Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/QomjpQx9_CU1bmLVLsZtPoZDq78.roa
File:                     QomjpQx9_CU1bmLVLsZtPoZDq78.roa (raw, json)
Hash identifier:          HNmZtCav5oDUjr+7p6DMbvp4B1wr1fA/JAYD/NDabk4=
Subject key identifier:   42:89:A3:A5:0C:7D:FC:25:35:6E:62:D5:2E:C6:6D:3E:86:43:AB:BF
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019C95F85B5E7B36721166A419D58CF2032F
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/QomjpQx9_CU1bmLVLsZtPoZDq78.roa
Signing time:             Wed 25 Feb 2026 18:03:27 +0000
ROA not before:           Wed 25 Feb 2026 18:03:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        213.220.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:f8:5b:5e:7b:36:72:11:66:a4:19:d5:8c:f2:03:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Feb 25 18:03:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4289a3a50c7dfc25356e62d52ec66d3e8643abbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d5:24:ec:58:27:b3:84:dd:42:34:60:4a:4d:
                    f8:4a:dc:4b:3f:6f:71:21:44:b0:bf:10:23:1e:08:
                    91:4d:86:9f:5b:85:d0:1d:bf:2e:8b:5b:f3:d1:f2:
                    87:50:eb:17:e5:5d:ee:f8:a8:14:21:94:f0:b4:51:
                    8f:52:2e:30:0f:cd:a3:e3:08:0c:62:ca:1f:37:0a:
                    c7:09:65:1a:89:c5:87:de:e1:e1:15:45:fb:0f:74:
                    c7:a7:f8:11:ad:ac:19:b1:95:90:8a:d0:2d:f8:b2:
                    94:11:b8:2e:1c:fc:23:36:1d:28:cf:26:32:d7:f5:
                    fa:6e:fc:48:3a:a9:46:0d:77:5a:32:e3:fb:15:fa:
                    74:de:73:4f:3a:50:96:32:33:c2:55:85:c8:70:86:
                    ca:14:7e:17:e0:5a:49:6b:d7:83:6e:4a:f9:2a:94:
                    55:22:ed:4a:ee:58:01:c1:c2:73:99:07:49:19:f0:
                    37:12:ba:f9:db:23:90:32:30:e8:53:d2:a0:8b:3f:
                    84:af:ba:c9:d3:57:1c:f8:25:fa:4f:8c:b4:ef:91:
                    73:b8:ec:d4:d2:bc:4f:9d:30:43:20:5a:26:06:91:
                    5d:74:c4:6e:53:75:c4:46:40:00:a6:fc:33:94:7f:
                    71:c1:45:23:42:66:98:02:fe:89:91:86:a9:a7:d8:
                    32:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:89:A3:A5:0C:7D:FC:25:35:6E:62:D5:2E:C6:6D:3E:86:43:AB:BF
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/QomjpQx9_CU1bmLVLsZtPoZDq78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:f6:48:58:12:aa:24:4f:3e:54:e4:f1:c2:78:9f:7f:b2:4f:
         28:8b:be:3a:05:3a:bf:d4:e0:01:d7:40:82:3d:47:e4:33:f9:
         a6:f8:82:b6:55:6c:b1:fb:a5:7f:68:16:d5:06:81:6d:db:d6:
         ef:54:a4:57:4b:50:8f:12:b2:48:3b:91:fe:08:6c:1a:e4:af:
         d3:18:e0:9d:f8:36:fd:1d:39:72:8a:97:b9:cb:98:94:07:79:
         17:3b:09:55:d4:9e:e4:b6:5a:5a:5d:73:2b:55:6c:2e:b2:8c:
         9e:b5:58:de:14:41:f0:f1:ee:2d:24:a1:fc:ed:9d:93:c3:0c:
         03:09:90:ee:96:9f:20:ac:fd:cb:ed:07:16:29:aa:56:a6:9f:
         e4:24:42:af:ee:54:62:3f:21:50:7e:06:59:7f:4c:b0:83:89:
         0d:8c:bd:70:55:b3:eb:37:a9:d6:38:20:3f:e0:ac:c9:3e:17:
         7f:60:19:a3:46:3f:f7:b8:a1:c1:3a:a1:f1:15:ce:81:91:0f:
         e7:d2:22:03:ec:b7:fb:51:9b:40:d7:4c:1a:58:1b:53:d6:9f:
         04:32:9f:e8:98:33:a2:26:dd:22:95:b6:cb:63:79:fa:27:19:
         e4:d7:8b:fe:1f:9e:bc:b7:31:3b:3c:ca:69:65:e4:0b:2b:9a:
         0f:ea:76:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyV+FteezZyEWakGdWM8gMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwMjI1MTgwMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjg5YTNhNTBjN2RmYzI1MzU2ZTYyZDUyZWM2NmQzZTg2NDNhYmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tUk7Fgns4TdQjRgSk34StxLP29x
IUSwvxAjHgiRTYafW4XQHb8ui1vz0fKHUOsX5V3u+KgUIZTwtFGPUi4wD82j4wgM
YsofNwrHCWUaicWH3uHhFUX7D3THp/gRrawZsZWQitAt+LKUEbguHPwjNh0ozyYy
1/X6bvxIOqlGDXdaMuP7Ffp03nNPOlCWMjPCVYXIcIbKFH4X4FpJa9eDbkr5KpRV
Iu1K7lgBwcJzmQdJGfA3Err52yOQMjDoU9Kgiz+Er7rJ01cc+CX6T4y075FzuOzU
0rxPnTBDIFomBpFddMRuU3XERkAApvwzlH9xwUUjQmaYAv6JkYapp9gylwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKJo6UMffwlNW5i1S7GbT6GQ6u/MB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvUW9tanBReDlfQ1UxYm1MVkxzWnRQb1pEcTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwpMA0G
CSqGSIb3DQEBCwUAA4IBAQCL9khYEqokTz5U5PHCeJ9/sk8oi746BTq/1OAB10CC
PUfkM/mm+IK2VWyx+6V/aBbVBoFt29bvVKRXS1CPErJIO5H+CGwa5K/TGOCd+Db9
HTlyipe5y5iUB3kXOwlV1J7ktlpaXXMrVWwusoyetVjeFEHw8e4tJKH87Z2TwwwD
CZDulp8grP3L7QcWKapWpp/kJEKv7lRiPyFQfgZZf0ywg4kNjL1wVbPrN6nWOCA/
4KzJPhd/YBmjRj/3uKHBOqHxFc6BkQ/n0iID7Lf7UZtA10waWBtT1p8EMp/omDOi
Jt0ilbbLY3n6Jxnk14v+H568tzE7PMppZeQLK5oP6nZn
-----END CERTIFICATE-----