Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/3ni1lXz0xo-b4HoXI3wRu6vJL-c.roa
File:                     3ni1lXz0xo-b4HoXI3wRu6vJL-c.roa (raw, json)
Hash identifier:          7b3P7fNZC5J3JcfQvJqiC/2neHH6f8kadDw6/l3P8/Y=
Subject key identifier:   DE:78:B5:95:7C:F4:C6:8F:9B:E0:7A:17:23:7C:11:BB:AB:C9:2F:E7
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       019C01E99205D50945E44375374998089EC7
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/3ni1lXz0xo-b4HoXI3wRu6vJL-c.roa
Signing time:             Wed 28 Jan 2026 00:03:30 +0000
ROA not before:           Wed 28 Jan 2026 00:03:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212514
IP address blocks:        194.62.163.0/24 maxlen: 24
                          2a01:ffc0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:01:e9:92:05:d5:09:45:e4:43:75:37:49:98:08:9e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Jan 28 00:03:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de78b5957cf4c68f9be07a17237c11bbabc92fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:6e:b2:af:43:b3:47:c7:20:99:5c:2c:6b:ab:
                    19:2d:a3:dd:40:6e:fc:c0:fd:13:d0:a4:e2:58:21:
                    ee:be:5f:5b:e2:66:35:c7:35:49:9a:38:5c:25:c5:
                    93:3b:4d:82:c4:79:ee:cb:91:78:ce:7f:ef:8b:c0:
                    7b:4e:53:7b:d7:03:6d:d7:72:a9:7c:a2:1f:91:01:
                    84:bd:5b:74:be:5c:97:29:92:a3:a1:58:fc:de:e7:
                    8d:a5:ae:61:97:1c:1a:02:19:dc:c7:26:0d:c2:e3:
                    bb:49:b7:58:0d:69:78:91:30:14:27:00:19:bd:6f:
                    64:79:be:c1:62:22:94:e0:60:31:0d:6a:4c:8b:f3:
                    6b:dc:2d:a7:0f:1a:8e:a0:2a:17:91:0f:a4:50:3b:
                    c8:59:f9:8a:e3:6f:12:55:a7:ed:45:6c:78:4a:5f:
                    7e:e7:da:c8:77:3d:df:f3:0a:d8:c6:8c:70:d3:42:
                    8a:76:04:37:dd:90:d5:f3:54:a1:e9:88:fa:37:db:
                    3e:cb:f1:75:64:8b:66:4f:96:8d:5b:e5:de:62:88:
                    19:9e:0b:d2:79:e2:27:9a:1a:1d:3d:69:07:d4:b8:
                    c3:6c:3d:8d:f7:59:c9:56:f7:38:c4:e9:16:5f:1a:
                    ae:9d:85:bb:8f:29:6b:75:4f:51:d8:2e:5a:94:82:
                    94:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:78:B5:95:7C:F4:C6:8F:9B:E0:7A:17:23:7C:11:BB:AB:C9:2F:E7
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/3ni1lXz0xo-b4HoXI3wRu6vJL-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.163.0/24
                IPv6:
                  2a01:ffc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:92:54:3b:94:12:84:77:a4:e6:86:87:b6:e4:4d:4e:8c:82:
         14:61:a3:81:9c:f5:a2:ec:60:46:ea:d5:3d:19:b8:30:65:4d:
         79:55:e6:df:63:98:9e:49:79:f3:e5:5c:2f:43:51:0e:7d:9c:
         03:13:c6:15:b4:22:98:bf:b1:2d:a8:1f:b0:81:e2:44:a6:1c:
         58:61:07:86:0b:a3:c2:28:c5:ce:61:e2:64:a2:30:96:67:4f:
         30:f3:55:93:95:51:36:3c:8e:90:a8:07:4d:59:f0:c5:37:f1:
         46:07:32:fc:88:d8:6e:96:00:62:9f:b7:bc:a4:20:1f:01:b1:
         99:38:fc:ad:fe:78:9d:eb:fe:1f:dc:0c:be:cd:bb:97:60:3b:
         e9:e5:0d:ff:4f:8e:f7:67:5c:6a:16:76:49:d5:b6:a9:cf:e7:
         05:30:cf:e8:c7:ba:3f:2a:fe:dd:2d:47:79:0e:3d:26:d8:8f:
         50:d0:39:0f:b7:77:77:fb:8a:67:8b:f1:72:c2:1a:46:6b:42:
         ca:d4:ae:5c:33:ca:2a:67:5a:10:73:4b:42:db:8f:0d:ed:74:
         bb:c2:24:de:52:f1:1d:32:36:e6:45:94:f0:bb:04:85:f0:ac:
         04:5e:ca:ce:53:7d:cf:22:73:56:0b:7e:88:4f:4c:93:c2:bb:
         d6:55:23:d8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZwB6ZIF1QlF5EN1N0mYCJ7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjYwMTI4MDAwMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTc4YjU5NTdjZjRjNjhmOWJlMDdhMTcyMzdjMTFiYmFiYzkyZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+G6yr0OzR8cgmVwsa6sZLaPdQG78
wP0T0KTiWCHuvl9b4mY1xzVJmjhcJcWTO02CxHnuy5F4zn/vi8B7TlN71wNt13Kp
fKIfkQGEvVt0vlyXKZKjoVj83ueNpa5hlxwaAhncxyYNwuO7SbdYDWl4kTAUJwAZ
vW9keb7BYiKU4GAxDWpMi/Nr3C2nDxqOoCoXkQ+kUDvIWfmK428SVaftRWx4Sl9+
59rIdz3f8wrYxoxw00KKdgQ33ZDV81Sh6Yj6N9s+y/F1ZItmT5aNW+XeYogZngvS
eeInmhodPWkH1LjDbD2N91nJVvc4xOkWXxqunYW7jylrdU9R2C5alIKUXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN54tZV89MaPm+B6FyN8EburyS/nMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvM25pMWxYejB4by1iNEhvWEkzd1J1NnZKTC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwj6jMA0E
AgACMAcDBQAqAf/AMA0GCSqGSIb3DQEBCwUAA4IBAQBnklQ7lBKEd6Tmhoe25E1O
jIIUYaOBnPWi7GBG6tU9GbgwZU15VebfY5ieSXnz5VwvQ1EOfZwDE8YVtCKYv7Et
qB+wgeJEphxYYQeGC6PCKMXOYeJkojCWZ08w81WTlVE2PI6QqAdNWfDFN/FGBzL8
iNhulgBin7e8pCAfAbGZOPyt/nid6/4f3Ay+zbuXYDvp5Q3/T473Z1xqFnZJ1bap
z+cFMM/ox7o/Kv7dLUd5Dj0m2I9Q0DkPt3d3+4pni/FywhpGa0LK1K5cM8oqZ1oQ
c0tC248N7XS7wiTeUvEdMjbmRZTwuwSF8KwEXsrOU33PInNWC36IT0yTwrvWVSPY
-----END CERTIFICATE-----