Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/nU7s4umftAMiGN6r7wo4esT2bnk.roa
File:                     nU7s4umftAMiGN6r7wo4esT2bnk.roa (raw, json)
Hash identifier:          L35jrGV9LS0QTr/GiGbmv85SpItryPBRv0p450JVajw=
Subject key identifier:   9D:4E:EC:E2:E9:9F:B4:03:22:18:DE:AB:EF:0A:38:7A:C4:F6:6E:79
Certificate issuer:       /CN=a430942203aa2f8d390a8dae50b85a984504fd9c
Certificate serial:       019B7758CE40B6E88057BFDEDF7EB1DC0122
Authority key identifier: A4:30:94:22:03:AA:2F:8D:39:0A:8D:AE:50:B8:5A:98:45:04:FD:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDCUIgOqL405Co2uULhamEUE_Zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/nU7s4umftAMiGN6r7wo4esT2bnk.roa
Signing time:             Thu 01 Jan 2026 02:17:47 +0000
ROA not before:           Thu 01 Jan 2026 02:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197843
IP address blocks:        195.216.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/pDCUIgOqL405Co2uULhamEUE_Zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/pDCUIgOqL405Co2uULhamEUE_Zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pDCUIgOqL405Co2uULhamEUE_Zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ce:40:b6:e8:80:57:bf:de:df:7e:b1:dc:01:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a430942203aa2f8d390a8dae50b85a984504fd9c
        Validity
            Not Before: Jan  1 02:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d4eece2e99fb4032218deabef0a387ac4f66e79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:30:3b:73:a0:38:d8:07:f8:17:bc:0b:85:e2:
                    25:b5:3d:7d:d6:1c:0b:35:b7:8a:44:2d:a1:ca:2f:
                    6a:58:1c:48:7d:b9:9a:1e:57:07:a8:dc:26:65:a1:
                    49:31:31:42:c4:66:3b:1a:72:2e:d8:ff:84:3e:74:
                    16:af:68:3c:8d:76:85:a1:79:b9:fd:48:34:57:07:
                    6e:6d:bb:34:fb:ea:f7:53:d6:4b:a8:22:80:fe:a6:
                    02:86:56:a1:64:00:b7:fa:79:01:da:6c:fd:c3:9b:
                    39:d9:5e:a7:0c:1f:c1:20:95:09:dc:04:ea:d6:99:
                    cb:fe:8a:4e:9f:c2:2e:16:0c:19:8b:a8:75:9d:85:
                    52:69:0d:6d:fb:d5:90:2a:0a:22:ed:fb:95:da:2f:
                    09:4d:eb:63:a6:42:2d:d2:9b:2d:25:54:4d:67:b4:
                    f7:80:29:a1:1c:37:d2:03:70:f8:f2:10:05:b0:96:
                    6e:ef:5c:dc:5e:a4:da:d7:3d:bf:88:7b:91:23:10:
                    27:e0:9c:42:08:dd:6d:3c:7c:2a:c1:4c:f0:55:70:
                    a9:3e:bc:a8:d6:91:77:4d:c2:3e:bf:78:bf:86:32:
                    d9:78:8b:3d:6a:9f:36:ae:a7:1e:27:8f:19:24:ad:
                    ef:f5:d7:26:ae:74:b0:4a:e7:95:3f:dd:b1:fe:bf:
                    64:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:4E:EC:E2:E9:9F:B4:03:22:18:DE:AB:EF:0A:38:7A:C4:F6:6E:79
            X509v3 Authority Key Identifier:
