Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/1H2QVYiLmvjq433JzJls0lvkAtY.roa
File:                     1H2QVYiLmvjq433JzJls0lvkAtY.roa (raw, json)
Hash identifier:          4TEMHT1jL2lV+pVn5RrleTtxpm6ysXvIiYWFjICajRc=
Subject key identifier:   D4:7D:90:55:88:8B:9A:F8:EA:E3:7D:C9:CC:99:6C:D2:5B:E4:02:D6
Certificate issuer:       /CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
Certificate serial:       019CE3A0C8C1E2EDA8BB2ED7FB49C23A780F
Authority key identifier: CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/1H2QVYiLmvjq433JzJls0lvkAtY.roa
Signing time:             Thu 12 Mar 2026 19:58:11 +0000
ROA not before:           Thu 12 Mar 2026 19:58:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196618
IP address blocks:        194.104.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e3:a0:c8:c1:e2:ed:a8:bb:2e:d7:fb:49:c2:3a:78:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
        Validity
            Not Before: Mar 12 19:58:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d47d9055888b9af8eae37dc9cc996cd25be402d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:78:f0:4d:c6:fd:e9:b3:03:76:37:51:df:b0:
                    e2:c1:c5:47:b9:1b:4d:ff:bb:b5:a1:f3:17:3a:fe:
                    56:c3:ff:63:90:91:e7:62:ca:76:2f:e3:f9:5b:9c:
                    51:e0:8b:42:e8:1e:04:87:2e:94:3e:44:02:d8:36:
                    42:81:b5:ba:43:c7:a4:bb:d7:4f:d0:ef:c3:2f:da:
                    ce:8f:2a:39:e3:7e:a0:a5:95:7d:8a:26:b2:c9:ba:
                    88:b3:84:62:9b:27:6c:e5:8d:d9:33:1e:d0:34:4e:
                    d7:23:5e:7c:5e:5c:0e:8c:ad:67:66:89:67:04:33:
                    29:df:35:4e:5d:0f:44:a3:88:5f:91:8d:d5:1a:9d:
                    d6:13:76:9a:45:11:fe:9c:19:c8:ad:dd:0c:5c:c1:
                    94:ed:49:84:bf:5c:0c:72:7e:59:69:9e:f8:3a:c9:
                    4c:a3:3d:1d:4e:2f:ea:4e:2b:fa:3d:59:8c:a4:87:
                    ea:09:0d:93:1b:78:eb:9e:a6:a2:47:68:d1:d0:19:
                    18:3f:ea:24:e2:ba:c4:03:d8:d6:77:87:80:03:49:
                    42:f2:70:d8:78:a4:6e:23:9a:dd:89:de:23:ba:bb:
                    0a:0d:be:e9:8f:28:ec:73:10:8f:5e:43:96:12:d3:
                    72:8f:9a:52:5a:05:cc:dc:25:20:21:4a:62:89:6f:
                    1a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:7D:90:55:88:8B:9A:F8:EA:E3:7D:C9:CC:99:6C:D2:5B:E4:02:D6
            X509v3 Authority Key Identifier:
                keyid:CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/1H2QVYiLmvjq433JzJls0lvkAtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:2a:64:cc:19:bb:d2:3e:b1:6e:62:aa:71:5f:41:4c:b3:08:
         1e:3d:61:fa:24:8b:21:44:d7:ae:16:30:72:16:a8:a1:e0:cf:
         57:49:96:3d:26:c6:5c:c7:c6:fb:45:c5:d1:5d:65:46:d2:d4:
         da:5a:94:c1:9b:12:5c:87:70:93:0b:d7:f9:94:c3:68:1c:d4:
         e6:64:db:06:08:de:93:77:a1:90:ba:c2:da:9c:6c:33:2d:23:
         d0:50:f6:2d:88:8b:16:ff:b7:10:96:ce:3a:76:45:d3:33:16:
         2b:55:1d:7d:69:4f:bd:13:69:31:0f:82:07:d1:d7:10:6b:a6:
         2e:76:b6:25:34:d4:0a:22:69:39:7d:63:26:d5:61:5f:14:18:
         6c:b8:da:80:8a:d9:98:93:75:4d:eb:ca:4b:a1:46:73:cd:6d:
         7d:24:db:b2:a0:9a:b3:3a:9a:e1:7c:e3:66:79:15:92:a3:06:
         07:3b:e6:35:90:17:82:c7:c4:01:93:41:e6:4b:8c:cd:9e:84:
         83:35:a7:e3:ac:ff:af:5f:d0:52:8c:e1:6a:85:ce:09:87:b7:
         97:ce:2d:0e:25:33:db:36:29:6b:5b:79:fb:e7:67:b3:fb:ee:
         7b:20:29:04:58:54:7b:48:11:f1:e6:78:db:72:1e:00:33:e1:
         00:59:11:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzjoMjB4u2ouy7X+0nCOngPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOWY2ZmJmZTAwYTA4NTkyYjdiYjBlZGZkYzIwMDJiZmM3
MmI1NzgwHhcNMjYwMzEyMTk1ODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDdkOTA1NTg4OGI5YWY4ZWFlMzdkYzljYzk5NmNkMjViZTQwMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHjwTcb96bMDdjdR37DiwcVHuRtN
/7u1ofMXOv5Ww/9jkJHnYsp2L+P5W5xR4ItC6B4Ehy6UPkQC2DZCgbW6Q8eku9dP
0O/DL9rOjyo5436gpZV9iiayybqIs4Rimyds5Y3ZMx7QNE7XI158XlwOjK1nZoln
BDMp3zVOXQ9Eo4hfkY3VGp3WE3aaRRH+nBnIrd0MXMGU7UmEv1wMcn5ZaZ74OslM
oz0dTi/qTiv6PVmMpIfqCQ2TG3jrnqaiR2jR0BkYP+ok4rrEA9jWd4eAA0lC8nDY
eKRuI5rdid4jursKDb7pjyjscxCPXkOWEtNyj5pSWgXM3CUgIUpiiW8atQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNR9kFWIi5r46uN9ycyZbNJb5ALWMB8GA1UdIwQY
MBaAFM+fb7/gCghZK3uw7f3CACv8crV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUt
MzQyYTllZTczZDg1LzEvMUgyUVZZaUxtdmpxNDMzSnpKbHMwbHZrQXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUtMzQyYTllZTczZDg1
LzEvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiBMA0G
CSqGSIb3DQEBCwUAA4IBAQCrKmTMGbvSPrFuYqpxX0FMswgePWH6JIshRNeuFjBy
Fqih4M9XSZY9JsZcx8b7RcXRXWVG0tTaWpTBmxJch3CTC9f5lMNoHNTmZNsGCN6T
d6GQusLanGwzLSPQUPYtiIsW/7cQls46dkXTMxYrVR19aU+9E2kxD4IH0dcQa6Yu
drYlNNQKImk5fWMm1WFfFBhsuNqAitmYk3VN68pLoUZzzW19JNuyoJqzOprhfONm
eRWSowYHO+Y1kBeCx8QBk0HmS4zNnoSDNafjrP+vX9BSjOFqhc4Jh7eXzi0OJTPb
NilrW3n752ez++57ICkEWFR7SBHx5njbch4AM+EAWRFW
-----END CERTIFICATE-----