Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/x_HXyOcTxvKsJ1FK3hYG-e8tozQ.roa
File:                     x_HXyOcTxvKsJ1FK3hYG-e8tozQ.roa (raw, json)
Hash identifier:          wLPSE89LmRkrX2PmXIgR+apvR38jpkzXueA//i8vmoo=
Subject key identifier:   C7:F1:D7:C8:E7:13:C6:F2:AC:27:51:4A:DE:16:06:F9:EF:2D:A3:34
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019D927CB8888299305E44B49707ACB04EEE
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/x_HXyOcTxvKsJ1FK3hYG-e8tozQ.roa
Signing time:             Wed 15 Apr 2026 18:52:20 +0000
ROA not before:           Wed 15 Apr 2026 18:52:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207057
IP address blocks:        195.226.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:92:7c:b8:88:82:99:30:5e:44:b4:97:07:ac:b0:4e:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Apr 15 18:52:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7f1d7c8e713c6f2ac27514ade1606f9ef2da334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:98:a2:48:fd:76:02:d7:22:4a:05:61:72:66:
                    e3:b5:56:20:b4:08:61:52:fd:f3:cf:7c:7f:5a:65:
                    b1:14:82:a8:04:75:5c:77:41:22:ce:5f:b1:8a:37:
                    2b:20:eb:f0:9e:c5:7a:64:89:b3:81:76:e7:b0:83:
                    fe:c4:88:8a:7d:75:44:a8:cb:da:f8:67:b6:ee:77:
                    98:8d:d8:a1:d7:d8:7e:25:3c:dc:d0:55:74:16:22:
                    8e:b9:d5:42:fc:bd:11:88:86:7d:93:be:db:58:5b:
                    16:9f:39:90:12:3e:43:ea:3b:df:75:5f:6a:95:6b:
                    53:8d:95:b2:82:00:e7:8c:11:df:2c:31:81:b0:d7:
                    a1:31:d8:e4:33:d6:6c:11:c9:ca:29:69:2a:1f:cf:
                    59:cf:e8:99:b3:3d:14:a1:7c:a5:fa:ce:85:f6:43:
                    ef:bc:15:58:5f:ea:fb:1c:4f:e9:8e:e8:0e:e6:12:
                    96:b2:a3:c0:5d:a4:08:da:65:00:8d:d6:43:23:77:
                    73:06:6d:f4:f1:95:1c:23:ba:83:66:93:a3:79:5b:
                    d0:80:00:0a:d5:75:7c:fa:df:17:02:5b:af:76:79:
                    01:de:3f:c4:92:74:32:1b:fa:97:7c:93:67:5e:88:
                    7f:15:6f:9c:3f:7e:b6:ea:d6:0e:f6:3c:53:4f:b8:
                    31:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F1:D7:C8:E7:13:C6:F2:AC:27:51:4A:DE:16:06:F9:EF:2D:A3:34
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/x_HXyOcTxvKsJ1FK3hYG-e8tozQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:15:23:7a:f6:38:76:33:9c:d3:cf:09:9c:87:0c:f5:36:91:
         71:e6:70:70:ff:6b:83:37:c4:8f:7d:a4:e0:db:82:d5:ae:6b:
         8e:16:48:c8:a1:d5:12:ee:e7:60:a8:63:b4:fc:59:2c:b2:55:
         5e:f2:c9:d3:d8:bc:18:d4:af:85:b6:a1:d3:37:5f:fb:b5:21:
         98:80:ee:f5:e7:c9:9a:40:b8:a3:cb:91:e3:34:0b:ef:ba:cb:
         7f:34:cc:5a:24:51:47:99:a6:07:96:17:c4:7b:82:04:ca:74:
         1e:0b:10:15:2e:d2:d3:ce:b8:bf:bc:22:9d:20:96:38:58:09:
         18:a1:9a:55:3a:18:65:00:70:bb:91:1a:0b:81:ab:33:72:f4:
         27:8f:d1:1f:de:8c:2b:0f:84:3f:e8:9e:36:01:27:00:b5:a7:
         30:d7:a9:01:26:86:82:cf:48:9c:af:5d:98:80:f6:f1:09:45:
         84:d4:bc:96:d4:ec:9a:50:61:5c:b2:7e:8b:2c:96:94:b1:ed:
         3f:b0:f7:81:12:5e:69:e4:c7:af:b3:d8:5b:95:cc:3c:65:e4:
         8e:dc:c2:ef:db:3b:5d:31:7a:55:46:1a:b6:27:ff:c7:1a:68:
         b0:b8:83:66:a9:ba:cd:02:23:0b:8e:f4:9b:ec:17:ea:dd:a5:
         53:93:3b:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2SfLiIgpkwXkS0lwessE7uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNDE1MTg1MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2YxZDdjOGU3MTNjNmYyYWMyNzUxNGFkZTE2MDZmOWVmMmRhMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZiiSP12AtciSgVhcmbjtVYgtAhh
Uv3zz3x/WmWxFIKoBHVcd0Eizl+xijcrIOvwnsV6ZImzgXbnsIP+xIiKfXVEqMva
+Ge27neYjdih19h+JTzc0FV0FiKOudVC/L0RiIZ9k77bWFsWnzmQEj5D6jvfdV9q
lWtTjZWyggDnjBHfLDGBsNehMdjkM9ZsEcnKKWkqH89Zz+iZsz0UoXyl+s6F9kPv
vBVYX+r7HE/pjugO5hKWsqPAXaQI2mUAjdZDI3dzBm308ZUcI7qDZpOjeVvQgAAK
1XV8+t8XAluvdnkB3j/EknQyG/qXfJNnXoh/FW+cP3626tYO9jxTT7gx5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfx18jnE8byrCdRSt4WBvnvLaM0MB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEveF9IWHlPY1R4dktzSjFGSzNoWUctZTh0b3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+JdMA0G
CSqGSIb3DQEBCwUAA4IBAQBZFSN69jh2M5zTzwmchwz1NpFx5nBw/2uDN8SPfaTg
24LVrmuOFkjIodUS7udgqGO0/FksslVe8snT2LwY1K+FtqHTN1/7tSGYgO7158ma
QLijy5HjNAvvust/NMxaJFFHmaYHlhfEe4IEynQeCxAVLtLTzri/vCKdIJY4WAkY
oZpVOhhlAHC7kRoLgaszcvQnj9Ef3owrD4Q/6J42AScAtacw16kBJoaCz0icr12Y
gPbxCUWE1LyW1OyaUGFcsn6LLJaUse0/sPeBEl5p5Mevs9hblcw8ZeSO3MLv2ztd
MXpVRhq2J//HGmiwuINmqbrNAiMLjvSb7Bfq3aVTkzvV
-----END CERTIFICATE-----