                keyid:A4:30:94:22:03:AA:2F:8D:39:0A:8D:AE:50:B8:5A:98:45:04:FD:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDCUIgOqL405Co2uULhamEUE_Zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/nU7s4umftAMiGN6r7wo4esT2bnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/c52953-f96d-4e4c-8ddb-1bf0f7b4df30/1/pDCUIgOqL405Co2uULhamEUE_Zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ec:7d:14:20:ef:d6:79:b0:a4:75:79:2d:d0:84:a9:1a:56:
         7a:21:37:97:c0:92:c7:78:59:67:3b:7c:e9:07:88:e0:93:d6:
         af:08:c5:97:fb:57:3e:95:aa:f5:9e:f2:51:8e:b5:fa:c2:ad:
         42:05:c5:70:12:85:d4:73:c3:be:4f:b0:1f:79:28:9e:95:24:
         ee:7b:77:f8:e5:55:c6:83:70:93:fb:87:9d:08:c0:97:93:4e:
         65:9f:db:94:83:f7:95:4d:80:93:30:dd:94:b3:0d:33:57:50:
         c4:42:2f:dc:2e:e9:7f:b6:c4:25:db:c2:ef:c1:4d:9e:e7:f8:
         68:6f:4e:01:8a:68:a6:bd:2b:9d:cc:76:5c:ce:d4:22:e7:0e:
         30:d8:0c:19:29:41:b6:5e:c7:d6:1a:6b:83:9a:c3:c2:b3:03:
         36:3d:f5:a7:f9:d6:82:b8:d3:aa:27:d2:a2:6e:c3:6a:d0:fb:
         23:de:31:cc:19:8b:65:81:eb:78:d0:07:84:1f:d9:13:2f:f6:
         20:0d:cc:f6:13:ad:a8:95:cb:31:b2:4b:a1:47:17:6f:e1:5f:
         1e:1e:62:51:73:2e:7c:9e:45:2e:77:d7:4d:2c:a3:81:ff:a9:
         f7:6a:3f:05:f7:9e:30:4c:7a:52:3e:fd:6b:08:9d:e3:43:76:
         91:9d:01:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WM5AtuiAV7/e336x3AEiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzA5NDIyMDNhYTJmOGQzOTBhOGRhZTUwYjg1YTk4NDUw
NGZkOWMwHhcNMjYwMTAxMDIxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDRlZWNlMmU5OWZiNDAzMjIxOGRlYWJlZjBhMzg3YWM0ZjY2ZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTA7c6A42Af4F7wLheIltT191hwL
NbeKRC2hyi9qWBxIfbmaHlcHqNwmZaFJMTFCxGY7GnIu2P+EPnQWr2g8jXaFoXm5
/Ug0Vwdubbs0++r3U9ZLqCKA/qYChlahZAC3+nkB2mz9w5s52V6nDB/BIJUJ3ATq
1pnL/opOn8IuFgwZi6h1nYVSaQ1t+9WQKgoi7fuV2i8JTetjpkIt0pstJVRNZ7T3
gCmhHDfSA3D48hAFsJZu71zcXqTa1z2/iHuRIxAn4JxCCN1tPHwqwUzwVXCpPryo
1pF3TcI+v3i/hjLZeIs9ap82rqceJ48ZJK3v9dcmrnSwSueVP92x/r9kawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1O7OLpn7QDIhjeq+8KOHrE9m55MB8GA1UdIwQY
MBaAFKQwlCIDqi+NOQqNrlC4WphFBP2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERDVUlnT3FMNDA1Q28ydVVMaGFtRVVFX1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9jNTI5NTMtZjk2ZC00ZTRjLThkZGIt
MWJmMGY3YjRkZjMwLzEvblU3czR1bWZ0QU1pR042cjd3bzRlc1QyYm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9jNTI5NTMtZjk2ZC00ZTRjLThkZGItMWJmMGY3YjRkZjMw
LzEvcERDVUlnT3FMNDA1Q28ydVVMaGFtRVVFX1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9j9MA0G
CSqGSIb3DQEBCwUAA4IBAQA17H0UIO/WebCkdXkt0ISpGlZ6ITeXwJLHeFlnO3zp
B4jgk9avCMWX+1c+lar1nvJRjrX6wq1CBcVwEoXUc8O+T7AfeSielSTue3f45VXG
g3CT+4edCMCXk05ln9uUg/eVTYCTMN2Usw0zV1DEQi/cLul/tsQl28LvwU2e5/ho
b04BimimvSudzHZcztQi5w4w2AwZKUG2XsfWGmuDmsPCswM2PfWn+daCuNOqJ9Ki
bsNq0Psj3jHMGYtlget40AeEH9kTL/YgDcz2E62olcsxskuhRxdv4V8eHmJRcy58
nkUud9dNLKOB/6n3aj8F954wTHpSPv1rCJ3jQ3aRnQG/
-----END CERTIFICATE-----