Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/ivh41YdGosH58CFpm5SE4efy_CI.roa
File:                     ivh41YdGosH58CFpm5SE4efy_CI.roa (raw, json)
Hash identifier:          I+yJqM0jN+2Rict+BFX6qWNMj/MqJbwvUPTvDk7ZDXQ=
Subject key identifier:   8A:F8:78:D5:87:46:A2:C1:F9:F0:21:69:9B:94:84:E1:E7:F2:FC:22
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019DABCEC1341296648E806B76B7DD7A3AF2
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/ivh41YdGosH58CFpm5SE4efy_CI.roa
Signing time:             Mon 20 Apr 2026 16:52:27 +0000
ROA not before:           Mon 20 Apr 2026 16:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21641
IP address blocks:        194.147.71.0/24 maxlen: 24
                          2a0d:e680:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 19:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:ce:c1:34:12:96:64:8e:80:6b:76:b7:dd:7a:3a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Apr 20 16:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8af878d58746a2c1f9f021699b9484e1e7f2fc22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:77:d0:50:42:28:fa:41:f5:a1:87:24:f3:bf:
                    14:e5:7e:af:aa:8d:e0:b2:e3:4f:db:62:33:98:a9:
                    80:f7:b9:66:53:c0:86:86:20:1c:34:0d:ae:b1:0e:
                    68:00:53:84:7b:43:76:1b:f8:85:91:6f:40:d5:e8:
                    7c:5b:d2:26:b9:21:8a:81:9d:80:2b:54:8d:5a:ea:
                    f6:e8:a6:e2:3e:2d:3a:68:2b:46:7d:c2:76:03:47:
                    21:fe:86:48:67:8b:f7:bd:c2:bb:fe:f7:08:8b:d0:
                    d5:4d:fa:a8:4f:d0:59:f3:f2:d3:33:63:0b:e9:8d:
                    ac:6b:37:c4:03:2f:64:90:4f:4d:2e:67:3c:bd:0b:
                    3d:bf:87:40:e7:22:ef:91:a1:a1:1a:b7:3c:fb:de:
                    96:62:02:35:aa:d7:de:56:e2:a4:39:40:a7:94:bf:
                    c9:2c:4e:ec:af:ca:30:30:95:91:c3:1c:7d:2a:fe:
                    b9:04:26:3a:ad:18:61:64:96:c8:c0:fb:0b:cc:da:
                    ff:c2:dd:f3:c8:02:fa:30:9a:86:39:19:af:fe:79:
                    41:68:43:3a:01:fb:a2:39:bd:f3:75:28:53:cf:a2:
                    8f:20:c0:b3:70:88:fe:e6:59:88:0c:7b:fb:47:45:
                    21:91:3b:2b:78:ca:2a:07:60:f4:e3:11:3a:92:95:
                    f7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F8:78:D5:87:46:A2:C1:F9:F0:21:69:9B:94:84:E1:E7:F2:FC:22
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/ivh41YdGosH58CFpm5SE4efy_CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.71.0/24
                IPv6:
                  2a0d:e680:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:3f:73:72:2c:70:33:b5:72:9b:a6:d3:5f:8a:f4:ac:6b:55:
         b0:6c:20:94:0b:c7:ae:ca:bb:69:c4:6c:d2:5b:65:fd:1e:ce:
         57:fd:5f:93:c2:65:2c:6a:d6:8e:fb:6b:4e:d0:60:f3:c5:5e:
         4a:14:9c:74:dd:6f:f4:d2:80:ce:a4:a5:eb:e9:60:a0:7f:9c:
         92:42:84:37:6d:5f:d5:53:c3:b7:49:cb:c7:d5:ab:ae:79:bf:
         38:f6:7c:39:1a:69:7d:c9:bb:2d:ec:01:fd:75:39:65:4d:ae:
         3c:59:17:cd:58:72:f7:7c:b1:06:f4:45:ac:19:1b:1a:2b:5e:
         33:63:90:b7:14:00:21:24:d3:a6:ad:88:df:19:43:0c:ef:69:
         68:c8:0f:97:b3:37:03:85:59:c4:55:4e:07:17:04:84:41:a2:
         e7:5b:71:77:b6:82:01:17:ed:81:09:ad:8c:12:bf:4f:8c:c7:
         1e:6d:aa:79:64:1a:81:6b:49:16:14:27:61:9d:9e:74:7f:05:
         a5:1b:75:6d:f0:a0:51:c9:fe:b0:e6:8b:da:0d:af:76:f8:ca:
         b8:53:04:e9:38:ee:61:e1:0c:0c:38:14:7b:fd:50:09:92:eb:
         43:4b:ab:a4:bf:fa:d8:4e:2c:97:2a:8f:7c:53:45:03:b7:97:
         72:39:0a:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ2rzsE0EpZkjoBrdrfdejryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjYwNDIwMTY1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWY4NzhkNTg3NDZhMmMxZjlmMDIxNjk5Yjk0ODRlMWU3ZjJmYzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHfQUEIo+kH1oYck878U5X6vqo3g
suNP22IzmKmA97lmU8CGhiAcNA2usQ5oAFOEe0N2G/iFkW9A1eh8W9ImuSGKgZ2A
K1SNWur26KbiPi06aCtGfcJ2A0ch/oZIZ4v3vcK7/vcIi9DVTfqoT9BZ8/LTM2ML
6Y2sazfEAy9kkE9NLmc8vQs9v4dA5yLvkaGhGrc8+96WYgI1qtfeVuKkOUCnlL/J
LE7sr8owMJWRwxx9Kv65BCY6rRhhZJbIwPsLzNr/wt3zyAL6MJqGORmv/nlBaEM6
AfuiOb3zdShTz6KPIMCzcIj+5lmIDHv7R0UhkTsreMoqB2D04xE6kpX3IwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIr4eNWHRqLB+fAhaZuUhOHn8vwiMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvaXZoNDFZZEdvc0g1OENGcG01U0U0ZWZ5X0NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwpNHMA8E
AgACMAkDBwAqDeaAAQAwDQYJKoZIhvcNAQELBQADggEBAEQ/c3IscDO1cpum01+K
9KxrVbBsIJQLx67Ku2nEbNJbZf0ezlf9X5PCZSxq1o77a07QYPPFXkoUnHTdb/TS
gM6kpevpYKB/nJJChDdtX9VTw7dJy8fVq655vzj2fDkaaX3Juy3sAf11OWVNrjxZ
F81Ycvd8sQb0RawZGxorXjNjkLcUACEk06atiN8ZQwzvaWjID5ezNwOFWcRVTgcX
BIRBoudbcXe2ggEX7YEJrYwSv0+Mxx5tqnlkGoFrSRYUJ2GdnnR/BaUbdW3woFHJ
/rDmi9oNr3b4yrhTBOk47mHhDAw4FHv9UAmS60NLq6S/+thOLJcqj3xTRQO3l3I5
CvY=
-----END CERTIFICATE-----