Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vE8RT5tGx4-A_04Scer5jyniaaU.roa
File:                     vE8RT5tGx4-A_04Scer5jyniaaU.roa (raw, json)
Hash identifier:          e65tIftUtM59Vz2EkVut3dyHMcoD5hM2Wga4e5Qc5S0=
Subject key identifier:   BC:4F:11:4F:9B:46:C7:8F:80:FF:4E:12:71:EA:F9:8F:29:E2:69:A5
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019CD20C0ED4A72B9F34E69D73D30AD5C4E6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vE8RT5tGx4-A_04Scer5jyniaaU.roa
Signing time:             Mon 09 Mar 2026 10:02:11 +0000
ROA not before:           Mon 09 Mar 2026 10:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        193.124.205.0/24 maxlen: 24
                          195.133.58.0/24 maxlen: 24
                          212.193.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:0c:0e:d4:a7:2b:9f:34:e6:9d:73:d3:0a:d5:c4:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar  9 10:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc4f114f9b46c78f80ff4e1271eaf98f29e269a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:7b:6e:e2:26:fc:32:1b:00:ed:3f:4b:10:30:
                    8b:fe:52:65:de:81:8d:0e:66:f7:5f:29:3d:38:10:
                    1b:41:c9:49:e7:a9:3d:af:be:39:49:91:5a:d3:71:
                    a7:35:bb:3d:8e:8c:a5:32:70:4c:a8:39:de:5f:c3:
                    31:58:5c:39:40:1e:00:3e:d0:b0:1e:84:2f:db:fb:
                    82:e3:a5:c4:37:e3:30:47:6b:22:56:ff:41:a9:1b:
                    b2:98:e6:c9:55:80:47:8c:56:56:ce:05:21:9b:17:
                    c4:0e:5b:76:c7:9a:ba:de:0c:48:2d:c3:84:d1:ee:
                    33:a3:33:e6:37:ef:bd:01:76:72:69:6b:f2:05:e5:
                    9e:2d:22:65:1a:27:e7:ed:07:68:8e:d4:fc:cd:cc:
                    05:bb:d1:a8:4c:24:67:67:d7:9b:2c:b0:23:4a:68:
                    29:8c:61:e4:af:d1:48:dc:a9:85:dd:13:c0:86:80:
                    a7:da:17:d2:77:90:a9:2f:4f:a1:21:66:c3:02:ef:
                    e8:10:c8:09:13:95:11:f1:ed:71:78:43:81:19:ae:
                    15:93:4f:4b:ef:e8:9e:50:5e:9a:93:bb:55:a4:24:
                    eb:53:fb:85:6b:39:7f:45:15:97:0b:ac:fd:d0:6d:
                    e9:4f:41:bf:30:2d:fb:e6:a4:e7:b9:96:33:d8:bd:
                    d9:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:4F:11:4F:9B:46:C7:8F:80:FF:4E:12:71:EA:F9:8F:29:E2:69:A5
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vE8RT5tGx4-A_04Scer5jyniaaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.205.0/24
                  195.133.58.0/24
                  212.193.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:39:cd:f8:9f:46:35:af:e4:c0:10:df:ef:16:47:f2:4f:b9:
         64:92:bc:92:31:b8:66:7a:4c:55:a1:48:52:a1:6b:26:b1:44:
         b5:31:48:54:f7:a6:a1:20:cf:65:6b:27:8c:dc:ee:b9:6a:98:
         4b:73:44:cb:25:b7:2d:70:b7:c8:e1:07:1a:32:32:93:e1:b6:
         18:82:3a:60:89:09:d7:20:83:76:9f:ad:87:62:01:24:e1:fc:
         a4:83:58:ab:ee:f8:29:7e:1f:d7:39:39:1c:ce:81:c1:30:da:
         c4:20:6d:be:f8:1d:d5:3e:37:e3:42:18:88:cb:5c:3c:3b:f6:
         6e:83:ee:80:a5:b2:50:1a:94:e6:9a:64:3b:d1:01:43:6d:56:
         3b:2e:aa:fb:87:20:06:e3:f2:c6:ba:0f:fe:fb:b5:f7:10:b1:
         e6:87:5a:93:7a:48:d8:a9:65:bb:1c:cc:63:05:dc:86:1e:5f:
         81:c1:d4:5f:1a:9b:20:de:fe:ab:0c:19:55:5c:d5:67:47:95:
         94:e6:a5:f4:17:c5:0a:95:7a:cf:08:a7:8d:83:4d:8d:19:21:
         d7:aa:9d:3e:25:8a:14:a4:8b:e1:e8:76:87:e7:c6:74:68:7f:
         0c:11:5d:86:4f:60:ef:1b:d5:fc:43:de:da:21:25:c3:d8:9c:
         87:fe:5c:e6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzSDA7UpyufNOadc9MK1cTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMzA5MTAwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzRmMTE0ZjliNDZjNzhmODBmZjRlMTI3MWVhZjk4ZjI5ZTI2OWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Htu4ib8MhsA7T9LEDCL/lJl3oGN
Dmb3Xyk9OBAbQclJ56k9r745SZFa03GnNbs9joylMnBMqDneX8MxWFw5QB4APtCw
HoQv2/uC46XEN+MwR2siVv9BqRuymObJVYBHjFZWzgUhmxfEDlt2x5q63gxILcOE
0e4zozPmN++9AXZyaWvyBeWeLSJlGifn7QdojtT8zcwFu9GoTCRnZ9ebLLAjSmgp
jGHkr9FI3KmF3RPAhoCn2hfSd5CpL0+hIWbDAu/oEMgJE5UR8e1xeEOBGa4Vk09L
7+ieUF6ak7tVpCTrU/uFazl/RRWXC6z90G3pT0G/MC375qTnuZYz2L3ZrQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLxPEU+bRsePgP9OEnHq+Y8p4mmlMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdkU4UlQ1dEd4NC1BXzA0U2NlcjVqeW5pYWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwXzNAwQA
w4U6AwQA1MEJMA0GCSqGSIb3DQEBCwUAA4IBAQCTOc34n0Y1r+TAEN/vFkfyT7lk
krySMbhmekxVoUhSoWsmsUS1MUhU96ahIM9layeM3O65aphLc0TLJbctcLfI4Qca
MjKT4bYYgjpgiQnXIIN2n62HYgEk4fykg1ir7vgpfh/XOTkczoHBMNrEIG2++B3V
PjfjQhiIy1w8O/Zug+6ApbJQGpTmmmQ70QFDbVY7Lqr7hyAG4/LGug/++7X3ELHm
h1qTekjYqWW7HMxjBdyGHl+BwdRfGpsg3v6rDBlVXNVnR5WU5qX0F8UKlXrPCKeN
g02NGSHXqp0+JYoUpIvh6HaH58Z0aH8MEV2GT2DvG9X8Q97aISXD2JyH/lzm
-----END CERTIFICATE-----