Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/324a9d-cf07-4e71-83a1-182512f8bcde/1/sA4kl7o5kbctohYhMH3tb8jEvIM.roa
File:                     sA4kl7o5kbctohYhMH3tb8jEvIM.roa (raw, json)
Hash identifier:          yvgE8Ar+rDnZHHbM7lyidYb1LqwSWRPZgw35u9TtMhU=
Subject key identifier:   B0:0E:24:97:BA:39:91:B7:2D:A2:16:21:30:7D:ED:6F:C8:C4:BC:83
Certificate issuer:       /CN=0553c433f6c225019d9cb5a4330012f4c77a1f3e
Certificate serial:       019DBEC136904AEEB3CECC32A528E23E70AB
Authority key identifier: 05:53:C4:33:F6:C2:25:01:9D:9C:B5:A4:33:00:12:F4:C7:7A:1F:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVPEM_bCJQGdnLWkMwAS9Md6Hz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/324a9d-cf07-4e71-83a1-182512f8bcde/1/sA4kl7o5kbctohYhMH3tb8jEvIM.roa
Signing time:             Fri 24 Apr 2026 09:10:26 +0000
ROA not before:           Fri 24 Apr 2026 09:10:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     18900
IP address blocks:        195.166.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/324a9d-cf07-4e71-83a1-182512f8bcde/1/BVPEM_bCJQGdnLWkMwAS9Md6Hz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/324a9d-cf07-4e71-83a1-182512f8bcde/1/BVPEM_bCJQGdnLWkMwAS9Md6Hz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVPEM_bCJQGdnLWkMwAS9Md6Hz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:be:c1:36:90:4a:ee:b3:ce:cc:32:a5:28:e2:3e:70:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0553c433f6c225019d9cb5a4330012f4c77a1f3e
        Validity
            Not Before: Apr 24 09:10:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b00e2497ba3991b72da21621307ded6fc8c4bc83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d2:a5:61:ff:dd:8d:34:7b:4e:6f:1e:72:6d:
                    0e:eb:5b:75:22:f3:a2:f4:aa:24:7f:52:c0:45:9a:
                    0c:70:4b:0e:94:c7:92:06:1e:8f:76:bc:e8:66:f4:
                    c2:a6:f6:d1:39:d4:ce:f5:17:64:c9:37:b7:54:5b:
                    0a:71:b6:7a:5f:66:ef:35:2c:f7:f3:55:ae:c3:e6:
                    11:d0:86:a9:fa:f1:9d:53:f5:54:8a:fe:97:07:7e:
                    26:a8:e1:96:83:fb:c4:7b:ef:d6:fb:fa:55:8e:2d:
                    a0:f6:2b:12:27:2d:b8:e9:1e:6e:84:ae:b2:28:86:
                    a2:5b:ad:48:ce:fa:ce:7e:0c:3e:55:04:0e:3f:21:
                    78:8b:42:e7:af:ee:a8:2f:ca:d3:1d:4e:0c:e6:b1:
                    23:29:3c:7a:07:ff:0e:b0:50:1a:c7:7f:fa:37:8f:
                    fe:6c:fe:1e:83:97:72:7b:5a:4e:75:3f:4e:02:9a:
                    48:cb:e1:75:29:e9:5c:c2:1d:7b:3c:14:36:8c:2d:
                    2d:cb:6d:62:6e:78:b6:44:62:1b:23:85:f3:f1:f2:
                    bb:9e:43:fa:d9:5d:ea:34:a6:23:e0:93:ff:b7:2f:
                    b6:1d:e7:c6:36:1e:df:cd:53:26:1d:95:fc:8a:ae:
                    16:fb:7e:c9:2a:b9:1c:d7:2e:64:9b:5e:70:26:9f:
                    7c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:0E:24:97:BA:39:91:B7:2D:A2:16:21:30:7D:ED:6F:C8:C4:BC:83
            X509v3 Authority Key Identifier:
