Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/HY8y2aUxH2zl7Z8uEFKyCs4_DZE.roa
File:                     HY8y2aUxH2zl7Z8uEFKyCs4_DZE.roa (raw, json)
Hash identifier:          pgB+L4R4Q18tDhMP8CyO3Aai8GigL3mxjQcI8MoXdXI=
Subject key identifier:   1D:8F:32:D9:A5:31:1F:6C:E5:ED:9F:2E:10:52:B2:0A:CE:3F:0D:91
Certificate issuer:       /CN=cd5a535935a4bc786c1dd75b7f1087f13f3e0874
Certificate serial:       019B7BA50ECDA764FBDA5B122B74BD7ABF8A
Authority key identifier: CD:5A:53:59:35:A4:BC:78:6C:1D:D7:5B:7F:10:87:F1:3F:3E:08:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zVpTWTWkvHhsHddbfxCH8T8-CHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/HY8y2aUxH2zl7Z8uEFKyCs4_DZE.roa
Signing time:             Thu 01 Jan 2026 22:19:33 +0000
ROA not before:           Thu 01 Jan 2026 22:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48161
IP address blocks:        195.20.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zVpTWTWkvHhsHddbfxCH8T8-CHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zVpTWTWkvHhsHddbfxCH8T8-CHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zVpTWTWkvHhsHddbfxCH8T8-CHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:0e:cd:a7:64:fb:da:5b:12:2b:74:bd:7a:bf:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5a535935a4bc786c1dd75b7f1087f13f3e0874
        Validity
            Not Before: Jan  1 22:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d8f32d9a5311f6ce5ed9f2e1052b20ace3f0d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:92:0c:b7:d3:81:e5:ba:6d:b1:3b:98:35:67:
                    db:28:68:da:a1:55:f6:dd:da:5f:70:fe:08:3e:10:
                    35:df:44:cc:71:c1:27:a1:f0:68:14:59:b2:37:3f:
                    16:c1:bc:6c:5c:ee:88:f6:f6:91:a6:92:b9:c3:38:
                    53:35:e4:dd:e4:92:6a:44:fd:a2:41:fc:5c:ba:1f:
                    fb:72:55:c4:81:3e:bf:9d:5c:a3:30:f9:70:1d:98:
                    4d:cf:e0:6e:54:f0:75:93:ae:d2:a0:f6:0c:34:f4:
                    11:ad:f6:32:fc:29:2c:f8:3e:cd:ec:07:d5:6b:94:
                    c4:a6:01:6e:df:f8:c0:a4:fe:ab:35:71:0c:e4:01:
                    28:23:ea:fe:fc:7f:37:5f:cf:cb:28:56:64:14:33:
                    a5:4c:12:d0:97:30:ed:54:20:45:d6:28:74:96:a1:
                    0a:b6:ff:a6:c2:0d:4f:67:37:6a:bc:08:e7:6e:21:
                    60:34:2c:55:e6:98:d8:bd:71:9b:52:ef:cb:7b:98:
                    48:95:d4:6b:d5:17:86:6f:74:3a:1a:8a:08:e2:97:
                    c8:af:18:ab:a7:3a:54:70:86:7e:d8:9b:77:a1:fd:
                    53:e2:56:38:1f:53:e5:a9:4f:fa:66:a1:68:d1:58:
                    92:24:0f:13:f7:d8:8d:80:eb:ac:96:d9:f9:89:aa:
                    5a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:8F:32:D9:A5:31:1F:6C:E5:ED:9F:2E:10:52:B2:0A:CE:3F:0D:91
            X509v3 Authority Key Identifier:
