Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/4j2l0R0oiX3sFLga6aYE81cIPxI.roa
File:                     4j2l0R0oiX3sFLga6aYE81cIPxI.roa (raw, json)
Hash identifier:          RzXR10l18GypZ8d4diV18s33YCTUu7qf7Qk1hWsnKR4=
Subject key identifier:   E2:3D:A5:D1:1D:28:89:7D:EC:14:B8:1A:E9:A6:04:F3:57:08:3F:12
Certificate issuer:       /CN=2dea78b12d435b97defbf92c74265c3433bbd029
Certificate serial:       019B76EB5BC07497D4430CD742532D67BBCE
Authority key identifier: 2D:EA:78:B1:2D:43:5B:97:DE:FB:F9:2C:74:26:5C:34:33:BB:D0:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lep4sS1DW5fe-_ksdCZcNDO70Ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/4j2l0R0oiX3sFLga6aYE81cIPxI.roa
Signing time:             Thu 01 Jan 2026 00:18:14 +0000
ROA not before:           Thu 01 Jan 2026 00:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42668
IP address blocks:        31.134.128.0/18 maxlen: 18
                          89.107.11.0/24 maxlen: 24
                          89.223.32.0/19 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/Lep4sS1DW5fe-_ksdCZcNDO70Ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/Lep4sS1DW5fe-_ksdCZcNDO70Ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lep4sS1DW5fe-_ksdCZcNDO70Ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:5b:c0:74:97:d4:43:0c:d7:42:53:2d:67:bb:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dea78b12d435b97defbf92c74265c3433bbd029
        Validity
            Not Before: Jan  1 00:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e23da5d11d28897dec14b81ae9a604f357083f12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b3:f5:aa:47:f4:27:e3:4a:d1:bf:68:1a:77:
                    c4:cd:98:54:9a:4d:c4:09:32:36:98:c5:16:cc:27:
                    9a:c4:0a:ca:50:d2:d6:2d:d6:70:8b:63:0e:8d:09:
                    8c:f3:31:e9:e9:c5:0f:a1:f0:aa:bf:ff:50:54:e2:
                    46:4e:cd:52:1f:1d:05:49:23:b7:fa:95:02:33:a0:
                    a2:5c:cc:5f:c4:ae:b8:6d:ba:92:0f:f2:42:ac:8b:
                    1a:68:f0:bd:ee:41:98:eb:a4:78:da:37:fd:c9:98:
                    bc:86:b7:c2:5b:0e:e4:ea:02:a8:a1:42:96:8d:53:
                    ae:97:13:a9:02:e2:8d:87:2e:02:08:0d:10:30:62:
                    6c:57:d0:bd:4a:f1:ba:b9:9e:75:6c:56:4b:aa:51:
                    a6:2b:6a:97:45:fd:bd:4c:71:f4:83:ae:6e:ef:6a:
                    40:a0:37:9d:4e:bb:17:fa:3f:8f:24:1c:5e:0c:cf:
                    42:e3:32:0d:ed:29:94:1d:54:21:05:21:4b:22:ed:
                    06:c6:fc:ce:87:97:87:4c:c4:9f:cf:52:44:db:06:
                    5e:2d:01:e0:b0:e5:35:eb:0f:40:ba:7e:ca:8a:0c:
                    e2:9c:b2:bb:73:42:1e:a3:20:23:2e:cc:b8:12:6d:
                    7f:0c:13:81:65:a1:49:0e:54:1c:91:16:27:d9:5d:
                    49:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:3D:A5:D1:1D:28:89:7D:EC:14:B8:1A:E9:A6:04:F3:57:08:3F:12
            X509v3 Authority Key Identifier:
