Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/aEOGpbTLeZeKtP10UdCeuyLhhGg.roa
File:                     aEOGpbTLeZeKtP10UdCeuyLhhGg.roa (raw, json)
Hash identifier:          gFYjAGRRdgqK1jIMXsjbfXy74cazPesmYDJ2bTsi2bg=
Subject key identifier:   68:43:86:A5:B4:CB:79:97:8A:B4:FD:74:51:D0:9E:BB:22:E1:84:68
Certificate issuer:       /CN=25bbed0bff7ffeab67f302b411a00701854a6c30
Certificate serial:       019D29293A4DF97B95CD72C38A0F74B5245C
Authority key identifier: 25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/aEOGpbTLeZeKtP10UdCeuyLhhGg.roa
Signing time:             Thu 26 Mar 2026 08:01:00 +0000
ROA not before:           Thu 26 Mar 2026 08:01:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34927
IP address blocks:        194.104.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:29:3a:4d:f9:7b:95:cd:72:c3:8a:0f:74:b5:24:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25bbed0bff7ffeab67f302b411a00701854a6c30
        Validity
            Not Before: Mar 26 08:01:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=684386a5b4cb79978ab4fd7451d09ebb22e18468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f9:c5:03:bc:11:52:54:0e:2c:19:fc:c3:f4:
                    00:aa:85:63:10:a7:cf:ed:e4:0c:15:a8:17:b0:18:
                    8a:78:83:a6:1f:3d:b9:5a:25:cd:41:32:8d:07:01:
                    9c:e6:7a:b4:c3:04:55:85:b6:8d:c1:da:45:3a:e9:
                    a9:d2:9c:df:38:f7:e1:e5:b1:4d:86:74:a7:56:35:
                    dd:56:38:94:71:e8:70:65:19:9c:d0:2d:26:e9:33:
                    e6:00:6b:47:a7:b6:1b:bd:ce:46:81:98:22:f6:d6:
                    23:7a:71:9c:6f:72:5b:0d:d8:30:d2:19:b1:7d:4a:
                    a0:4c:e8:d1:d0:f3:f1:4b:a9:25:b7:24:1f:3a:ee:
                    5a:53:7a:0c:1b:c6:97:2f:93:fe:3d:55:26:d9:36:
                    03:63:9b:fa:97:7e:85:aa:03:a3:e3:19:dc:a4:f1:
                    c8:c4:68:cf:ca:66:56:21:38:9a:36:ed:7c:1c:97:
                    e2:06:3d:22:7c:22:d0:35:dc:5a:31:15:61:40:9a:
                    63:f9:3b:15:13:40:db:64:52:e5:31:d2:34:e2:2d:
                    f2:24:22:a4:11:79:14:8d:6e:d9:7c:f3:59:a5:1b:
                    81:5c:f2:42:df:56:49:d2:d1:f1:1d:1a:9b:56:27:
                    b5:57:83:0d:aa:84:b6:ee:02:35:9d:6b:93:b9:bc:
                    1f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:43:86:A5:B4:CB:79:97:8A:B4:FD:74:51:D0:9E:BB:22:E1:84:68
            X509v3 Authority Key Identifier:
                keyid:25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/aEOGpbTLeZeKtP10UdCeuyLhhGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:92:93:25:c3:3d:01:b8:93:16:36:5f:b1:cd:64:08:44:8b:
         25:ee:66:2f:ec:38:3a:1f:27:54:08:de:86:7a:8d:b3:8b:d4:
         cd:78:39:a4:eb:ac:1f:e2:56:0b:5a:3a:34:35:5d:0c:a7:0e:
         ce:c5:29:1c:a7:6f:4b:f4:79:8a:91:5a:e7:1b:43:5e:8c:53:
         c1:09:fa:34:84:74:4e:a6:5e:40:bd:b7:40:94:bd:c7:59:0e:
         b1:64:71:77:67:ec:17:58:89:55:bd:e8:21:0d:b5:94:26:5a:
         49:84:d1:71:4b:58:0e:e0:75:de:5c:d9:a0:c6:0f:03:1d:56:
         30:a1:15:e2:aa:03:1d:87:9d:84:5e:09:74:ab:8f:a3:9d:04:
         00:4b:c9:de:78:81:f0:28:11:73:ed:23:21:b9:a8:ee:61:d3:
         af:f2:a2:e7:9e:37:40:ee:8b:6c:19:48:ba:86:41:74:19:d8:
         aa:7b:a5:8f:33:9d:c0:e4:3c:b9:3c:b2:94:e4:94:55:85:bc:
         0c:71:b0:8f:32:f8:92:b7:6e:b6:b6:dc:2a:fe:38:f6:27:96:
         13:d4:64:f3:50:44:be:e8:91:b1:b9:55:2f:ea:82:7d:40:ac:
         8b:eb:8e:a9:59:74:39:4b:c2:22:08:28:0f:e4:12:35:a5:71:
         18:e3:5d:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pKTpN+XuVzXLDig90tSRcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YmJlZDBiZmY3ZmZlYWI2N2YzMDJiNDExYTAwNzAxODU0
YTZjMzAwHhcNMjYwMzI2MDgwMTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODQzODZhNWI0Y2I3OTk3OGFiNGZkNzQ1MWQwOWViYjIyZTE4NDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvnFA7wRUlQOLBn8w/QAqoVjEKfP
7eQMFagXsBiKeIOmHz25WiXNQTKNBwGc5nq0wwRVhbaNwdpFOump0pzfOPfh5bFN
hnSnVjXdVjiUcehwZRmc0C0m6TPmAGtHp7Ybvc5GgZgi9tYjenGcb3JbDdgw0hmx
fUqgTOjR0PPxS6kltyQfOu5aU3oMG8aXL5P+PVUm2TYDY5v6l36FqgOj4xncpPHI
xGjPymZWITiaNu18HJfiBj0ifCLQNdxaMRVhQJpj+TsVE0DbZFLlMdI04i3yJCKk
EXkUjW7ZfPNZpRuBXPJC31ZJ0tHxHRqbVie1V4MNqoS27gI1nWuTubwfCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhDhqW0y3mXirT9dFHQnrsi4YRoMB8GA1UdIwQY
MBaAFCW77Qv/f/6rZ/MCtBGgBwGFSmwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQt
NTcxN2I0NTQ0MjM3LzEvYUVPR3BiVExlWmVLdFAxMFVkQ2V1eUxoaEdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQtNTcxN2I0NTQ0MjM3
LzEvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiKMA0G
CSqGSIb3DQEBCwUAA4IBAQA9kpMlwz0BuJMWNl+xzWQIRIsl7mYv7Dg6HydUCN6G
eo2zi9TNeDmk66wf4lYLWjo0NV0Mpw7OxSkcp29L9HmKkVrnG0NejFPBCfo0hHRO
pl5AvbdAlL3HWQ6xZHF3Z+wXWIlVveghDbWUJlpJhNFxS1gO4HXeXNmgxg8DHVYw
oRXiqgMdh52EXgl0q4+jnQQAS8neeIHwKBFz7SMhuajuYdOv8qLnnjdA7otsGUi6
hkF0Gdiqe6WPM53A5Dy5PLKU5JRVhbwMcbCPMviSt262ttwq/jj2J5YT1GTzUES+
6JGxuVUv6oJ9QKyL646pWXQ5S8IiCCgP5BI1pXEY410f
-----END CERTIFICATE-----