Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/4XfOpett0QjhYhCQa83ZZrqa6b0.roa
File:                     4XfOpett0QjhYhCQa83ZZrqa6b0.roa (raw, json)
Hash identifier:          21/Knoc9OW87td0xkUbL/KWYOd6S0/cdUz2CwLCK6YA=
Subject key identifier:   E1:77:CE:A5:EB:6D:D1:08:E1:62:10:90:6B:CD:D9:66:BA:9A:E9:BD
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019C32C7FC64C520BB02C502E184131968DF
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/4XfOpett0QjhYhCQa83ZZrqa6b0.roa
Signing time:             Fri 06 Feb 2026 11:48:12 +0000
ROA not before:           Fri 06 Feb 2026 11:48:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21859
IP address blocks:        89.21.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:32:c7:fc:64:c5:20:bb:02:c5:02:e1:84:13:19:68:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Feb  6 11:48:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e177cea5eb6dd108e16210906bcdd966ba9ae9bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6f:02:f0:7f:81:bb:99:02:e6:22:97:29:4c:
                    2a:5d:6d:a4:d9:8c:c7:c7:47:c6:ca:02:c7:30:3f:
                    a0:09:76:6a:9d:46:87:f2:2e:6d:c9:98:1f:f1:df:
                    d5:44:b3:0c:11:ba:52:3f:bf:54:12:c5:bf:fd:13:
                    39:39:98:30:93:8a:fd:cf:b3:48:b6:22:85:39:10:
                    69:a3:f6:a9:ce:fe:30:aa:c7:09:de:3c:9d:2a:bb:
                    35:15:60:c8:08:a2:3f:f7:e2:67:6d:be:da:e6:3e:
                    aa:86:90:af:a3:c3:d6:7e:6c:01:b0:9c:6b:81:41:
                    32:73:ab:82:b5:52:bb:9e:7d:8e:05:63:52:94:03:
                    20:3d:d5:64:e5:d9:e0:aa:3c:fc:10:7c:bb:1a:55:
                    ac:b2:58:d3:b7:63:b8:e0:17:ae:57:83:b3:44:8e:
                    cc:4c:e3:7a:ac:75:6a:ad:cd:00:16:c1:db:13:51:
                    ff:38:36:3d:cc:56:82:78:16:44:9b:03:2e:76:2a:
                    a5:2e:7f:6f:c8:76:c4:18:6e:cc:33:1a:39:c2:0c:
                    75:eb:ee:54:dd:58:57:e4:48:a2:03:cf:00:0e:4a:
                    e9:a7:ac:18:de:7f:0a:01:d2:4d:13:f9:51:c9:a9:
                    e9:8a:a5:b8:07:d1:9b:dd:c1:ee:97:8a:bb:bd:bb:
                    ee:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:77:CE:A5:EB:6D:D1:08:E1:62:10:90:6B:CD:D9:66:BA:9A:E9:BD
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/4XfOpett0QjhYhCQa83ZZrqa6b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:e8:42:51:dc:22:5f:c8:d2:d9:60:ae:ea:18:f6:57:1f:7e:
         be:c2:a9:eb:50:15:5c:12:fb:5c:d7:82:8d:4b:c3:58:46:b6:
         9a:72:f4:9e:c9:40:e4:21:62:ea:0a:b5:50:8d:b7:d6:e6:a0:
         ec:a4:c1:1a:7b:a7:21:9c:79:f3:60:d1:93:d1:9a:b6:ea:65:
         7a:6d:ff:16:94:5a:d5:48:90:12:08:25:1c:fa:11:d1:4d:02:
         0a:7f:2e:8f:ca:b2:9f:5a:4f:54:71:ad:fb:9e:cf:f6:ec:52:
         de:4a:84:53:c6:b8:13:80:f7:92:77:ae:95:c8:62:26:57:00:
         3d:bc:57:67:e4:92:78:9b:58:2f:b0:84:f9:68:30:70:f1:40:
         0e:67:43:fd:10:cf:5c:1f:24:c8:9c:9f:3c:15:f8:ce:79:9c:
         7b:03:f9:2d:2e:6a:f5:96:4b:9c:88:43:e0:7f:90:0a:8d:13:
         58:e2:bb:a4:40:2f:ae:53:6d:c2:29:5c:2b:76:e6:83:72:33:
         c3:78:7e:40:34:8e:7f:4b:93:4e:1c:20:de:c5:03:b3:de:63:
         fe:66:67:49:ab:81:01:1e:7d:1b:47:a8:60:32:a4:8a:06:be:
         4e:ad:84:40:d5:12:60:eb:30:0c:9c:a8:df:75:39:2f:18:36:
         58:f6:a2:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwyx/xkxSC7AsUC4YQTGWjfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMjA2MTE0ODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTc3Y2VhNWViNmRkMTA4ZTE2MjEwOTA2YmNkZDk2NmJhOWFlOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG8C8H+Bu5kC5iKXKUwqXW2k2YzH
x0fGygLHMD+gCXZqnUaH8i5tyZgf8d/VRLMMEbpSP79UEsW//RM5OZgwk4r9z7NI
tiKFORBpo/apzv4wqscJ3jydKrs1FWDICKI/9+Jnbb7a5j6qhpCvo8PWfmwBsJxr
gUEyc6uCtVK7nn2OBWNSlAMgPdVk5dngqjz8EHy7GlWssljTt2O44BeuV4OzRI7M
TON6rHVqrc0AFsHbE1H/ODY9zFaCeBZEmwMudiqlLn9vyHbEGG7MMxo5wgx16+5U
3VhX5EiiA88ADkrpp6wY3n8KAdJNE/lRyanpiqW4B9Gb3cHul4q7vbvuPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOF3zqXrbdEI4WIQkGvN2Wa6mum9MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvNFhmT3BldHQwUWpoWWhDUWE4M1pacnFhNmIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRVXMA0G
CSqGSIb3DQEBCwUAA4IBAQAD6EJR3CJfyNLZYK7qGPZXH36+wqnrUBVcEvtc14KN
S8NYRraacvSeyUDkIWLqCrVQjbfW5qDspMEae6chnHnzYNGT0Zq26mV6bf8WlFrV
SJASCCUc+hHRTQIKfy6PyrKfWk9Uca37ns/27FLeSoRTxrgTgPeSd66VyGImVwA9
vFdn5JJ4m1gvsIT5aDBw8UAOZ0P9EM9cHyTInJ88FfjOeZx7A/ktLmr1lkuciEPg
f5AKjRNY4rukQC+uU23CKVwrduaDcjPDeH5ANI5/S5NOHCDexQOz3mP+ZmdJq4EB
Hn0bR6hgMqSKBr5OrYRA1RJg6zAMnKjfdTkvGDZY9qKH
-----END CERTIFICATE-----