Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/t_YD_TMrdsOA2W1FycZvgBgKvl0.roa
File:                     t_YD_TMrdsOA2W1FycZvgBgKvl0.roa (raw, json)
Hash identifier:          aKXaaEglxUURDjTbsuHChlw8EkR2WNC0oRTNkZ/SbXo=
Subject key identifier:   B7:F6:03:FD:33:2B:76:C3:80:D9:6D:45:C9:C6:6F:80:18:0A:BE:5D
Certificate issuer:       /CN=7d15cfedb9aeab42bf8ac5b24cb1aeec2a660943
Certificate serial:       019C9A161F88322ABB8C151827CB227B31F7
Authority key identifier: 7D:15:CF:ED:B9:AE:AB:42:BF:8A:C5:B2:4C:B1:AE:EC:2A:66:09:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fRXP7bmuq0K_isWyTLGu7CpmCUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/t_YD_TMrdsOA2W1FycZvgBgKvl0.roa
Signing time:             Thu 26 Feb 2026 13:14:26 +0000
ROA not before:           Thu 26 Feb 2026 13:14:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8851
IP address blocks:        194.207.0.0/19 maxlen: 24
                          2a00:4901::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/fRXP7bmuq0K_isWyTLGu7CpmCUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/fRXP7bmuq0K_isWyTLGu7CpmCUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fRXP7bmuq0K_isWyTLGu7CpmCUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:16:1f:88:32:2a:bb:8c:15:18:27:cb:22:7b:31:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d15cfedb9aeab42bf8ac5b24cb1aeec2a660943
        Validity
            Not Before: Feb 26 13:14:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b7f603fd332b76c380d96d45c9c66f80180abe5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b6:5a:b6:36:4e:99:bb:f3:6a:85:f5:ac:a3:
                    c0:90:2b:a3:34:e3:da:10:11:d2:37:eb:66:3f:83:
                    6b:f2:fc:7b:32:1c:42:75:a2:e1:65:a2:b6:ee:e7:
                    c7:e9:c8:73:2d:c6:dc:e5:61:c7:8e:8c:e0:28:07:
                    ef:fd:7d:47:4d:ac:c4:ef:50:14:2c:69:fa:aa:47:
                    97:40:82:32:1e:ad:12:1c:00:66:65:55:11:6a:6a:
                    fe:76:25:b4:a9:4c:4a:5b:56:2a:fd:ca:82:9c:4e:
                    2e:b3:a0:c4:bc:b4:2c:dc:c7:9a:10:24:1f:c2:9d:
                    ea:ce:5a:aa:81:67:34:76:3c:29:31:e2:a0:16:7a:
                    38:ca:e0:40:54:ea:da:46:6d:1a:44:b1:69:c4:5e:
                    1d:75:11:36:aa:b3:2d:a6:1e:9f:97:f2:58:19:83:
                    f6:06:df:bf:fd:2b:3e:f7:e1:d4:38:c1:00:cf:06:
                    63:9e:33:08:32:b3:f3:4a:26:c7:38:41:34:2e:30:
                    4d:5f:c7:b8:1c:80:e8:28:d2:d9:b4:65:34:19:91:
                    cb:f1:72:a4:c2:45:d7:d8:00:ef:a9:07:02:d1:5f:
                    68:0e:03:a9:c6:ed:a3:e9:27:c8:72:cb:e8:c4:50:
                    a7:84:c1:b4:4c:34:20:54:65:34:8c:bd:4d:af:8f:
                    d9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:F6:03:FD:33:2B:76:C3:80:D9:6D:45:C9:C6:6F:80:18:0A:BE:5D
            X509v3 Authority Key Identifier:
