Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/92f7ab-d75d-46a1-bb21-df7a4eb6bf28/1/snyH0AH5dVgKf4UFPj1sRloyJL4.roa
File:                     snyH0AH5dVgKf4UFPj1sRloyJL4.roa (raw, json)
Hash identifier:          lYWkmS4ke6/CVFVLZxKpdxT0VNDZAvbyhDNV2kGc7Pk=
Subject key identifier:   B2:7C:87:D0:01:F9:75:58:0A:7F:85:05:3E:3D:6C:46:5A:32:24:BE
Certificate issuer:       /CN=c15da5e75983e219e9bd75c0eb769add6a5c3f14
Certificate serial:       019CD7B469CB1526A53130A26F615EBE45D8
Authority key identifier: C1:5D:A5:E7:59:83:E2:19:E9:BD:75:C0:EB:76:9A:DD:6A:5C:3F:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wV2l51mD4hnpvXXA63aa3WpcPxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/92f7ab-d75d-46a1-bb21-df7a4eb6bf28/1/snyH0AH5dVgKf4UFPj1sRloyJL4.roa
Signing time:             Tue 10 Mar 2026 12:24:10 +0000
ROA not before:           Tue 10 Mar 2026 12:24:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210253
IP address blocks:        194.147.36.248/29 maxlen: 29
                          194.147.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/92f7ab-d75d-46a1-bb21-df7a4eb6bf28/1/wV2l51mD4hnpvXXA63aa3WpcPxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/92f7ab-d75d-46a1-bb21-df7a4eb6bf28/1/wV2l51mD4hnpvXXA63aa3WpcPxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wV2l51mD4hnpvXXA63aa3WpcPxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:b4:69:cb:15:26:a5:31:30:a2:6f:61:5e:be:45:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15da5e75983e219e9bd75c0eb769add6a5c3f14
        Validity
            Not Before: Mar 10 12:24:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b27c87d001f975580a7f85053e3d6c465a3224be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ad:2b:bb:1c:69:af:5d:6f:ca:9d:c6:c2:89:
                    a6:21:bd:4a:35:ad:69:98:99:ae:c4:c2:4f:25:0e:
                    4d:ab:97:24:01:b8:7e:91:43:f1:ec:0a:04:47:43:
                    8c:89:4b:09:c6:4f:0a:14:d2:b7:e0:34:9f:61:2d:
                    8f:98:75:1c:bd:4d:84:a7:ba:4f:64:99:69:bb:88:
                    f2:77:2f:cc:11:4a:a0:3c:d2:19:4f:9d:a8:16:90:
                    49:ef:31:5b:50:76:e6:2f:84:9f:fd:43:0e:23:e0:
                    d1:fb:e1:93:3a:cd:4c:7d:e4:fe:97:5d:9c:2d:da:
                    35:82:69:20:cd:e4:88:df:7f:d3:7e:52:c8:c1:b5:
                    55:f3:4d:f7:15:40:72:71:bd:67:2d:e1:3c:85:6d:
                    e4:0b:c9:30:ae:38:54:09:d0:d6:fe:1d:13:80:cf:
                    0b:7e:fd:42:75:71:50:c2:fc:42:f5:a1:1b:f2:2c:
                    97:c1:c0:57:91:98:8a:bf:95:b9:91:6b:cb:d1:75:
                    65:1c:98:b3:7c:bd:1e:12:96:ba:6e:e5:cf:03:c7:
                    ec:6e:a0:9b:63:37:ec:e5:2f:7a:6d:ef:25:50:86:
                    63:1b:aa:22:c9:0e:0f:06:b3:6f:df:d6:01:27:71:
                    d9:c8:9d:4c:62:6e:9f:da:43:8c:f5:74:36:f8:76:
                    de:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:7C:87:D0:01:F9:75:58:0A:7F:85:05:3E:3D:6C:46:5A:32:24:BE
            X509v3 Authority Key Identifier:
