    32:f5:5f:83:f7:a0:30:17:78:e0:22:9e:f8:da:02:
                    8b:bf:f4:43:3a:3f:b2:87:e4:1c:1f:82:82:de:30:
                    f7:b3:a2:9b:e7:5b:f6:c2:1f:58:9a:68:f7:04:95:
                    39:0c:28:2c:2a:fd:6f:52:18:d2:f9:58:e5:de:31:
                    95:d7:d9:73:d1:4d:62:a5:70:fd:c0:a3:04:e0:65:
                    c5:61:a6:9a:96:6a:ee:cc:bd:91:5e:0c:19:9f:ad:
                    d7:23:e7:79:20:a1:61:27:45:58:aa:5f:37:1f:2e:
                    43:67:f9:9c:60:66:fa:9f:be:ad:3e:06:d4:57:fb:
                    86:be:56:a2:a5:3a:8e:9b:b9:2f:c7:13:85:7c:de:
                    9e:30:f9:3d:89:56:f4:ce:4d:22:42:5c:37:c7:62:
                    5b:d1:de:6e:e8:bb:22:c5:1d:31:f1:fb:9f:42:0d:
                    46:c7:fa:56:09:d6:55:cf:31:87:29:fe:59:1b:f4:
                    5d:2c:a4:a7:79:8f:7e:93:0a:91:2d:fd:83:41:d6:
                    c6:77:64:d9:12:b2:06:fe:48:f0:72:c1:0a:b3:d9:
                    3b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:A1:18:75:57:4F:01:14:F3:6B:6C:5C:B3:C5:80:2D:26:17:4C:E4
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/56EYdVdPARTza2xcs8WALSYXTOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cb:19:8c:d4:92:fa:69:7b:9a:a8:da:6c:40:5d:4b:81:75:a7:
         59:51:53:fd:7c:38:84:c7:d8:8b:11:0c:9d:7c:f7:a0:73:9d:
         d6:2d:cc:37:a7:fa:a8:b9:cf:ed:51:a3:e8:9a:7c:b5:14:54:
         ef:2c:18:76:6f:6e:9e:18:3c:1f:6b:6f:04:9c:7e:80:cc:ba:
         5e:42:76:64:64:b4:17:30:4a:58:28:95:0c:2a:db:bb:72:bc:
         95:75:3f:76:33:74:5e:24:8b:58:1b:bf:94:4d:9c:56:cf:34:
         44:20:a9:d1:fa:10:be:26:44:3f:d5:0e:77:04:95:4b:7a:44:
         32:ba:6d:d1:b6:30:4d:70:d5:0a:c7:8f:3d:44:16:4d:2e:a4:
         cc:bc:9c:2d:d2:e8:d2:6a:2d:8e:39:d3:39:80:75:82:0f:49:
         3c:70:af:4b:d7:de:0f:f9:d7:81:8f:6c:40:90:d4:b3:91:7e:
         db:3a:a5:84:bd:42:ca:8d:05:9d:29:19:6e:2e:cf:13:9f:63:
         87:4a:8a:c7:67:80:24:a0:7e:4a:53:0b:da:5e:ab:46:e0:20:
         18:f8:bc:90:ac:bd:de:ad:d6:91:4f:e2:81:e0:02:50:f8:06:
         fc:45:d2:c6:d2:80:d1:14:f9:6a:0b:1c:d3:d0:e8:9b:21:7b:
         c5:55:49:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+py2FNVY7kdcxEOSshpp1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjYwMTAyMTIyMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2ExMTg3NTU3NGYwMTE0ZjM2YjZjNWNiM2M1ODAyZDI2MTc0Y2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApN1kw/n49kpaGxb+7MGWksJVlo/u
EuFbHtbbU/NYDL5btiFzPXkI12Rhnq0y9V+D96AwF3jgIp742gKLv/RDOj+yh+Qc
H4KC3jD3s6Kb51v2wh9Ymmj3BJU5DCgsKv1vUhjS+Vjl3jGV19lz0U1ipXD9wKME
4GXFYaaalmruzL2RXgwZn63XI+d5IKFhJ0VYql83Hy5DZ/mcYGb6n76tPgbUV/uG
vlaipTqOm7kvxxOFfN6eMPk9iVb0zk0iQlw3x2Jb0d5u6LsixR0x8fufQg1Gx/pW
CdZVzzGHKf5ZG/RdLKSneY9+kwqRLf2DQdbGd2TZErIG/kjwcsEKs9k7LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOehGHVXTwEU82tsXLPFgC0mF0zkMB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvNTZFWWRWZFBBUlR6YTJ4Y3M4V0FMU1lYVE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpz4MA0G
CSqGSIb3DQEBCwUAA4IBAQDLGYzUkvppe5qo2mxAXUuBdadZUVP9fDiEx9iLEQyd
fPegc53WLcw3p/qouc/tUaPomny1FFTvLBh2b26eGDwfa28EnH6AzLpeQnZkZLQX
MEpYKJUMKtu7cryVdT92M3ReJItYG7+UTZxWzzREIKnR+hC+JkQ/1Q53BJVLekQy
um3RtjBNcNUKx489RBZNLqTMvJwt0ujSai2OOdM5gHWCD0k8cK9L194P+deBj2xA
kNSzkX7bOqWEvULKjQWdKRluLs8Tn2OHSorHZ4AkoH5KUwvaXqtG4CAY+LyQrL3e
rdaRT+KB4AJQ+Ab8RdLG0oDRFPlqCxzT0OibIXvFVUm3
-----END CERTIFICATE-----