Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/rrkRgQDBo4gJHr1oXY1CoQZRa78.roa
File:                     rrkRgQDBo4gJHr1oXY1CoQZRa78.roa (raw, json)
Hash identifier:          szaGVKdcoSByeOlUHRgh2pga4LNjYqWIEVUHlfwJUt0=
Subject key identifier:   AE:B9:11:81:00:C1:A3:88:09:1E:BD:68:5D:8D:42:A1:06:51:6B:BF
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019DB05D41C3A162203D5167DAFC23B9118D
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/rrkRgQDBo4gJHr1oXY1CoQZRa78.roa
Signing time:             Tue 21 Apr 2026 14:06:34 +0000
ROA not before:           Tue 21 Apr 2026 14:06:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198648
IP address blocks:        194.26.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:5d:41:c3:a1:62:20:3d:51:67:da:fc:23:b9:11:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Apr 21 14:06:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aeb9118100c1a388091ebd685d8d42a106516bbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:78:ce:0a:c9:9d:86:a3:a9:cb:c8:b2:1a:00:
                    1a:7f:e0:51:9e:52:2f:1b:f2:9d:f8:7a:93:5a:71:
                    b8:99:a8:d3:f3:07:00:49:7d:7c:39:af:42:e6:02:
                    e3:0a:92:a8:31:11:9f:ba:34:21:9e:b9:6f:c0:bf:
                    e4:6c:a8:28:b7:3d:b2:4e:d2:d4:8f:8e:df:5e:36:
                    d1:d1:ea:28:bf:eb:c7:57:a8:fa:ef:33:9a:1e:60:
                    72:53:15:16:11:80:46:d1:64:3d:3e:87:d5:c8:0b:
                    7a:60:28:5b:80:3b:f2:22:a3:46:70:32:49:e8:76:
                    24:26:1c:4e:16:5c:4f:06:0c:c6:df:21:09:16:2d:
                    79:bf:2d:30:af:3f:f3:47:a3:3b:76:f0:ff:90:b6:
                    d9:dc:39:bf:ad:9c:50:49:f3:c3:95:31:a9:60:36:
                    15:f9:54:17:61:32:36:78:c1:95:3f:35:79:12:e2:
                    c0:81:ca:10:3e:29:a1:7f:d6:28:1a:b9:a2:a3:11:
                    f0:e6:1f:90:83:65:bf:00:de:ed:a8:45:e4:79:fe:
                    76:b4:dc:02:be:6b:52:8d:e4:f1:78:51:1f:89:48:
                    e2:a4:95:8d:24:b8:8f:95:06:20:11:27:d4:c7:16:
                    f4:af:5c:8c:05:2a:99:66:a2:2f:06:10:d3:76:9e:
                    98:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B9:11:81:00:C1:A3:88:09:1E:BD:68:5D:8D:42:A1:06:51:6B:BF
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/rrkRgQDBo4gJHr1oXY1CoQZRa78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:0e:d4:c1:65:06:f3:9d:25:31:ca:67:ea:5d:6f:69:88:46:
         05:cf:5b:11:0d:82:31:2e:94:14:63:1b:6c:1d:8f:be:bb:46:
         cc:da:5a:f3:0c:8a:f8:51:7b:2c:28:9b:cd:f0:67:f4:85:02:
         63:79:f6:63:c2:0c:d2:80:84:9c:cf:7a:5e:ad:bb:1a:23:4a:
         f1:67:94:b8:e7:03:b2:bc:42:3c:2d:da:f7:d2:b2:b0:9d:69:
         d6:06:ff:e3:c6:a8:14:01:df:39:6b:ba:e5:66:b1:d2:d6:73:
         2b:ea:e4:49:2b:22:3e:ae:f8:04:32:4c:9b:9b:ea:b5:ab:72:
         c3:60:d7:1f:0d:fa:5e:c0:de:92:9b:e0:41:1e:3f:23:46:26:
         82:2d:bf:6b:b8:d2:cc:da:e3:d0:86:f9:b3:9e:9c:e4:3f:52:
         06:bb:7c:c6:7b:0b:3e:37:22:06:51:37:61:bd:86:8f:6e:1b:
         8e:91:ec:c6:cc:92:ba:37:ba:c1:bd:8b:57:42:b8:b2:7b:b4:
         8a:85:5a:04:fa:ba:1e:2b:57:23:8c:92:cf:4f:eb:0a:95:d2:
         bb:d2:81:47:ff:40:22:31:1a:2f:10:13:74:63:ab:eb:3b:7f:
         c7:91:ed:8d:3d:12:25:dc:75:73:72:8f:78:6b:f8:39:3b:40:
         10:88:da:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2wXUHDoWIgPVFn2vwjuRGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwNDIxMTQwNjM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWI5MTE4MTAwYzFhMzg4MDkxZWJkNjg1ZDhkNDJhMTA2NTE2YmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnjOCsmdhqOpy8iyGgAaf+BRnlIv
G/Kd+HqTWnG4majT8wcASX18Oa9C5gLjCpKoMRGfujQhnrlvwL/kbKgotz2yTtLU
j47fXjbR0eoov+vHV6j67zOaHmByUxUWEYBG0WQ9PofVyAt6YChbgDvyIqNGcDJJ
6HYkJhxOFlxPBgzG3yEJFi15vy0wrz/zR6M7dvD/kLbZ3Dm/rZxQSfPDlTGpYDYV
+VQXYTI2eMGVPzV5EuLAgcoQPimhf9YoGrmioxHw5h+Qg2W/AN7tqEXkef52tNwC
vmtSjeTxeFEfiUjipJWNJLiPlQYgESfUxxb0r1yMBSqZZqIvBhDTdp6YHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK65EYEAwaOICR69aF2NQqEGUWu/MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvcnJrUmdRREJvNGdKSHIxb1hZMUNvUVpSYTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrdMA0G
CSqGSIb3DQEBCwUAA4IBAQCZDtTBZQbznSUxymfqXW9piEYFz1sRDYIxLpQUYxts
HY++u0bM2lrzDIr4UXssKJvN8Gf0hQJjefZjwgzSgIScz3perbsaI0rxZ5S45wOy
vEI8Ldr30rKwnWnWBv/jxqgUAd85a7rlZrHS1nMr6uRJKyI+rvgEMkybm+q1q3LD
YNcfDfpewN6Sm+BBHj8jRiaCLb9ruNLM2uPQhvmznpzkP1IGu3zGews+NyIGUTdh
vYaPbhuOkezGzJK6N7rBvYtXQriye7SKhVoE+roeK1cjjJLPT+sKldK70oFH/0Ai
MRovEBN0Y6vrO3/Hke2NPRIl3HVzco94a/g5O0AQiNpe
-----END CERTIFICATE-----