                keyid:7D:15:CF:ED:B9:AE:AB:42:BF:8A:C5:B2:4C:B1:AE:EC:2A:66:09:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fRXP7bmuq0K_isWyTLGu7CpmCUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/t_YD_TMrdsOA2W1FycZvgBgKvl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/fRXP7bmuq0K_isWyTLGu7CpmCUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.207.0.0/19
                IPv6:
                  2a00:4901::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:bb:c1:de:67:37:74:88:60:96:9a:5a:5e:ab:74:c0:a9:a3:
         77:6f:e5:44:3c:a3:9a:9c:11:4d:b3:dd:a2:fa:27:cd:51:d1:
         d5:5c:d0:aa:36:95:61:5b:4a:0e:96:8c:7e:97:3a:66:6b:db:
         15:61:63:3a:cb:cb:9d:70:77:54:f3:ef:2f:cf:b1:42:fd:0d:
         13:39:47:c8:ed:96:cd:5f:b1:52:f6:5e:46:8d:ac:36:98:82:
         e3:60:7f:ad:87:00:18:d8:e2:50:2a:ed:69:6f:1d:c6:74:40:
         b1:9d:c6:80:2d:15:c5:aa:88:83:3f:1b:4d:f0:7e:85:33:7a:
         4e:cf:a3:39:d3:3b:3b:2c:fa:81:aa:b7:ff:62:0e:3d:28:3d:
         5f:52:99:2f:c4:76:04:4c:4d:88:2e:31:2f:75:84:ea:1e:3a:
         2e:cf:3f:46:be:bb:ba:bf:d8:3a:80:7f:56:bf:c1:5d:41:d7:
         7a:5f:57:5f:f6:fc:94:7b:54:11:6e:a6:c6:b8:5c:c7:14:1d:
         ff:25:9e:ff:a4:b4:d6:20:43:e2:d7:f1:11:b8:e6:b9:b6:55:
         35:a6:1a:94:ff:34:b1:55:b2:12:e4:44:4a:75:ed:1a:e3:0f:
         0f:81:78:b1:42:c4:4d:b7:85:72:c8:1f:c6:61:91:d0:79:05:
         6d:f5:b3:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyaFh+IMiq7jBUYJ8siezH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMTVjZmVkYjlhZWFiNDJiZjhhYzViMjRjYjFhZWVjMmE2
NjA5NDMwHhcNMjYwMjI2MTMxNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2Y2MDNmZDMzMmI3NmMzODBkOTZkNDVjOWM2NmY4MDE4MGFiZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LZatjZOmbvzaoX1rKPAkCujNOPa
EBHSN+tmP4Nr8vx7MhxCdaLhZaK27ufH6chzLcbc5WHHjozgKAfv/X1HTazE71AU
LGn6qkeXQIIyHq0SHABmZVURamr+diW0qUxKW1Yq/cqCnE4us6DEvLQs3MeaECQf
wp3qzlqqgWc0djwpMeKgFno4yuBAVOraRm0aRLFpxF4ddRE2qrMtph6fl/JYGYP2
Bt+//Ss+9+HUOMEAzwZjnjMIMrPzSibHOEE0LjBNX8e4HIDoKNLZtGU0GZHL8XKk
wkXX2ADvqQcC0V9oDgOpxu2j6SfIcsvoxFCnhMG0TDQgVGU0jL1Nr4/ZQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLf2A/0zK3bDgNltRcnGb4AYCr5dMB8GA1UdIwQY
MBaAFH0Vz+25rqtCv4rFskyxruwqZglDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlJYUDdibXVxMEtfaXNXeVRMR3U3Q3BtQ1VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hZDZiNzMtMGU4Yy00YTQ1LWI2YmIt
NDIyODFmNTUxOGE5LzEvdF9ZRF9UTXJkc09BMlcxRnljWnZnQmdLdmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hZDZiNzMtMGU4Yy00YTQ1LWI2YmItNDIyODFmNTUxOGE5
LzEvZlJYUDdibXVxMEtfaXNXeVRMR3U3Q3BtQ1VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFws8AMA0E
AgACMAcDBQAqAEkBMA0GCSqGSIb3DQEBCwUAA4IBAQCfu8HeZzd0iGCWmlpeq3TA
qaN3b+VEPKOanBFNs92i+ifNUdHVXNCqNpVhW0oOlox+lzpma9sVYWM6y8udcHdU
8+8vz7FC/Q0TOUfI7ZbNX7FS9l5Gjaw2mILjYH+thwAY2OJQKu1pbx3GdECxncaA
LRXFqoiDPxtN8H6FM3pOz6M50zs7LPqBqrf/Yg49KD1fUpkvxHYETE2ILjEvdYTq
Hjouzz9Gvru6v9g6gH9Wv8FdQdd6X1df9vyUe1QRbqbGuFzHFB3/JZ7/pLTWIEPi
1/ERuOa5tlU1phqU/zSxVbIS5ERKde0a4w8PgXixQsRNt4VyyB/GYZHQeQVt9bPs
-----END CERTIFICATE-----