                keyid:2D:EA:78:B1:2D:43:5B:97:DE:FB:F9:2C:74:26:5C:34:33:BB:D0:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lep4sS1DW5fe-_ksdCZcNDO70Ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/4j2l0R0oiX3sFLga6aYE81cIPxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/Lep4sS1DW5fe-_ksdCZcNDO70Ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.134.128.0/18
                  89.107.11.0/24
                  89.223.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6a:d7:ae:93:7a:68:46:cc:36:84:c8:cd:27:87:1b:b0:13:85:
         c6:0c:73:e6:43:a1:19:8f:7f:e9:d0:9d:8a:a0:ef:fd:2a:b3:
         c3:3e:c9:84:c6:58:f2:13:4e:28:0c:34:c3:35:e0:cf:c0:9e:
         fc:f2:63:e3:9c:70:b5:a9:a1:e7:04:8d:d8:dc:fd:c9:f8:fe:
         5d:40:87:0e:44:f3:cc:8e:23:df:d1:3d:a8:d8:85:78:be:ba:
         6c:f2:11:d8:16:c0:a3:63:2b:a9:94:e5:01:d4:24:e2:2d:34:
         53:d3:ae:91:a7:23:bb:d8:b3:dc:30:ba:92:75:cc:c1:7e:f5:
         a3:01:e5:c8:69:76:7f:60:5a:1e:b4:c0:d6:6e:27:eb:c1:ef:
         83:91:1c:fc:ab:8d:76:04:d4:c3:8e:8d:10:94:26:6b:ec:b6:
         0f:96:92:44:3e:ef:d4:0d:1f:99:19:15:bc:a8:74:4d:36:c9:
         b6:79:0a:49:a2:f9:c0:19:94:8a:a0:91:df:58:e0:2b:bd:42:
         0d:36:0a:e9:02:36:2f:58:d4:ec:e5:b8:b1:dc:4f:ce:bb:b4:
         08:ff:74:7e:ff:78:fc:73:66:9d:d3:87:45:94:40:71:3a:18:
         5d:64:98:c4:2b:3e:f7:db:e6:7a:f4:98:7d:7a:e1:86:f7:93:
         12:82:aa:52
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt261vAdJfUQwzXQlMtZ7vOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZWE3OGIxMmQ0MzViOTdkZWZiZjkyYzc0MjY1YzM0MzNi
YmQwMjkwHhcNMjYwMTAxMDAxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjNkYTVkMTFkMjg4OTdkZWMxNGI4MWFlOWE2MDRmMzU3MDgzZjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rP1qkf0J+NK0b9oGnfEzZhUmk3E
CTI2mMUWzCeaxArKUNLWLdZwi2MOjQmM8zHp6cUPofCqv/9QVOJGTs1SHx0FSSO3
+pUCM6CiXMxfxK64bbqSD/JCrIsaaPC97kGY66R42jf9yZi8hrfCWw7k6gKooUKW
jVOulxOpAuKNhy4CCA0QMGJsV9C9SvG6uZ51bFZLqlGmK2qXRf29THH0g65u72pA
oDedTrsX+j+PJBxeDM9C4zIN7SmUHVQhBSFLIu0GxvzOh5eHTMSfz1JE2wZeLQHg
sOU16w9Aun7KigzinLK7c0IeoyAjLsy4Em1/DBOBZaFJDlQckRYn2V1JowIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOI9pdEdKIl97BS4GummBPNXCD8SMB8GA1UdIwQY
MBaAFC3qeLEtQ1uX3vv5LHQmXDQzu9ApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGVwNHNTMURXNWZlLV9rc2RDWmNORE83MENrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS85NmZhZWQtODdjMC00YjAwLTgxNzgt
YTFkY2MzZmI5YTRmLzEvNGoybDBSMG9pWDNzRkxnYTZhWUU4MWNJUHhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS85NmZhZWQtODdjMC00YjAwLTgxNzgtYTFkY2MzZmI5YTRm
LzEvTGVwNHNTMURXNWZlLV9rc2RDWmNORE83MENrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGH4aAAwQA
WWsLAwQFWd8gMA0GCSqGSIb3DQEBCwUAA4IBAQBq166TemhGzDaEyM0nhxuwE4XG
DHPmQ6EZj3/p0J2KoO/9KrPDPsmExljyE04oDDTDNeDPwJ788mPjnHC1qaHnBI3Y
3P3J+P5dQIcORPPMjiPf0T2o2IV4vrps8hHYFsCjYyuplOUB1CTiLTRT066RpyO7
2LPcMLqSdczBfvWjAeXIaXZ/YFoetMDWbifrwe+DkRz8q412BNTDjo0QlCZr7LYP
lpJEPu/UDR+ZGRW8qHRNNsm2eQpJovnAGZSKoJHfWOArvUINNgrpAjYvWNTs5bix
3E/Ou7QI/3R+/3j8c2ad04dFlEBxOhhdZJjEKz732+Z69Jh9euGG95MSgqpS
-----END CERTIFICATE-----