Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/_xnVn4Z2mdrwXIaogX13bELVsCM.roa
File:                     _xnVn4Z2mdrwXIaogX13bELVsCM.roa (raw, json)
Hash identifier:          ApqTNIYHPR2DmL0Vq3O1QjPD2Uk/9+5OvGzlqh5bBUk=
Subject key identifier:   FF:19:D5:9F:86:76:99:DA:F0:5C:86:A8:81:7D:77:6C:42:D5:B0:23
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       019D346B8FE2C645BE48A61A91D6C39481B2
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/_xnVn4Z2mdrwXIaogX13bELVsCM.roa
Signing time:             Sat 28 Mar 2026 12:29:17 +0000
ROA not before:           Sat 28 Mar 2026 12:29:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202354
IP address blocks:        194.127.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:34:6b:8f:e2:c6:45:be:48:a6:1a:91:d6:c3:94:81:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Mar 28 12:29:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff19d59f867699daf05c86a8817d776c42d5b023
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f1:7b:6a:d2:91:c0:68:1e:e5:f4:77:80:df:
                    c8:29:31:a2:52:80:06:94:b8:70:51:db:15:25:14:
                    a1:aa:dd:0d:2a:50:63:ff:a5:bf:32:75:bb:c4:b8:
                    c4:f7:7c:2c:cb:ff:e6:20:45:ac:18:76:24:2d:23:
                    b3:d5:0c:42:fd:37:72:5c:9f:64:65:e0:e7:f1:5c:
                    24:2b:00:5b:ee:bb:7b:9d:22:7d:77:99:7b:2b:6e:
                    ae:7a:06:70:3b:13:53:9d:23:da:92:80:73:60:30:
                    c4:69:e7:0a:50:90:28:05:2d:75:de:1b:30:28:70:
                    89:b4:0d:ec:e7:32:b6:83:27:5e:cf:d0:ae:ae:56:
                    85:a5:33:c4:94:be:6f:7c:02:5c:41:79:e4:d9:ca:
                    13:7c:17:83:a6:07:d6:c6:23:c9:92:ba:90:a8:44:
                    1f:fa:1f:9f:d3:d5:cd:ec:5c:dc:a3:37:89:b4:07:
                    0a:c8:d0:e6:fd:2f:f0:e7:f5:22:4d:29:ed:fe:28:
                    5d:7f:ff:95:f4:a0:2f:7f:e1:dd:92:a5:bd:ee:ae:
                    76:59:bd:0f:08:b0:c0:86:1c:fe:2d:f8:b9:83:04:
                    db:eb:24:e1:11:e6:a7:07:7a:5d:ba:31:94:1b:c4:
                    5a:ab:20:c5:49:a9:81:e2:d5:05:a7:34:48:8d:9d:
                    55:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:19:D5:9F:86:76:99:DA:F0:5C:86:A8:81:7D:77:6C:42:D5:B0:23
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/_xnVn4Z2mdrwXIaogX13bELVsCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:f2:fb:03:5c:c8:e8:b7:fe:24:23:b1:bb:20:67:3f:45:d8:
         7a:a9:d5:b3:bd:d5:06:24:79:97:10:57:d2:5a:97:4e:4e:c0:
         11:e1:31:dc:20:3b:77:44:14:b9:4d:fb:70:ff:fc:2f:b1:9a:
         03:dd:d1:0c:42:63:d8:43:87:62:5b:c3:fc:7e:67:cd:e3:d1:
         eb:6b:e9:9c:e2:8b:3b:72:d9:98:d1:01:eb:32:bf:7b:6f:cf:
         69:64:1b:d0:78:0d:45:8b:3a:02:fc:be:f1:9a:61:ec:04:1a:
         eb:31:00:51:06:36:dc:ea:8e:2d:be:52:e9:1d:fa:d2:75:8b:
         88:fa:d6:ad:c2:d7:2d:f9:61:9c:85:f6:da:72:4f:ce:71:d5:
         c4:42:5f:55:1e:f8:83:34:40:c5:18:45:dd:4b:bd:b5:1f:ff:
         0e:94:e0:6a:d9:e1:f0:74:92:fa:a0:13:1a:dd:29:43:da:0f:
         cd:4e:82:19:8f:6d:7d:e4:e0:c0:c0:46:07:7b:c3:2c:22:94:
         2b:aa:4a:9b:28:1c:e2:1e:f5:0b:74:6b:e9:e8:eb:39:a8:f4:
         ed:5e:f0:6c:11:9c:71:38:11:95:ac:85:64:9f:d5:48:94:98:
         11:cb:3d:3b:8b:8e:b0:11:04:40:f4:de:4f:01:86:a7:b1:d9:
         a5:cf:88:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ00a4/ixkW+SKYakdbDlIGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjYwMzI4MTIyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjE5ZDU5Zjg2NzY5OWRhZjA1Yzg2YTg4MTdkNzc2YzQyZDViMDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfF7atKRwGge5fR3gN/IKTGiUoAG
lLhwUdsVJRShqt0NKlBj/6W/MnW7xLjE93wsy//mIEWsGHYkLSOz1QxC/TdyXJ9k
ZeDn8VwkKwBb7rt7nSJ9d5l7K26uegZwOxNTnSPakoBzYDDEaecKUJAoBS113hsw
KHCJtA3s5zK2gydez9CurlaFpTPElL5vfAJcQXnk2coTfBeDpgfWxiPJkrqQqEQf
+h+f09XN7FzcozeJtAcKyNDm/S/w5/UiTSnt/ihdf/+V9KAvf+HdkqW97q52Wb0P
CLDAhhz+Lfi5gwTb6yThEeanB3pdujGUG8RaqyDFSamB4tUFpzRIjZ1VZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8Z1Z+Gdpna8FyGqIF9d2xC1bAjMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvX3huVm40WjJtZHJ3WElhb2dYMTNiRUxWc0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9tMA0G
CSqGSIb3DQEBCwUAA4IBAQAc8vsDXMjot/4kI7G7IGc/Rdh6qdWzvdUGJHmXEFfS
WpdOTsAR4THcIDt3RBS5Tftw//wvsZoD3dEMQmPYQ4diW8P8fmfN49Hra+mc4os7
ctmY0QHrMr97b89pZBvQeA1FizoC/L7xmmHsBBrrMQBRBjbc6o4tvlLpHfrSdYuI
+tatwtct+WGchfback/OcdXEQl9VHviDNEDFGEXdS721H/8OlOBq2eHwdJL6oBMa
3SlD2g/NToIZj2195ODAwEYHe8MsIpQrqkqbKBziHvULdGvp6Os5qPTtXvBsEZxx
OBGVrIVkn9VIlJgRyz07i46wEQRA9N5PAYansdmlz4hK
-----END CERTIFICATE-----