Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ruLS0_R17_0EyHhUNpmROKvl1g8.roa
File:                     ruLS0_R17_0EyHhUNpmROKvl1g8.roa (raw, json)
Hash identifier:          eDi8202jtzAcEy6zUFOC8ZGVsG5HjVjeY8dNHLDCkuo=
Subject key identifier:   AE:E2:D2:D3:F4:75:EF:FD:04:C8:78:54:36:99:91:38:AB:E5:D6:0F
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019CB3AAE46499C47BA40B5B47625142DDD7
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ruLS0_R17_0EyHhUNpmROKvl1g8.roa
Signing time:             Tue 03 Mar 2026 12:27:27 +0000
ROA not before:           Tue 03 Mar 2026 12:27:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50822
IP address blocks:        194.190.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Mar 2026 12:34:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:aa:e4:64:99:c4:7b:a4:0b:5b:47:62:51:42:dd:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Mar  3 12:27:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aee2d2d3f475effd04c8785436999138abe5d60f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:6b:5c:1b:01:1d:10:65:72:25:23:05:ef:1c:
                    05:07:d6:13:9f:e5:39:46:27:32:78:db:c2:b4:13:
                    18:15:a5:97:dd:57:2a:49:4f:25:d4:be:da:82:34:
                    94:1d:64:a8:fc:ee:94:96:18:11:b1:92:77:7d:99:
                    8f:af:7c:98:1b:04:e6:44:60:75:3e:00:9d:2a:12:
                    64:34:61:48:62:04:c5:48:1b:9b:cd:49:00:13:22:
                    b8:ef:5e:85:08:85:e2:8d:13:bb:e5:b2:c8:90:97:
                    4e:49:70:e1:dc:cb:bd:85:d6:a1:96:0a:9d:3c:27:
                    c4:59:16:f1:c0:30:fc:15:e9:fc:de:23:38:ef:69:
                    f9:5f:01:b2:8b:5b:16:85:c6:ac:af:04:f6:0c:83:
                    57:e6:6e:69:7a:5e:c3:9d:18:15:27:64:c8:1c:fe:
                    a7:57:6b:2a:40:5a:3f:d1:b1:56:33:09:93:ad:df:
                    36:bc:ff:a5:12:a8:2a:04:92:7c:21:5b:97:89:b9:
                    6a:0f:e6:ef:bc:e0:58:e6:6b:05:28:4b:9a:a9:74:
                    60:9a:fa:39:9e:d2:2e:22:d8:19:48:ec:ae:71:76:
                    33:62:be:f4:f0:21:0c:0f:77:94:12:73:97:13:e6:
                    ee:5c:83:a9:aa:5c:af:9b:c4:43:17:79:20:12:82:
                    d2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:E2:D2:D3:F4:75:EF:FD:04:C8:78:54:36:99:91:38:AB:E5:D6:0F
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ruLS0_R17_0EyHhUNpmROKvl1g8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:df:9e:84:66:54:74:f0:c7:1a:14:91:a3:73:3b:29:3f:d7:
         ee:eb:ea:00:fa:13:b1:81:01:a8:de:bb:c4:25:b4:28:c8:31:
         dc:75:c3:6f:41:f7:54:28:b6:52:01:2e:c5:79:d3:b8:8f:cc:
         b6:ce:81:3f:f7:b2:50:4f:e6:37:85:41:d2:d8:c2:f9:5c:f4:
         a9:66:02:fd:30:d2:7d:00:3d:fd:4a:7a:79:b6:ad:35:bc:52:
         c1:79:19:7b:6e:b7:9b:7d:09:d0:25:ce:5a:d8:d0:81:58:7e:
         9a:32:6d:15:1d:cc:89:00:8a:77:3c:d5:38:18:34:c6:78:65:
         ce:ed:06:47:df:5f:1d:71:e9:24:07:9b:f1:fb:83:77:41:4b:
         8c:5b:03:25:e4:60:55:ea:6b:1d:1f:f4:df:a0:ac:a9:31:19:
         e0:60:da:8b:4c:f3:30:38:6e:d1:76:ec:3d:2d:ed:46:1d:95:
         47:a0:05:43:fe:e0:11:ec:77:c4:14:39:d2:85:65:cc:3d:56:
         0a:b3:11:7e:b6:4b:9d:29:21:d8:18:3c:2a:eb:57:fb:7a:57:
         10:52:41:8c:b5:4d:20:63:0f:de:1b:51:0f:84:c7:ae:a6:40:
         c1:1d:09:3a:b6:28:27:30:21:62:aa:88:0a:0f:33:40:db:d0:
         73:2d:3d:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyzquRkmcR7pAtbR2JRQt3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwMzAzMTIyNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWUyZDJkM2Y0NzVlZmZkMDRjODc4NTQzNjk5OTEzOGFiZTVkNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWtcGwEdEGVyJSMF7xwFB9YTn+U5
RicyeNvCtBMYFaWX3VcqSU8l1L7agjSUHWSo/O6UlhgRsZJ3fZmPr3yYGwTmRGB1
PgCdKhJkNGFIYgTFSBubzUkAEyK4716FCIXijRO75bLIkJdOSXDh3Mu9hdahlgqd
PCfEWRbxwDD8Fen83iM472n5XwGyi1sWhcasrwT2DINX5m5pel7DnRgVJ2TIHP6n
V2sqQFo/0bFWMwmTrd82vP+lEqgqBJJ8IVuXiblqD+bvvOBY5msFKEuaqXRgmvo5
ntIuItgZSOyucXYzYr708CEMD3eUEnOXE+buXIOpqlyvm8RDF3kgEoLSqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7i0tP0de/9BMh4VDaZkTir5dYPMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvcnVMUzBfUjE3XzBFeUhoVU5wbVJPS3ZsMWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwr5OMA0G
CSqGSIb3DQEBCwUAA4IBAQBX356EZlR08McaFJGjczspP9fu6+oA+hOxgQGo3rvE
JbQoyDHcdcNvQfdUKLZSAS7FedO4j8y2zoE/97JQT+Y3hUHS2ML5XPSpZgL9MNJ9
AD39Snp5tq01vFLBeRl7brebfQnQJc5a2NCBWH6aMm0VHcyJAIp3PNU4GDTGeGXO
7QZH318dcekkB5vx+4N3QUuMWwMl5GBV6msdH/TfoKypMRngYNqLTPMwOG7Rduw9
Le1GHZVHoAVD/uAR7HfEFDnShWXMPVYKsxF+tkudKSHYGDwq61f7elcQUkGMtU0g
Yw/eG1EPhMeupkDBHQk6tignMCFiqogKDzNA29BzLT3y
-----END CERTIFICATE-----