Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/4LvgqQnRm-5wgkIxb2YREs-b2RY.roa
File:                     4LvgqQnRm-5wgkIxb2YREs-b2RY.roa (raw, json)
Hash identifier:          OXbW7JLQRI/gw7tyjauy/Oxf9k522sPNsWVSUNOr3ok=
Subject key identifier:   E0:BB:E0:A9:09:D1:9B:EE:70:82:42:31:6F:66:11:12:CF:9B:D9:16
Certificate issuer:       /CN=b2deb3765f539f1ec3f00213ff834085b7c8c76f
Certificate serial:       019C468D05165B4FB1ABB99D3496E705D344
Authority key identifier: B2:DE:B3:76:5F:53:9F:1E:C3:F0:02:13:FF:83:40:85:B7:C8:C7:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/4LvgqQnRm-5wgkIxb2YREs-b2RY.roa
Signing time:             Tue 10 Feb 2026 07:56:12 +0000
ROA not before:           Tue 10 Feb 2026 07:56:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395954
IP address blocks:        194.9.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:8d:05:16:5b:4f:b1:ab:b9:9d:34:96:e7:05:d3:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2deb3765f539f1ec3f00213ff834085b7c8c76f
        Validity
            Not Before: Feb 10 07:56:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0bbe0a909d19bee708242316f661112cf9bd916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:dd:5f:8f:32:b7:9f:85:5a:9a:03:74:3b:e6:
                    c0:49:bf:81:5d:8a:64:00:e4:f6:81:42:cd:f1:bb:
                    e7:d7:62:48:66:52:bb:e6:33:e5:71:b2:1c:2f:1e:
                    4c:fe:bc:c8:09:db:5e:d6:08:7d:39:72:99:1a:78:
                    a9:4a:66:72:1a:c2:bb:0d:8f:e1:f2:68:1a:52:5d:
                    fd:9a:aa:7e:a2:d0:5b:49:d6:a9:d9:a2:a5:d9:5e:
                    61:27:85:9e:99:0f:df:88:dc:f2:d0:ca:ac:dd:ec:
                    e3:6c:6c:14:18:44:9e:e0:92:44:62:4d:a1:93:1b:
                    fe:10:15:12:24:87:ae:d4:5a:ab:55:c0:58:c8:fb:
                    43:3f:3f:9e:38:20:0f:c0:d1:3e:8b:1d:fa:ac:9c:
                    94:8f:dd:89:ce:02:13:01:6e:f8:4a:c5:33:02:d3:
                    ec:4f:90:21:8a:ee:b1:20:27:22:b1:f8:7b:0d:92:
                    43:62:35:39:39:68:ce:27:0e:65:a5:7b:11:d3:ba:
                    1f:e0:2a:2d:51:1f:22:69:1f:37:ca:4f:ff:22:b8:
                    f1:6e:40:a7:19:d3:7a:04:27:eb:92:b9:12:bc:24:
                    50:08:b4:30:5e:ac:0b:ee:bd:e8:7c:ca:33:78:1c:
                    66:f6:11:4a:6f:49:5f:32:ae:51:c3:b6:91:f8:db:
                    99:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BB:E0:A9:09:D1:9B:EE:70:82:42:31:6F:66:11:12:CF:9B:D9:16
            X509v3 Authority Key Identifier:
                keyid:B2:DE:B3:76:5F:53:9F:1E:C3:F0:02:13:FF:83:40:85:B7:C8:C7:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/4LvgqQnRm-5wgkIxb2YREs-b2RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:0a:52:31:5e:ab:c6:74:4d:f9:d0:c5:04:2b:2e:ff:33:31:
