Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/XcFzjI2uuV84oN4qh53dtgVk0G4.roa
File:                     XcFzjI2uuV84oN4qh53dtgVk0G4.roa (raw, json)
Hash identifier:          vDuNqlBbw47k7/TAAtk4TmMaBj19DDFnRfvi0NtLZ1E=
Subject key identifier:   5D:C1:73:8C:8D:AE:B9:5F:38:A0:DE:2A:87:9D:DD:B6:05:64:D0:6E
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       019C99400705983FCA7E0C744C3992BC20DA
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/XcFzjI2uuV84oN4qh53dtgVk0G4.roa
Signing time:             Thu 26 Feb 2026 09:20:36 +0000
ROA not before:           Thu 26 Feb 2026 09:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212335
IP address blocks:        31.43.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:40:07:05:98:3f:ca:7e:0c:74:4c:39:92:bc:20:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Feb 26 09:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5dc1738c8daeb95f38a0de2a879dddb60564d06e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:97:ce:3a:ed:d5:17:97:e3:6d:26:8f:17:f3:
                    1c:b7:b7:8b:24:d9:2e:60:5c:29:d9:b1:e3:1d:26:
                    11:d4:cb:32:a0:ed:b5:b2:69:96:51:21:70:17:05:
                    19:29:32:a0:c5:3d:4d:10:69:6e:bd:1d:aa:e5:09:
                    8e:ff:8b:54:84:01:6c:14:f4:59:91:34:71:a8:23:
                    f9:6e:36:76:66:40:f6:a3:eb:15:52:43:be:5e:3a:
                    e0:43:43:05:e1:6f:1d:88:74:24:bc:ac:ec:72:7a:
                    ae:39:7a:ad:a7:a3:39:c5:06:12:0c:b2:4b:b6:fb:
                    71:e6:2f:86:be:4c:6d:c2:74:4d:90:f8:18:0c:1f:
                    40:06:79:de:dc:05:5b:42:f3:2e:07:3d:c7:1c:b2:
                    51:e6:46:66:d8:53:f7:14:4b:fd:81:b2:d9:47:fb:
                    69:27:13:88:cd:bf:dc:ac:b5:89:06:f2:9b:f1:4f:
                    73:f9:7b:ab:68:58:00:2b:33:47:24:39:03:76:16:
                    ba:6f:63:7d:9d:89:2b:6f:e1:19:b3:be:9c:f7:be:
                    34:65:26:8b:35:45:84:8f:c3:b0:0b:05:5c:2a:a8:
                    60:f5:79:34:88:e8:23:c1:fa:ce:af:78:c3:cc:94:
                    bd:67:94:c6:3f:e8:d1:c4:fa:07:4e:08:21:a2:53:
                    54:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C1:73:8C:8D:AE:B9:5F:38:A0:DE:2A:87:9D:DD:B6:05:64:D0:6E
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/XcFzjI2uuV84oN4qh53dtgVk0G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:8b:8c:6b:29:8a:aa:74:5f:78:d5:93:e6:3c:0a:e9:36:e9:
         1d:74:84:b8:52:0b:48:df:7c:ba:df:5c:0f:91:a7:3a:48:9d:
         1e:ee:72:cf:41:e6:e5:ba:4d:b3:0d:2c:d4:8f:9a:9a:da:f6:
         1f:39:74:34:57:49:8c:20:b8:ad:d1:6b:b6:53:e5:61:e2:57:
         66:d7:60:05:dc:36:6a:33:76:da:4e:a2:07:ea:49:60:c6:4c:
         b1:b2:da:16:92:d8:23:ef:34:e2:5a:94:84:b9:35:a8:cb:2f:
         79:03:be:73:a1:57:0b:9d:89:bb:0e:f3:ab:f2:52:18:3b:2f:
         8a:7e:73:3d:a1:39:73:f9:f2:41:96:73:90:51:99:1c:e4:e4:
         40:36:75:9c:46:83:d5:93:3a:cc:df:e7:d1:e6:b2:a1:89:b6:
         c3:0b:3d:02:bd:9f:91:d4:04:9a:cd:83:7c:5a:1e:33:11:49:
         d0:64:ef:b3:e1:d2:15:98:27:cc:fb:74:ce:d0:5c:0f:ff:d9:
         15:ad:78:2b:38:89:3a:58:9d:2a:fc:51:b2:8f:81:0e:43:0f:
         be:b4:df:a8:9f:ec:1b:d5:24:8f:cb:50:4c:84:f0:0f:b2:21:
         25:73:c8:e0:1d:2e:58:5c:50:1d:7c:cb:96:8e:6d:46:32:11:
         19:9a:61:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyZQAcFmD/Kfgx0TDmSvCDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjYwMjI2MDkyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGMxNzM4YzhkYWViOTVmMzhhMGRlMmE4NzlkZGRiNjA1NjRkMDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+5fOOu3VF5fjbSaPF/Mct7eLJNku
YFwp2bHjHSYR1MsyoO21smmWUSFwFwUZKTKgxT1NEGluvR2q5QmO/4tUhAFsFPRZ
kTRxqCP5bjZ2ZkD2o+sVUkO+XjrgQ0MF4W8diHQkvKzscnquOXqtp6M5xQYSDLJL
tvtx5i+GvkxtwnRNkPgYDB9ABnne3AVbQvMuBz3HHLJR5kZm2FP3FEv9gbLZR/tp
JxOIzb/crLWJBvKb8U9z+XuraFgAKzNHJDkDdha6b2N9nYkrb+EZs76c9740ZSaL
NUWEj8OwCwVcKqhg9Xk0iOgjwfrOr3jDzJS9Z5TGP+jRxPoHTggholNUEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3Bc4yNrrlfOKDeKoed3bYFZNBuMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvWGNGempJMnV1Vjg0b040cWg1M2R0Z1ZrMEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyulMA0G
CSqGSIb3DQEBCwUAA4IBAQCri4xrKYqqdF941ZPmPArpNukddIS4UgtI33y631wP
kac6SJ0e7nLPQebluk2zDSzUj5qa2vYfOXQ0V0mMILit0Wu2U+Vh4ldm12AF3DZq
M3baTqIH6klgxkyxstoWktgj7zTiWpSEuTWoyy95A75zoVcLnYm7DvOr8lIYOy+K
fnM9oTlz+fJBlnOQUZkc5ORANnWcRoPVkzrM3+fR5rKhibbDCz0CvZ+R1ASazYN8
Wh4zEUnQZO+z4dIVmCfM+3TO0FwP/9kVrXgrOIk6WJ0q/FGyj4EOQw++tN+on+wb
1SSPy1BMhPAPsiElc8jgHS5YXFAdfMuWjm1GMhEZmmEg
-----END CERTIFICATE-----