Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/9760c6-3fce-42bd-bbc8-49fbc30a8f61/1/J7XTEsifopXt0LyZERZ4bxD_gsA.roa
File:                     J7XTEsifopXt0LyZERZ4bxD_gsA.roa (raw, json)
Hash identifier:          Il7+0rYxklAhI9+3062Z4W95Cz4Wv/cW8FrtfG8GyYg=
Subject key identifier:   27:B5:D3:12:C8:9F:A2:95:ED:D0:BC:99:11:16:78:6F:10:FF:82:C0
Certificate issuer:       /CN=50a88f9a834101adf877037a51c81d133aa946ec
Certificate serial:       019B7CEE46B816389862AECF3D4A0B2EE5F5
Authority key identifier: 50:A8:8F:9A:83:41:01:AD:F8:77:03:7A:51:C8:1D:13:3A:A9:46:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UKiPmoNBAa34dwN6UcgdEzqpRuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/9760c6-3fce-42bd-bbc8-49fbc30a8f61/1/J7XTEsifopXt0LyZERZ4bxD_gsA.roa
Signing time:             Fri 02 Jan 2026 04:19:09 +0000
ROA not before:           Fri 02 Jan 2026 04:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47468
IP address blocks:        195.242.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/9760c6-3fce-42bd-bbc8-49fbc30a8f61/1/UKiPmoNBAa34dwN6UcgdEzqpRuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/9760c6-3fce-42bd-bbc8-49fbc30a8f61/1/UKiPmoNBAa34dwN6UcgdEzqpRuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UKiPmoNBAa34dwN6UcgdEzqpRuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 19:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:46:b8:16:38:98:62:ae:cf:3d:4a:0b:2e:e5:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50a88f9a834101adf877037a51c81d133aa946ec
        Validity
            Not Before: Jan  2 04:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27b5d312c89fa295edd0bc991116786f10ff82c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ec:f4:34:14:59:63:5c:54:c1:57:77:57:06:
                    a3:8a:b8:61:0b:96:62:c5:e7:a0:83:33:45:6a:1c:
                    a0:91:1d:4b:2f:1a:60:f9:5c:db:b7:52:f0:41:9a:
                    6c:ba:94:55:8c:de:c1:20:64:e8:c4:aa:51:5b:4e:
                    fb:f5:ca:06:55:d6:0e:ad:58:48:ea:e6:9e:10:3c:
                    66:bd:6c:7a:76:03:25:28:c8:a2:57:a8:5a:72:2d:
                    f5:4a:bb:c9:03:d8:a4:41:fa:0f:52:1d:76:b9:ae:
                    53:63:5d:9e:ca:24:2c:3f:d1:26:d1:25:00:7f:70:
                    8b:b9:92:d5:82:68:64:82:76:5b:4e:3d:fd:15:88:
                    24:67:31:16:2f:83:30:b4:ce:0f:ba:d9:52:aa:bb:
                    3d:2c:0f:e4:89:1c:c0:43:7f:76:62:d0:b5:f7:66:
                    26:f9:e2:b6:4e:ad:dc:48:7c:bb:38:4a:49:bf:12:
                    29:d0:1c:84:9e:f2:25:6e:36:2b:56:5e:3a:46:d6:
                    fa:79:77:f4:00:1e:17:e3:7b:db:05:04:4f:29:16:
                    6d:b1:dc:52:ef:40:cc:e2:dd:30:9d:e4:4d:aa:94:
                    9b:a6:d9:9b:41:90:72:bb:84:c1:c6:0d:9a:9f:04:
                    9a:10:12:56:ce:31:97:6a:fb:83:1f:8e:a6:ef:d3:
                    a6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:B5:D3:12:C8:9F:A2:95:ED:D0:BC:99:11:16:78:6F:10:FF:82:C0
            X509v3 Authority Key Identifier:
