Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/VrmjHVAC_dTFireq6yrVrnJ1Qr8.roa
File:                     VrmjHVAC_dTFireq6yrVrnJ1Qr8.roa (raw, json)
Hash identifier:          3FZStDcO/86XfV9ktKFi/0KRl54/2sqdqVE7Qc6xIko=
Subject key identifier:   56:B9:A3:1D:50:02:FD:D4:C5:8A:B7:AA:EB:2A:D5:AE:72:75:42:BF
Certificate issuer:       /CN=c04a3d80f6786f1791098d45ecd554f0660cce4f
Certificate serial:       019B7DCA2F2EE2AB2817DBB0706390D61E3E
Authority key identifier: C0:4A:3D:80:F6:78:6F:17:91:09:8D:45:EC:D5:54:F0:66:0C:CE:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/VrmjHVAC_dTFireq6yrVrnJ1Qr8.roa
Signing time:             Fri 02 Jan 2026 08:19:20 +0000
ROA not before:           Fri 02 Jan 2026 08:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206805
IP address blocks:        195.2.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:2f:2e:e2:ab:28:17:db:b0:70:63:90:d6:1e:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c04a3d80f6786f1791098d45ecd554f0660cce4f
        Validity
            Not Before: Jan  2 08:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56b9a31d5002fdd4c58ab7aaeb2ad5ae727542bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:62:e2:b2:d2:14:fe:82:08:6c:4a:5a:cb:6b:
                    12:3c:a4:85:bc:d8:47:4d:13:5c:11:63:32:81:d2:
                    79:55:5e:6f:0e:08:9e:61:10:5c:5c:12:6d:22:c6:
                    6a:6f:f8:d4:93:48:ec:47:32:fb:73:27:d3:59:03:
                    54:61:93:34:48:13:6f:24:22:66:f8:2b:3f:3c:2b:
                    92:de:93:31:b1:04:fc:bd:e5:c4:0a:2e:6e:eb:35:
                    28:a7:ca:56:58:97:cb:00:8f:db:36:3a:da:a3:2d:
                    c2:e8:65:d3:77:a5:f4:a9:3f:97:27:6d:e5:d2:28:
                    cf:79:1e:6d:29:99:59:e8:71:79:71:71:aa:1f:bb:
                    04:b3:d4:27:02:20:5d:3d:1d:9b:f7:b8:ef:e4:4b:
                    6e:85:f0:ae:20:8f:fb:15:46:19:bd:23:34:4a:18:
                    e2:25:ec:dd:01:1a:0b:e5:a8:e4:0a:6a:36:cd:a6:
                    55:10:ca:7e:5f:78:52:f4:04:f9:69:4e:8a:df:67:
                    0b:33:92:18:a8:0d:f4:72:11:49:95:95:63:9e:22:
                    0e:4f:26:64:b2:f0:4f:8f:cd:63:51:27:32:ea:89:
                    ed:14:68:45:1b:07:67:1a:93:1e:17:62:e5:fc:04:
                    76:d5:39:86:87:23:f7:5c:ab:ac:54:d2:cf:ff:6f:
                    be:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B9:A3:1D:50:02:FD:D4:C5:8A:B7:AA:EB:2A:D5:AE:72:75:42:BF
            X509v3 Authority Key Identifier:
                keyid:C0:4A:3D:80:F6:78:6F:17:91:09:8D:45:EC:D5:54:F0:66:0C:CE:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/VrmjHVAC_dTFireq6yrVrnJ1Qr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.2.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a0:92:c5:80:31:3a:13:3c:40:04:ce:f2:fe:9d:b9:10:e7:
         c5:5c:f6:29:1e:f0:10:b2:4d:c6:bf:b3:7f:ca:fb:8f:35:ce:
         c5:3a:69:94:42:6b:bb:64:0d:91:29:30:67:8a:12:e1:22:be:
         88:4d:30:83:20:06:e9:ed:ea:e2:df:05:66:22:6c:3c:d7:1f:
         4e:37:f6:69:6d:dd:3d:09:0c:96:ad:5e:a0:b0:a8:26:36:01:
         51:94:ea:d1:1f:1f:db:27:31:7f:ba:a7:e0:1d:9a:50:39:ab:
         86:32:46:de:75:4d:6e:2a:49:57:f7:5e:6e:ad:23:0b:39:48:
         fb:ec:8c:0c:d9:72:9c:94:01:2c:71:d9:95:c8:a3:0a:7d:44:
         f0:a9:33:21:19:47:95:12:67:a0:6a:3b:3b:b3:0a:68:2d:f2:
         fc:b8:1d:8f:74:b1:53:81:9a:25:7a:c2:07:28:9a:12:55:de:
         e6:89:30:4d:5e:13:6a:1d:99:0d:31:c3:06:8c:48:6e:66:02:
         df:3d:45:fd:af:68:e5:21:99:6c:aa:01:90:6b:47:c6:3d:60:
         e8:70:11:14:73:74:01:3e:dd:f2:c5:47:25:f6:df:5b:fc:60:
         ba:1e:f8:3b:76:7b:c5:c8:77:69:a9:46:69:90:62:40:d3:c5:
         aa:a0:ae:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yi8u4qsoF9uwcGOQ1h4+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGEzZDgwZjY3ODZmMTc5MTA5OGQ0NWVjZDU1NGYwNjYw
Y2NlNGYwHhcNMjYwMTAyMDgxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmI5YTMxZDUwMDJmZGQ0YzU4YWI3YWFlYjJhZDVhZTcyNzU0MmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmListIU/oIIbEpay2sSPKSFvNhH
TRNcEWMygdJ5VV5vDgieYRBcXBJtIsZqb/jUk0jsRzL7cyfTWQNUYZM0SBNvJCJm
+Cs/PCuS3pMxsQT8veXECi5u6zUop8pWWJfLAI/bNjraoy3C6GXTd6X0qT+XJ23l
0ijPeR5tKZlZ6HF5cXGqH7sEs9QnAiBdPR2b97jv5EtuhfCuII/7FUYZvSM0Shji
JezdARoL5ajkCmo2zaZVEMp+X3hS9AT5aU6K32cLM5IYqA30chFJlZVjniIOTyZk
svBPj81jUScy6ontFGhFGwdnGpMeF2Ll/AR21TmGhyP3XKusVNLP/2++iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFa5ox1QAv3UxYq3qusq1a5ydUK/MB8GA1UdIwQY
MBaAFMBKPYD2eG8XkQmNRezVVPBmDM5PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0VvOWdQWjRieGVSQ1kxRjdOVlU4R1lNems4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMzZlYjEtOGFmNS00OTEwLThkZjQt
ZWQyZTEzNmRjMDI2LzEvVnJtakhWQUNfZFRGaXJlcTZ5clZybkoxUXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMzZlYjEtOGFmNS00OTEwLThkZjQtZWQyZTEzNmRjMDI2
LzEvd0VvOWdQWjRieGVSQ1kxRjdOVlU4R1lNems4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwLjMA0G
CSqGSIb3DQEBCwUAA4IBAQApoJLFgDE6EzxABM7y/p25EOfFXPYpHvAQsk3Gv7N/
yvuPNc7FOmmUQmu7ZA2RKTBnihLhIr6ITTCDIAbp7eri3wVmImw81x9ON/Zpbd09
CQyWrV6gsKgmNgFRlOrRHx/bJzF/uqfgHZpQOauGMkbedU1uKklX915urSMLOUj7
7IwM2XKclAEscdmVyKMKfUTwqTMhGUeVEmegajs7swpoLfL8uB2PdLFTgZolesIH
KJoSVd7miTBNXhNqHZkNMcMGjEhuZgLfPUX9r2jlIZlsqgGQa0fGPWDocBEUc3QB
Pt3yxUcl9t9b/GC6Hvg7dnvFyHdpqUZpkGJA08WqoK79
-----END CERTIFICATE-----