Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cVQtjGDgnPnaTjDDLsQsXrssshQ.roa
File:                     cVQtjGDgnPnaTjDDLsQsXrssshQ.roa (raw, json)
Hash identifier:          wY9ZjIaM9ixA3WBpA3WdXNwwg7cjr2Ctls8qSkP8vcg=
Subject key identifier:   71:54:2D:8C:60:E0:9C:F9:DA:4E:30:C3:2E:C4:2C:5E:BB:2C:B2:14
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019EA18761932B8083590B13AE8170D9FB52
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cVQtjGDgnPnaTjDDLsQsXrssshQ.roa
Signing time:             Sun 07 Jun 2026 10:01:04 +0000
ROA not before:           Sun 07 Jun 2026 10:01:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        194.50.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a1:87:61:93:2b:80:83:59:0b:13:ae:81:70:d9:fb:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun  7 10:01:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71542d8c60e09cf9da4e30c32ec42c5ebb2cb214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8d:93:cf:47:5e:dd:17:2b:ef:ab:03:d4:e3:
                    7d:6c:45:f8:8d:7d:99:99:c5:54:6a:e0:f6:e7:42:
                    25:a0:93:86:ac:09:9e:74:05:51:a9:f4:56:cb:64:
                    9a:77:ff:82:d1:3b:1a:8e:db:bc:58:85:fa:d4:14:
                    f8:31:c6:ef:8f:6c:98:61:5c:dd:79:30:cc:d9:b9:
                    ed:ea:80:31:23:ed:47:9f:43:27:c5:ae:c7:11:9a:
                    1b:69:65:5e:73:38:31:fa:a7:80:f4:b0:50:5c:bc:
                    83:e7:a8:5a:08:e4:44:90:fa:9b:76:61:c1:a9:04:
                    ba:31:bf:7a:1f:d2:be:a6:9c:0f:c4:50:a9:2a:79:
                    b2:ac:4b:99:de:44:e1:df:59:31:be:07:bd:83:37:
                    ed:f8:86:55:48:ea:4a:d5:4c:ba:7d:b0:b5:38:be:
                    a2:b3:d6:87:c9:41:b8:28:78:6e:d0:7e:44:ad:83:
                    2b:3e:3e:d7:72:09:6f:6d:c0:37:0e:aa:f6:f9:84:
                    90:c3:7e:2e:d1:24:5a:48:82:4b:af:ab:31:78:39:
                    ce:b2:ba:5b:f1:ca:3e:a8:9c:51:ad:f5:6e:0d:7d:
                    bb:b0:fe:63:7f:5c:79:e3:d0:fe:fb:33:9a:9e:06:
                    ef:b9:a3:b6:8b:24:21:7c:f9:96:2a:ab:11:3d:87:
                    55:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:54:2D:8C:60:E0:9C:F9:DA:4E:30:C3:2E:C4:2C:5E:BB:2C:B2:14
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cVQtjGDgnPnaTjDDLsQsXrssshQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:77:ac:22:51:52:6d:04:21:f8:c0:75:c8:4f:be:d1:d4:ad:
         3d:38:79:25:f9:7b:78:e4:62:3b:83:4e:3e:bf:8a:98:27:bf:
         c8:00:e4:41:d7:a5:ca:d9:a3:ca:f5:8d:58:e1:74:22:54:a7:
         41:76:a5:33:f0:fd:f5:ec:42:aa:29:94:04:4c:9d:63:67:f8:
         71:76:11:50:9e:60:60:62:85:b3:81:81:c6:d8:44:8d:f5:5c:
         fb:c0:00:04:65:f5:a6:94:c4:88:39:1e:b7:db:8b:30:3e:1e:
         32:9d:84:d5:ab:2c:d4:22:80:87:9a:6c:fd:d0:52:d4:3b:e2:
         b8:b0:81:5a:b2:2b:31:65:09:04:82:4b:42:6a:e2:09:22:7e:
         01:2b:1d:40:69:bf:e0:e8:b5:e4:67:09:db:f5:8f:80:b1:6a:
         46:3b:53:dd:2d:91:1b:ca:9c:2c:4f:dd:e4:2d:18:87:4c:10:
         b3:93:b8:d3:a0:20:a1:bb:2c:2d:ff:94:0c:ea:7c:4a:26:18:
         c4:87:36:2f:eb:d1:b3:0a:76:3f:3a:ad:82:dd:75:28:e4:a9:
         e2:71:77:71:0a:d2:4c:22:1c:6d:d4:a7:78:ee:8a:45:e7:83:
         c7:0f:9b:cc:0b:e2:33:29:67:f8:4f:65:4c:79:65:85:b1:86:
         04:31:a6:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6hh2GTK4CDWQsTroFw2ftSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjA3MTAwMTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTU0MmQ4YzYwZTA5Y2Y5ZGE0ZTMwYzMyZWM0MmM1ZWJiMmNiMjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjo2Tz0de3Rcr76sD1ON9bEX4jX2Z
mcVUauD250IloJOGrAmedAVRqfRWy2Sad/+C0Tsajtu8WIX61BT4Mcbvj2yYYVzd
eTDM2bnt6oAxI+1Hn0Mnxa7HEZobaWVeczgx+qeA9LBQXLyD56haCOREkPqbdmHB
qQS6Mb96H9K+ppwPxFCpKnmyrEuZ3kTh31kxvge9gzft+IZVSOpK1Uy6fbC1OL6i
s9aHyUG4KHhu0H5ErYMrPj7XcglvbcA3Dqr2+YSQw34u0SRaSIJLr6sxeDnOsrpb
8co+qJxRrfVuDX27sP5jf1x549D++zOangbvuaO2iyQhfPmWKqsRPYdVgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFULYxg4Jz52k4wwy7ELF67LLIUMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvY1ZRdGpHRGduUG5hVGpERExzUXNYcnNzc2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJeMA0G
CSqGSIb3DQEBCwUAA4IBAQAwd6wiUVJtBCH4wHXIT77R1K09OHkl+Xt45GI7g04+
v4qYJ7/IAORB16XK2aPK9Y1Y4XQiVKdBdqUz8P317EKqKZQETJ1jZ/hxdhFQnmBg
YoWzgYHG2ESN9Vz7wAAEZfWmlMSIOR6324swPh4ynYTVqyzUIoCHmmz90FLUO+K4
sIFasisxZQkEgktCauIJIn4BKx1Aab/g6LXkZwnb9Y+AsWpGO1PdLZEbypwsT93k
LRiHTBCzk7jToCChuywt/5QM6nxKJhjEhzYv69GzCnY/Oq2C3XUo5KnicXdxCtJM
Ihxt1Kd47opF54PHD5vMC+IzKWf4T2VMeWWFsYYEMaaX
-----END CERTIFICATE-----