Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/4p2i3_lV2Xm21VM3RkLxfJEz5kE.roa
File:                     4p2i3_lV2Xm21VM3RkLxfJEz5kE.roa (raw, json)
Hash identifier:          NW8zzFhQ2+ZAvR18p5GH/sVm8t6bYcOGdrKnOofJKBM=
Subject key identifier:   E2:9D:A2:DF:F9:55:D9:79:B6:D5:53:37:46:42:F1:7C:91:33:E6:41
Certificate issuer:       /CN=095654498e1cc7bf8ce09eae17acdf7c883d5b49
Certificate serial:       019B7E384028529C53EF0F0955905D15057A
Authority key identifier: 09:56:54:49:8E:1C:C7:BF:8C:E0:9E:AE:17:AC:DF:7C:88:3D:5B:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/4p2i3_lV2Xm21VM3RkLxfJEz5kE.roa
Signing time:             Fri 02 Jan 2026 10:19:34 +0000
ROA not before:           Fri 02 Jan 2026 10:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44936
IP address blocks:        195.135.200.0/22 maxlen: 22
                          195.135.200.0/24 maxlen: 24
                          195.135.201.0/24 maxlen: 24
                          195.135.202.0/24 maxlen: 24
                          195.135.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:40:28:52:9c:53:ef:0f:09:55:90:5d:15:05:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=095654498e1cc7bf8ce09eae17acdf7c883d5b49
        Validity
            Not Before: Jan  2 10:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e29da2dff955d979b6d553374642f17c9133e641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:60:16:5c:b0:fd:78:d8:36:e5:a6:1a:94:44:
                    a0:0d:82:6a:93:70:3f:a5:bf:21:59:03:ca:e0:f0:
                    a7:e5:c2:21:ea:2c:7b:61:f7:96:74:08:da:fa:a3:
                    7e:e3:ed:ce:71:11:f8:41:83:7e:4d:7c:3b:68:58:
                    8b:82:3b:b1:df:d9:72:53:a1:8e:da:d8:7e:1c:d6:
                    63:b0:7a:94:05:8a:06:ac:67:fb:31:72:35:18:91:
                    03:bb:47:83:79:26:43:ce:4c:6c:0b:88:73:f6:26:
                    31:cd:56:39:19:ab:b7:66:90:91:68:e8:78:fe:52:
                    b1:66:b5:3f:55:e2:69:f8:b1:a4:49:d7:66:21:bd:
                    0e:50:33:ce:3e:7b:cf:dc:70:98:1c:90:3b:bc:84:
                    c3:3c:be:18:fa:bd:89:20:7f:db:08:93:b8:db:46:
                    7f:2c:52:29:86:32:c7:2d:ec:8d:e7:22:85:03:da:
                    bf:b2:23:9c:01:54:c2:7a:93:ac:54:16:e7:41:3f:
                    fb:7c:0f:ba:0b:91:0a:be:ad:5d:83:fe:45:18:90:
                    bf:29:89:81:8e:af:5e:a6:a9:29:bf:58:27:ad:9d:
                    e7:08:93:b7:ee:73:c2:57:78:22:8b:0c:5e:73:36:
                    61:a6:2c:39:49:a1:68:38:0b:a6:4d:b9:27:c4:c5:
                    88:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:9D:A2:DF:F9:55:D9:79:B6:D5:53:37:46:42:F1:7C:91:33:E6:41
            X509v3 Authority Key Identifier:
