Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/sLmFgJo7rjEl_A1jyB9XVmXHYkY.roa
File:                     sLmFgJo7rjEl_A1jyB9XVmXHYkY.roa (raw, json)
Hash identifier:          GYLc9uxuhcTORnu6ikgBYA+aZs89902s4h3qBiGnBrY=
Subject key identifier:   B0:B9:85:80:9A:3B:AE:31:25:FC:0D:63:C8:1F:57:56:65:C7:62:46
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EAC1AB4CC3B7AAC6AB12CAF18E5CFAE67
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/sLmFgJo7rjEl_A1jyB9XVmXHYkY.roa
Signing time:             Tue 09 Jun 2026 11:18:11 +0000
ROA not before:           Tue 09 Jun 2026 11:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213832
IP address blocks:        195.162.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:1a:b4:cc:3b:7a:ac:6a:b1:2c:af:18:e5:cf:ae:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun  9 11:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0b985809a3bae3125fc0d63c81f575665c76246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7c:fb:0a:bf:a6:52:5f:a2:54:3a:ad:f5:8d:
                    9e:6e:a1:c3:83:ff:ed:a3:b3:aa:35:ff:ab:2f:e1:
                    eb:92:e6:d2:7c:2b:28:eb:53:c4:8b:9e:8d:49:0e:
                    d8:24:18:c1:88:b8:70:02:1d:bb:0b:0c:f6:98:40:
                    a1:b8:cc:88:76:f7:af:3f:9f:70:12:9d:60:70:81:
                    50:09:5a:fe:88:26:a3:85:f1:0c:e1:29:d7:c6:3e:
                    80:5f:41:72:e1:37:dd:0a:06:6b:32:e7:ed:6a:6c:
                    11:d6:ad:85:77:1a:05:16:a3:ca:7a:55:09:e6:3e:
                    48:ae:e1:e5:66:05:51:4a:11:8b:a3:f9:73:79:5d:
                    1a:07:be:9c:4f:cf:f2:de:5e:73:72:12:e3:6e:a0:
                    ba:c9:50:d8:bc:8e:bb:64:fd:2f:b1:7a:d9:66:ea:
                    a9:70:fa:5b:54:a0:d9:5e:4f:7a:8d:33:55:4d:dd:
                    da:64:48:a9:94:a1:ca:8a:2c:c8:e8:0b:aa:f2:dd:
                    0c:68:63:65:99:5b:4c:9a:56:5a:5d:36:80:cf:cf:
                    bb:36:3b:4a:13:14:46:cb:f9:94:8c:26:2e:fe:4e:
                    b2:09:27:86:91:9f:4f:31:8a:9e:5b:f3:43:64:5e:
                    32:6b:41:0e:2d:c3:80:4b:4a:6f:8b:4e:4d:fb:45:
                    70:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B9:85:80:9A:3B:AE:31:25:FC:0D:63:C8:1F:57:56:65:C7:62:46
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/sLmFgJo7rjEl_A1jyB9XVmXHYkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.162.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:11:29:ba:24:bc:09:06:a4:59:b0:7d:51:47:20:6b:6d:87:
         cd:01:61:09:2d:90:7d:8d:a5:af:b2:4b:b2:e3:63:da:cf:a5:
         2f:71:e1:30:96:81:4a:75:49:04:73:72:cf:37:77:99:04:e2:
         10:80:ef:89:8f:f3:e5:c4:80:89:30:1e:d5:5a:17:6a:bf:65:
         67:6e:26:95:18:2e:53:85:c7:ec:13:d6:b3:56:21:90:49:29:
         12:fa:75:fa:f8:ec:81:63:35:50:b7:ef:51:d6:ef:95:4b:10:
         8b:e3:76:5c:9a:93:28:de:b5:4c:9a:4a:e6:ff:d7:4c:2d:c2:
         a1:67:8f:12:ca:b3:a0:eb:06:ec:13:9d:70:58:b8:fa:b3:4b:
         5f:5f:7a:fc:e4:ba:2a:36:ae:94:d8:14:7f:d8:76:0e:d6:7d:
         91:5a:66:d8:0c:eb:f2:48:12:b0:e8:9f:d2:63:73:bd:73:d1:
         39:5f:ee:f1:df:46:b0:9b:ff:2e:6c:b4:b2:62:29:7b:e9:17:
         9a:db:d2:d7:9c:ed:04:2e:14:55:84:3e:71:51:d2:32:4b:a0:
         08:34:7b:ec:38:dc:1e:b4:f5:d0:c4:0a:30:b2:32:1a:d3:c5:
         1b:8a:e9:41:a4:d2:e0:96:37:9b:f3:e1:19:1a:29:87:f5:c2:
         21:72:94:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6sGrTMO3qsarEsrxjlz65nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjA5MTExODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGI5ODU4MDlhM2JhZTMxMjVmYzBkNjNjODFmNTc1NjY1Yzc2MjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnz7Cr+mUl+iVDqt9Y2ebqHDg//t
o7OqNf+rL+HrkubSfCso61PEi56NSQ7YJBjBiLhwAh27Cwz2mEChuMyIdvevP59w
Ep1gcIFQCVr+iCajhfEM4SnXxj6AX0Fy4TfdCgZrMuftamwR1q2FdxoFFqPKelUJ
5j5IruHlZgVRShGLo/lzeV0aB76cT8/y3l5zchLjbqC6yVDYvI67ZP0vsXrZZuqp
cPpbVKDZXk96jTNVTd3aZEiplKHKiizI6Auq8t0MaGNlmVtMmlZaXTaAz8+7NjtK
ExRGy/mUjCYu/k6yCSeGkZ9PMYqeW/NDZF4ya0EOLcOAS0pvi05N+0Vw3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLC5hYCaO64xJfwNY8gfV1Zlx2JGMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvc0xtRmdKbzdyakVsX0ExanlCOVhWbVhIWWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6L1MA0G
CSqGSIb3DQEBCwUAA4IBAQBOESm6JLwJBqRZsH1RRyBrbYfNAWEJLZB9jaWvskuy
42Paz6UvceEwloFKdUkEc3LPN3eZBOIQgO+Jj/PlxICJMB7VWhdqv2VnbiaVGC5T
hcfsE9azViGQSSkS+nX6+OyBYzVQt+9R1u+VSxCL43ZcmpMo3rVMmkrm/9dMLcKh
Z48SyrOg6wbsE51wWLj6s0tfX3r85LoqNq6U2BR/2HYO1n2RWmbYDOvySBKw6J/S
Y3O9c9E5X+7x30awm/8ubLSyYil76Rea29LXnO0ELhRVhD5xUdIyS6AINHvsONwe
tPXQxAowsjIa08UbiulBpNLgljeb8+EZGimH9cIhcpRz
-----END CERTIFICATE-----