Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/65d42e-832b-4eba-98d8-6529270b8bc5/1/dfKTFGfTs10YftYU8pRXD2L4Sc4.roa
File:                     dfKTFGfTs10YftYU8pRXD2L4Sc4.roa (raw, json)
Hash identifier:          9Go0Cy2c/hUxG6kI2Y4JKXgcTmA81NqlWJty/FdvMfs=
Subject key identifier:   75:F2:93:14:67:D3:B3:5D:18:7E:D6:14:F2:94:57:0F:62:F8:49:CE
Certificate issuer:       /CN=8ca4499e04c466cfe9879a7a05732df34015c193
Certificate serial:       019B7DCB370498F5239701AB48C3232D0BA2
Authority key identifier: 8C:A4:49:9E:04:C4:66:CF:E9:87:9A:7A:05:73:2D:F3:40:15:C1:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jKRJngTEZs_ph5p6BXMt80AVwZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/65d42e-832b-4eba-98d8-6529270b8bc5/1/dfKTFGfTs10YftYU8pRXD2L4Sc4.roa
Signing time:             Fri 02 Jan 2026 08:20:28 +0000
ROA not before:           Fri 02 Jan 2026 08:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50696
IP address blocks:        195.191.216.0/23 maxlen: 24
                          2001:678:10ac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/65d42e-832b-4eba-98d8-6529270b8bc5/1/jKRJngTEZs_ph5p6BXMt80AVwZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/65d42e-832b-4eba-98d8-6529270b8bc5/1/jKRJngTEZs_ph5p6BXMt80AVwZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jKRJngTEZs_ph5p6BXMt80AVwZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:37:04:98:f5:23:97:01:ab:48:c3:23:2d:0b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ca4499e04c466cfe9879a7a05732df34015c193
        Validity
            Not Before: Jan  2 08:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75f2931467d3b35d187ed614f294570f62f849ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4f:7e:71:66:b9:e5:5e:c2:9b:a7:e4:87:a4:
                    b5:ce:60:b3:5c:9a:1f:d7:5f:b7:70:08:b8:59:72:
                    00:4e:77:51:af:13:42:f6:c6:9f:1b:71:d1:f8:92:
                    47:e7:75:46:91:86:60:1b:c7:88:11:e2:0b:fc:9a:
                    94:a9:9b:cf:d0:e7:15:2e:80:13:3c:98:75:2c:32:
                    1c:4a:8e:0f:c0:b9:06:5e:91:16:55:20:38:5e:33:
                    db:62:7d:3f:6a:9a:74:a9:63:ea:d0:12:08:0c:b5:
                    26:10:f3:89:58:c7:c5:af:25:03:98:66:17:af:f6:
                    80:88:9e:66:4a:b1:7f:04:68:ce:64:b2:0b:c6:c1:
                    8e:9c:b8:3a:53:04:73:c0:26:c3:ce:a1:00:1f:9c:
                    02:f8:38:3c:80:6e:2b:84:b7:74:5b:f5:7c:db:b9:
                    36:21:3d:a3:03:5e:ce:44:c0:2a:d7:e2:66:b2:9b:
                    8e:89:5b:b1:11:01:7d:53:93:4c:cf:82:ed:99:f9:
                    fe:67:8a:7d:6f:d6:36:81:49:15:85:f9:7f:59:a4:
                    51:3e:8f:3f:f2:a0:d4:5b:6c:fe:1a:6d:71:63:70:
                    2b:22:c8:f4:b7:6b:da:c2:78:5f:20:36:3a:6d:31:
                    18:43:f8:2c:0c:bd:00:7f:ad:0b:e3:47:3d:0d:2b:
                    91:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F2:93:14:67:D3:B3:5D:18:7E:D6:14:F2:94:57:0F:62:F8:49:CE
            X509v3 Authority Key Identifier:
