Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/xYkYZOmCV58rTJJEdIAsjdVBGXM.roa
File:                     xYkYZOmCV58rTJJEdIAsjdVBGXM.roa (raw, json)
Hash identifier:          eCJXn/CSFpM/78IXFQ7tMZnEX10POhy3RCQh+Y88gTU=
Subject key identifier:   C5:89:18:64:E9:82:57:9F:2B:4C:92:44:74:80:2C:8D:D5:41:19:73
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       019C09B481A83F943492800A0D301BAF5999
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/xYkYZOmCV58rTJJEdIAsjdVBGXM.roa
Signing time:             Thu 29 Jan 2026 12:22:30 +0000
ROA not before:           Thu 29 Jan 2026 12:22:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199866
IP address blocks:        31.130.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:09:b4:81:a8:3f:94:34:92:80:0a:0d:30:1b:af:59:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan 29 12:22:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5891864e982579f2b4c924474802c8dd5411973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:41:0a:85:44:e2:c6:09:b2:a7:b1:f4:d9:08:
                    0e:03:78:84:29:3d:4c:24:29:20:0b:ce:c4:43:78:
                    85:69:50:ee:b0:a6:6d:4b:1c:a5:93:0e:eb:6b:ff:
                    fd:29:68:4a:9c:d2:9b:75:ce:e8:35:27:45:cd:74:
                    0d:4b:62:af:09:50:fb:ba:4f:92:1b:10:65:20:2b:
                    c6:f0:59:42:ba:93:b3:bc:9d:f4:d4:5a:b7:de:87:
                    ef:8a:51:c1:36:00:98:ff:e6:64:ee:63:5f:f3:ad:
                    5b:ff:22:11:b2:f3:03:c8:a3:7a:67:9c:5b:d0:6a:
                    59:af:e3:1a:d9:f2:19:ed:8e:2e:14:7a:97:0c:7d:
                    25:a5:99:bd:a9:d6:e2:e9:18:d9:6f:92:6e:64:e9:
                    e0:34:71:f8:2a:e9:2a:50:b2:97:8c:05:67:6b:37:
                    4e:1c:19:e5:97:a1:e1:27:f0:92:70:4d:2f:fa:60:
                    54:14:47:17:82:8f:65:b8:8f:fc:b6:64:38:77:c5:
                    3a:61:2d:00:06:a0:ce:74:71:9c:e3:32:ed:d7:79:
                    82:26:5d:bd:02:7b:cf:7b:83:30:78:75:ad:83:9c:
                    10:f3:bd:f4:21:e8:16:e4:d0:88:2b:c9:03:34:61:
                    27:13:57:05:04:79:90:d2:ef:69:c0:a9:6b:90:f7:
                    60:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:89:18:64:E9:82:57:9F:2B:4C:92:44:74:80:2C:8D:D5:41:19:73
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/xYkYZOmCV58rTJJEdIAsjdVBGXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:3f:62:bb:e6:c8:9b:2f:1c:de:95:1c:10:5a:c6:5e:c9:1e:
         74:97:9e:2c:98:dd:9a:5a:f3:7b:d5:91:da:ee:68:9f:ef:82:
         95:ac:ac:4d:1f:ab:58:e2:ee:28:98:ad:e6:ff:22:22:b9:e0:
         a4:86:94:b8:01:83:47:fb:e7:c7:a6:0b:6e:23:13:38:ce:97:
         90:7e:6b:e6:9d:05:44:85:7d:76:5f:fb:9d:e2:9b:39:d8:46:
         04:55:d2:0c:c2:70:97:39:98:97:bc:c0:fd:cb:b3:c9:e2:5a:
         59:00:58:33:5d:dd:44:1f:ef:15:4c:f8:b5:ee:d9:b4:21:9b:
         ee:f0:a7:e4:98:ee:f0:3d:40:81:3f:cf:51:c1:1d:bf:11:29:
         24:2c:ff:61:af:a3:2e:e4:5e:8b:60:d5:20:21:dd:28:83:69:
         69:82:78:ad:df:5b:15:c6:79:0f:78:08:07:51:44:34:2d:13:
         c8:59:66:54:5a:08:ec:ef:bb:af:60:9c:aa:01:35:ae:06:e8:
         26:a9:e7:e4:7b:42:3c:2a:9e:9a:1b:52:ec:bb:4c:b3:70:ed:
         d2:2c:29:b9:3d:55:0c:9b:c7:de:24:f8:e2:e6:2c:a4:2a:82:
         05:c2:b7:71:b0:f0:58:a4:09:6e:75:67:a2:6c:a4:b7:45:e1:
         34:1f:ae:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwJtIGoP5Q0koAKDTAbr1mZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjYwMTI5MTIyMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTg5MTg2NGU5ODI1NzlmMmI0YzkyNDQ3NDgwMmM4ZGQ1NDExOTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUEKhUTixgmyp7H02QgOA3iEKT1M
JCkgC87EQ3iFaVDusKZtSxylkw7ra//9KWhKnNKbdc7oNSdFzXQNS2KvCVD7uk+S
GxBlICvG8FlCupOzvJ301Fq33ofvilHBNgCY/+Zk7mNf861b/yIRsvMDyKN6Z5xb
0GpZr+Ma2fIZ7Y4uFHqXDH0lpZm9qdbi6RjZb5JuZOngNHH4KukqULKXjAVnazdO
HBnll6HhJ/CScE0v+mBUFEcXgo9luI/8tmQ4d8U6YS0ABqDOdHGc4zLt13mCJl29
AnvPe4MweHWtg5wQ8730IegW5NCIK8kDNGEnE1cFBHmQ0u9pwKlrkPdgvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWJGGTpglefK0ySRHSALI3VQRlzMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEveFlrWVpPbUNWNThyVEpKRWRJQXNqZFZCR1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4KfMA0G
CSqGSIb3DQEBCwUAA4IBAQCqP2K75sibLxzelRwQWsZeyR50l54smN2aWvN71ZHa
7mif74KVrKxNH6tY4u4omK3m/yIiueCkhpS4AYNH++fHpgtuIxM4zpeQfmvmnQVE
hX12X/ud4ps52EYEVdIMwnCXOZiXvMD9y7PJ4lpZAFgzXd1EH+8VTPi17tm0IZvu
8KfkmO7wPUCBP89RwR2/ESkkLP9hr6Mu5F6LYNUgId0og2lpgnit31sVxnkPeAgH
UUQ0LRPIWWZUWgjs77uvYJyqATWuBugmqefke0I8Kp6aG1Lsu0yzcO3SLCm5PVUM
m8feJPji5iykKoIFwrdxsPBYpAludWeibKS3ReE0H655
-----END CERTIFICATE-----