Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/vKRw2HUypzI_fLwgDuDJAjGJY-Q.roa
File:                     vKRw2HUypzI_fLwgDuDJAjGJY-Q.roa (raw, json)
Hash identifier:          kUjanpYMsskZ8DJFrlHn+4ejpbBtE2N86bbPjfXmLEs=
Subject key identifier:   BC:A4:70:D8:75:32:A7:32:3F:7C:BC:20:0E:E0:C9:02:31:89:63:E4
Certificate issuer:       /CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
Certificate serial:       019C8FC213D256CC33394AC8006278E2AED1
Authority key identifier: C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/vKRw2HUypzI_fLwgDuDJAjGJY-Q.roa
Signing time:             Tue 24 Feb 2026 13:06:26 +0000
ROA not before:           Tue 24 Feb 2026 13:06:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        141.138.78.0/24 maxlen: 24
                          141.138.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:c2:13:d2:56:cc:33:39:4a:c8:00:62:78:e2:ae:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
        Validity
            Not Before: Feb 24 13:06:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bca470d87532a7323f7cbc200ee0c902318963e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:85:4e:17:a7:ab:6c:5c:36:c8:fb:e8:46:c3:
                    68:85:75:e2:43:04:0e:b4:88:9c:18:ac:7a:76:70:
                    28:db:7e:58:ce:d6:b2:96:03:49:07:29:23:b7:83:
                    ec:c4:fe:c0:06:e7:70:5a:84:c3:14:78:ef:41:2c:
                    93:b3:ac:68:e3:e3:3e:62:35:de:ca:41:1c:21:0b:
                    09:20:63:5f:5f:8f:84:37:5b:22:e7:98:86:b9:54:
                    be:49:40:32:e7:9c:3d:ad:f5:b9:a8:16:ca:9d:bb:
                    52:4e:e1:09:a4:33:7f:51:27:25:ab:75:59:ed:5f:
                    37:f6:00:70:7d:98:0c:72:9d:bc:30:ef:6e:63:52:
                    c3:05:b4:f7:c0:ff:1c:99:fb:60:7b:0f:ab:5d:8a:
                    18:38:56:f3:ea:24:39:e7:ec:b5:15:c4:68:6c:65:
                    8c:1d:f1:45:d0:79:c7:e2:c7:ac:f8:48:71:7f:bd:
                    13:55:e9:be:fe:ed:b2:b0:f8:3d:6d:01:f6:dd:db:
                    12:5e:a0:d2:8f:7e:88:be:62:bd:3f:95:e9:88:74:
                    9a:b3:c1:f9:ef:c1:5c:a8:fa:aa:39:b5:a8:c2:15:
                    93:78:00:25:f9:a1:4f:88:f8:53:6d:b1:60:ce:02:
                    42:d3:bc:8e:ed:02:02:b8:48:40:22:ef:41:a5:64:
                    6f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A4:70:D8:75:32:A7:32:3F:7C:BC:20:0E:E0:C9:02:31:89:63:E4
            X509v3 Authority Key Identifier:
                keyid:C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/vKRw2HUypzI_fLwgDuDJAjGJY-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.138.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:a0:6d:7f:a6:d5:36:40:2b:4b:5d:dd:0e:79:99:81:7c:85:
         53:24:2a:1e:2d:fd:48:ce:00:ef:50:69:99:95:0c:c2:22:5f:
         f4:ff:5a:87:8c:45:37:af:04:88:0c:7c:64:a8:77:a4:64:84:
         a9:cd:93:2a:6a:69:f4:6e:b8:52:73:d3:38:a4:7a:65:3c:65:
         9b:a0:cf:99:ac:3c:b6:41:e3:da:42:c3:57:4c:ef:d8:5b:9a:
         cf:7d:df:16:c1:29:e5:74:61:eb:7c:78:6e:f9:2c:c8:b7:b2:
         10:e2:de:51:7c:e8:5e:d2:28:a4:f0:54:84:90:00:c5:f1:5d:
         d0:35:20:e9:70:11:aa:2c:61:e7:e9:b6:03:3a:e3:95:b7:bd:
         43:34:25:37:74:99:e9:d4:1c:99:d0:36:95:80:26:c6:c7:ed:
         8b:d7:7e:54:92:e6:10:ac:e5:3a:2c:92:a0:63:85:bd:c7:26:
         f1:3d:86:0b:ef:18:5d:de:1c:24:36:6c:bd:eb:e9:36:e3:9a:
         83:36:76:9a:be:e2:e5:02:95:2d:a4:5b:6e:4a:06:91:cd:d1:
         dd:24:69:8b:94:6d:f6:ca:0d:96:6a:b9:54:49:05:1a:4b:f3:
         73:2f:dc:b7:97:ad:25:9d:7e:04:1d:08:b4:1c:50:46:64:f2:
         e9:73:ce:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyPwhPSVswzOUrIAGJ44q7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGFkYWZiMWYzMWY5ODg5YWE0NzM1NzkyYjZlM2RiNDY5
MzFiYjkwHhcNMjYwMjI0MTMwNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2E0NzBkODc1MzJhNzMyM2Y3Y2JjMjAwZWUwYzkwMjMxODk2M2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroVOF6erbFw2yPvoRsNohXXiQwQO
tIicGKx6dnAo235YztaylgNJBykjt4PsxP7ABudwWoTDFHjvQSyTs6xo4+M+YjXe
ykEcIQsJIGNfX4+EN1si55iGuVS+SUAy55w9rfW5qBbKnbtSTuEJpDN/USclq3VZ
7V839gBwfZgMcp28MO9uY1LDBbT3wP8cmftgew+rXYoYOFbz6iQ55+y1FcRobGWM
HfFF0HnH4ses+Ehxf70TVem+/u2ysPg9bQH23dsSXqDSj36IvmK9P5XpiHSas8H5
78FcqPqqObWowhWTeAAl+aFPiPhTbbFgzgJC07yO7QICuEhAIu9BpWRvKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLykcNh1MqcyP3y8IA7gyQIxiWPkMB8GA1UdIwQY
MBaAFMmK2vsfMfmImqRzV5K249tGkxu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYt
M2IxMDNkNWE2OTBhLzEvdktSdzJIVXlweklfZkx3Z0R1REpBakdKWS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYtM2IxMDNkNWE2OTBh
LzEveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjYpOMA0G
CSqGSIb3DQEBCwUAA4IBAQAXoG1/ptU2QCtLXd0OeZmBfIVTJCoeLf1IzgDvUGmZ
lQzCIl/0/1qHjEU3rwSIDHxkqHekZISpzZMqamn0brhSc9M4pHplPGWboM+ZrDy2
QePaQsNXTO/YW5rPfd8WwSnldGHrfHhu+SzIt7IQ4t5RfOhe0iik8FSEkADF8V3Q
NSDpcBGqLGHn6bYDOuOVt71DNCU3dJnp1ByZ0DaVgCbGx+2L135UkuYQrOU6LJKg
Y4W9xybxPYYL7xhd3hwkNmy96+k245qDNnaavuLlApUtpFtuSgaRzdHdJGmLlG32
yg2WarlUSQUaS/NzL9y3l60lnX4EHQi0HFBGZPLpc85B
-----END CERTIFICATE-----