                keyid:8C:A4:49:9E:04:C4:66:CF:E9:87:9A:7A:05:73:2D:F3:40:15:C1:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jKRJngTEZs_ph5p6BXMt80AVwZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/65d42e-832b-4eba-98d8-6529270b8bc5/1/dfKTFGfTs10YftYU8pRXD2L4Sc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/65d42e-832b-4eba-98d8-6529270b8bc5/1/jKRJngTEZs_ph5p6BXMt80AVwZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.216.0/23
                IPv6:
                  2001:678:10ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:b8:f6:05:db:4b:9a:37:e4:a0:d5:56:40:2d:6a:5d:32:2e:
         99:bc:d0:b8:b2:08:8a:f0:0d:a2:a0:23:0b:de:ea:c3:df:22:
         ad:11:f1:7b:e9:5a:bb:a0:22:f9:7b:d9:5b:1c:b6:19:9b:8f:
         4c:95:18:24:3b:0c:41:3c:4c:d4:e9:b7:58:e5:d5:91:c1:a9:
         0a:e7:a9:41:2a:d3:8b:54:ee:63:f4:8a:4e:f0:a1:f8:d0:d2:
         c7:69:71:7e:2e:77:b4:c1:aa:c5:df:c2:52:37:f8:ef:6a:70:
         f2:cd:a6:9b:4e:e1:f5:87:52:28:a9:5b:44:e0:4d:29:82:91:
         ee:e5:ee:be:b5:ac:97:e3:b4:cd:b0:90:31:7f:49:90:26:a5:
         33:b1:20:d1:bc:9c:25:07:79:92:fb:2a:81:78:4d:1f:c5:fd:
         81:99:77:97:34:49:a5:c4:49:80:b5:08:4d:5b:3f:0f:19:fe:
         af:67:88:e5:3a:6a:e3:b8:6a:91:bf:b0:c2:cf:84:0e:18:63:
         b1:f0:17:ab:ee:cf:6c:c6:f7:1a:d9:06:9e:bc:4c:10:53:69:
         6d:63:c1:22:c5:be:a0:a7:26:17:70:a5:89:b1:0b:50:bb:80:
         3b:17:6c:a6:a3:0f:89:fe:54:06:94:77:59:a4:4e:0d:c4:2f:
         a9:4f:11:aa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt9yzcEmPUjlwGrSMMjLQuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjYTQ0OTllMDRjNDY2Y2ZlOTg3OWE3YTA1NzMyZGYzNDAx
NWMxOTMwHhcNMjYwMTAyMDgyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWYyOTMxNDY3ZDNiMzVkMTg3ZWQ2MTRmMjk0NTcwZjYyZjg0OWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx09+cWa55V7Cm6fkh6S1zmCzXJof
11+3cAi4WXIATndRrxNC9safG3HR+JJH53VGkYZgG8eIEeIL/JqUqZvP0OcVLoAT
PJh1LDIcSo4PwLkGXpEWVSA4XjPbYn0/app0qWPq0BIIDLUmEPOJWMfFryUDmGYX
r/aAiJ5mSrF/BGjOZLILxsGOnLg6UwRzwCbDzqEAH5wC+Dg8gG4rhLd0W/V827k2
IT2jA17ORMAq1+JmspuOiVuxEQF9U5NMz4Ltmfn+Z4p9b9Y2gUkVhfl/WaRRPo8/
8qDUW2z+Gm1xY3ArIsj0t2vawnhfIDY6bTEYQ/gsDL0Af60L40c9DSuRwQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHXykxRn07NdGH7WFPKUVw9i+EnOMB8GA1UdIwQY
MBaAFIykSZ4ExGbP6YeaegVzLfNAFcGTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaktSSm5nVEVac19waDVwNkJYTXQ4MEFWd1pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy82NWQ0MmUtODMyYi00ZWJhLTk4ZDgt
NjUyOTI3MGI4YmM1LzEvZGZLVEZHZlRzMTBZZnRZVThwUlhEMkw0U2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy82NWQ0MmUtODMyYi00ZWJhLTk4ZDgtNjUyOTI3MGI4YmM1
LzEvaktSSm5nVEVac19waDVwNkJYTXQ4MEFWd1pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw7/YMA8E
AgACMAkDBwAgAQZ4EKwwDQYJKoZIhvcNAQELBQADggEBAFa49gXbS5o35KDVVkAt
al0yLpm80LiyCIrwDaKgIwve6sPfIq0R8XvpWrugIvl72Vscthmbj0yVGCQ7DEE8
TNTpt1jl1ZHBqQrnqUEq04tU7mP0ik7wofjQ0sdpcX4ud7TBqsXfwlI3+O9qcPLN
pptO4fWHUiipW0TgTSmCke7l7r61rJfjtM2wkDF/SZAmpTOxING8nCUHeZL7KoF4
TR/F/YGZd5c0SaXESYC1CE1bPw8Z/q9niOU6auO4apG/sMLPhA4YY7HwF6vuz2zG
9xrZBp68TBBTaW1jwSLFvqCnJhdwpYmxC1C7gDsXbKajD4n+VAaUd1mkTg3EL6lP
Eao=
-----END CERTIFICATE-----