Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/NEyQG9kyLEW4Um4QAvO7DA9LZsE.roa
File:                     NEyQG9kyLEW4Um4QAvO7DA9LZsE.roa (raw, json)
Hash identifier:          v1Y4jsLwKJqAeGZpT4JA4xV86AlZtwzcF7xc4splz3Q=
Subject key identifier:   34:4C:90:1B:D9:32:2C:45:B8:52:6E:10:02:F3:BB:0C:0F:4B:66:C1
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       019E8DD691FBE0CA0B0903ECCE5769D25539
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/NEyQG9kyLEW4Um4QAvO7DA9LZsE.roa
Signing time:             Wed 03 Jun 2026 14:15:09 +0000
ROA not before:           Wed 03 Jun 2026 14:15:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48748
IP address blocks:        195.88.26.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:d6:91:fb:e0:ca:0b:09:03:ec:ce:57:69:d2:55:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jun  3 14:15:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=344c901bd9322c45b8526e1002f3bb0c0f4b66c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:44:d6:f5:e7:18:42:bd:f0:b4:96:45:7e:0e:
                    b3:b4:16:36:10:8c:d3:0a:b1:bc:c2:0b:36:a9:63:
                    d7:e9:5f:b9:be:66:ba:c5:27:c2:78:3e:fa:63:52:
                    d7:6b:eb:f7:65:c1:5e:24:5b:4f:c9:dc:2c:ab:b4:
                    80:86:ec:1d:07:b9:4b:76:c4:2c:52:4d:81:e4:f6:
                    f1:3b:47:aa:ee:dd:ac:46:2d:f4:83:4d:d3:b1:63:
                    4e:85:47:aa:70:38:c6:5c:c3:a4:22:83:98:1e:d3:
                    1c:f5:9c:18:c2:0f:aa:25:f4:a6:5d:1b:d0:3b:24:
                    85:9b:ed:88:a5:47:70:c0:b1:59:d9:c8:75:f1:33:
                    79:9e:b6:f6:fc:ec:bb:54:a3:f1:0f:19:66:82:9a:
                    09:59:ef:c8:9a:23:78:31:a1:c0:e2:9c:4f:a5:28:
                    f0:ab:68:c9:f8:ad:37:9d:a5:a6:0d:f9:82:8a:d5:
                    b2:f5:08:a9:53:54:af:ce:e4:ab:69:e5:eb:f9:93:
                    0d:19:61:6a:3c:ef:e0:be:a3:9b:3f:5d:09:3e:73:
                    87:33:c4:23:d6:63:bc:bc:9d:02:c3:ad:c9:8f:d5:
                    24:7d:36:d1:01:b0:64:25:88:86:e2:60:b3:35:85:
                    72:21:90:1a:82:be:83:44:07:e4:ef:08:76:c7:0d:
                    e5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:4C:90:1B:D9:32:2C:45:B8:52:6E:10:02:F3:BB:0C:0F:4B:66:C1
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/NEyQG9kyLEW4Um4QAvO7DA9LZsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:e2:d6:fe:d0:fe:37:2a:2f:23:1e:78:16:98:74:0a:72:1f:
         1a:a3:a8:3d:ea:95:93:09:de:f5:d8:fa:e3:bc:9d:6b:45:fb:
         f1:17:cc:9b:63:45:ae:85:e1:0b:89:4a:d2:b1:8d:ec:78:d8:
         3b:12:d7:55:32:25:48:dc:e4:14:45:5b:7c:f7:28:2d:92:50:
         2a:2b:fd:67:04:50:7f:79:95:b2:3f:09:02:92:63:b0:d0:93:
         1a:6c:15:12:84:92:a3:c4:5b:f8:eb:3a:d2:07:a1:b5:5f:67:
         c4:ed:05:02:66:bc:cb:cc:ca:c7:ca:7b:6b:5b:32:f3:ff:e1:
         56:4d:61:37:ba:13:4e:17:54:63:a6:f7:be:06:1c:17:45:41:
         96:1a:73:96:11:3f:0f:be:99:cf:a5:aa:a1:22:79:dd:05:19:
         a1:fe:2f:eb:0c:26:6e:7e:17:36:44:21:b5:db:68:67:14:61:
         0c:ba:a7:f2:1b:49:6d:0a:98:da:b5:c4:3b:ee:fb:78:21:48:
         4e:7e:c3:6b:72:d1:eb:ab:5b:34:57:d2:74:9d:15:8e:cf:55:
         93:a9:9e:41:34:41:33:b9:4a:42:0b:0c:e3:f4:79:90:ff:79:
         50:53:a8:09:29:c5:65:fe:79:07:6c:26:1e:2e:cb:a5:40:39:
         73:61:43:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6N1pH74MoLCQPszldp0lU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjYwNjAzMTQxNTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDRjOTAxYmQ5MzIyYzQ1Yjg1MjZlMTAwMmYzYmIwYzBmNGI2NmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkTW9ecYQr3wtJZFfg6ztBY2EIzT
CrG8wgs2qWPX6V+5vma6xSfCeD76Y1LXa+v3ZcFeJFtPydwsq7SAhuwdB7lLdsQs
Uk2B5PbxO0eq7t2sRi30g03TsWNOhUeqcDjGXMOkIoOYHtMc9ZwYwg+qJfSmXRvQ
OySFm+2IpUdwwLFZ2ch18TN5nrb2/Oy7VKPxDxlmgpoJWe/ImiN4MaHA4pxPpSjw
q2jJ+K03naWmDfmCitWy9QipU1SvzuSraeXr+ZMNGWFqPO/gvqObP10JPnOHM8Qj
1mO8vJ0Cw63Jj9UkfTbRAbBkJYiG4mCzNYVyIZAagr6DRAfk7wh2xw3lVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRMkBvZMixFuFJuEALzuwwPS2bBMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvTkV5UUc5a3lMRVc0VW00UUF2TzdEQTlMWnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1gaMA0G
CSqGSIb3DQEBCwUAA4IBAQCh4tb+0P43Ki8jHngWmHQKch8ao6g96pWTCd712Prj
vJ1rRfvxF8ybY0WuheELiUrSsY3seNg7EtdVMiVI3OQURVt89ygtklAqK/1nBFB/
eZWyPwkCkmOw0JMabBUShJKjxFv46zrSB6G1X2fE7QUCZrzLzMrHyntrWzLz/+FW
TWE3uhNOF1Rjpve+BhwXRUGWGnOWET8PvpnPpaqhInndBRmh/i/rDCZufhc2RCG1
22hnFGEMuqfyG0ltCpjatcQ77vt4IUhOfsNrctHrq1s0V9J0nRWOz1WTqZ5BNEEz
uUpCCwzj9HmQ/3lQU6gJKcVl/nkHbCYeLsulQDlzYUMv
-----END CERTIFICATE-----