Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/I25phgvUqt8zVqJZWlbD-SAKEWo.roa
File:                     I25phgvUqt8zVqJZWlbD-SAKEWo.roa (raw, json)
Hash identifier:          o/1ZTjHjbylWaF+jH9v/14TLQdWCi2a3I0tJFTPjzXY=
Subject key identifier:   23:6E:69:86:0B:D4:AA:DF:33:56:A2:59:5A:56:C3:F9:20:0A:11:6A
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019E8F161945093C31C512F731E7B4EABFC1
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/I25phgvUqt8zVqJZWlbD-SAKEWo.roa
Signing time:             Wed 03 Jun 2026 20:04:10 +0000
ROA not before:           Wed 03 Jun 2026 20:04:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200917
IP address blocks:        94.131.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8f:16:19:45:09:3c:31:c5:12:f7:31:e7:b4:ea:bf:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jun  3 20:04:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=236e69860bd4aadf3356a2595a56c3f9200a116a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:18:42:55:0f:b7:11:fe:21:cd:4b:bc:1c:39:
                    77:36:c6:7a:04:5a:d5:87:ee:6a:46:6f:82:30:fe:
                    e1:58:0d:80:83:ec:b4:71:7e:ee:ee:d3:94:d8:4d:
                    f8:22:bf:e1:b0:ef:c0:8b:08:d3:a6:81:68:b5:f0:
                    01:27:98:60:f8:4d:3e:90:27:fd:66:87:d1:47:52:
                    4b:76:c8:41:88:b5:6a:bc:a2:72:f3:11:90:1e:6b:
                    a8:73:39:49:ab:6d:6b:2b:8a:e2:a4:ab:85:42:e7:
                    38:aa:49:51:b1:49:2c:c2:93:5a:2b:cf:24:cc:48:
                    b0:13:13:35:01:9a:63:74:51:f2:93:3f:42:06:fa:
                    cb:cf:36:72:f8:ed:3e:94:cd:a0:4f:66:b8:fa:08:
                    52:f8:59:df:af:2d:49:28:10:ef:ca:ce:ce:4c:ec:
                    63:4d:9f:9b:bf:7d:4a:b1:3d:a4:a7:a6:bf:a4:b3:
                    bb:8f:b7:70:48:bb:ae:cf:1d:9d:2c:34:d6:56:13:
                    e5:87:4a:50:2c:28:bb:e3:1b:de:8c:36:2f:f3:d4:
                    b9:71:e0:d0:94:43:55:7e:b6:8c:42:c9:74:0c:26:
                    34:72:f1:6e:6e:5e:58:d8:c4:2e:6f:2a:8c:f1:0b:
                    66:75:89:0d:93:ee:55:d2:e7:2f:78:81:62:38:39:
                    1b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:6E:69:86:0B:D4:AA:DF:33:56:A2:59:5A:56:C3:F9:20:0A:11:6A
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/I25phgvUqt8zVqJZWlbD-SAKEWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:50:97:d9:aa:fe:bc:98:3e:c4:bf:1d:63:8b:15:51:6e:51:
         6c:ab:69:00:db:a1:21:a4:d2:d1:a6:2d:b9:b7:f4:b6:aa:3d:
         14:a2:53:62:b3:29:0e:af:2a:c9:60:b7:aa:ec:2a:a5:ca:05:
         50:ae:cb:d6:19:3d:ee:94:c7:3c:62:b4:a7:85:f3:07:33:9f:
         1b:88:61:ea:b8:21:03:73:aa:3a:39:66:93:36:d0:85:90:50:
         35:ec:d2:b2:65:5d:12:3a:9e:b8:89:a7:e2:db:46:06:be:43:
         08:eb:62:3f:bd:4b:a5:a2:a3:52:44:e1:2c:ed:0c:e8:0e:2c:
         24:3a:79:bc:c8:f3:10:49:98:eb:c1:fc:5e:d1:fd:7e:79:e8:
         08:7f:00:d5:28:41:46:07:0c:a5:99:22:58:f6:ba:6a:ea:fc:
         be:11:7d:ee:e7:b4:7e:41:2b:73:10:70:10:86:ae:7f:40:10:
         e5:39:6f:3d:55:51:e5:03:f2:9a:d8:c4:db:b0:1f:31:fc:8b:
         d6:5c:2d:33:5c:9b:46:73:5f:32:c2:2a:4e:c5:84:05:13:4a:
         c4:99:9c:7f:84:96:d2:d9:54:94:74:8d:c2:f3:cb:4f:d8:e5:
         99:e8:59:08:a1:d1:9b:6d:62:74:50:1b:c7:53:33:4e:d7:e2:
         b0:61:15:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6PFhlFCTwxxRL3Mee06r/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNjAzMjAwNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzZlNjk4NjBiZDRhYWRmMzM1NmEyNTk1YTU2YzNmOTIwMGExMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBhCVQ+3Ef4hzUu8HDl3NsZ6BFrV
h+5qRm+CMP7hWA2Ag+y0cX7u7tOU2E34Ir/hsO/AiwjTpoFotfABJ5hg+E0+kCf9
ZofRR1JLdshBiLVqvKJy8xGQHmuoczlJq21rK4ripKuFQuc4qklRsUkswpNaK88k
zEiwExM1AZpjdFHykz9CBvrLzzZy+O0+lM2gT2a4+ghS+Fnfry1JKBDvys7OTOxj
TZ+bv31KsT2kp6a/pLO7j7dwSLuuzx2dLDTWVhPlh0pQLCi74xvejDYv89S5ceDQ
lENVfraMQsl0DCY0cvFubl5Y2MQubyqM8QtmdYkNk+5V0ucveIFiODkbGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNuaYYL1KrfM1aiWVpWw/kgChFqMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvSTI1cGhndlVxdDh6VnFKWldsYkQtU0FLRVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPaMA0G
CSqGSIb3DQEBCwUAA4IBAQBPUJfZqv68mD7Evx1jixVRblFsq2kA26EhpNLRpi25
t/S2qj0UolNisykOryrJYLeq7CqlygVQrsvWGT3ulMc8YrSnhfMHM58biGHquCED
c6o6OWaTNtCFkFA17NKyZV0SOp64iafi20YGvkMI62I/vUuloqNSROEs7QzoDiwk
Onm8yPMQSZjrwfxe0f1+eegIfwDVKEFGBwylmSJY9rpq6vy+EX3u57R+QStzEHAQ
hq5/QBDlOW89VVHlA/Ka2MTbsB8x/IvWXC0zXJtGc18ywipOxYQFE0rEmZx/hJbS
2VSUdI3C88tP2OWZ6FkIodGbbWJ0UBvHUzNO1+KwYRWI
-----END CERTIFICATE-----