Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/AcEFt75tOJgLKPa7_t8L0A_OLFo.roa
File:                     AcEFt75tOJgLKPa7_t8L0A_OLFo.roa (raw, json)
Hash identifier:          JRdcnVQdTlWv5ijGJ1YMZ2Egnh9P2RtaY3DS9lG8XqI=
Subject key identifier:   01:C1:05:B7:BE:6D:38:98:0B:28:F6:BB:FE:DF:0B:D0:0F:CE:2C:5A
Certificate issuer:       /CN=0bebcee4d23379aed81aecffc7a742b35acdddb3
Certificate serial:       019B7FF161DF5536767E4E4CAC0F57B6F818
Authority key identifier: 0B:EB:CE:E4:D2:33:79:AE:D8:1A:EC:FF:C7:A7:42:B3:5A:CD:DD:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C-vO5NIzea7YGuz_x6dCs1rN3bM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/AcEFt75tOJgLKPa7_t8L0A_OLFo.roa
Signing time:             Fri 02 Jan 2026 18:21:24 +0000
ROA not before:           Fri 02 Jan 2026 18:21:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207921
IP address blocks:        195.39.246.0/23 maxlen: 24
                          2a0f:4ac0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/C-vO5NIzea7YGuz_x6dCs1rN3bM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/C-vO5NIzea7YGuz_x6dCs1rN3bM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C-vO5NIzea7YGuz_x6dCs1rN3bM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:61:df:55:36:76:7e:4e:4c:ac:0f:57:b6:f8:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bebcee4d23379aed81aecffc7a742b35acdddb3
        Validity
            Not Before: Jan  2 18:21:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01c105b7be6d38980b28f6bbfedf0bd00fce2c5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ba:1f:3e:b2:76:55:78:7d:68:a3:88:bf:2f:
                    e5:02:ce:22:16:29:ca:d9:fa:32:ac:ba:ab:95:5f:
                    6b:ed:df:dd:82:36:d1:d2:2e:e1:ec:a6:00:ee:58:
                    92:96:b1:b2:fe:e2:b6:d0:a5:bb:df:d9:64:f1:3a:
                    be:07:19:54:57:bd:79:33:c0:60:fa:62:4e:bc:b9:
                    60:da:5f:95:6f:a7:c4:e4:f7:b8:2f:25:22:6a:c7:
                    8f:fa:12:f4:2c:82:47:92:d4:cc:51:74:07:de:c5:
                    4a:3e:9c:bf:ae:18:f0:22:c3:32:2d:9f:63:ae:0a:
                    92:42:5e:c3:1c:65:e0:1f:4a:9f:56:70:0c:94:a7:
                    1a:ca:79:7f:f3:e8:14:d7:8a:ef:28:91:b7:b9:a4:
                    48:93:45:48:26:96:36:9f:23:d8:d9:c2:42:a1:48:
                    b2:92:03:2d:4a:50:71:14:4b:1d:ee:ea:8a:b9:37:
                    50:46:61:64:5d:42:2b:11:8c:57:d7:80:32:01:96:
                    b7:72:30:76:a1:e9:0b:a8:6e:07:c0:91:4c:b2:0e:
                    15:af:2d:33:c3:50:4c:f1:3c:ae:64:97:c5:e1:2a:
                    29:bf:19:e9:01:61:c6:71:6d:49:c2:fd:8e:72:3a:
                    ea:d2:29:18:ab:dd:ee:53:64:da:e5:27:7f:06:7b:
                    a1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:C1:05:B7:BE:6D:38:98:0B:28:F6:BB:FE:DF:0B:D0:0F:CE:2C:5A
            X509v3 Authority Key Identifier:
