Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/f9d7ba-a44b-462d-b333-fd7dbdf8e300/1/1-kOi4nefmaukalzSye5kdhLHwjg.roa
File:                     1-kOi4nefmaukalzSye5kdhLHwjg.roa (raw, json)
Hash identifier:          0aXXszrWV6/bhcESEiK3I+iPJll6E210hDJhUqm+acY=
Subject key identifier:   FA:43:A2:E2:77:9F:99:AB:A4:6A:5C:D2:C9:EE:64:76:12:C7:C2:38
Certificate issuer:       /CN=ce1228a3a3d00654d4b111733874e31d80c0a20c
Certificate serial:       019B7C1270C6520B1CAEFDFAB462BCD00156
Authority key identifier: CE:12:28:A3:A3:D0:06:54:D4:B1:11:73:38:74:E3:1D:80:C0:A2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zhIoo6PQBlTUsRFzOHTjHYDAogw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/f9d7ba-a44b-462d-b333-fd7dbdf8e300/1/1-kOi4nefmaukalzSye5kdhLHwjg.roa
Signing time:             Fri 02 Jan 2026 00:19:01 +0000
ROA not before:           Fri 02 Jan 2026 00:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58180
IP address blocks:        86.54.201.0/24 maxlen: 24
                          195.206.120.0/24 maxlen: 24
                          2a14:9380::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/f9d7ba-a44b-462d-b333-fd7dbdf8e300/1/zhIoo6PQBlTUsRFzOHTjHYDAogw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/f9d7ba-a44b-462d-b333-fd7dbdf8e300/1/zhIoo6PQBlTUsRFzOHTjHYDAogw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zhIoo6PQBlTUsRFzOHTjHYDAogw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:70:c6:52:0b:1c:ae:fd:fa:b4:62:bc:d0:01:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce1228a3a3d00654d4b111733874e31d80c0a20c
        Validity
            Not Before: Jan  2 00:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa43a2e2779f99aba46a5cd2c9ee647612c7c238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a4:16:62:31:14:60:55:85:e3:11:d4:d9:67:
                    33:7f:5f:79:81:ff:be:43:11:e9:44:6e:fb:63:c6:
                    90:28:0c:30:af:07:84:f7:7d:60:46:ad:be:d2:ee:
                    02:e0:9f:68:21:63:0c:68:e8:7b:23:38:a4:d9:77:
                    fe:69:d4:af:cf:61:ce:44:14:4a:a5:98:95:37:0c:
                    ce:d8:70:05:20:8f:14:38:31:40:9f:38:89:00:f4:
                    81:00:9a:7f:c5:6d:1f:8d:ec:8b:58:26:73:80:04:
                    fe:a5:6c:c0:7b:3b:dc:74:a7:dc:e5:04:c6:24:01:
                    93:8a:f1:74:00:94:ae:25:2e:93:3a:74:41:82:56:
                    23:8e:a1:7d:77:66:55:39:0e:d1:7e:ca:16:4d:80:
                    bb:44:33:f5:34:5e:e0:87:75:d4:af:46:06:70:a9:
                    16:11:ef:51:2a:66:f9:0f:1f:f8:00:67:7f:a8:ff:
                    2b:0e:f5:8f:52:30:fe:21:e0:5b:88:a6:9f:e4:b3:
                    e8:d5:7f:a0:ea:d0:c1:40:0d:50:5f:23:82:e0:2d:
                    5c:10:49:d8:2b:fd:ad:c6:db:40:d1:7a:7b:cd:ad:
                    13:68:a6:a4:97:68:93:d3:40:89:31:96:fd:ad:46:
                    cf:e3:69:89:2a:c9:7a:50:cf:12:bc:00:bc:27:2a:
                    51:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:43:A2:E2:77:9F:99:AB:A4:6A:5C:D2:C9:EE:64:76:12:C7:C2:38
            X509v3 Authority Key Identifier:
