Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/k4uRfVLkiFx02imsmzFdIo0Ou9I.roa
File:                     k4uRfVLkiFx02imsmzFdIo0Ou9I.roa (raw, json)
Hash identifier:          9rPMDuoX5kSVG70I/Za6IhaLgJW41gakMpsQjx7kJlA=
Subject key identifier:   93:8B:91:7D:52:E4:88:5C:74:DA:29:AC:9B:31:5D:22:8D:0E:BB:D2
Certificate issuer:       /CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
Certificate serial:       019D0AACCBAB15A1817C5D79C128F65AF566
Authority key identifier: E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/k4uRfVLkiFx02imsmzFdIo0Ou9I.roa
Signing time:             Fri 20 Mar 2026 09:56:29 +0000
ROA not before:           Fri 20 Mar 2026 09:56:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199870
IP address blocks:        195.60.85.128/26 maxlen: 26
                          2001:7f8:16f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:ac:cb:ab:15:a1:81:7c:5d:79:c1:28:f6:5a:f5:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
        Validity
            Not Before: Mar 20 09:56:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=938b917d52e4885c74da29ac9b315d228d0ebbd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f1:34:a1:4e:1a:09:62:79:ed:28:50:c9:ab:
                    e1:e8:a6:aa:8c:00:0e:aa:2b:7f:ab:32:1b:0c:52:
                    f5:ff:f5:6c:7c:62:b0:d4:7f:5c:5b:2b:73:1a:5f:
                    e8:10:83:37:22:ae:e8:23:31:9b:74:6c:2a:e7:1b:
                    9a:43:fe:a6:0e:a7:2a:a8:c8:36:6f:43:26:a4:54:
                    b0:c5:35:1c:c7:69:f1:76:73:88:74:e4:78:62:99:
                    24:85:d0:3b:b2:48:8c:0b:a2:af:da:fe:b7:06:c1:
                    bf:6e:86:83:e3:1b:ab:fd:6d:63:f8:5b:4f:5f:dd:
                    e9:ba:20:b6:01:f3:de:cd:a8:b2:63:a9:2c:ac:b2:
                    60:70:e3:85:72:71:28:86:41:74:5b:42:2b:c6:f2:
                    cf:f8:fa:86:e3:87:c7:dd:6c:e0:b6:13:0b:e3:78:
                    84:1a:d7:21:d2:e7:d6:1c:ab:c6:7e:01:a2:fd:79:
                    bb:dd:f0:cc:ed:7b:fc:f4:77:30:43:9e:8c:2d:11:
                    39:0c:23:dd:da:a7:43:59:eb:98:4c:4e:6e:f1:d3:
                    97:a3:87:28:70:eb:90:60:e6:7e:62:4c:c5:9b:d5:
                    c4:96:33:c0:93:0d:d2:66:c1:57:90:e3:0e:75:0c:
                    2d:4d:3c:f1:c4:24:59:b2:29:9a:6b:b4:49:fa:d6:
                    cc:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8B:91:7D:52:E4:88:5C:74:DA:29:AC:9B:31:5D:22:8D:0E:BB:D2
            X509v3 Authority Key Identifier:
                keyid:E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/k4uRfVLkiFx02imsmzFdIo0Ou9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.85.128/26
                IPv6:
                  2001:7f8:16f::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:ec:97:f1:24:a6:22:e5:fe:04:3c:a7:1d:f5:b0:77:0d:b0:
         25:fa:79:3b:2b:18:07:c6:94:d1:e0:59:a6:37:18:6e:1d:5b:
         25:fa:07:d0:fb:ed:55:96:92:48:7d:d3:98:a9:6c:da:8e:14:
         81:50:f8:d6:b4:8c:65:e3:09:a0:0e:28:5b:7b:d6:9d:1d:5d:
         af:20:45:8f:e2:9d:92:37:3e:18:fa:b2:a0:8a:42:5e:7b:81:
         62:40:2e:76:60:d2:9f:c5:d3:9d:db:4c:78:c3:c4:a8:62:b3:
         71:49:ef:20:7f:79:16:05:ba:b1:59:07:ee:5b:ea:b2:26:cf:
         33:9a:63:78:cd:0e:96:5f:60:ae:95:fa:7b:e3:55:c8:18:ba:
         60:67:f9:fe:57:6d:c1:bd:f7:5c:57:ef:d9:dc:ea:db:e2:17:
         30:68:34:32:3c:49:29:93:5b:55:15:8b:36:4c:a1:3d:71:c8:
         ff:bf:6a:e0:43:68:85:00:ae:d6:7f:c8:b0:c5:3d:c1:e1:61:
         63:af:1f:37:31:3a:4f:15:db:7c:20:bd:44:67:af:5d:ae:06:
         ea:06:cc:ff:59:37:a6:cd:23:3e:aa:3b:7d:86:45:90:92:19:
         ac:9b:d9:9c:bd:64:2c:81:65:99:93:f0:92:43:4f:82:08:7d:
         91:0d:5e:97
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ0KrMurFaGBfF15wSj2WvVmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YmQyNmRjZTQ4MTYxYzdmYmY5ZmY2N2I5MDdmMWU2MDVj
MjVhNjYwHhcNMjYwMzIwMDk1NjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhiOTE3ZDUyZTQ4ODVjNzRkYTI5YWM5YjMxNWQyMjhkMGViYmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvE0oU4aCWJ57ShQyavh6KaqjAAO
qit/qzIbDFL1//VsfGKw1H9cWytzGl/oEIM3Iq7oIzGbdGwq5xuaQ/6mDqcqqMg2
b0MmpFSwxTUcx2nxdnOIdOR4YpkkhdA7skiMC6Kv2v63BsG/boaD4xur/W1j+FtP
X93puiC2AfPezaiyY6ksrLJgcOOFcnEohkF0W0IrxvLP+PqG44fH3WzgthML43iE
Gtch0ufWHKvGfgGi/Xm73fDM7Xv89HcwQ56MLRE5DCPd2qdDWeuYTE5u8dOXo4co
cOuQYOZ+YkzFm9XEljPAkw3SZsFXkOMOdQwtTTzxxCRZsimaa7RJ+tbMeQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJOLkX1S5IhcdNoprJsxXSKNDrvSMB8GA1UdIwQY
MBaAFOi9JtzkgWHH+/n/Z7kH8eYFwlpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQt
NTBkZDNhNTgxNTRiLzEvazR1UmZWTGtpRngwMmltc216RmRJbzBPdTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQtNTBkZDNhNTgxNTRi
LzEvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDANBAIAATAHAwUGwzxVgDAP
BAIAAjAJAwcAIAEH+AFvMA0GCSqGSIb3DQEBCwUAA4IBAQBk7JfxJKYi5f4EPKcd
9bB3DbAl+nk7KxgHxpTR4FmmNxhuHVsl+gfQ++1VlpJIfdOYqWzajhSBUPjWtIxl
4wmgDihbe9adHV2vIEWP4p2SNz4Y+rKgikJee4FiQC52YNKfxdOd20x4w8SoYrNx
Se8gf3kWBbqxWQfuW+qyJs8zmmN4zQ6WX2Culfp741XIGLpgZ/n+V23BvfdcV+/Z
3Orb4hcwaDQyPEkpk1tVFYs2TKE9ccj/v2rgQ2iFAK7Wf8iwxT3B4WFjrx83MTpP
Fdt8IL1EZ69drgbqBsz/WTemzSM+qjt9hkWQkhmsm9mcvWQsgWWZk/CSQ0+CCH2R
DV6X
-----END CERTIFICATE-----