Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/ygo3H5OHWrmMxmaU3h9Trr2iclQ.roa
File:                     ygo3H5OHWrmMxmaU3h9Trr2iclQ.roa (raw, json)
Hash identifier:          3KarnZJsM1oC9NHKT7Yavsz5aIphKie2KhT0LQNo1gk=
Subject key identifier:   CA:0A:37:1F:93:87:5A:B9:8C:C6:66:94:DE:1F:53:AE:BD:A2:72:54
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       019C2A68BC661E03D74BC919D3712E30B2AF
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/ygo3H5OHWrmMxmaU3h9Trr2iclQ.roa
Signing time:             Wed 04 Feb 2026 20:47:12 +0000
ROA not before:           Wed 04 Feb 2026 20:47:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19905
IP address blocks:        194.127.108.0/24 maxlen: 24
                          194.127.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2a:68:bc:66:1e:03:d7:4b:c9:19:d3:71:2e:30:b2:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Feb  4 20:47:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca0a371f93875ab98cc66694de1f53aebda27254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:25:85:21:e2:15:e0:d5:e0:28:db:9e:1b:c7:
                    4a:ec:b6:bb:b6:c5:d8:16:39:47:16:47:d7:13:5a:
                    4f:f4:e8:eb:5c:f4:53:ce:f7:72:25:15:77:c0:c8:
                    9d:d8:49:0a:d3:9c:d6:ad:13:8a:c5:2f:46:4b:55:
                    76:83:83:ca:c5:9d:e8:03:13:21:32:ab:d4:ae:1b:
                    3b:d8:6e:b9:a8:1a:00:4d:70:fa:24:79:c7:0b:cf:
                    f3:c1:5e:dc:76:4f:bb:2a:2b:8d:d1:5e:84:f8:26:
                    fc:ae:91:68:f9:b3:24:cf:d4:54:a6:ef:0c:d4:b2:
                    17:38:74:0f:fd:0f:43:57:ed:19:a5:a5:f7:df:3c:
                    b4:75:67:8a:97:78:43:93:a8:06:59:94:30:fb:c0:
                    cd:5c:c0:d1:75:8f:ec:20:89:9c:ee:54:05:b0:5f:
                    62:8e:60:9e:82:a5:44:4a:f5:6c:65:80:54:14:39:
                    c3:eb:a7:85:db:ec:7b:60:4a:10:03:1f:84:d0:34:
                    a1:d0:c4:0f:19:40:fd:b6:9b:ad:2e:13:02:78:a0:
                    1c:cd:56:2a:55:58:f9:c5:02:f8:61:4d:b2:75:c0:
                    e3:12:6b:34:89:d3:f9:fd:12:f3:ad:51:d7:59:01:
                    89:e1:31:2b:6d:21:41:72:7a:24:96:5e:1e:3e:b1:
                    eb:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:0A:37:1F:93:87:5A:B9:8C:C6:66:94:DE:1F:53:AE:BD:A2:72:54
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/ygo3H5OHWrmMxmaU3h9Trr2iclQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.108.0/24
                  194.127.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:b5:d8:54:52:50:c7:1a:7b:ef:09:02:de:8c:92:b2:06:da:
         98:29:e4:e7:cb:99:ed:cf:94:a6:89:73:61:f8:1a:d4:c1:c3:
         d3:75:ae:c2:d2:44:c5:7a:e8:a5:d8:df:f1:d3:bf:58:f9:ca:
         25:3f:a5:81:91:4b:71:f0:16:5a:0c:08:aa:b0:10:cc:f3:c5:
         c3:e2:29:00:f7:db:54:a8:e3:2d:55:17:58:e4:52:23:49:a7:
         91:4d:50:7c:7b:a4:a0:77:d0:c0:59:9b:50:77:13:58:ef:13:
         bc:34:f7:10:77:14:fc:db:b0:de:fa:77:54:2f:05:59:07:1d:
         fd:d0:8f:71:5b:e8:fe:75:1b:1e:9c:bf:83:bc:f0:7a:a8:19:
         08:53:df:b1:7a:61:b9:f5:81:b6:6f:29:aa:89:b9:2e:8d:44:
         d2:b9:cd:50:f4:31:76:5c:09:86:2b:a3:95:66:fa:d8:69:44:
         b2:24:6e:dd:44:db:04:21:b7:d4:21:ae:08:8d:24:5c:f1:c2:
         67:a3:89:2e:a5:e3:7c:09:0c:a0:ba:09:fa:32:3d:cb:79:e8:
         34:33:fd:82:53:67:10:b8:ac:a2:e5:de:04:92:be:64:5c:80:
         ec:3f:ea:1e:ca:e6:cf:30:7f:4f:2d:54:43:a8:0c:1d:47:ca:
         fa:99:57:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwqaLxmHgPXS8kZ03EuMLKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjYwMjA0MjA0NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTBhMzcxZjkzODc1YWI5OGNjNjY2OTRkZTFmNTNhZWJkYTI3MjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSWFIeIV4NXgKNueG8dK7La7tsXY
FjlHFkfXE1pP9OjrXPRTzvdyJRV3wMid2EkK05zWrROKxS9GS1V2g4PKxZ3oAxMh
MqvUrhs72G65qBoATXD6JHnHC8/zwV7cdk+7KiuN0V6E+Cb8rpFo+bMkz9RUpu8M
1LIXOHQP/Q9DV+0ZpaX33zy0dWeKl3hDk6gGWZQw+8DNXMDRdY/sIImc7lQFsF9i
jmCegqVESvVsZYBUFDnD66eF2+x7YEoQAx+E0DSh0MQPGUD9tputLhMCeKAczVYq
VVj5xQL4YU2ydcDjEms0idP5/RLzrVHXWQGJ4TErbSFBcnokll4ePrHrUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMoKNx+Th1q5jMZmlN4fU669onJUMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEveWdvM0g1T0hXcm1NeG1hVTNoOVRycjJpY2xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwn9sAwQA
wn9uMA0GCSqGSIb3DQEBCwUAA4IBAQBUtdhUUlDHGnvvCQLejJKyBtqYKeTny5nt
z5SmiXNh+BrUwcPTda7C0kTFeuil2N/x079Y+colP6WBkUtx8BZaDAiqsBDM88XD
4ikA99tUqOMtVRdY5FIjSaeRTVB8e6Sgd9DAWZtQdxNY7xO8NPcQdxT827De+ndU
LwVZBx390I9xW+j+dRsenL+DvPB6qBkIU9+xemG59YG2bymqibkujUTSuc1Q9DF2
XAmGK6OVZvrYaUSyJG7dRNsEIbfUIa4IjSRc8cJno4kupeN8CQygugn6Mj3Leeg0
M/2CU2cQuKyi5d4Ekr5kXIDsP+oeyubPMH9PLVRDqAwdR8r6mVc9
-----END CERTIFICATE-----