Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/T7oxV4Rmv2aGG5h-sq_bbfp7cXk.roa
File:                     T7oxV4Rmv2aGG5h-sq_bbfp7cXk.roa (raw, json)
Hash identifier:          56UkEBVR91odUYAEuW3iMxqImg8YTpwGiDV/Dlr2y/A=
Subject key identifier:   4F:BA:31:57:84:66:BF:66:86:1B:98:7E:B2:AF:DB:6D:FA:7B:71:79
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019C8F3E405C26948D49683D763966549376
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/T7oxV4Rmv2aGG5h-sq_bbfp7cXk.roa
Signing time:             Tue 24 Feb 2026 10:42:27 +0000
ROA not before:           Tue 24 Feb 2026 10:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31715
IP address blocks:        213.220.4.0/24 maxlen: 24
                          213.220.13.0/24 maxlen: 24
                          213.220.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:3e:40:5c:26:94:8d:49:68:3d:76:39:66:54:93:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Feb 24 10:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4fba31578466bf66861b987eb2afdb6dfa7b7179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:47:e2:84:c0:4b:f6:82:bc:10:af:91:70:ca:
                    67:93:56:74:76:92:35:e5:c3:54:57:70:af:5a:c2:
                    ea:5f:32:76:01:d7:aa:f5:cf:44:a5:0f:53:2e:77:
                    8c:68:50:4f:11:c7:c0:bd:7c:91:3c:a1:65:9d:03:
                    72:3a:3e:49:ba:42:ba:c6:f7:72:28:1d:96:f7:db:
                    3c:99:e2:32:54:f9:22:ee:8c:d2:a0:7d:f7:cd:af:
                    89:4d:7f:31:ba:0c:59:c1:36:1d:94:4b:1e:df:15:
                    de:da:8c:25:52:ed:8e:97:00:b6:0f:14:df:37:19:
                    2f:7e:8e:30:e3:78:6b:8a:79:fa:73:b8:ff:99:ad:
                    42:c9:58:09:53:de:ee:03:87:e3:41:66:30:5d:d0:
                    92:d0:55:65:44:f4:dc:f3:ca:f0:96:e2:30:b7:1d:
                    91:27:24:3a:21:bd:31:3e:3d:1c:62:a7:f2:d3:c6:
                    48:c2:e2:e0:5e:52:fb:00:41:ac:90:26:78:db:27:
                    19:cd:c5:ce:97:df:d7:30:c4:f1:28:df:42:01:2f:
                    73:a0:ea:48:ef:a7:c7:f4:f8:07:09:be:e0:d4:16:
                    bf:22:d3:41:4d:cd:fa:ef:b0:61:94:fc:18:f0:c4:
                    2a:de:2a:6c:f5:55:7f:39:36:91:2a:de:f1:b5:67:
                    10:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:BA:31:57:84:66:BF:66:86:1B:98:7E:B2:AF:DB:6D:FA:7B:71:79
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/T7oxV4Rmv2aGG5h-sq_bbfp7cXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.4.0/24
                  213.220.13.0/24
                  213.220.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:53:9a:81:8f:4d:74:5a:a4:f8:11:ea:fc:6f:6b:2c:6b:04:
         cd:bf:2a:fe:45:af:24:f3:e3:c3:57:7d:4c:d4:45:ba:ed:db:
         d2:0a:5a:0c:82:2a:aa:98:ac:e6:1c:4c:e5:4f:ba:03:3f:f8:
         1d:d3:75:c4:8e:ff:5e:70:9f:dd:e7:f5:0b:0b:d7:bb:62:bf:
         c1:4f:a3:51:99:f3:8a:b4:c4:6c:20:0a:f9:ef:da:8d:a8:7d:
         83:36:07:ee:4c:76:ed:c0:ce:00:f9:0a:50:19:20:be:58:2a:
         0a:b9:eb:99:cc:03:c1:c3:81:cc:55:a7:f9:e1:fd:64:3e:30:
         5f:f1:05:3d:26:d0:e7:51:33:d7:de:89:a1:f6:11:f1:28:f8:
         ab:30:f5:d0:08:67:7d:9e:f1:d0:61:68:ae:d8:4b:17:5a:1b:
         47:47:69:b3:c7:63:83:23:91:a6:d4:76:83:6a:32:0d:7a:3e:
         5b:ce:a5:9a:cc:57:6d:9e:1c:76:e7:e7:2e:49:1b:75:e1:14:
         99:9b:ee:e5:7e:58:30:a0:f1:fa:18:69:39:07:b9:a1:7a:36:
         f9:59:66:bf:b1:96:48:fe:3f:20:2a:1a:54:1a:4e:ec:32:74:
         fb:69:88:a5:ff:e3:1e:fb:4d:c2:39:b8:46:6b:d8:f6:5d:36:
         39:31:e3:05
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyPPkBcJpSNSWg9djlmVJN2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwMjI0MTA0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmJhMzE1Nzg0NjZiZjY2ODYxYjk4N2ViMmFmZGI2ZGZhN2I3MTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60fihMBL9oK8EK+RcMpnk1Z0dpI1
5cNUV3CvWsLqXzJ2Adeq9c9EpQ9TLneMaFBPEcfAvXyRPKFlnQNyOj5JukK6xvdy
KB2W99s8meIyVPki7ozSoH33za+JTX8xugxZwTYdlEse3xXe2owlUu2OlwC2DxTf
Nxkvfo4w43hrinn6c7j/ma1CyVgJU97uA4fjQWYwXdCS0FVlRPTc88rwluIwtx2R
JyQ6Ib0xPj0cYqfy08ZIwuLgXlL7AEGskCZ42ycZzcXOl9/XMMTxKN9CAS9zoOpI
76fH9PgHCb7g1Ba/ItNBTc3677BhlPwY8MQq3ips9VV/OTaRKt7xtWcQzQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE+6MVeEZr9mhhuYfrKv2236e3F5MB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvVDdveFY0Um12MmFHRzVoLXNxX2JiZnA3Y1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1dwEAwQA
1dwNAwQA1dwQMA0GCSqGSIb3DQEBCwUAA4IBAQCmU5qBj010WqT4Eer8b2ssawTN
vyr+Ra8k8+PDV31M1EW67dvSCloMgiqqmKzmHEzlT7oDP/gd03XEjv9ecJ/d5/UL
C9e7Yr/BT6NRmfOKtMRsIAr579qNqH2DNgfuTHbtwM4A+QpQGSC+WCoKueuZzAPB
w4HMVaf54f1kPjBf8QU9JtDnUTPX3omh9hHxKPirMPXQCGd9nvHQYWiu2EsXWhtH
R2mzx2ODI5Gm1HaDajINej5bzqWazFdtnhx25+cuSRt14RSZm+7lflgwoPH6GGk5
B7mhejb5WWa/sZZI/j8gKhpUGk7sMnT7aYil/+Me+03CObhGa9j2XTY5MeMF
-----END CERTIFICATE-----