Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/4fb184-1d24-4151-8140-d2da5841354b/1/aoCwhi5evCru6LgJTjJ8MV_C6jc.roa
File:                     aoCwhi5evCru6LgJTjJ8MV_C6jc.roa (raw, json)
Hash identifier:          yQEGzqfXX6MkFbhFn963xnKD2YQsIROLhxeJWGdhd6k=
Subject key identifier:   6A:80:B0:86:2E:5E:BC:2A:EE:E8:B8:09:4E:32:7C:31:5F:C2:EA:37
Certificate issuer:       /CN=e011980e43a1600a976567db06a34a01145fd78a
Certificate serial:       019B797F209959DE30B8960A6955131ECDC5
Authority key identifier: E0:11:98:0E:43:A1:60:0A:97:65:67:DB:06:A3:4A:01:14:5F:D7:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4BGYDkOhYAqXZWfbBqNKARRf14o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/4fb184-1d24-4151-8140-d2da5841354b/1/aoCwhi5evCru6LgJTjJ8MV_C6jc.roa
Signing time:             Thu 01 Jan 2026 12:18:52 +0000
ROA not before:           Thu 01 Jan 2026 12:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13282
IP address blocks:        94.154.0.0/24 maxlen: 24
                          2a0f:f240::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/4fb184-1d24-4151-8140-d2da5841354b/1/4BGYDkOhYAqXZWfbBqNKARRf14o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/4fb184-1d24-4151-8140-d2da5841354b/1/4BGYDkOhYAqXZWfbBqNKARRf14o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4BGYDkOhYAqXZWfbBqNKARRf14o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:20:99:59:de:30:b8:96:0a:69:55:13:1e:cd:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e011980e43a1600a976567db06a34a01145fd78a
        Validity
            Not Before: Jan  1 12:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a80b0862e5ebc2aeee8b8094e327c315fc2ea37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b9:ea:dc:68:5f:66:86:32:95:fc:d9:15:2e:
                    0a:33:b5:99:ad:70:14:09:f7:8c:e0:1d:10:9e:05:
                    20:0d:d0:b6:7c:91:b7:48:8a:19:b7:87:1d:5c:46:
                    e5:7b:24:db:13:61:f0:5d:f7:93:ab:82:d0:94:1d:
                    5f:31:9a:95:ac:12:38:0d:fc:5e:1c:03:2b:50:53:
                    81:23:3b:0d:14:53:4b:af:19:44:22:d6:8b:5b:38:
                    5c:9c:f0:4f:b4:46:c1:14:4f:47:97:6f:26:90:e6:
                    01:0a:23:03:24:b1:c3:2c:7d:22:82:35:00:f7:a5:
                    92:6e:bb:e0:9c:63:0b:38:bb:3b:e1:92:1b:ad:ce:
                    9f:49:c6:00:58:7a:88:7d:8f:93:ea:fa:a8:74:c2:
                    3b:22:7c:0f:3f:7e:22:b7:e1:17:5e:ad:12:63:a3:
                    fb:f4:e9:1c:4e:ba:3a:14:fc:ce:d0:ba:1a:ab:bb:
                    54:0e:1d:c4:29:8a:05:c8:e9:ae:9d:8c:09:b4:c9:
                    00:66:df:f1:9b:33:3a:d8:d3:a3:38:e2:33:d4:a2:
                    65:f0:26:7a:28:66:8e:7a:d4:b6:91:07:85:68:b8:
                    b7:12:a5:83:f6:94:0e:4c:94:23:ac:1b:31:19:e1:
                    d0:36:c6:93:2c:89:a1:08:0c:58:e9:78:21:f1:7f:
                    f4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:80:B0:86:2E:5E:BC:2A:EE:E8:B8:09:4E:32:7C:31:5F:C2:EA:37
            X509v3 Authority Key Identifier:
                keyid:E0:11:98:0E:43:A1:60:0A:97:65:67:DB:06:A3:4A:01:14:5F:D7:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4BGYDkOhYAqXZWfbBqNKARRf14o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4fb184-1d24-4151-8140-d2da5841354b/1/aoCwhi5evCru6LgJTjJ8MV_C6jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4fb184-1d24-4151-8140-d2da5841354b/1/4BGYDkOhYAqXZWfbBqNKARRf14o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.0.0/24
                IPv6:
                  2a0f:f240::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:63:73:1b:1f:a0:10:a8:8a:c6:d3:2a:4d:a5:39:b3:b9:a8:
         2c:44:ab:f9:45:48:a8:32:99:12:d8:8c:07:25:bb:b9:ed:a9:
         70:c3:bf:b1:44:af:97:42:42:a8:68:5d:ea:8b:32:ea:53:64:
         f2:3d:33:57:2a:7e:74:27:87:db:40:0c:cf:c0:ed:df:9b:cf:
         92:aa:4d:c5:71:70:18:1a:50:a6:85:93:7e:5a:24:93:ed:19:
         98:38:d6:60:94:02:6a:a9:d3:b2:e7:c7:9c:c8:ff:ab:99:42:
         ec:be:4d:62:81:5d:88:2d:46:30:50:90:47:da:65:97:b5:67:
         e5:fe:f0:cf:00:b3:0f:ba:7c:dc:69:a5:e7:f8:5f:49:fc:b5:
         7c:0c:07:7e:30:ac:b9:df:d2:4f:cd:0b:71:4f:4a:2c:8e:3a:
         fa:8b:46:7e:5d:e6:e8:cc:c3:c2:85:d0:c9:2a:3f:f4:2e:82:
         ba:db:34:0b:d4:3b:ba:de:30:cd:c8:9e:ca:b0:d6:63:a1:ae:
         8b:7a:6d:f2:2c:9e:76:12:16:d8:1c:87:89:fa:27:06:71:f4:
         75:80:ae:cb:fa:e3:45:48:f8:d9:c0:3e:2b:9f:f5:fd:a7:b6:
         fb:38:84:ae:29:5f:50:2b:a7:3b:80:39:ed:9c:30:ca:3e:3d:
         53:3f:da:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5fyCZWd4wuJYKaVUTHs3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwMTE5ODBlNDNhMTYwMGE5NzY1NjdkYjA2YTM0YTAxMTQ1
ZmQ3OGEwHhcNMjYwMTAxMTIxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgwYjA4NjJlNWViYzJhZWVlOGI4MDk0ZTMyN2MzMTVmYzJlYTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLnq3GhfZoYylfzZFS4KM7WZrXAU
CfeM4B0QngUgDdC2fJG3SIoZt4cdXEbleyTbE2HwXfeTq4LQlB1fMZqVrBI4Dfxe
HAMrUFOBIzsNFFNLrxlEItaLWzhcnPBPtEbBFE9Hl28mkOYBCiMDJLHDLH0igjUA
96WSbrvgnGMLOLs74ZIbrc6fScYAWHqIfY+T6vqodMI7InwPP34it+EXXq0SY6P7
9OkcTro6FPzO0Loaq7tUDh3EKYoFyOmunYwJtMkAZt/xmzM62NOjOOIz1KJl8CZ6
KGaOetS2kQeFaLi3EqWD9pQOTJQjrBsxGeHQNsaTLImhCAxY6Xgh8X/0XQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGqAsIYuXrwq7ui4CU4yfDFfwuo3MB8GA1UdIwQY
MBaAFOARmA5DoWAKl2Vn2wajSgEUX9eKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEJHWURrT2hZQXFYWldmYkJxTktBUlJmMTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy80ZmIxODQtMWQyNC00MTUxLTgxNDAt
ZDJkYTU4NDEzNTRiLzEvYW9Dd2hpNWV2Q3J1NkxnSlRqSjhNVl9DNmpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy80ZmIxODQtMWQyNC00MTUxLTgxNDAtZDJkYTU4NDEzNTRi
LzEvNEJHWURrT2hZQXFYWldmYkJxTktBUlJmMTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXpoAMA0E
AgACMAcDBQAqD/JAMA0GCSqGSIb3DQEBCwUAA4IBAQAYY3MbH6AQqIrG0ypNpTmz
uagsRKv5RUioMpkS2IwHJbu57alww7+xRK+XQkKoaF3qizLqU2TyPTNXKn50J4fb
QAzPwO3fm8+Sqk3FcXAYGlCmhZN+WiST7RmYONZglAJqqdOy58ecyP+rmULsvk1i
gV2ILUYwUJBH2mWXtWfl/vDPALMPunzcaaXn+F9J/LV8DAd+MKy539JPzQtxT0os
jjr6i0Z+XebozMPChdDJKj/0LoK62zQL1Du63jDNyJ7KsNZjoa6Lem3yLJ52EhbY
HIeJ+icGcfR1gK7L+uNFSPjZwD4rn/X9p7b7OISuKV9QK6c7gDntnDDKPj1TP9rq
-----END CERTIFICATE-----