Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/xM-FcmqLH2Fk4MxXGNAUdHPs5WA.roa
File:                     xM-FcmqLH2Fk4MxXGNAUdHPs5WA.roa (raw, json)
Hash identifier:          zAQ/rpcpYL8nwkL4BP7Yry3eVEA7iIIHw5MMjWEuGzI=
Subject key identifier:   C4:CF:85:72:6A:8B:1F:61:64:E0:CC:57:18:D0:14:74:73:EC:E5:60
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019C22587E0A233622C9034DA047D6E2C61A
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/xM-FcmqLH2Fk4MxXGNAUdHPs5WA.roa
Signing time:             Tue 03 Feb 2026 07:12:30 +0000
ROA not before:           Tue 03 Feb 2026 07:12:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137517
IP address blocks:        213.220.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:22:58:7e:0a:23:36:22:c9:03:4d:a0:47:d6:e2:c6:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Feb  3 07:12:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4cf85726a8b1f6164e0cc5718d0147473ece560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:44:e4:53:4a:d7:81:2c:44:7a:04:44:43:87:
                    ca:9c:40:2f:3d:64:3b:f0:1a:46:c1:29:23:3a:b3:
                    56:84:7c:93:4e:be:dd:6a:65:37:04:d1:7c:7b:ad:
                    90:f3:50:42:f1:4d:52:e0:ba:46:6e:17:a0:41:ba:
                    b1:f9:7b:f5:d3:ff:5d:2a:8b:d9:77:5a:06:ba:f0:
                    1c:40:1e:be:10:09:83:c8:17:bc:5a:5a:45:68:f7:
                    00:11:5c:e0:0a:ca:56:3d:cd:0b:98:f9:87:87:ae:
                    a7:80:53:3c:75:0d:02:f5:1d:77:47:8e:01:40:37:
                    db:7d:1c:73:04:50:d2:d8:5c:de:13:d1:53:47:e7:
                    e4:e5:0a:af:e3:ec:ab:3c:27:ed:95:dc:b7:83:4c:
                    ac:de:cc:0f:d4:2f:ab:8d:8d:b3:27:d7:96:23:ab:
                    86:a6:02:9e:8d:bc:b6:22:89:1e:61:2d:15:82:3d:
                    7e:6b:5c:7a:df:41:ea:bd:89:38:a2:43:d1:da:cf:
                    93:4f:e8:17:c9:04:f4:be:eb:e9:e5:99:16:34:15:
                    69:9b:e1:9c:61:ef:13:21:16:85:9d:1d:c5:99:df:
                    a8:59:8e:06:04:81:cf:0f:23:7a:ac:e4:28:70:bf:
                    8a:d0:5b:f7:b4:95:62:b0:fe:78:cd:1b:c5:58:79:
                    23:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CF:85:72:6A:8B:1F:61:64:E0:CC:57:18:D0:14:74:73:EC:E5:60
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/xM-FcmqLH2Fk4MxXGNAUdHPs5WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:df:5a:12:08:a2:5b:73:a4:dd:5c:74:f1:09:3d:48:95:70:
         b6:51:f7:88:c5:81:cd:5c:d7:92:4f:f3:38:e1:b6:96:cc:a1:
         ce:25:54:c6:3d:2b:7e:c4:31:36:00:77:ac:94:f3:56:ae:1a:
         cc:a6:e2:41:86:6f:78:8a:f4:af:f9:2d:8f:91:4c:75:6b:52:
         7c:11:a4:77:08:4e:24:c7:32:97:fc:eb:f5:ad:17:88:eb:39:
         24:c6:fe:75:28:0c:20:05:46:94:e7:1f:67:bd:74:ae:f1:5c:
         b5:4a:cf:b5:e3:bf:5f:b8:25:4b:5e:c9:b7:70:a1:08:05:c4:
         4e:8a:29:af:41:bb:3d:4e:93:71:b7:95:4a:fd:98:91:0a:6d:
         f7:a1:74:d8:62:e6:b8:89:94:1a:b9:6b:d1:93:7c:72:0a:67:
         4a:d4:43:c6:e8:58:6b:52:79:46:e1:30:0b:77:1b:4b:9f:dc:
         5a:50:7a:b3:d9:f3:bd:e5:af:eb:0b:a7:8d:9f:a2:c1:ce:c7:
         30:17:3e:0e:f9:26:2f:4a:cf:88:c8:a0:15:d3:85:2c:23:72:
         fe:60:6d:d0:ba:3d:58:02:76:25:78:41:a3:9c:a5:92:44:07:
         19:9c:e2:88:ff:c5:0f:69:04:c4:64:31:51:b0:84:d3:6a:53:
         01:fc:8d:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwiWH4KIzYiyQNNoEfW4sYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwMjAzMDcxMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGNmODU3MjZhOGIxZjYxNjRlMGNjNTcxOGQwMTQ3NDczZWNlNTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0TkU0rXgSxEegREQ4fKnEAvPWQ7
8BpGwSkjOrNWhHyTTr7damU3BNF8e62Q81BC8U1S4LpGbhegQbqx+Xv10/9dKovZ
d1oGuvAcQB6+EAmDyBe8WlpFaPcAEVzgCspWPc0LmPmHh66ngFM8dQ0C9R13R44B
QDfbfRxzBFDS2FzeE9FTR+fk5Qqv4+yrPCftldy3g0ys3swP1C+rjY2zJ9eWI6uG
pgKejby2IokeYS0Vgj1+a1x630HqvYk4okPR2s+TT+gXyQT0vuvp5ZkWNBVpm+Gc
Ye8TIRaFnR3Fmd+oWY4GBIHPDyN6rOQocL+K0Fv3tJVisP54zRvFWHkjkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTPhXJqix9hZODMVxjQFHRz7OVgMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEveE0tRmNtcUxIMkZrNE14WEdOQVVkSFBzNVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwCMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ31oSCKJbc6TdXHTxCT1IlXC2UfeIxYHNXNeST/M4
4baWzKHOJVTGPSt+xDE2AHeslPNWrhrMpuJBhm94ivSv+S2PkUx1a1J8EaR3CE4k
xzKX/Ov1rReI6zkkxv51KAwgBUaU5x9nvXSu8Vy1Ss+1479fuCVLXsm3cKEIBcRO
iimvQbs9TpNxt5VK/ZiRCm33oXTYYua4iZQauWvRk3xyCmdK1EPG6FhrUnlG4TAL
dxtLn9xaUHqz2fO95a/rC6eNn6LBzscwFz4O+SYvSs+IyKAV04UsI3L+YG3Quj1Y
AnYleEGjnKWSRAcZnOKI/8UPaQTEZDFRsITTalMB/I0V
-----END CERTIFICATE-----