Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/AQJd1cNHrucoqBvDC3jyEB5dOso.roa
File:                     AQJd1cNHrucoqBvDC3jyEB5dOso.roa (raw, json)
Hash identifier:          atNTArIuqdrayKKUq2886fcPuj/ZYobwvysh7lo0D8Y=
Subject key identifier:   01:02:5D:D5:C3:47:AE:E7:28:A8:1B:C3:0B:78:F2:10:1E:5D:3A:CA
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019D31138C777624ACB4883A3389DE922142
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/AQJd1cNHrucoqBvDC3jyEB5dOso.roa
Signing time:             Fri 27 Mar 2026 20:54:17 +0000
ROA not before:           Fri 27 Mar 2026 20:54:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        195.96.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:31:13:8c:77:76:24:ac:b4:88:3a:33:89:de:92:21:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar 27 20:54:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01025dd5c347aee728a81bc30b78f2101e5d3aca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ff:a0:f7:bf:97:5c:8a:57:b3:e8:f3:4c:f0:
                    1e:8c:5a:de:7e:b1:72:fe:60:90:e2:fd:db:cf:35:
                    31:20:05:f2:db:03:88:6d:56:4e:98:29:c1:4f:47:
                    83:e8:7f:81:a0:3a:0d:c6:40:bb:d6:be:c4:1f:8f:
                    13:92:6a:0c:91:f4:9d:26:45:27:71:36:68:0f:14:
                    19:a7:5d:66:3f:83:2c:6b:28:f7:73:23:67:3d:f8:
                    50:73:57:68:ad:c1:b9:ff:15:e0:12:88:60:27:4c:
                    8b:8d:76:27:aa:8a:fa:28:ef:9a:86:6d:bc:56:97:
                    86:7e:7a:33:39:6b:ca:fd:83:85:cd:f5:58:24:ed:
                    aa:dd:fd:ec:6c:a1:03:1d:c2:a2:03:70:52:80:e5:
                    e3:08:34:68:6b:d4:5a:be:1b:34:85:d5:81:60:14:
                    d8:fc:d8:09:f1:1f:09:49:64:d6:78:42:3e:6f:3a:
                    06:95:9c:a3:36:68:ca:10:fc:06:c5:84:26:47:c1:
                    9d:83:dd:85:c8:49:77:42:3a:39:e4:5c:af:19:b2:
                    73:8d:f1:bb:0c:01:4c:ed:26:ab:1d:a1:1e:d6:71:
                    69:20:14:0d:7f:b6:2f:0b:30:37:f8:eb:d0:87:65:
                    35:95:84:58:dc:59:30:92:8f:29:dc:57:27:ea:c7:
                    ce:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:02:5D:D5:C3:47:AE:E7:28:A8:1B:C3:0B:78:F2:10:1E:5D:3A:CA
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/AQJd1cNHrucoqBvDC3jyEB5dOso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:f5:b5:88:3e:85:3b:58:e0:8c:8b:25:a1:da:18:07:ee:13:
         9c:c5:37:78:48:f4:80:d6:f0:4e:88:f2:22:98:5b:4e:90:0c:
         ca:ff:8b:b3:b9:53:8a:5f:1c:20:04:9f:c6:06:ed:3b:88:9a:
         c3:64:9b:69:8e:21:9f:a4:40:e5:ba:b0:13:ce:66:49:d8:6b:
         f6:a3:3b:9e:a6:68:ab:a4:a6:64:8b:c8:bc:d0:44:3c:62:81:
         ab:b9:7f:d3:8f:e3:d5:bf:79:32:33:0a:34:a2:e0:fa:45:c5:
         bc:0e:30:78:7d:aa:6e:c9:97:81:5c:ed:23:98:4c:fb:01:b1:
         67:55:ce:cd:f5:f1:e6:a8:fb:85:ac:0b:bb:f9:1f:b7:ca:c6:
         a5:1e:f1:ce:a1:5b:33:6e:fd:31:69:7f:1f:3d:ce:91:cf:34:
         43:74:e5:45:8f:8e:30:44:2a:b6:b8:b0:25:a5:41:ff:d4:f3:
         2b:46:7e:9d:ac:98:7a:83:a9:89:d3:03:34:de:2d:b0:20:99:
         4d:d2:27:0a:43:c2:f9:73:6a:8c:d2:4b:b4:e9:c9:4f:7e:18:
         e9:a3:0b:51:4b:68:86:b3:06:eb:79:94:ac:30:52:5c:b3:53:
         60:2f:b1:55:f5:bb:5e:7d:31:08:00:94:02:e5:51:05:0c:9d:
         ce:a3:28:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0xE4x3diSstIg6M4nekiFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMzI3MjA1NDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTAyNWRkNWMzNDdhZWU3MjhhODFiYzMwYjc4ZjIxMDFlNWQzYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnv+g97+XXIpXs+jzTPAejFrefrFy
/mCQ4v3bzzUxIAXy2wOIbVZOmCnBT0eD6H+BoDoNxkC71r7EH48TkmoMkfSdJkUn
cTZoDxQZp11mP4Msayj3cyNnPfhQc1dorcG5/xXgEohgJ0yLjXYnqor6KO+ahm28
VpeGfnozOWvK/YOFzfVYJO2q3f3sbKEDHcKiA3BSgOXjCDRoa9Ravhs0hdWBYBTY
/NgJ8R8JSWTWeEI+bzoGlZyjNmjKEPwGxYQmR8Gdg92FyEl3Qjo55FyvGbJzjfG7
DAFM7SarHaEe1nFpIBQNf7YvCzA3+OvQh2U1lYRY3Fkwko8p3Fcn6sfOVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAECXdXDR67nKKgbwwt48hAeXTrKMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvQVFKZDFjTkhydWNvcUJ2REMzanlFQjVkT3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CUMA0G
CSqGSIb3DQEBCwUAA4IBAQCO9bWIPoU7WOCMiyWh2hgH7hOcxTd4SPSA1vBOiPIi
mFtOkAzK/4uzuVOKXxwgBJ/GBu07iJrDZJtpjiGfpEDlurATzmZJ2Gv2ozuepmir
pKZki8i80EQ8YoGruX/Tj+PVv3kyMwo0ouD6RcW8DjB4fapuyZeBXO0jmEz7AbFn
Vc7N9fHmqPuFrAu7+R+3ysalHvHOoVszbv0xaX8fPc6RzzRDdOVFj44wRCq2uLAl
pUH/1PMrRn6drJh6g6mJ0wM03i2wIJlN0icKQ8L5c2qM0ku06clPfhjpowtRS2iG
swbreZSsMFJcs1NgL7FV9btefTEIAJQC5VEFDJ3OoyhA
-----END CERTIFICATE-----