Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/4Ucriqv55EYMnIzTuWFJEJ0cFbI.roa
File:                     4Ucriqv55EYMnIzTuWFJEJ0cFbI.roa (raw, json)
Hash identifier:          lG2vwxva8GrYFGHSt+tYisTRrXaNflBbJwPUhm0hB1k=
Subject key identifier:   E1:47:2B:8A:AB:F9:E4:46:0C:9C:8C:D3:B9:61:49:10:9D:1C:15:B2
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019CB5A0F1E4A20FA02B759073F964776DCA
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/4Ucriqv55EYMnIzTuWFJEJ0cFbI.roa
Signing time:             Tue 03 Mar 2026 21:35:49 +0000
ROA not before:           Tue 03 Mar 2026 21:35:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214941
IP address blocks:        85.204.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 10:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b5:a0:f1:e4:a2:0f:a0:2b:75:90:73:f9:64:77:6d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Mar  3 21:35:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e1472b8aabf9e4460c9c8cd3b96149109d1c15b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:66:86:cb:c6:77:e6:65:57:1c:e2:59:9b:c0:
                    d0:f3:ad:a6:0b:d6:cf:ef:4a:da:2a:90:bf:59:dd:
                    0e:74:3f:bd:f9:80:a0:ff:5d:4f:be:1c:44:d9:55:
                    41:d8:15:fd:cb:d5:58:40:5e:bf:1e:e5:1c:a3:2e:
                    94:32:ff:c1:8d:4c:88:6b:ab:b5:5e:12:41:a5:3a:
                    55:0a:a4:2a:5f:7b:1e:94:0b:19:6e:8a:64:38:f5:
                    44:aa:34:41:c6:c1:b5:ed:76:ca:7e:83:a9:27:cd:
                    2d:06:e7:cf:e6:63:01:a8:c3:87:ec:82:fb:83:b7:
                    9e:b1:7c:44:af:4e:10:75:28:ed:40:82:f6:bf:7e:
                    83:79:ca:b2:2e:36:93:6c:ea:85:03:7b:0c:06:6a:
                    44:74:34:e3:1b:fb:e7:85:eb:ae:f7:8d:7c:74:ea:
                    08:be:bc:6a:d8:9a:7b:5c:bb:29:a4:80:95:30:c0:
                    ff:d9:35:6f:b6:2a:95:59:9f:10:c5:14:9b:37:4a:
                    87:72:be:d1:6a:40:26:74:a9:ad:61:13:3e:31:31:
                    18:ab:2f:11:61:82:38:63:77:84:53:63:8e:e4:6f:
                    0d:ab:6c:49:ac:b8:4d:57:97:99:4c:13:9a:8f:c1:
                    c7:37:d0:c5:a8:a8:99:81:ab:ed:ef:4c:3c:cd:85:
                    6a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:47:2B:8A:AB:F9:E4:46:0C:9C:8C:D3:B9:61:49:10:9D:1C:15:B2
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/4Ucriqv55EYMnIzTuWFJEJ0cFbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b2:85:74:15:3e:3e:1c:1e:d0:83:2d:94:bb:a4:aa:89:e2:
         2c:35:8b:2f:ce:00:aa:0a:f2:e7:0f:4b:21:56:80:e4:1e:9c:
         3e:83:f5:15:11:7f:f5:55:6d:da:1b:f7:42:bf:23:9d:87:1a:
         5e:45:19:19:aa:7c:8c:fb:3a:2e:2c:29:2a:37:52:3b:38:47:
         c1:60:ca:08:94:0d:80:e8:e5:f0:92:28:ba:41:b1:b9:5e:a8:
         25:04:f4:85:40:88:1d:89:a7:fe:a6:b6:36:d3:a2:a1:a8:a0:
         4b:6e:5d:27:c8:d2:19:38:6e:42:30:d5:48:e2:ee:d4:8a:45:
         76:21:9f:41:d6:c9:a5:75:ed:3d:dc:60:a8:1a:68:4e:01:38:
         fe:c5:b1:b6:54:fd:8c:a3:f4:73:50:99:e5:03:42:f1:b3:8f:
         5c:f3:e0:bc:4d:d1:14:81:de:e4:f2:51:11:d4:74:8d:c4:de:
         47:93:6e:c7:71:c1:e7:93:f4:52:31:9a:d1:18:84:b6:91:62:
         1a:08:49:19:7f:01:26:a0:69:a4:de:a8:60:dc:f9:a2:23:4d:
         3b:8d:65:de:22:af:ca:6b:6f:10:bd:89:62:2e:78:bd:33:c4:
         4f:31:ef:8b:e3:1b:5c:f3:85:28:2d:b8:94:b2:72:fc:79:d9:
         7b:93:5b:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy1oPHkog+gK3WQc/lkd23KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwMzAzMjEzNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQ3MmI4YWFiZjllNDQ2MGM5YzhjZDNiOTYxNDkxMDlkMWMxNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumaGy8Z35mVXHOJZm8DQ862mC9bP
70raKpC/Wd0OdD+9+YCg/11PvhxE2VVB2BX9y9VYQF6/HuUcoy6UMv/BjUyIa6u1
XhJBpTpVCqQqX3selAsZbopkOPVEqjRBxsG17XbKfoOpJ80tBufP5mMBqMOH7IL7
g7eesXxEr04QdSjtQIL2v36DecqyLjaTbOqFA3sMBmpEdDTjG/vnheuu9418dOoI
vrxq2Jp7XLsppICVMMD/2TVvtiqVWZ8QxRSbN0qHcr7RakAmdKmtYRM+MTEYqy8R
YYI4Y3eEU2OO5G8Nq2xJrLhNV5eZTBOaj8HHN9DFqKiZgavt70w8zYVqswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFHK4qr+eRGDJyM07lhSRCdHBWyMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvNFVjcmlxdjU1RVlNbkl6VHVXRkpFSjBjRmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcx9MA0G
CSqGSIb3DQEBCwUAA4IBAQApsoV0FT4+HB7Qgy2Uu6SqieIsNYsvzgCqCvLnD0sh
VoDkHpw+g/UVEX/1VW3aG/dCvyOdhxpeRRkZqnyM+zouLCkqN1I7OEfBYMoIlA2A
6OXwkii6QbG5XqglBPSFQIgdiaf+prY206KhqKBLbl0nyNIZOG5CMNVI4u7UikV2
IZ9B1smlde093GCoGmhOATj+xbG2VP2Mo/RzUJnlA0Lxs49c8+C8TdEUgd7k8lER
1HSNxN5Hk27HccHnk/RSMZrRGIS2kWIaCEkZfwEmoGmk3qhg3PmiI007jWXeIq/K
a28QvYliLni9M8RPMe+L4xtc84UoLbiUsnL8edl7k1tk
-----END CERTIFICATE-----