                keyid:05:53:C4:33:F6:C2:25:01:9D:9C:B5:A4:33:00:12:F4:C7:7A:1F:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVPEM_bCJQGdnLWkMwAS9Md6Hz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/324a9d-cf07-4e71-83a1-182512f8bcde/1/sA4kl7o5kbctohYhMH3tb8jEvIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/324a9d-cf07-4e71-83a1-182512f8bcde/1/BVPEM_bCJQGdnLWkMwAS9Md6Hz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.166.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:0f:6c:5a:1c:d2:b7:64:bd:80:3c:15:c4:c3:c8:a2:b3:c4:
         06:d1:ed:70:2a:ce:f0:8d:a4:2c:6c:f2:75:65:40:6d:79:71:
         1d:a5:7b:08:ab:c0:82:d8:a5:e3:7d:c4:4d:2d:97:a0:b5:43:
         53:da:60:76:1c:1b:45:15:2a:9a:33:33:b2:0e:b3:fc:dd:f0:
         26:69:6c:1c:e0:56:28:3d:dd:c0:1a:f5:1c:cb:2a:5a:52:fb:
         01:5a:b2:bd:13:c7:62:a5:8c:5a:9b:9e:6b:30:ea:48:4f:3c:
         82:bb:0e:0e:58:ae:38:68:80:24:1c:b2:55:bf:99:18:87:6b:
         d1:e7:39:72:91:27:35:29:16:0c:61:89:5f:7f:bd:e5:70:25:
         96:1e:4a:ce:ca:6a:f2:c2:2d:2a:06:0e:1d:33:23:bf:28:d4:
         d5:2a:bc:06:96:6c:ff:fe:ef:f9:f2:54:bb:2a:fd:33:8e:8d:
         68:ee:b5:64:e9:90:43:98:71:a0:d8:6a:30:c6:9c:09:c2:d1:
         65:20:0e:d7:68:eb:3e:31:cf:5e:19:5f:1c:46:e4:51:5f:e6:
         dc:7d:eb:97:ee:0f:a9:f8:71:68:30:a2:08:eb:8c:9f:76:8f:
         4d:7c:a4:01:1c:30:75:2b:f6:98:d0:a4:1d:36:76:2d:8d:a9:
         b9:96:35:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2+wTaQSu6zzswypSjiPnCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTNjNDMzZjZjMjI1MDE5ZDljYjVhNDMzMDAxMmY0Yzc3
YTFmM2UwHhcNMjYwNDI0MDkxMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDBlMjQ5N2JhMzk5MWI3MmRhMjE2MjEzMDdkZWQ2ZmM4YzRiYzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdKlYf/djTR7Tm8ecm0O61t1IvOi
9Kokf1LARZoMcEsOlMeSBh6PdrzoZvTCpvbROdTO9RdkyTe3VFsKcbZ6X2bvNSz3
81Wuw+YR0Iap+vGdU/VUiv6XB34mqOGWg/vEe+/W+/pVji2g9isSJy246R5uhK6y
KIaiW61IzvrOfgw+VQQOPyF4i0Lnr+6oL8rTHU4M5rEjKTx6B/8OsFAax3/6N4/+
bP4eg5dye1pOdT9OAppIy+F1Kelcwh17PBQ2jC0ty21ibni2RGIbI4Xz8fK7nkP6
2V3qNKYj4JP/ty+2HefGNh7fzVMmHZX8iq4W+37JKrkc1y5km15wJp98/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAOJJe6OZG3LaIWITB97W/IxLyDMB8GA1UdIwQY
MBaAFAVTxDP2wiUBnZy1pDMAEvTHeh8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZQRU1fYkNKUUdkbkxXa013QVM5TWQ2SHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8zMjRhOWQtY2YwNy00ZTcxLTgzYTEt
MTgyNTEyZjhiY2RlLzEvc0E0a2w3bzVrYmN0b2hZaE1IM3RiOGpFdklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8zMjRhOWQtY2YwNy00ZTcxLTgzYTEtMTgyNTEyZjhiY2Rl
LzEvQlZQRU1fYkNKUUdkbkxXa013QVM5TWQ2SHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6Z8MA0G
CSqGSIb3DQEBCwUAA4IBAQB7D2xaHNK3ZL2APBXEw8iis8QG0e1wKs7wjaQsbPJ1
ZUBteXEdpXsIq8CC2KXjfcRNLZegtUNT2mB2HBtFFSqaMzOyDrP83fAmaWwc4FYo
Pd3AGvUcyypaUvsBWrK9E8dipYxam55rMOpITzyCuw4OWK44aIAkHLJVv5kYh2vR
5zlykSc1KRYMYYlff73lcCWWHkrOymrywi0qBg4dMyO/KNTVKrwGlmz//u/58lS7
Kv0zjo1o7rVk6ZBDmHGg2GowxpwJwtFlIA7XaOs+Mc9eGV8cRuRRX+bcfeuX7g+p
+HFoMKII64yfdo9NfKQBHDB1K/aY0KQdNnYtjam5ljXQ
-----END CERTIFICATE-----