         7a:e0:52:03:a1:21:1c:4a:2b:23:49:5d:67:15:e3:79:22:86:
         d9:c9:bf:50:02:ad:63:56:32:9e:dd:eb:5d:cc:b1:63:7d:ff:
         4b:e4:14:3b:07:d2:37:1f:03:e1:8f:a4:7c:c7:ab:a1:41:23:
         91:20:3f:fc:5d:1f:5f:97:dd:99:97:69:f9:fc:0e:71:b6:cd:
         26:9e:35:1e:37:40:ba:88:8e:72:91:ee:5c:77:c4:cb:31:b3:
         4e:11:74:bc:dd:b0:c0:7d:b5:bb:41:d7:b2:dc:76:8d:f0:ae:
         94:57:57:89:6b:12:69:4a:5d:7f:71:77:e8:78:87:14:c6:9a:
         4c:77:29:62:ea:ca:e4:32:b0:b7:7b:5a:25:b2:38:50:a8:3c:
         06:0b:b0:54:70:1e:56:54:a1:fc:6c:88:a9:ae:b3:27:63:03:
         29:dd:af:ae:92:ae:a9:f8:b0:89:a0:ad:c1:36:ac:b3:5f:b4:
         88:01:3d:10:12:f1:76:94:29:7d:81:9b:57:bb:98:36:f6:78:
         2c:ea:b1:3f:93:fb:41:b2:fc:42:f4:ae:81:22:e0:54:43:4e:
         11:89:90:2a:02:47:7c:60:03:34:f0:9a:f3:10:75:25:e6:61:
         38:58:8a:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxGjQUWW0+xq7mdNJbnBdNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZGViMzc2NWY1MzlmMWVjM2YwMDIxM2ZmODM0MDg1Yjdj
OGM3NmYwHhcNMjYwMjEwMDc1NjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGJiZTBhOTA5ZDE5YmVlNzA4MjQyMzE2ZjY2MTExMmNmOWJkOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtN1fjzK3n4VamgN0O+bASb+BXYpk
AOT2gULN8bvn12JIZlK75jPlcbIcLx5M/rzICdte1gh9OXKZGnipSmZyGsK7DY/h
8mgaUl39mqp+otBbSdap2aKl2V5hJ4WemQ/fiNzy0Mqs3ezjbGwUGESe4JJEYk2h
kxv+EBUSJIeu1FqrVcBYyPtDPz+eOCAPwNE+ix36rJyUj92JzgITAW74SsUzAtPs
T5Ahiu6xICcisfh7DZJDYjU5OWjOJw5lpXsR07of4CotUR8iaR83yk//IrjxbkCn
GdN6BCfrkrkSvCRQCLQwXqwL7r3ofMozeBxm9hFKb0lfMq5Rw7aR+NuZ1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOC74KkJ0ZvucIJCMW9mERLPm9kWMB8GA1UdIwQY
MBaAFLLes3ZfU58ew/ACE/+DQIW3yMdvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3Q2emRsOVRueDdEOEFJVF80TkFoYmZJeDI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC84YzYzOTUtNjQ2YS00N2EyLWI0YjYt
YzZmNmUzZjI4OTU2LzEvNEx2Z3FRblJtLTV3Z2tJeGIyWVJFcy1iMlJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC84YzYzOTUtNjQ2YS00N2EyLWI0YjYtYzZmNmUzZjI4OTU2
LzEvc3Q2emRsOVRueDdEOEFJVF80TkFoYmZJeDI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgl3MA0G
CSqGSIb3DQEBCwUAA4IBAQBTClIxXqvGdE350MUEKy7/MzF64FIDoSEcSisjSV1n
FeN5IobZyb9QAq1jVjKe3etdzLFjff9L5BQ7B9I3HwPhj6R8x6uhQSORID/8XR9f
l92Zl2n5/A5xts0mnjUeN0C6iI5yke5cd8TLMbNOEXS83bDAfbW7Qdey3HaN8K6U
V1eJaxJpSl1/cXfoeIcUxppMdyli6srkMrC3e1olsjhQqDwGC7BUcB5WVKH8bIip
rrMnYwMp3a+ukq6p+LCJoK3BNqyzX7SIAT0QEvF2lCl9gZtXu5g29ngs6rE/k/tB
svxC9K6BIuBUQ04RiZAqAkd8YAM08JrzEHUl5mE4WIpD
-----END CERTIFICATE-----