Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/o82as8Pp65IOMGZ2l9--UN04jxE.roa
File:                     o82as8Pp65IOMGZ2l9--UN04jxE.roa (raw, json)
Hash identifier:          1ACvBsYWfHGc1kJQlC6LwuaFRNU2JMZS6o4Vp3pXj6s=
Subject key identifier:   A3:CD:9A:B3:C3:E9:EB:92:0E:30:66:76:97:DF:BE:50:DD:38:8F:11
Certificate issuer:       /CN=27391ae28a91d5991346aedaf17bf8605c8cf22e
Certificate serial:       019B7E38DCA84E41A44A6CF5C0DA6A52CFE5
Authority key identifier: 27:39:1A:E2:8A:91:D5:99:13:46:AE:DA:F1:7B:F8:60:5C:8C:F2:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/o82as8Pp65IOMGZ2l9--UN04jxE.roa
Signing time:             Fri 02 Jan 2026 10:20:14 +0000
ROA not before:           Fri 02 Jan 2026 10:20:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50252
IP address blocks:        194.102.140.0/23 maxlen: 23
                          194.102.140.0/24 maxlen: 24
                          194.102.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:dc:a8:4e:41:a4:4a:6c:f5:c0:da:6a:52:cf:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27391ae28a91d5991346aedaf17bf8605c8cf22e
        Validity
            Not Before: Jan  2 10:20:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3cd9ab3c3e9eb920e30667697dfbe50dd388f11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:4e:ac:bb:55:bd:c9:76:79:c5:ce:7b:ab:19:
                    9d:a7:c6:82:3b:71:48:5f:21:49:1b:2b:45:d6:b5:
                    01:9d:50:bd:ff:6c:9b:54:3c:a5:7d:fa:0e:49:ad:
                    dc:d7:30:7b:c2:7e:cd:22:7f:23:c5:c8:c2:30:23:
                    ef:54:8e:8c:a7:32:c4:e7:65:0f:80:42:64:1e:d8:
                    3a:73:71:bf:a8:69:c4:b0:53:13:2f:6b:86:d2:64:
                    1d:a9:4a:59:37:ef:b9:3b:3f:f5:cc:43:fb:88:fa:
                    db:9a:54:37:25:9f:af:74:3d:3a:90:57:ba:75:49:
                    12:55:02:cd:fb:31:24:1d:28:fe:2e:71:54:b8:92:
                    43:98:a3:dd:31:1a:c7:ad:aa:57:e5:cb:02:9d:79:
                    db:c2:be:74:5b:59:fd:9d:19:67:5c:51:e0:63:72:
                    33:32:72:8b:89:01:32:4b:5c:3d:83:9e:b3:9b:c6:
                    4c:b3:d6:a2:42:0f:b5:b6:82:c4:70:b8:6a:e9:90:
                    bb:bf:c7:fd:ba:d1:9e:04:9b:e1:e5:dc:6e:e1:59:
                    5b:79:9c:b8:8a:e9:4b:40:50:94:62:89:5e:34:93:
                    b8:b5:fa:35:17:b0:a0:f9:27:9a:4c:a0:f6:72:9c:
                    50:1f:6d:db:89:d0:47:4e:f2:97:8c:60:40:0b:c4:
                    22:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CD:9A:B3:C3:E9:EB:92:0E:30:66:76:97:DF:BE:50:DD:38:8F:11
            X509v3 Authority Key Identifier:
