Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/rT2GKqRNplkDcHzBqdD4vYquDdU.roa
File:                     rT2GKqRNplkDcHzBqdD4vYquDdU.roa (raw, json)
Hash identifier:          xq38FNJ36cgvD1QD920Vixq2fn3iuLkSD00qomnTpqg=
Subject key identifier:   AD:3D:86:2A:A4:4D:A6:59:03:70:7C:C1:A9:D0:F8:BD:8A:AE:0D:D5
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       019CBD75F8756EE91AE4E1F3DF5F4681691F
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/rT2GKqRNplkDcHzBqdD4vYquDdU.roa
Signing time:             Thu 05 Mar 2026 10:05:51 +0000
ROA not before:           Thu 05 Mar 2026 10:05:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201813
IP address blocks:        195.178.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 15:04:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:75:f8:75:6e:e9:1a:e4:e1:f3:df:5f:46:81:69:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Mar  5 10:05:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad3d862aa44da65903707cc1a9d0f8bd8aae0dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e2:fa:ab:a1:9d:2d:dd:0a:4e:d0:42:8d:77:
                    95:c2:fe:64:a0:04:cf:92:d8:93:36:bc:1f:4b:d4:
                    fa:20:0e:2e:64:fa:f1:9e:8f:8e:0b:cb:c0:56:23:
                    54:84:24:1d:53:34:fc:2d:e7:f3:4a:f2:5e:79:26:
                    5d:4c:9d:9a:f8:c6:78:2c:0d:7e:f8:ce:20:0c:0c:
                    39:f8:f6:7f:17:bd:8f:0c:06:dc:b9:17:6a:36:6b:
                    cf:45:56:0b:75:c4:ec:dd:66:0f:dc:f3:54:88:8c:
                    68:ce:72:ff:71:04:1a:43:66:e9:fe:af:16:11:78:
                    10:dd:ce:fb:c2:33:ca:c6:8e:46:e9:e3:87:bf:5d:
                    b9:fa:94:80:d1:e9:b1:78:f0:f8:bd:99:ed:82:71:
                    78:7e:f0:6f:c6:f1:6e:f9:f7:b9:20:30:ea:26:ff:
                    7d:bc:e1:ee:f6:62:19:d7:b4:67:88:5f:d8:c2:17:
                    79:7a:3e:ba:59:fa:df:8c:3a:3d:15:52:d9:a2:4d:
                    9a:3d:6e:34:73:5a:02:d9:a9:78:3b:96:50:cd:31:
                    5f:55:43:f4:7b:bd:e7:22:53:f0:47:75:35:52:bb:
                    66:ad:d7:37:18:38:8c:83:35:ae:83:cf:9f:b5:be:
                    d6:a5:3c:51:cd:c9:39:f0:87:1b:f8:46:10:f6:17:
                    2f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:3D:86:2A:A4:4D:A6:59:03:70:7C:C1:A9:D0:F8:BD:8A:AE:0D:D5
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/rT2GKqRNplkDcHzBqdD4vYquDdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:4c:82:41:57:15:2c:e0:b3:ff:3c:8f:98:e2:0c:0a:91:be:
         c6:1e:48:5f:1a:0e:b5:41:8f:3a:1a:7c:4b:de:6d:30:a6:09:
         46:93:4b:8c:f9:fd:da:bb:3b:ff:e6:0d:68:74:08:c9:ef:71:
         f5:12:9d:05:b1:05:15:c8:30:36:f2:6a:0a:83:ed:2c:ff:83:
         6c:ed:ed:7a:ea:79:45:b2:aa:ea:ca:52:a3:90:52:cc:b0:72:
         e8:4f:94:a8:92:59:a1:61:fb:39:f7:5d:2e:26:33:46:78:a3:
         25:62:fc:9f:6e:b3:a2:22:82:e4:1e:ab:2d:1a:a3:fd:bd:2d:
         23:c4:d1:e8:3c:a8:22:76:ee:c4:47:22:e8:ab:b8:85:94:67:
         9a:4f:21:d2:9c:cf:d2:1f:a0:63:8a:96:f8:d0:2b:ce:ec:d4:
         f3:66:57:a1:9c:3d:13:67:0c:49:54:a7:f7:08:22:2e:0c:c6:
         bc:38:b2:b5:9e:30:a3:f9:dc:3c:88:0a:aa:44:2d:93:be:69:
         d1:76:d9:a5:33:1d:23:e8:82:f3:c0:20:c7:03:e1:f1:6f:6d:
         6c:b9:ae:1e:67:3c:37:f3:9c:9b:8f:2d:98:31:0b:c2:60:e0:
         bd:4e:05:67:0a:ee:39:96:0a:42:f4:8d:6b:ce:5a:86:cc:99:
         4c:e1:34:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy9dfh1buka5OHz319GgWkfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjYwMzA1MTAwNTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNkODYyYWE0NGRhNjU5MDM3MDdjYzFhOWQwZjhiZDhhYWUwZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluL6q6GdLd0KTtBCjXeVwv5koATP
ktiTNrwfS9T6IA4uZPrxno+OC8vAViNUhCQdUzT8LefzSvJeeSZdTJ2a+MZ4LA1+
+M4gDAw5+PZ/F72PDAbcuRdqNmvPRVYLdcTs3WYP3PNUiIxoznL/cQQaQ2bp/q8W
EXgQ3c77wjPKxo5G6eOHv125+pSA0emxePD4vZntgnF4fvBvxvFu+fe5IDDqJv99
vOHu9mIZ17RniF/Ywhd5ej66WfrfjDo9FVLZok2aPW40c1oC2al4O5ZQzTFfVUP0
e73nIlPwR3U1Urtmrdc3GDiMgzWug8+ftb7WpTxRzck58Icb+EYQ9hcvmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK09hiqkTaZZA3B8wanQ+L2Krg3VMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvclQyR0txUk5wbGtEY0h6QnFkRDR2WXF1RGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7KSMA0G
CSqGSIb3DQEBCwUAA4IBAQCSTIJBVxUs4LP/PI+Y4gwKkb7GHkhfGg61QY86GnxL
3m0wpglGk0uM+f3auzv/5g1odAjJ73H1Ep0FsQUVyDA28moKg+0s/4Ns7e166nlF
sqrqylKjkFLMsHLoT5SoklmhYfs5910uJjNGeKMlYvyfbrOiIoLkHqstGqP9vS0j
xNHoPKgidu7ERyLoq7iFlGeaTyHSnM/SH6Bjipb40CvO7NTzZlehnD0TZwxJVKf3
CCIuDMa8OLK1njCj+dw8iAqqRC2TvmnRdtmlMx0j6ILzwCDHA+Hxb21sua4eZzw3
85ybjy2YMQvCYOC9TgVnCu45lgpC9I1rzlqGzJlM4TTP
-----END CERTIFICATE-----