Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/vcGlDl5Ct_NiM8YzttTek7TQKfQ.roa
File:                     vcGlDl5Ct_NiM8YzttTek7TQKfQ.roa (raw, json)
Hash identifier:          BnX/CYwHVszSwePzYMqQFPXrCzJ9oUgTdB3TWSa3h4A=
Subject key identifier:   BD:C1:A5:0E:5E:42:B7:F3:62:33:C6:33:B6:D4:DE:93:B4:D0:29:F4
Certificate issuer:       /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial:       019C8E48E245A0396E20B3C948D3F5E27790
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/vcGlDl5Ct_NiM8YzttTek7TQKfQ.roa
Signing time:             Tue 24 Feb 2026 06:14:27 +0000
ROA not before:           Tue 24 Feb 2026 06:14:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215671
IP address blocks:        95.38.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:48:e2:45:a0:39:6e:20:b3:c9:48:d3:f5:e2:77:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
        Validity
            Not Before: Feb 24 06:14:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdc1a50e5e42b7f36233c633b6d4de93b4d029f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0f:55:b9:75:4e:f5:6b:a9:0f:3d:7e:56:78:
                    f0:1f:b5:b9:1e:38:80:3f:bc:fe:20:a1:ff:73:3f:
                    a5:41:5d:c1:f1:41:02:3f:77:3b:d9:67:a3:1a:aa:
                    d0:63:04:f3:55:4f:2c:83:23:b4:b7:0a:b5:f8:cd:
                    ee:52:08:cc:3e:66:c6:1a:75:ab:15:b8:06:45:27:
                    c1:80:02:66:42:b7:8a:95:ef:4d:41:63:38:3e:da:
                    7b:26:ab:7b:5e:b0:cd:6f:70:85:71:33:e1:c0:c2:
                    0c:8a:70:6a:06:79:9f:1f:49:8c:11:ec:4b:e2:34:
                    47:a8:22:c0:03:28:15:36:da:ce:b1:a3:16:e9:31:
                    3a:e7:42:0d:97:45:c2:66:59:73:3d:58:df:2f:23:
                    4c:12:09:d8:4b:79:de:6e:b7:b8:61:a9:92:c8:76:
                    95:3b:66:10:74:87:cb:70:fc:72:05:67:6f:61:3c:
                    2c:45:f7:95:7c:cf:b9:dd:f7:21:f8:7e:6f:52:da:
                    9f:a0:58:78:6a:ac:a5:44:14:20:65:7a:6d:77:80:
                    f3:e6:08:1d:2e:49:38:32:8e:e9:3d:12:1e:55:51:
                    04:8f:4c:6a:14:02:84:b3:44:e0:e8:c8:d5:80:63:
                    1a:01:c8:c8:fe:39:79:bb:e0:45:dc:8d:e8:e4:a8:
                    2e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C1:A5:0E:5E:42:B7:F3:62:33:C6:33:B6:D4:DE:93:B4:D0:29:F4
            X509v3 Authority Key Identifier:
                keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/vcGlDl5Ct_NiM8YzttTek7TQKfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.38.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:a8:dd:76:50:f3:bf:97:1c:fe:a6:ac:cb:94:6b:7c:29:26:
         52:78:25:0d:24:44:25:8b:5e:cb:51:b9:93:e0:e3:40:80:53:
         b5:c3:d7:dc:53:55:8b:1c:44:0d:1e:06:0c:72:c3:ee:8f:4e:
         25:14:5f:71:91:2b:48:1a:f7:9e:82:d7:d7:75:32:15:46:8f:
         06:d7:3e:08:7d:c0:2d:42:a5:c4:44:61:5c:18:cd:54:64:61:
         46:80:a6:57:46:f5:4e:05:06:eb:d3:8a:d2:73:a9:bd:27:4e:
         f0:dd:19:66:50:72:2f:ff:20:19:73:93:de:db:21:58:e8:ff:
         91:df:70:c9:5a:f3:6c:23:bf:83:9d:5e:1a:48:89:ee:93:fa:
         c9:9d:c7:65:84:4b:7e:df:14:f1:fd:2d:85:49:32:8b:05:83:
         65:1e:2b:58:f3:97:11:ab:c7:50:e4:4c:e0:3f:ff:05:fe:e9:
         42:8c:8f:d1:b9:d3:11:51:b6:d6:60:e4:fb:31:f4:62:65:b4:
         83:84:d7:25:c3:2e:76:ac:9c:96:91:e2:b1:9c:00:64:21:08:
         69:26:b3:be:d8:65:f6:05:ad:2c:0c:08:47:37:aa:6f:e1:43:
         d4:76:57:b5:1a:aa:a4:a3:00:b8:84:b7:b2:41:c7:e8:d8:7b:
         12:a2:1d:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyOSOJFoDluILPJSNP14neQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjYwMjI0MDYxNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGMxYTUwZTVlNDJiN2YzNjIzM2M2MzNiNmQ0ZGU5M2I0ZDAyOWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0A9VuXVO9WupDz1+VnjwH7W5HjiA
P7z+IKH/cz+lQV3B8UECP3c72WejGqrQYwTzVU8sgyO0twq1+M3uUgjMPmbGGnWr
FbgGRSfBgAJmQreKle9NQWM4Ptp7Jqt7XrDNb3CFcTPhwMIMinBqBnmfH0mMEexL
4jRHqCLAAygVNtrOsaMW6TE650INl0XCZllzPVjfLyNMEgnYS3nebre4YamSyHaV
O2YQdIfLcPxyBWdvYTwsRfeVfM+53fch+H5vUtqfoFh4aqylRBQgZXptd4Dz5ggd
Lkk4Mo7pPRIeVVEEj0xqFAKEs0Tg6MjVgGMaAcjI/jl5u+BF3I3o5KguZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3BpQ5eQrfzYjPGM7bU3pO00Cn0MB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvdmNHbERsNUN0X05pTThZenR0VGVrN1RRS2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQtNjkxNDIyMzExNzI5
LzEvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXybGMA0G
CSqGSIb3DQEBCwUAA4IBAQBhqN12UPO/lxz+pqzLlGt8KSZSeCUNJEQli17LUbmT
4ONAgFO1w9fcU1WLHEQNHgYMcsPuj04lFF9xkStIGveegtfXdTIVRo8G1z4IfcAt
QqXERGFcGM1UZGFGgKZXRvVOBQbr04rSc6m9J07w3RlmUHIv/yAZc5Pe2yFY6P+R
33DJWvNsI7+DnV4aSInuk/rJncdlhEt+3xTx/S2FSTKLBYNlHitY85cRq8dQ5Ezg
P/8F/ulCjI/RudMRUbbWYOT7MfRiZbSDhNclwy52rJyWkeKxnABkIQhpJrO+2GX2
Ba0sDAhHN6pv4UPUdle1GqqkowC4hLeyQcfo2HsSoh3A
-----END CERTIFICATE-----