Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/326CMhRebacBUPQalSnj3YJYybQ.roa
File:                     326CMhRebacBUPQalSnj3YJYybQ.roa (raw, json)
Hash identifier:          /NLGA7KLSgvqWOaQYDbgq4LbVYOg/ikPKnCGrwjkkCM=
Subject key identifier:   DF:6E:82:32:14:5E:6D:A7:01:50:F4:1A:95:29:E3:DD:82:58:C9:B4
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       019A4A953533E9EB4BC46A63BA7AD87AF85C
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/326CMhRebacBUPQalSnj3YJYybQ.roa
Signing time:             Mon 03 Nov 2025 16:38:03 +0000
ROA not before:           Mon 03 Nov 2025 16:38:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60721
IP address blocks:        195.178.148.0/24 maxlen: 24
                          195.178.154.0/24 maxlen: 24
                          212.111.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:95:35:33:e9:eb:4b:c4:6a:63:ba:7a:d8:7a:f8:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Nov  3 16:38:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df6e8232145e6da70150f41a9529e3dd8258c9b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d1:63:03:bf:67:dc:10:12:95:36:95:77:37:
                    fd:9d:c4:70:7e:aa:be:69:03:19:1b:67:1a:97:b1:
                    75:58:d8:5b:87:a9:27:e1:29:2b:15:4a:67:3d:61:
                    e4:fa:ee:9d:9d:a7:2f:bc:a3:24:31:d6:5e:6b:3e:
                    6b:db:71:5d:c9:b1:01:63:f1:bd:a3:19:d1:64:43:
                    c9:92:ce:01:cb:17:67:9d:26:d6:b3:fc:53:4a:94:
                    27:be:a8:dc:fc:fb:9b:8e:f4:be:d4:6a:1f:23:5b:
                    54:69:64:9a:8e:89:2b:8c:ba:c5:79:ba:33:45:11:
                    6f:0e:23:86:1c:29:b7:d8:fb:df:0c:a8:94:40:5e:
                    7a:64:57:99:37:e0:1a:da:58:d5:bb:3c:1a:fb:8e:
                    67:cc:9c:51:f8:19:86:0a:2d:05:9b:5b:57:ce:b2:
                    87:5a:fb:19:4b:44:8d:b3:21:44:db:d7:51:66:f0:
                    a0:7b:ca:57:e8:85:b8:fd:b2:15:2d:36:cd:6b:dd:
                    ac:a6:08:06:f9:4d:86:38:06:d1:18:87:a5:6e:e0:
                    b6:a8:f2:71:a4:25:91:5d:3b:29:7c:96:4d:b4:ba:
                    74:46:21:cb:ed:39:79:37:70:d4:87:ee:e5:8e:48:
                    10:17:8b:fb:6d:4e:17:54:0f:36:37:ea:13:1f:53:
                    a3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:6E:82:32:14:5E:6D:A7:01:50:F4:1A:95:29:E3:DD:82:58:C9:B4
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/326CMhRebacBUPQalSnj3YJYybQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.148.0/24
                  195.178.154.0/24
                  212.111.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:78:89:4a:90:e6:05:44:37:65:28:c5:26:35:4d:57:5f:4b:
         39:ad:ef:75:df:09:d1:b7:bf:ab:c6:b2:4b:19:65:27:64:c1:
         9a:e8:3a:9b:82:56:2b:e0:85:ef:16:eb:6b:67:d0:73:cb:75:
         89:19:86:82:60:2c:97:b9:97:d3:be:a9:8c:2c:27:1b:0c:e5:
         f6:28:8f:ff:2e:a7:07:4a:49:c2:4b:10:a1:af:79:ad:01:16:
         22:2d:55:e2:c8:b4:06:1b:bd:c4:78:5d:76:fe:fb:4f:e8:67:
         75:d8:8a:08:fb:95:88:ca:8c:f9:7a:46:ca:7d:85:0e:0e:0b:
         52:ab:ab:da:76:ae:83:5e:d3:37:fe:64:ba:fc:46:07:24:0d:
         fb:96:b4:71:b9:7f:45:9d:1a:49:34:53:96:c4:11:57:39:83:
         96:b4:1f:f8:be:06:2c:45:02:5c:27:b6:21:37:aa:8d:f1:e7:
         85:8a:66:7f:ec:41:48:36:93:eb:d2:56:60:a7:83:ab:17:8a:
         c5:13:30:41:c2:18:da:a8:a7:fe:b6:2b:c6:08:db:86:72:bc:
         ef:94:ab:56:34:c5:be:ab:4e:3e:74:9f:ce:14:3c:df:64:80:
         b5:09:d2:54:50:9f:b9:0e:f8:9e:b6:e9:3f:fc:cd:2d:c6:3d:
         12:83:6f:02
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpKlTUz6etLxGpjunrYevhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUxMTAzMTYzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjZlODIzMjE0NWU2ZGE3MDE1MGY0MWE5NTI5ZTNkZDgyNThjOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9FjA79n3BASlTaVdzf9ncRwfqq+
aQMZG2cal7F1WNhbh6kn4SkrFUpnPWHk+u6dnacvvKMkMdZeaz5r23FdybEBY/G9
oxnRZEPJks4ByxdnnSbWs/xTSpQnvqjc/PubjvS+1GofI1tUaWSajokrjLrFeboz
RRFvDiOGHCm32PvfDKiUQF56ZFeZN+Aa2ljVuzwa+45nzJxR+BmGCi0Fm1tXzrKH
WvsZS0SNsyFE29dRZvCge8pX6IW4/bIVLTbNa92spggG+U2GOAbRGIelbuC2qPJx
pCWRXTspfJZNtLp0RiHL7Tl5N3DUh+7ljkgQF4v7bU4XVA82N+oTH1Oj4wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN9ugjIUXm2nAVD0GpUp492CWMm0MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvMzI2Q01oUmViYWNCVVBRYWxTbmozWUpZeWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAw7KUAwQA
w7KaAwQA1G/CMA0GCSqGSIb3DQEBCwUAA4IBAQABeIlKkOYFRDdlKMUmNU1XX0s5
re913wnRt7+rxrJLGWUnZMGa6DqbglYr4IXvFutrZ9Bzy3WJGYaCYCyXuZfTvqmM
LCcbDOX2KI//LqcHSknCSxChr3mtARYiLVXiyLQGG73EeF12/vtP6Gd12IoI+5WI
yoz5ekbKfYUODgtSq6vadq6DXtM3/mS6/EYHJA37lrRxuX9FnRpJNFOWxBFXOYOW
tB/4vgYsRQJcJ7YhN6qN8eeFimZ/7EFINpPr0lZgp4OrF4rFEzBBwhjaqKf+tivG
CNuGcrzvlKtWNMW+q04+dJ/OFDzfZIC1CdJUUJ+5Dvietuk//M0txj0Sg28C
-----END CERTIFICATE-----