Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/8E3FfQDfKo0RwM9V0bGENDO4ZvQ.roa
File:                     8E3FfQDfKo0RwM9V0bGENDO4ZvQ.roa (raw, json)
Hash identifier:          8o8iLC8KwiZoXHQBr0olo2Z+JJ6m2MhxO7rA13CUyu0=
Subject key identifier:   F0:4D:C5:7D:00:DF:2A:8D:11:C0:CF:55:D1:B1:84:34:33:B8:66:F4
Certificate issuer:       /CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
Certificate serial:       019DB54CF2A499630897DE49C40787B51F36
Authority key identifier: D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/8E3FfQDfKo0RwM9V0bGENDO4ZvQ.roa
Signing time:             Wed 22 Apr 2026 13:06:52 +0000
ROA not before:           Wed 22 Apr 2026 13:06:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206039
IP address blocks:        178.237.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:4c:f2:a4:99:63:08:97:de:49:c4:07:87:b5:1f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
        Validity
            Not Before: Apr 22 13:06:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f04dc57d00df2a8d11c0cf55d1b1843433b866f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4a:9c:72:bf:8b:0d:08:c5:4e:7b:24:2d:f0:
                    a7:45:30:20:8b:3d:82:35:67:7d:cd:75:f5:3d:9b:
                    1f:d6:f8:68:aa:52:7a:7e:c6:1d:1d:32:e9:a3:3b:
                    34:f7:ae:75:f9:9c:3b:88:4a:58:2b:55:74:33:69:
                    50:76:34:27:a7:e5:b4:ce:8e:28:ee:05:4a:d6:81:
                    5b:d9:73:81:9b:dc:fe:20:53:8b:02:53:87:a1:dd:
                    1e:87:6d:55:b3:1a:57:c2:11:21:da:3e:dc:36:4e:
                    69:d5:67:c0:58:db:16:a0:27:04:30:9b:7b:85:25:
                    c1:9b:ca:02:39:50:33:b6:e4:d3:de:d2:00:85:d6:
                    d4:d5:8d:a2:57:dc:b9:7a:14:87:01:29:0f:85:42:
                    c8:18:fe:0c:da:93:ed:15:73:f2:19:05:81:62:5a:
                    e8:50:0e:a0:73:1f:6a:2a:86:c2:43:63:35:32:10:
                    3c:5a:cf:0e:b1:87:f4:40:2f:02:30:6b:2e:8e:35:
                    fe:36:53:79:f4:75:87:d0:5e:9d:ae:0c:10:c0:fd:
                    90:4a:dc:b7:b3:a5:33:16:de:56:36:21:0c:54:e0:
                    54:f9:3c:1d:cc:2e:9c:89:41:e3:ab:9d:02:e6:16:
                    4f:fe:26:1e:a3:0d:cb:a2:aa:de:de:5e:99:f9:31:
                    f7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:4D:C5:7D:00:DF:2A:8D:11:C0:CF:55:D1:B1:84:34:33:B8:66:F4
            X509v3 Authority Key Identifier:
                keyid:D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/8E3FfQDfKo0RwM9V0bGENDO4ZvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.237.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a1:55:c8:71:9d:40:14:73:d6:1f:11:c6:de:e5:8e:18:4a:
         06:f8:01:fa:cf:9a:48:02:fa:7d:40:25:f2:8b:52:b9:99:23:
         df:1c:4f:ff:1b:cf:82:a6:9e:3e:bc:4b:bd:a9:dc:41:7d:5c:
         ad:e2:f1:9a:9a:85:b5:91:a5:0b:cc:68:1c:a3:4f:d3:28:41:
         13:56:72:1d:43:e0:67:cf:da:b3:8e:a4:a9:a8:76:53:ac:27:
         68:3e:e9:90:ea:4d:c0:7a:37:07:10:5f:8f:e0:77:b2:64:bb:
         4e:65:c2:8f:fb:de:fe:07:48:7d:60:8d:2e:52:8c:7e:85:ee:
         a5:06:57:ed:de:ae:c0:f5:54:bb:ca:4b:20:ea:0d:54:00:52:
         cc:98:7e:c6:8f:a6:3e:ae:85:44:37:ce:5a:bb:5a:80:ec:52:
         0b:6b:1c:f1:e1:67:eb:da:9e:57:9b:30:03:19:38:b3:09:af:
         01:34:db:9e:ce:c3:c8:46:a6:14:db:a2:44:2b:fd:12:ba:65:
         5c:7f:2c:ab:37:95:af:c3:c5:6b:28:11:35:b8:6c:70:44:37:
         e1:a8:5c:5e:ec:9f:3c:ad:30:8b:64:93:ab:de:c0:ae:e3:f5:
         30:90:b8:e4:2d:37:0b:5e:3a:9f:89:b5:8e:45:f9:e5:b0:d8:
         02:15:7c:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ21TPKkmWMIl95JxAeHtR82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OTkyMmNhOGQxMzlhNGQwM2Q2ZDU3Y2JjODE3N2RjMDVm
ZWI5ZWMwHhcNMjYwNDIyMTMwNjUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDRkYzU3ZDAwZGYyYThkMTFjMGNmNTVkMWIxODQzNDMzYjg2NmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Eqccr+LDQjFTnskLfCnRTAgiz2C
NWd9zXX1PZsf1vhoqlJ6fsYdHTLpozs09651+Zw7iEpYK1V0M2lQdjQnp+W0zo4o
7gVK1oFb2XOBm9z+IFOLAlOHod0eh21VsxpXwhEh2j7cNk5p1WfAWNsWoCcEMJt7
hSXBm8oCOVAztuTT3tIAhdbU1Y2iV9y5ehSHASkPhULIGP4M2pPtFXPyGQWBYlro
UA6gcx9qKobCQ2M1MhA8Ws8OsYf0QC8CMGsujjX+NlN59HWH0F6drgwQwP2QSty3
s6UzFt5WNiEMVOBU+TwdzC6ciUHjq50C5hZP/iYeow3Loqre3l6Z+TH3oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBNxX0A3yqNEcDPVdGxhDQzuGb0MB8GA1UdIwQY
MBaAFNSZIsqNE5pNA9bVfLyBd9wF/rnsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUt
ZThiNjBhMmRkNmI0LzEvOEUzRmZRRGZLbzBSd005VjBiR0VORE80WnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUtZThiNjBhMmRkNmI0
LzEvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu3LMA0G
CSqGSIb3DQEBCwUAA4IBAQAooVXIcZ1AFHPWHxHG3uWOGEoG+AH6z5pIAvp9QCXy
i1K5mSPfHE//G8+Cpp4+vEu9qdxBfVyt4vGamoW1kaULzGgco0/TKEETVnIdQ+Bn
z9qzjqSpqHZTrCdoPumQ6k3AejcHEF+P4HeyZLtOZcKP+97+B0h9YI0uUox+he6l
Blft3q7A9VS7yksg6g1UAFLMmH7Gj6Y+roVEN85au1qA7FILaxzx4Wfr2p5XmzAD
GTizCa8BNNuezsPIRqYU26JEK/0SumVcfyyrN5Wvw8VrKBE1uGxwRDfhqFxe7J88
rTCLZJOr3sCu4/UwkLjkLTcLXjqfibWORfnlsNgCFXwg
-----END CERTIFICATE-----