                keyid:09:56:54:49:8E:1C:C7:BF:8C:E0:9E:AE:17:AC:DF:7C:88:3D:5B:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/4p2i3_lV2Xm21VM3RkLxfJEz5kE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.135.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:80:5f:24:bc:8c:17:1a:bb:b7:fe:8a:9a:02:88:ab:87:e5:
         eb:2b:66:f6:60:92:7e:2e:b0:32:24:8c:32:76:a5:eb:d5:ac:
         a9:56:34:6f:99:bf:01:01:e3:a7:4a:13:88:03:9b:fc:02:29:
         e8:0d:e7:da:cf:2d:43:e6:10:3d:60:86:64:f6:e9:03:1d:6e:
         30:8e:86:bf:48:6d:0c:5e:73:dd:dd:21:b2:44:0f:a8:c2:22:
         85:d9:9d:f1:5f:8f:07:e6:1a:d7:b2:48:11:e8:a5:d6:b0:4c:
         77:d7:af:79:20:91:96:51:08:75:9d:ca:2d:58:38:7f:e8:fe:
         d3:04:46:73:48:2d:b4:29:a0:62:51:08:48:5a:29:41:75:0b:
         2c:a6:81:1d:a7:53:08:74:ba:04:0f:35:bd:b5:3a:49:66:55:
         b6:a2:91:dc:20:10:0b:4e:61:f0:f8:62:01:6a:16:0d:0a:4a:
         61:0e:af:66:23:d8:66:88:c6:3e:0e:50:4d:58:15:38:e7:af:
         5a:5b:91:8a:7c:23:0d:1e:d4:ce:54:1d:bc:2e:83:b1:c2:44:
         14:f3:af:08:2d:fb:ed:1e:c7:c3:14:06:a3:0d:3a:b8:f9:1e:
         24:66:0c:f4:03:dd:d1:99:c8:45:02:9f:bc:ba:9b:de:e1:1a:
         20:8d:b5:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OEAoUpxT7w8JVZBdFQV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NTY1NDQ5OGUxY2M3YmY4Y2UwOWVhZTE3YWNkZjdjODgz
ZDViNDkwHhcNMjYwMTAyMTAxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjlkYTJkZmY5NTVkOTc5YjZkNTUzMzc0NjQyZjE3YzkxMzNlNjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WAWXLD9eNg25aYalESgDYJqk3A/
pb8hWQPK4PCn5cIh6ix7YfeWdAja+qN+4+3OcRH4QYN+TXw7aFiLgjux39lyU6GO
2th+HNZjsHqUBYoGrGf7MXI1GJEDu0eDeSZDzkxsC4hz9iYxzVY5Gau3ZpCRaOh4
/lKxZrU/VeJp+LGkSddmIb0OUDPOPnvP3HCYHJA7vITDPL4Y+r2JIH/bCJO420Z/
LFIphjLHLeyN5yKFA9q/siOcAVTCepOsVBbnQT/7fA+6C5EKvq1dg/5FGJC/KYmB
jq9epqkpv1gnrZ3nCJO37nPCV3giiwxeczZhpiw5SaFoOAumTbknxMWIbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKdot/5Vdl5ttVTN0ZC8XyRM+ZBMB8GA1UdIwQY
MBaAFAlWVEmOHMe/jOCerhes33yIPVtJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ZaVVNZNGN4Ny1NNEo2dUY2emZmSWc5VzBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMmRhYTQtMDg3NC00ZjNkLWJmMjIt
ZDFhZDU0ZDBjMDUzLzEvNHAyaTNfbFYyWG0yMVZNM1JrTHhmSkV6NWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMmRhYTQtMDg3NC00ZjNkLWJmMjItZDFhZDU0ZDBjMDUz
LzEvQ1ZaVVNZNGN4Ny1NNEo2dUY2emZmSWc5VzBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4fIMA0G
CSqGSIb3DQEBCwUAA4IBAQB7gF8kvIwXGru3/oqaAoirh+XrK2b2YJJ+LrAyJIwy
dqXr1aypVjRvmb8BAeOnShOIA5v8AinoDefazy1D5hA9YIZk9ukDHW4wjoa/SG0M
XnPd3SGyRA+owiKF2Z3xX48H5hrXskgR6KXWsEx31695IJGWUQh1ncotWDh/6P7T
BEZzSC20KaBiUQhIWilBdQsspoEdp1MIdLoEDzW9tTpJZlW2opHcIBALTmHw+GIB
ahYNCkphDq9mI9hmiMY+DlBNWBU4569aW5GKfCMNHtTOVB28LoOxwkQU868ILfvt
HsfDFAajDTq4+R4kZgz0A93RmchFAp+8upve4RogjbVp
-----END CERTIFICATE-----