                keyid:CE:12:28:A3:A3:D0:06:54:D4:B1:11:73:38:74:E3:1D:80:C0:A2:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zhIoo6PQBlTUsRFzOHTjHYDAogw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/f9d7ba-a44b-462d-b333-fd7dbdf8e300/1/1-kOi4nefmaukalzSye5kdhLHwjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/f9d7ba-a44b-462d-b333-fd7dbdf8e300/1/zhIoo6PQBlTUsRFzOHTjHYDAogw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.54.201.0/24
                  195.206.120.0/24
                IPv6:
                  2a14:9380::/32

    Signature Algorithm: sha256WithRSAEncryption
         ba:7a:be:c1:02:91:17:05:b1:71:cf:61:71:6b:f2:0e:84:3f:
         fb:8e:ac:35:b6:36:a6:07:f6:ab:96:04:9c:c1:0d:a8:e3:78:
         ae:c9:5a:e4:9f:50:33:5d:fe:2a:c3:8c:63:e3:db:82:19:54:
         bb:bc:94:fc:73:65:1a:65:fc:00:2e:d3:0d:d2:9d:c0:9b:52:
         55:f8:98:cf:72:bf:30:02:8c:09:24:29:12:e3:66:08:b9:15:
         dd:4a:11:31:2b:a9:53:78:3a:33:5a:2b:0d:e7:3b:29:8d:3b:
         e1:32:60:d4:89:0d:b6:5d:58:54:d2:ee:b4:dd:51:99:e7:5c:
         52:d3:84:32:f0:41:a6:7d:6c:d3:f7:b2:71:15:9a:d4:f9:29:
         2a:b3:ce:56:d2:ae:a3:a2:bd:0a:d0:f3:c7:f7:a5:2a:06:f1:
         f7:17:70:c5:82:ee:69:54:50:b4:e9:0e:9a:ac:00:41:57:5b:
         84:91:86:3b:25:94:2e:c2:aa:4e:0e:99:35:4c:ac:7d:35:4f:
         f9:4d:4b:bf:8e:e5:bb:4d:8d:37:39:a2:1a:e7:bb:6f:f7:a1:
         09:ee:ef:60:19:00:54:f1:70:f6:aa:4c:37:37:5d:75:ee:ff:
         f1:9a:fb:1d:18:99:8b:17:2c:f0:64:80:63:6f:eb:46:3c:d2:
         15:fe:6a:73
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZt8EnDGUgscrv36tGK80AFWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMTIyOGEzYTNkMDA2NTRkNGIxMTE3MzM4NzRlMzFkODBj
MGEyMGMwHhcNMjYwMTAyMDAxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTQzYTJlMjc3OWY5OWFiYTQ2YTVjZDJjOWVlNjQ3NjEyYzdjMjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqQWYjEUYFWF4xHU2Wczf195gf++
QxHpRG77Y8aQKAwwrweE931gRq2+0u4C4J9oIWMMaOh7Izik2Xf+adSvz2HORBRK
pZiVNwzO2HAFII8UODFAnziJAPSBAJp/xW0fjeyLWCZzgAT+pWzAezvcdKfc5QTG
JAGTivF0AJSuJS6TOnRBglYjjqF9d2ZVOQ7RfsoWTYC7RDP1NF7gh3XUr0YGcKkW
Ee9RKmb5Dx/4AGd/qP8rDvWPUjD+IeBbiKaf5LPo1X+g6tDBQA1QXyOC4C1cEEnY
K/2txttA0Xp7za0TaKakl2iT00CJMZb9rUbP42mJKsl6UM8SvAC8JypRDQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPpDouJ3n5mrpGpc0snuZHYSx8I4MB8GA1UdIwQY
MBaAFM4SKKOj0AZU1LERczh04x2AwKIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemhJb282UFFCbFRVc1JGek9IVGpIWURBb2d3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9mOWQ3YmEtYTQ0Yi00NjJkLWIzMzMt
ZmQ3ZGJkZjhlMzAwLzEvMS1rT2k0bmVmbWF1a2FselN5ZTVrZGhMSHdqZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzYvZjlkN2JhLWE0NGItNDYyZC1iMzMzLWZkN2RiZGY4ZTMw
MC8xL3poSW9vNlBRQmxUVXNSRnpPSFRqSFlEQW9ndy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAFY2yQME
AMPOeDANBAIAAjAHAwUAKhSTgDANBgkqhkiG9w0BAQsFAAOCAQEAunq+wQKRFwWx
cc9hcWvyDoQ/+46sNbY2pgf2q5YEnMENqON4rsla5J9QM13+KsOMY+PbghlUu7yU
/HNlGmX8AC7TDdKdwJtSVfiYz3K/MAKMCSQpEuNmCLkV3UoRMSupU3g6M1orDec7
KY074TJg1IkNtl1YVNLutN1RmedcUtOEMvBBpn1s0/eycRWa1PkpKrPOVtKuo6K9
CtDzx/elKgbx9xdwxYLuaVRQtOkOmqwAQVdbhJGGOyWULsKqTg6ZNUysfTVP+U1L
v47lu02NNzmiGue7b/ehCe7vYBkAVPFw9qpMNzddde7/8Zr7HRiZixcs8GSAY2/r
RjzSFf5qcw==
-----END CERTIFICATE-----