                keyid:C1:5D:A5:E7:59:83:E2:19:E9:BD:75:C0:EB:76:9A:DD:6A:5C:3F:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wV2l51mD4hnpvXXA63aa3WpcPxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/92f7ab-d75d-46a1-bb21-df7a4eb6bf28/1/snyH0AH5dVgKf4UFPj1sRloyJL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/92f7ab-d75d-46a1-bb21-df7a4eb6bf28/1/wV2l51mD4hnpvXXA63aa3WpcPxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.36.248/29
                  194.147.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:bc:3b:c8:f6:62:5d:20:5d:41:54:97:bf:15:53:fa:36:7c:
         9f:0a:7a:c3:42:7f:0b:f4:f7:20:62:8a:ea:f2:42:42:91:7e:
         68:0c:2f:bf:e4:d9:4b:59:a1:12:fb:c3:22:7a:b4:a9:88:a3:
         9d:e4:17:f2:ce:6f:54:d1:ef:d0:ac:9b:18:c8:84:95:39:87:
         92:ff:1e:eb:f0:e4:b1:b0:a1:15:1a:b0:d3:91:58:fe:96:37:
         fd:5d:fc:8c:50:58:05:0e:f6:49:32:9e:a8:43:b4:45:b2:0f:
         d1:fe:e8:aa:f1:c2:c2:ee:2e:a0:68:6f:40:ad:18:b7:9c:80:
         a2:d4:3b:93:32:9a:42:73:2b:ea:bb:ea:ff:5c:26:39:75:cc:
         a7:ff:a9:f9:e7:d8:0f:2d:5b:38:ba:00:9d:83:a4:80:db:a1:
         26:d3:83:ab:f7:4e:b6:ee:66:3d:f4:89:47:85:48:92:0b:f3:
         1f:d6:50:f3:15:f4:18:fe:d6:a6:4a:02:d1:97:1c:97:09:d2:
         9b:ef:7b:82:a4:a1:37:fe:6f:70:0c:af:ae:b5:85:f5:59:d6:
         ce:ed:b7:f6:89:9c:36:18:f9:c3:f0:61:ac:16:ae:0c:1f:d1:
         3c:be:0b:bd:d5:c8:6f:c2:1d:05:8a:54:9a:0d:97:27:c5:48:
         4c:36:dc:a9
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZzXtGnLFSalMTCib2FevkXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNWRhNWU3NTk4M2UyMTllOWJkNzVjMGViNzY5YWRkNmE1
YzNmMTQwHhcNMjYwMzEwMTIyNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjdjODdkMDAxZjk3NTU4MGE3Zjg1MDUzZTNkNmM0NjVhMzIyNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6K0ruxxpr11vyp3GwommIb1KNa1p
mJmuxMJPJQ5Nq5ckAbh+kUPx7AoER0OMiUsJxk8KFNK34DSfYS2PmHUcvU2Ep7pP
ZJlpu4jydy/MEUqgPNIZT52oFpBJ7zFbUHbmL4Sf/UMOI+DR++GTOs1MfeT+l12c
Ldo1gmkgzeSI33/TflLIwbVV8033FUBycb1nLeE8hW3kC8kwrjhUCdDW/h0TgM8L
fv1CdXFQwvxC9aEb8iyXwcBXkZiKv5W5kWvL0XVlHJizfL0eEpa6buXPA8fsbqCb
Yzfs5S96be8lUIZjG6oiyQ4PBrNv39YBJ3HZyJ1MYm6f2kOM9XQ2+HbeKwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFLJ8h9AB+XVYCn+FBT49bEZaMiS+MB8GA1UdIwQY
MBaAFMFdpedZg+IZ6b11wOt2mt1qXD8UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1YybDUxbUQ0aG5wdlhYQTYzYWEzV3BjUHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi85MmY3YWItZDc1ZC00NmExLWJiMjEt
ZGY3YTRlYjZiZjI4LzEvc255SDBBSDVkVmdLZjRVRlBqMXNSbG95Skw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi85MmY3YWItZDc1ZC00NmExLWJiMjEtZGY3YTRlYjZiZjI4
LzEvd1YybDUxbUQ0aG5wdlhYQTYzYWEzV3BjUHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUDwpMk+AME
AMKTJjANBgkqhkiG9w0BAQsFAAOCAQEAVbw7yPZiXSBdQVSXvxVT+jZ8nwp6w0J/
C/T3IGKK6vJCQpF+aAwvv+TZS1mhEvvDInq0qYijneQX8s5vVNHv0KybGMiElTmH
kv8e6/DksbChFRqw05FY/pY3/V38jFBYBQ72STKeqEO0RbIP0f7oqvHCwu4uoGhv
QK0Yt5yAotQ7kzKaQnMr6rvq/1wmOXXMp/+p+efYDy1bOLoAnYOkgNuhJtODq/dO
tu5mPfSJR4VIkgvzH9ZQ8xX0GP7WpkoC0ZcclwnSm+97gqShN/5vcAyvrrWF9VnW
zu239omcNhj5w/BhrBauDB/RPL4LvdXIb8IdBYpUmg2XJ8VITDbcqQ==
-----END CERTIFICATE-----