Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/aHYCTQnedLqhGc1eCePJguTFgjA.roa
File:                     aHYCTQnedLqhGc1eCePJguTFgjA.roa (raw, json)
Hash identifier:          T87S5Ags8vNBHX+M2V+S2A8cRf0mGsTOhPjCp5GuLK4=
Subject key identifier:   68:76:02:4D:09:DE:74:BA:A1:19:CD:5E:09:E3:C9:82:E4:C5:82:30
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       019B7EA72E777D634BDF4FC9B8C6FF7323C9
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/aHYCTQnedLqhGc1eCePJguTFgjA.roa
Signing time:             Fri 02 Jan 2026 12:20:44 +0000
ROA not before:           Fri 02 Jan 2026 12:20:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200357
IP address blocks:        194.104.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:2e:77:7d:63:4b:df:4f:c9:b8:c6:ff:73:23:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Jan  2 12:20:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6876024d09de74baa119cd5e09e3c982e4c58230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:dd:76:11:e5:01:38:58:be:73:c7:90:eb:e7:
                    21:e4:fd:a4:0f:17:be:6e:b4:84:c1:c3:da:8f:d1:
                    64:43:2c:64:52:07:37:c1:9a:42:da:8a:08:91:e6:
                    5a:97:1d:a9:0e:2e:b4:c6:1f:5b:36:58:88:8b:bc:
                    2d:ec:70:56:c0:ba:81:90:1e:b0:13:61:d3:19:4b:
                    4f:e2:0a:a8:73:66:3c:02:0b:66:13:d7:9c:47:cc:
                    6b:a3:75:90:84:6f:2b:c8:a3:2d:ae:77:aa:7b:d0:
                    69:2b:5d:de:62:c6:20:da:d1:e9:f8:66:68:b4:e7:
                    7f:c4:d0:3d:08:3a:c0:76:be:d1:85:8e:ff:04:e6:
                    b7:fc:0e:cc:f1:49:3d:65:3a:29:46:dd:28:f8:b8:
                    ea:3e:11:30:e3:92:2d:49:7c:c6:96:95:b6:d0:5b:
                    5c:97:00:a5:fe:0f:d6:83:80:73:2e:b2:86:ff:70:
                    72:dd:0c:f2:d2:64:2b:9c:b0:e1:87:31:b3:f8:f6:
                    69:97:88:22:75:7e:86:03:42:ed:7f:fc:96:10:61:
                    4b:3e:60:c4:a7:cc:24:e8:e8:94:a7:69:a0:96:59:
                    02:11:eb:e6:72:97:d8:24:a7:72:dd:a2:b8:4c:e0:
                    c0:d4:7b:28:6c:f6:b7:90:15:18:bc:71:e8:a5:7e:
                    f8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:76:02:4D:09:DE:74:BA:A1:19:CD:5E:09:E3:C9:82:E4:C5:82:30
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/aHYCTQnedLqhGc1eCePJguTFgjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:82:5d:65:10:5d:6b:d5:e3:41:8a:35:93:a4:dd:34:1c:23:
         4e:ad:0a:90:2b:a3:47:c3:a3:39:0b:ad:ac:39:32:8d:6e:16:
         b2:ad:cf:6f:4c:e9:da:30:12:74:65:a0:bb:64:d3:68:44:81:
         5e:ea:ca:5a:69:21:be:b1:53:3a:2b:79:90:a7:63:39:92:c4:
         95:36:a1:35:06:ec:c0:b3:96:08:e1:a6:f5:16:ce:ea:fe:17:
         5e:7c:02:22:06:ed:62:da:5c:27:cf:b5:00:ab:b0:a6:ff:c0:
         24:a4:25:fc:78:ee:71:d1:c1:1d:47:3d:3c:85:06:23:56:94:
         59:f3:ac:93:79:55:32:f4:29:65:a1:58:ae:0b:4a:51:5c:a4:
         65:82:98:54:12:83:c3:65:1f:92:ce:35:cd:42:5a:ef:b3:5b:
         49:3f:40:90:3f:d1:a3:a4:b9:f4:85:67:fc:da:62:c7:db:a0:
         d7:ca:1a:ae:07:35:a0:0a:f7:16:e4:f1:09:8e:42:7f:12:33:
         15:28:c9:f8:58:5b:51:8e:fd:3a:08:ba:2f:05:29:dd:bd:2b:
         a7:ca:30:af:e4:5d:c3:e3:67:7f:44:a8:eb:78:3b:12:e0:ea:
         0b:d9:14:cb:6a:c8:8a:24:d2:a5:34:14:69:1e:da:6b:6f:09:
         26:26:6a:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+py53fWNL30/JuMb/cyPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjYwMTAyMTIyMDQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc2MDI0ZDA5ZGU3NGJhYTExOWNkNWUwOWUzYzk4MmU0YzU4MjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt912EeUBOFi+c8eQ6+ch5P2kDxe+
brSEwcPaj9FkQyxkUgc3wZpC2ooIkeZalx2pDi60xh9bNliIi7wt7HBWwLqBkB6w
E2HTGUtP4gqoc2Y8AgtmE9ecR8xro3WQhG8ryKMtrneqe9BpK13eYsYg2tHp+GZo
tOd/xNA9CDrAdr7RhY7/BOa3/A7M8Uk9ZTopRt0o+LjqPhEw45ItSXzGlpW20Ftc
lwCl/g/Wg4BzLrKG/3By3Qzy0mQrnLDhhzGz+PZpl4gidX6GA0Ltf/yWEGFLPmDE
p8wk6OiUp2mgllkCEevmcpfYJKdy3aK4TODA1HsobPa3kBUYvHHopX747wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGh2Ak0J3nS6oRnNXgnjyYLkxYIwMB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvYUhZQ1RRbmVkTHFoR2MxZUNlUEpndVRGZ2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwmgUMA0G
CSqGSIb3DQEBCwUAA4IBAQBZgl1lEF1r1eNBijWTpN00HCNOrQqQK6NHw6M5C62s
OTKNbhayrc9vTOnaMBJ0ZaC7ZNNoRIFe6spaaSG+sVM6K3mQp2M5ksSVNqE1BuzA
s5YI4ab1Fs7q/hdefAIiBu1i2lwnz7UAq7Cm/8AkpCX8eO5x0cEdRz08hQYjVpRZ
86yTeVUy9ClloViuC0pRXKRlgphUEoPDZR+SzjXNQlrvs1tJP0CQP9GjpLn0hWf8
2mLH26DXyhquBzWgCvcW5PEJjkJ/EjMVKMn4WFtRjv06CLovBSndvSunyjCv5F3D
42d/RKjreDsS4OoL2RTLasiKJNKlNBRpHtprbwkmJmop
-----END CERTIFICATE-----