                keyid:CD:5A:53:59:35:A4:BC:78:6C:1D:D7:5B:7F:10:87:F1:3F:3E:08:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zVpTWTWkvHhsHddbfxCH8T8-CHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/HY8y2aUxH2zl7Z8uEFKyCs4_DZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zVpTWTWkvHhsHddbfxCH8T8-CHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:ff:8c:db:05:fc:14:fc:4a:e2:8e:4b:8e:af:e5:53:28:c0:
         a2:47:68:a7:d5:49:3a:ce:10:f2:60:c2:3c:ac:eb:76:df:33:
         a7:c8:5f:ac:1e:00:d0:05:7a:71:e4:54:be:82:bd:a9:d3:41:
         46:57:9f:de:0a:8a:cd:a6:0e:da:aa:b2:1f:86:10:b2:04:7c:
         11:85:dd:24:86:6c:b3:ec:a7:49:b7:de:76:e4:14:d0:b1:56:
         18:5e:d0:6a:8e:fb:98:ff:ad:1d:68:b1:e0:20:de:cd:2c:f8:
         d3:7d:92:6b:a2:d9:9c:9c:b1:62:d6:b6:a2:34:c3:47:3c:f1:
         93:c2:f5:85:ab:8d:ae:7f:27:3b:5c:96:60:96:5d:2e:5f:07:
         f2:31:2d:5c:fb:7b:89:37:0b:b7:b6:e8:ba:d5:ac:17:2f:28:
         04:ad:a3:af:a9:c0:06:30:84:0b:3e:e2:73:c4:8d:6d:67:13:
         63:75:e0:bc:2c:96:ee:11:0f:52:59:08:0c:ea:a2:78:68:db:
         50:e1:92:b5:3c:ea:8a:07:fe:86:e6:b0:0f:de:b0:13:59:ba:
         eb:f0:27:2f:43:e6:a4:ec:70:61:14:1e:da:41:69:38:76:79:
         c8:67:98:0c:b1:e2:75:44:1a:0d:01:54:1a:8e:10:83:4d:76:
         4f:f9:3e:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pQ7Np2T72lsSK3S9er+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWE1MzU5MzVhNGJjNzg2YzFkZDc1YjdmMTA4N2YxM2Yz
ZTA4NzQwHhcNMjYwMTAxMjIxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDhmMzJkOWE1MzExZjZjZTVlZDlmMmUxMDUyYjIwYWNlM2YwZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspIMt9OB5bptsTuYNWfbKGjaoVX2
3dpfcP4IPhA130TMccEnofBoFFmyNz8WwbxsXO6I9vaRppK5wzhTNeTd5JJqRP2i
Qfxcuh/7clXEgT6/nVyjMPlwHZhNz+BuVPB1k67SoPYMNPQRrfYy/Cks+D7N7AfV
a5TEpgFu3/jApP6rNXEM5AEoI+r+/H83X8/LKFZkFDOlTBLQlzDtVCBF1ih0lqEK
tv+mwg1PZzdqvAjnbiFgNCxV5pjYvXGbUu/Le5hIldRr1ReGb3Q6GooI4pfIrxir
pzpUcIZ+2Jt3of1T4lY4H1PlqU/6ZqFo0ViSJA8T99iNgOusltn5iapaOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2PMtmlMR9s5e2fLhBSsgrOPw2RMB8GA1UdIwQY
MBaAFM1aU1k1pLx4bB3XW38Qh/E/Pgh0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelZwVFdUV2t2SGhzSGRkYmZ4Q0g4VDgtQ0hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iOWFhZDUtY2ZlMi00NDgwLWFjNWUt
MDVjMTNmODkwYjljLzEvSFk4eTJhVXhIMnpsN1o4dUVGS3lDczRfRFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iOWFhZDUtY2ZlMi00NDgwLWFjNWUtMDVjMTNmODkwYjlj
LzEvelZwVFdUV2t2SGhzSGRkYmZ4Q0g4VDgtQ0hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxTKMA0G
CSqGSIb3DQEBCwUAA4IBAQAV/4zbBfwU/ErijkuOr+VTKMCiR2in1Uk6zhDyYMI8
rOt23zOnyF+sHgDQBXpx5FS+gr2p00FGV5/eCorNpg7aqrIfhhCyBHwRhd0khmyz
7KdJt9525BTQsVYYXtBqjvuY/60daLHgIN7NLPjTfZJrotmcnLFi1raiNMNHPPGT
wvWFq42ufyc7XJZgll0uXwfyMS1c+3uJNwu3tui61awXLygEraOvqcAGMIQLPuJz
xI1tZxNjdeC8LJbuEQ9SWQgM6qJ4aNtQ4ZK1POqKB/6G5rAP3rATWbrr8CcvQ+ak
7HBhFB7aQWk4dnnIZ5gMseJ1RBoNAVQajhCDTXZP+T6w
-----END CERTIFICATE-----