                keyid:27:39:1A:E2:8A:91:D5:99:13:46:AE:DA:F1:7B:F8:60:5C:8C:F2:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/o82as8Pp65IOMGZ2l9--UN04jxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:be:40:07:b0:08:cb:79:a1:a9:11:7f:87:ca:0a:7d:3d:6e:
         d7:30:a9:dc:6a:7a:c7:97:44:d9:a7:f9:cd:fc:80:ea:e2:a4:
         e6:77:77:0b:f5:66:48:f1:13:b7:a4:bc:6d:6b:19:9a:23:8e:
         47:b8:26:c3:2a:c5:a5:8c:47:36:f1:a1:d7:ba:bc:48:48:ac:
         ab:83:55:6f:75:50:a8:0f:a8:d6:5f:41:5e:66:b4:c0:86:a8:
         f2:5f:95:b0:b7:14:63:89:07:79:9d:06:dd:ce:d6:fe:51:a5:
         d5:0a:c0:a0:15:48:08:93:60:08:f8:06:1a:66:15:7c:25:6f:
         62:0f:3a:d4:cc:4c:56:22:c2:5a:e0:13:18:25:98:80:e8:ef:
         fd:e1:c5:e2:5f:d5:24:55:69:a6:52:51:c0:01:06:d3:d3:98:
         ec:96:b3:46:2a:9a:b1:12:df:7a:ca:c9:ba:9e:89:21:7d:15:
         fe:b6:12:51:eb:64:29:57:ad:2b:1d:cd:8a:b2:b4:6b:be:91:
         11:e7:76:9b:af:ac:4b:5e:bd:84:5a:bb:83:a2:40:3c:f6:0c:
         66:76:15:ed:01:49:84:c2:b4:44:ba:eb:06:79:34:38:47:1a:
         b8:db:bb:79:d8:a4:b1:60:32:f3:eb:1e:58:c2:6b:45:32:e0:
         b1:21:5b:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ONyoTkGkSmz1wNpqUs/lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MzkxYWUyOGE5MWQ1OTkxMzQ2YWVkYWYxN2JmODYwNWM4
Y2YyMmUwHhcNMjYwMTAyMTAyMDE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NkOWFiM2MzZTllYjkyMGUzMDY2NzY5N2RmYmU1MGRkMzg4ZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1U6su1W9yXZ5xc57qxmdp8aCO3FI
XyFJGytF1rUBnVC9/2ybVDylffoOSa3c1zB7wn7NIn8jxcjCMCPvVI6MpzLE52UP
gEJkHtg6c3G/qGnEsFMTL2uG0mQdqUpZN++5Oz/1zEP7iPrbmlQ3JZ+vdD06kFe6
dUkSVQLN+zEkHSj+LnFUuJJDmKPdMRrHrapX5csCnXnbwr50W1n9nRlnXFHgY3Iz
MnKLiQEyS1w9g56zm8ZMs9aiQg+1toLEcLhq6ZC7v8f9utGeBJvh5dxu4VlbeZy4
iulLQFCUYoleNJO4tfo1F7Cg+SeaTKD2cpxQH23bidBHTvKXjGBAC8QiTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPNmrPD6euSDjBmdpffvlDdOI8RMB8GA1UdIwQY
MBaAFCc5GuKKkdWZE0au2vF7+GBcjPIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnprYTRvcVIxWmtUUnE3YThYdjRZRnlNOGk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC82NjU3OGYtZThiZi00MGUwLWFiMzAt
YTRjMTI4MDc1ODYyLzEvbzgyYXM4UHA2NUlPTUdaMmw5LS1VTjA0anhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC82NjU3OGYtZThiZi00MGUwLWFiMzAtYTRjMTI4MDc1ODYy
LzEvSnprYTRvcVIxWmtUUnE3YThYdjRZRnlNOGk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmaMMA0G
CSqGSIb3DQEBCwUAA4IBAQBPvkAHsAjLeaGpEX+Hygp9PW7XMKncanrHl0TZp/nN
/IDq4qTmd3cL9WZI8RO3pLxtaxmaI45HuCbDKsWljEc28aHXurxISKyrg1VvdVCo
D6jWX0FeZrTAhqjyX5WwtxRjiQd5nQbdztb+UaXVCsCgFUgIk2AI+AYaZhV8JW9i
DzrUzExWIsJa4BMYJZiA6O/94cXiX9UkVWmmUlHAAQbT05jslrNGKpqxEt96ysm6
nokhfRX+thJR62QpV60rHc2KsrRrvpER53abr6xLXr2EWruDokA89gxmdhXtAUmE
wrREuusGeTQ4Rxq427t52KSxYDLz6x5YwmtFMuCxIVvu
-----END CERTIFICATE-----