Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/_32PxZUATVVglUOkAuOeRhENkYA.roa
File:                     _32PxZUATVVglUOkAuOeRhENkYA.roa (raw, json)
Hash identifier:          Z/+QI+ZouM5sH6BOQC/hM4o0My4kuHmGD5J9BCVzOjQ=
Subject key identifier:   FF:7D:8F:C5:95:00:4D:55:60:95:43:A4:02:E3:9E:46:11:0D:91:80
Certificate issuer:       /CN=9fbddc6313efc4b672a7e2b32ae3c4484fe5f630
Certificate serial:       019E1E43708B131E9E175C4FB9E43E773724
Authority key identifier: 9F:BD:DC:63:13:EF:C4:B6:72:A7:E2:B3:2A:E3:C4:48:4F:E5:F6:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n73cYxPvxLZyp-KzKuPESE_l9jA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/_32PxZUATVVglUOkAuOeRhENkYA.roa
Signing time:             Tue 12 May 2026 22:16:36 +0000
ROA not before:           Tue 12 May 2026 22:16:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48648
IP address blocks:        195.88.26.0/24 maxlen: 24
                          195.88.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/n73cYxPvxLZyp-KzKuPESE_l9jA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/n73cYxPvxLZyp-KzKuPESE_l9jA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n73cYxPvxLZyp-KzKuPESE_l9jA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:16:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1e:43:70:8b:13:1e:9e:17:5c:4f:b9:e4:3e:77:37:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fbddc6313efc4b672a7e2b32ae3c4484fe5f630
        Validity
            Not Before: May 12 22:16:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff7d8fc595004d55609543a402e39e46110d9180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7e:df:22:18:65:20:71:d6:1d:59:4a:22:08:
                    22:ab:1e:cf:87:86:41:fa:d1:da:64:27:28:c6:8f:
                    b9:64:52:fa:75:62:88:c2:fd:9e:7b:a1:60:cc:ab:
                    e9:da:41:c8:ef:12:23:11:26:a0:9e:c8:59:d4:57:
                    1c:1f:de:01:73:d5:76:33:41:43:64:15:7b:b4:26:
                    8b:0f:b2:20:0e:cc:7f:e6:83:cb:b2:4c:a1:fb:c4:
                    f2:eb:30:f6:22:f5:c9:79:c4:2b:e7:76:ba:0a:76:
                    c3:29:2c:e4:ed:cd:57:5e:39:32:3e:59:5f:56:6e:
                    5f:39:b8:60:f4:9b:c4:ce:4d:42:db:6e:66:1b:9c:
                    db:a9:38:7f:ed:02:2c:66:87:49:92:e2:0f:c7:2d:
                    0b:ce:20:01:17:31:d1:74:e3:31:fb:f2:74:fc:35:
                    ae:4a:9b:c9:b9:a6:64:1b:46:e4:71:19:7a:4b:2d:
                    1e:c8:7b:ab:c1:31:f5:56:48:7a:07:de:01:6f:6e:
                    41:7c:24:35:f3:21:6b:bf:29:8e:e5:e4:7a:09:40:
                    d1:e2:5f:bf:bb:4f:c6:2c:84:3f:bc:94:b5:74:ba:
                    3d:f4:91:e3:50:84:0a:e3:70:df:82:0d:f9:0f:94:
                    5a:79:fa:99:02:9e:04:78:78:80:13:08:7e:8e:53:
                    b8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:7D:8F:C5:95:00:4D:55:60:95:43:A4:02:E3:9E:46:11:0D:91:80
            X509v3 Authority Key Identifier:
                keyid:9F:BD:DC:63:13:EF:C4:B6:72:A7:E2:B3:2A:E3:C4:48:4F:E5:F6:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n73cYxPvxLZyp-KzKuPESE_l9jA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/_32PxZUATVVglUOkAuOeRhENkYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/n73cYxPvxLZyp-KzKuPESE_l9jA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:6e:6d:5c:92:97:ec:88:33:80:83:2e:7f:94:71:cc:3a:ea:
         c7:27:20:e0:51:9e:ab:11:a0:b7:9c:f7:54:ad:a3:ca:86:62:
         98:24:13:0e:00:ce:02:41:7d:74:14:7f:9b:79:37:b8:d1:d3:
         29:54:96:90:e6:ab:52:4c:55:e2:95:5c:fd:61:84:5d:a1:41:
         9b:15:a0:7c:39:00:0e:b5:73:a1:e3:87:59:5e:3f:d8:93:3d:
         4c:1d:c2:5b:c4:79:59:39:51:e3:3e:73:98:dd:a4:6d:57:e1:
         1b:8d:80:b7:7e:9a:6e:ec:6a:da:e3:89:5c:d4:69:e8:0b:39:
         31:3a:93:76:43:13:5a:b8:26:ee:e0:7e:05:b5:4e:8a:e1:e8:
         94:04:ec:7c:8e:44:e8:39:b4:bc:a8:ba:dd:92:9c:87:79:67:
         b6:f5:1c:d2:02:4c:18:01:d2:eb:49:5d:2f:85:60:a7:1b:e3:
         9e:d6:96:39:30:f6:87:f8:f9:47:37:82:83:9c:42:f7:ec:b3:
         36:0e:77:a7:5a:75:14:ec:9d:75:ca:86:da:d6:1e:a7:7a:83:
         6d:e9:c1:27:d4:95:a4:07:34:1e:ca:e4:f6:1d:5b:93:9a:90:
         a5:0d:1f:a5:82:2d:a4:b7:f3:27:64:6b:a0:b0:05:94:df:21:
         be:b6:c8:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4eQ3CLEx6eF1xPueQ+dzckMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYmRkYzYzMTNlZmM0YjY3MmE3ZTJiMzJhZTNjNDQ4NGZl
NWY2MzAwHhcNMjYwNTEyMjIxNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjdkOGZjNTk1MDA0ZDU1NjA5NTQzYTQwMmUzOWU0NjExMGQ5MTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxH7fIhhlIHHWHVlKIggiqx7Ph4ZB
+tHaZCcoxo+5ZFL6dWKIwv2ee6FgzKvp2kHI7xIjESagnshZ1FccH94Bc9V2M0FD
ZBV7tCaLD7IgDsx/5oPLskyh+8Ty6zD2IvXJecQr53a6CnbDKSzk7c1XXjkyPllf
Vm5fObhg9JvEzk1C225mG5zbqTh/7QIsZodJkuIPxy0LziABFzHRdOMx+/J0/DWu
SpvJuaZkG0bkcRl6Sy0eyHurwTH1Vkh6B94Bb25BfCQ18yFrvymO5eR6CUDR4l+/
u0/GLIQ/vJS1dLo99JHjUIQK43Dfgg35D5RaefqZAp4EeHiAEwh+jlO4nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP99j8WVAE1VYJVDpALjnkYRDZGAMB8GA1UdIwQY
MBaAFJ+93GMT78S2cqfisyrjxEhP5fYwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjczY1l4UHZ4TFp5cC1Lekt1UEVTRV9sOWpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zZTA2OWEtMzQyMS00MGFiLTllMGMt
NDVjYzJkZDZlNDkxLzEvXzMyUHhaVUFUVlZnbFVPa0F1T2VSaEVOa1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zZTA2OWEtMzQyMS00MGFiLTllMGMtNDVjYzJkZDZlNDkx
LzEvbjczY1l4UHZ4TFp5cC1Lekt1UEVTRV9sOWpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1gaMA0G
CSqGSIb3DQEBCwUAA4IBAQApbm1ckpfsiDOAgy5/lHHMOurHJyDgUZ6rEaC3nPdU
raPKhmKYJBMOAM4CQX10FH+beTe40dMpVJaQ5qtSTFXilVz9YYRdoUGbFaB8OQAO
tXOh44dZXj/Ykz1MHcJbxHlZOVHjPnOY3aRtV+EbjYC3fppu7Gra44lc1GnoCzkx
OpN2QxNauCbu4H4FtU6K4eiUBOx8jkToObS8qLrdkpyHeWe29RzSAkwYAdLrSV0v
hWCnG+Oe1pY5MPaH+PlHN4KDnEL37LM2DnenWnUU7J11yoba1h6neoNt6cEn1JWk
BzQeyuT2HVuTmpClDR+lgi2kt/MnZGugsAWU3yG+tsgu
-----END CERTIFICATE-----