                keyid:50:A8:8F:9A:83:41:01:AD:F8:77:03:7A:51:C8:1D:13:3A:A9:46:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UKiPmoNBAa34dwN6UcgdEzqpRuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/9760c6-3fce-42bd-bbc8-49fbc30a8f61/1/J7XTEsifopXt0LyZERZ4bxD_gsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/9760c6-3fce-42bd-bbc8-49fbc30a8f61/1/UKiPmoNBAa34dwN6UcgdEzqpRuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:90:a1:4c:dc:ca:bd:6d:ea:ac:81:f4:96:91:65:59:41:06:
         25:f5:86:9c:51:14:2a:fc:a6:ea:b7:65:26:9e:0a:85:7b:c4:
         a2:b1:3a:c4:7e:58:8b:05:48:45:9c:95:eb:ae:37:f4:63:e4:
         19:33:5a:68:51:9c:48:07:89:d6:26:aa:fe:bd:54:4e:99:85:
         95:a3:87:cb:52:e0:76:81:ac:38:f7:33:cb:9e:9d:61:b6:bb:
         b4:fa:7d:1c:91:07:c1:97:0e:d8:55:23:1f:3a:ae:98:66:1a:
         1c:e5:dd:ab:3b:0d:80:03:5f:b7:f0:a9:b3:66:1d:c2:0d:20:
         5d:b1:3e:95:ee:e6:cc:97:22:cd:2e:c6:89:47:0d:80:0e:6f:
         99:0b:57:ac:89:25:9d:1f:14:b5:6d:df:86:a4:45:f6:5f:3e:
         60:ea:1d:8d:22:f9:d4:80:82:7a:92:e9:fd:14:cf:e1:aa:49:
         87:92:ef:a6:54:f7:de:1c:a0:45:1f:dd:05:83:41:50:bb:bc:
         fb:81:70:ec:ea:25:db:17:68:b1:83:89:70:37:f1:d8:5c:d8:
         13:5e:59:6f:d7:ce:5b:17:4d:a9:1c:a9:e6:67:07:39:76:4f:
         21:14:21:55:9f:b1:33:80:d3:ea:57:7b:14:df:b4:43:93:31:
         f6:ef:35:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87ka4FjiYYq7PPUoLLuX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYTg4ZjlhODM0MTAxYWRmODc3MDM3YTUxYzgxZDEzM2Fh
OTQ2ZWMwHhcNMjYwMTAyMDQxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2I1ZDMxMmM4OWZhMjk1ZWRkMGJjOTkxMTE2Nzg2ZjEwZmY4MmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+z0NBRZY1xUwVd3VwajirhhC5Zi
xeeggzNFahygkR1LLxpg+Vzbt1LwQZpsupRVjN7BIGToxKpRW0779coGVdYOrVhI
6uaeEDxmvWx6dgMlKMiiV6haci31SrvJA9ikQfoPUh12ua5TY12eyiQsP9Em0SUA
f3CLuZLVgmhkgnZbTj39FYgkZzEWL4MwtM4PutlSqrs9LA/kiRzAQ392YtC192Ym
+eK2Tq3cSHy7OEpJvxIp0ByEnvIlbjYrVl46Rtb6eXf0AB4X43vbBQRPKRZtsdxS
70DM4t0wneRNqpSbptmbQZByu4TBxg2anwSaEBJWzjGXavuDH46m79OmoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCe10xLIn6KV7dC8mREWeG8Q/4LAMB8GA1UdIwQY
MBaAFFCoj5qDQQGt+HcDelHIHRM6qUbsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUtpUG1vTkJBYTM0ZHdONlVjZ2RFenFwUnV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi85NzYwYzYtM2ZjZS00MmJkLWJiYzgt
NDlmYmMzMGE4ZjYxLzEvSjdYVEVzaWZvcFh0MEx5WkVSWjRieERfZ3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi85NzYwYzYtM2ZjZS00MmJkLWJiYzgtNDlmYmMzMGE4ZjYx
LzEvVUtpUG1vTkJBYTM0ZHdONlVjZ2RFenFwUnV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/KwMA0G
CSqGSIb3DQEBCwUAA4IBAQBckKFM3Mq9beqsgfSWkWVZQQYl9YacURQq/Kbqt2Um
ngqFe8SisTrEfliLBUhFnJXrrjf0Y+QZM1poUZxIB4nWJqr+vVROmYWVo4fLUuB2
gaw49zPLnp1htru0+n0ckQfBlw7YVSMfOq6YZhoc5d2rOw2AA1+38KmzZh3CDSBd
sT6V7ubMlyLNLsaJRw2ADm+ZC1esiSWdHxS1bd+GpEX2Xz5g6h2NIvnUgIJ6kun9
FM/hqkmHku+mVPfeHKBFH90Fg0FQu7z7gXDs6iXbF2ixg4lwN/HYXNgTXllv185b
F02pHKnmZwc5dk8hFCFVn7EzgNPqV3sU37RDkzH27zU/
-----END CERTIFICATE-----