Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/4lBplxdLh8rHjaY7x9pjVTiS7xA.roa
File:                     4lBplxdLh8rHjaY7x9pjVTiS7xA.roa (raw, json)
Hash identifier:          OJCVP7dV52P+rEwwkrnwTv2uFhmZI/CcRzOMEwdHbd4=
Subject key identifier:   E2:50:69:97:17:4B:87:CA:C7:8D:A6:3B:C7:DA:63:55:38:92:EF:10
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       019CA8CE6E9AD48194D8EB13CAF945188933
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/4lBplxdLh8rHjaY7x9pjVTiS7xA.roa
Signing time:             Sun 01 Mar 2026 09:50:26 +0000
ROA not before:           Sun 01 Mar 2026 09:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        195.222.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a8:ce:6e:9a:d4:81:94:d8:eb:13:ca:f9:45:18:89:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Mar  1 09:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2506997174b87cac78da63bc7da63553892ef10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1d:fc:54:98:69:5f:8c:96:fb:55:f8:f2:1b:
                    c0:51:f1:79:2a:48:39:93:db:bf:e1:9a:01:dd:db:
                    49:43:31:01:33:cc:a4:75:99:9d:88:bd:f1:36:ac:
                    1b:c6:e5:73:5f:76:2f:6b:4f:59:3c:ea:10:5f:d0:
                    d3:28:34:e3:9c:52:76:88:ed:97:f4:0c:61:03:dd:
                    b9:4b:0d:5c:ed:2a:6e:3f:29:be:2d:b9:af:86:84:
                    25:b4:6c:16:2d:27:a8:67:8a:f9:68:68:6a:42:47:
                    62:3e:bd:16:49:b6:e3:02:68:6e:21:e2:f1:38:b8:
                    57:5a:78:b2:df:6e:06:79:1d:a5:a7:f6:fb:1c:52:
                    0e:ce:d1:2f:13:b3:94:86:3d:80:5e:3d:fd:65:6d:
                    60:ee:4b:7b:9e:66:c2:e5:98:09:c9:3c:c9:8b:6d:
                    7e:19:c1:bc:75:1b:10:1a:bf:12:7e:84:91:f1:3f:
                    c7:e7:53:5d:a0:ca:65:0a:c5:01:ec:ba:8e:6d:4d:
                    b2:1f:7b:f8:45:9b:0d:a1:d6:0c:b6:24:9f:84:5c:
                    61:84:5e:6c:16:a4:90:8f:ed:5c:72:81:c7:b2:bd:
                    16:af:9b:ee:3e:db:dd:74:cd:62:98:7a:32:50:b8:
                    33:2b:7a:b7:88:28:2e:77:9d:1f:02:a0:68:df:c4:
                    06:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:50:69:97:17:4B:87:CA:C7:8D:A6:3B:C7:DA:63:55:38:92:EF:10
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/4lBplxdLh8rHjaY7x9pjVTiS7xA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.222.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:9a:3e:6d:77:51:ee:1b:df:07:74:c4:2f:f1:69:90:d2:77:
         7d:7d:a4:46:89:8c:da:60:d4:68:97:dd:04:95:df:4f:2c:a1:
         a3:67:16:a6:72:0f:4d:97:5b:1b:65:cb:dd:7f:65:5d:94:6c:
         a5:48:1c:6f:b4:f1:0a:45:46:a4:0d:65:0a:3e:0e:2c:09:16:
         24:8c:0b:a2:21:f6:f6:f0:c7:17:cc:52:5c:5c:a1:36:f9:b7:
         25:3f:9a:b1:d3:71:2f:83:98:96:5d:b7:82:da:ba:e8:63:83:
         69:65:8c:31:0e:86:27:47:c3:77:e5:61:bd:3b:4f:d4:03:cf:
         d3:fd:71:cc:87:2e:6e:4c:cd:2e:a3:41:8e:4d:71:ff:b2:57:
         d1:7c:d0:dd:3b:88:7f:b0:e0:55:e0:2c:1e:7d:a6:6e:67:74:
         12:6b:8e:5f:14:ff:b0:cf:c2:21:df:fe:03:31:a9:d8:74:9a:
         4c:3b:e8:fb:b5:55:cc:4c:96:df:7f:b7:d9:fb:d4:c6:92:09:
         9b:a2:c2:81:c5:d1:5c:86:a0:35:8d:83:de:21:6d:33:1b:9d:
         72:c1:d5:63:df:5a:1b:ae:93:4f:d5:a8:66:c9:1c:39:42:88:
         69:25:5b:96:02:64:3c:15:15:68:09:3d:88:d5:1d:78:92:c0:
         ac:c2:d6:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyozm6a1IGU2OsTyvlFGIkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjYwMzAxMDk1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjUwNjk5NzE3NGI4N2NhYzc4ZGE2M2JjN2RhNjM1NTM4OTJlZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvh38VJhpX4yW+1X48hvAUfF5Kkg5
k9u/4ZoB3dtJQzEBM8ykdZmdiL3xNqwbxuVzX3Yva09ZPOoQX9DTKDTjnFJ2iO2X
9AxhA925Sw1c7SpuPym+LbmvhoQltGwWLSeoZ4r5aGhqQkdiPr0WSbbjAmhuIeLx
OLhXWniy324GeR2lp/b7HFIOztEvE7OUhj2AXj39ZW1g7kt7nmbC5ZgJyTzJi21+
GcG8dRsQGr8SfoSR8T/H51NdoMplCsUB7LqObU2yH3v4RZsNodYMtiSfhFxhhF5s
FqSQj+1ccoHHsr0Wr5vuPtvddM1imHoyULgzK3q3iCgud50fAqBo38QGbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJQaZcXS4fKx42mO8faY1U4ku8QMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvNGxCcGx4ZExoOHJIamFZN3g5cGpWVGlTN3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw95/MA0G
CSqGSIb3DQEBCwUAA4IBAQAPmj5td1HuG98HdMQv8WmQ0nd9faRGiYzaYNRol90E
ld9PLKGjZxamcg9Nl1sbZcvdf2VdlGylSBxvtPEKRUakDWUKPg4sCRYkjAuiIfb2
8McXzFJcXKE2+bclP5qx03Evg5iWXbeC2rroY4NpZYwxDoYnR8N35WG9O0/UA8/T
/XHMhy5uTM0uo0GOTXH/slfRfNDdO4h/sOBV4CwefaZuZ3QSa45fFP+wz8Ih3/4D
ManYdJpMO+j7tVXMTJbff7fZ+9TGkgmbosKBxdFchqA1jYPeIW0zG51ywdVj31ob
rpNP1ahmyRw5QohpJVuWAmQ8FRVoCT2I1R14ksCswtZV
-----END CERTIFICATE-----