Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/2ATxWC0LpwAfJfvHqDtwuI8bNls.roa
File:                     2ATxWC0LpwAfJfvHqDtwuI8bNls.roa (raw, json)
Hash identifier:          Bm5IQQ4PBSwytK8rm4bHoKQ0+XdV1o2+vJdyCZLCHhU=
Subject key identifier:   D8:04:F1:58:2D:0B:A7:00:1F:25:FB:C7:A8:3B:70:B8:8F:1B:36:5B
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       019CBD68CB0E295465685529AF75E0409CAB
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/2ATxWC0LpwAfJfvHqDtwuI8bNls.roa
Signing time:             Thu 05 Mar 2026 09:51:27 +0000
ROA not before:           Thu 05 Mar 2026 09:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        195.178.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 15:04:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:68:cb:0e:29:54:65:68:55:29:af:75:e0:40:9c:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Mar  5 09:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d804f1582d0ba7001f25fbc7a83b70b88f1b365b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:de:31:bf:30:66:7b:54:86:30:45:e3:06:61:
                    cd:cc:0c:00:70:9c:e8:48:09:9e:0c:89:ef:b6:7f:
                    09:b7:32:5d:3b:f0:5c:e6:59:d3:15:0a:66:5f:0f:
                    9d:cc:8f:3f:18:09:35:6d:11:26:8b:02:86:b5:a4:
                    16:2e:d2:83:cf:01:39:92:6e:95:d0:88:d3:98:9d:
                    34:32:d4:56:95:b4:e1:ff:e0:b4:df:4f:fc:2c:27:
                    40:5c:5e:d8:7f:11:70:cf:d4:fe:7e:3a:d4:3e:ff:
                    a2:ba:96:8f:96:87:d4:f8:27:7e:50:e8:c1:11:43:
                    60:c4:9e:d6:5f:82:88:7f:55:5f:2d:2a:2a:08:1a:
                    c3:5d:41:cb:ec:58:9b:19:59:4f:7a:f9:78:de:42:
                    1b:be:9f:db:cd:c1:a1:37:54:7c:34:b9:44:05:45:
                    e7:b4:1d:95:ee:4f:66:56:2b:a8:22:b5:fa:56:8a:
                    1c:2e:a2:e6:10:6a:1f:7e:8a:cc:97:a8:dc:05:bd:
                    71:3c:7b:ba:71:6a:dc:b3:7d:db:bd:f9:b2:87:37:
                    08:43:a4:ea:78:5b:44:ab:3e:73:0c:18:69:cb:52:
                    de:b2:f5:10:37:5c:c5:65:ab:7b:e4:95:2a:a2:ea:
                    82:92:02:58:32:57:a9:ad:18:b0:25:e2:3c:fd:d1:
                    8f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:04:F1:58:2D:0B:A7:00:1F:25:FB:C7:A8:3B:70:B8:8F:1B:36:5B
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/2ATxWC0LpwAfJfvHqDtwuI8bNls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:e8:e3:c8:7a:e7:4b:f2:4f:b3:f7:88:3b:a0:30:aa:14:62:
         0c:b3:47:15:9c:6d:5d:88:8e:70:9b:e1:7c:d9:12:cb:8a:8b:
         09:f4:9c:38:2e:a1:3c:cf:a9:d2:6e:ec:e3:01:7b:58:83:c2:
         59:c7:d2:0a:09:74:c8:b5:8a:00:f8:1d:7d:c9:47:96:21:2b:
         5b:3d:50:20:5b:b8:4a:2f:7c:1c:7a:3b:50:b1:30:f9:d7:25:
         e5:10:5a:04:b7:75:9b:e5:b1:68:55:66:e7:1e:9e:44:57:fb:
         0c:10:f4:1b:9d:67:e1:e0:de:df:a7:6f:8d:d2:3b:39:67:01:
         1b:37:b2:6c:06:ea:7a:00:d4:43:bd:aa:af:03:b9:1c:dd:e1:
         d1:0e:8e:92:92:3e:72:dd:26:71:ed:e0:7b:53:fa:b1:39:d4:
         ad:07:92:fd:03:d8:c5:73:7c:38:82:53:f4:dd:43:dd:ca:ca:
         76:5e:10:79:8f:01:39:b5:4b:ce:fd:4a:3f:a7:95:7c:cb:e8:
         19:5d:eb:d5:a8:c1:d5:0e:64:06:a3:00:39:3c:77:65:a6:cd:
         25:57:76:52:e5:89:be:34:9e:06:e6:ae:96:cb:ad:ff:18:cc:
         97:09:38:b1:9a:03:00:2a:c4:b4:1d:0e:15:6c:60:f2:31:38:
         39:46:d6:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy9aMsOKVRlaFUpr3XgQJyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjYwMzA1MDk1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODA0ZjE1ODJkMGJhNzAwMWYyNWZiYzdhODNiNzBiODhmMWIzNjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN4xvzBme1SGMEXjBmHNzAwAcJzo
SAmeDInvtn8JtzJdO/Bc5lnTFQpmXw+dzI8/GAk1bREmiwKGtaQWLtKDzwE5km6V
0IjTmJ00MtRWlbTh/+C030/8LCdAXF7YfxFwz9T+fjrUPv+iupaPlofU+Cd+UOjB
EUNgxJ7WX4KIf1VfLSoqCBrDXUHL7FibGVlPevl43kIbvp/bzcGhN1R8NLlEBUXn
tB2V7k9mViuoIrX6VoocLqLmEGofforMl6jcBb1xPHu6cWrcs33bvfmyhzcIQ6Tq
eFtEqz5zDBhpy1LesvUQN1zFZat75JUqouqCkgJYMleprRiwJeI8/dGPcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgE8VgtC6cAHyX7x6g7cLiPGzZbMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvMkFUeFdDMExwd0FmSmZ2SHFEdHd1SThiTmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7KUMA0G
CSqGSIb3DQEBCwUAA4IBAQCj6OPIeudL8k+z94g7oDCqFGIMs0cVnG1diI5wm+F8
2RLLiosJ9Jw4LqE8z6nSbuzjAXtYg8JZx9IKCXTItYoA+B19yUeWIStbPVAgW7hK
L3wcejtQsTD51yXlEFoEt3Wb5bFoVWbnHp5EV/sMEPQbnWfh4N7fp2+N0js5ZwEb
N7JsBup6ANRDvaqvA7kc3eHRDo6Skj5y3SZx7eB7U/qxOdStB5L9A9jFc3w4glP0
3UPdysp2XhB5jwE5tUvO/Uo/p5V8y+gZXevVqMHVDmQGowA5PHdlps0lV3ZS5Ym+
NJ4G5q6Wy63/GMyXCTixmgMAKsS0HQ4VbGDyMTg5RtbC
-----END CERTIFICATE-----