                keyid:0B:EB:CE:E4:D2:33:79:AE:D8:1A:EC:FF:C7:A7:42:B3:5A:CD:DD:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C-vO5NIzea7YGuz_x6dCs1rN3bM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/AcEFt75tOJgLKPa7_t8L0A_OLFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/C-vO5NIzea7YGuz_x6dCs1rN3bM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.39.246.0/23
                IPv6:
                  2a0f:4ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:d0:df:ab:44:f5:d2:a1:1f:d9:aa:0e:e6:2b:08:db:0d:ae:
         0f:e3:83:fe:15:4e:70:40:3f:54:c1:8e:62:be:3d:ea:5c:c8:
         c1:50:13:89:88:1a:a6:95:ba:62:40:cc:b0:92:b6:2d:51:32:
         a5:61:1a:a3:98:5a:b8:67:40:a8:24:d5:bb:b1:73:b6:17:bd:
         04:34:72:a0:46:20:08:b3:7d:67:7b:5d:fa:94:92:95:a6:00:
         b9:d9:bf:a7:4b:52:b5:d0:a2:cf:1a:03:3e:98:56:b3:ff:d7:
         b5:9d:50:e3:77:a8:b1:7c:8d:6b:a8:d3:33:90:27:f6:59:7c:
         c2:32:86:bc:25:19:22:55:7b:82:ef:7f:fd:fa:32:5d:e9:e7:
         33:7f:a7:1b:a2:67:45:a7:2b:10:78:40:e1:0b:9a:b0:ba:6f:
         80:d1:45:69:53:11:ad:53:fe:89:a8:8c:ce:77:d8:0a:27:58:
         42:d4:4b:09:6f:b8:2d:2b:a4:e2:b9:64:55:9f:70:8e:69:8f:
         f3:7f:99:9f:74:40:77:c2:f4:e5:91:a4:56:35:66:fa:31:a2:
         b8:80:98:65:fd:43:ca:d5:dc:95:3b:fc:47:36:4b:de:f2:65:
         3f:28:96:50:3e:f5:9c:20:1b:7b:56:c3:93:d0:56:21:a5:ed:
         e8:65:c6:6b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt/8WHfVTZ2fk5MrA9XtvgYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZWJjZWU0ZDIzMzc5YWVkODFhZWNmZmM3YTc0MmIzNWFj
ZGRkYjMwHhcNMjYwMTAyMTgyMTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWMxMDViN2JlNmQzODk4MGIyOGY2YmJmZWRmMGJkMDBmY2UyYzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbofPrJ2VXh9aKOIvy/lAs4iFinK
2foyrLqrlV9r7d/dgjbR0i7h7KYA7liSlrGy/uK20KW739lk8Tq+BxlUV715M8Bg
+mJOvLlg2l+Vb6fE5Pe4LyUiaseP+hL0LIJHktTMUXQH3sVKPpy/rhjwIsMyLZ9j
rgqSQl7DHGXgH0qfVnAMlKcaynl/8+gU14rvKJG3uaRIk0VIJpY2nyPY2cJCoUiy
kgMtSlBxFEsd7uqKuTdQRmFkXUIrEYxX14AyAZa3cjB2oekLqG4HwJFMsg4Vry0z
w1BM8TyuZJfF4SopvxnpAWHGcW1Jwv2Ocjrq0ikYq93uU2Ta5Sd/BnuhZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAHBBbe+bTiYCyj2u/7fC9APzixaMB8GA1UdIwQY
MBaAFAvrzuTSM3mu2Brs/8enQrNazd2zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQy12TzVOSXplYTdZR3V6X3g2ZENzMXJOM2JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xZjMzMjItNmFmNy00N2FiLThkYzUt
OTlhMTFmNjM4NWFiLzEvQWNFRnQ3NXRPSmdMS1BhN190OEwwQV9PTEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xZjMzMjItNmFmNy00N2FiLThkYzUtOTlhMTFmNjM4NWFi
LzEvQy12TzVOSXplYTdZR3V6X3g2ZENzMXJOM2JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwyf2MA0E
AgACMAcDBQMqD0rAMA0GCSqGSIb3DQEBCwUAA4IBAQAN0N+rRPXSoR/Zqg7mKwjb
Da4P44P+FU5wQD9UwY5ivj3qXMjBUBOJiBqmlbpiQMywkrYtUTKlYRqjmFq4Z0Co
JNW7sXO2F70ENHKgRiAIs31ne136lJKVpgC52b+nS1K10KLPGgM+mFaz/9e1nVDj
d6ixfI1rqNMzkCf2WXzCMoa8JRkiVXuC73/9+jJd6eczf6cbomdFpysQeEDhC5qw
um+A0UVpUxGtU/6JqIzOd9gKJ1hC1EsJb7gtK6TiuWRVn3COaY/zf5mfdEB3wvTl
kaRWNWb6MaK4gJhl/UPK1dyVO/xHNkve8mU/KJZQPvWcIBt7VsOT0FYhpe3oZcZr
-----END CERTIFICATE-----