Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/pyRkARiKCkIXPYlPRj_rOTQQ9a4.roa
File:                     pyRkARiKCkIXPYlPRj_rOTQQ9a4.roa (raw, json)
Hash identifier:          h2efLu5KonOiNOQgW9a8c8YZcQFNyVf6O72dyiarVWA=
Subject key identifier:   A7:24:64:01:18:8A:0A:42:17:3D:89:4F:46:3F:EB:39:34:10:F5:AE
Certificate issuer:       /CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
Certificate serial:       019DB403E2F754C1A2D9DE966DA8E5CED5E3
Authority key identifier: 8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/pyRkARiKCkIXPYlPRj_rOTQQ9a4.roa
Signing time:             Wed 22 Apr 2026 07:07:26 +0000
ROA not before:           Wed 22 Apr 2026 07:07:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        195.24.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:03:e2:f7:54:c1:a2:d9:de:96:6d:a8:e5:ce:d5:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
        Validity
            Not Before: Apr 22 07:07:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7246401188a0a42173d894f463feb393410f5ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:67:b0:81:bf:f2:dd:4f:48:fc:b4:e0:29:fa:
                    a4:90:94:e1:c4:92:7e:a4:91:be:a6:58:bb:31:c8:
                    ea:c4:50:6a:be:b7:31:ce:fd:a6:84:40:e7:91:1b:
                    48:71:5b:06:f0:8f:7d:cb:a6:b3:87:a0:30:3d:96:
                    44:eb:fa:b1:3a:99:6a:3f:55:0e:0a:b4:be:c8:40:
                    1f:e8:04:50:06:40:90:20:79:14:af:3b:48:92:1e:
                    09:d5:2c:dd:50:3a:30:5b:6e:89:1c:1c:a1:27:90:
                    13:65:a7:5e:50:57:a9:28:66:5a:c0:42:7f:15:16:
                    0d:94:ec:ff:e3:34:20:1d:3a:db:79:75:f2:69:8b:
                    b5:10:ab:b8:2e:f3:5d:79:08:12:f4:dd:2d:da:bc:
                    04:94:af:58:29:60:1e:56:18:dc:a4:31:1e:27:07:
                    db:76:f7:c7:0d:6f:d3:4d:2f:cd:32:f5:30:40:64:
                    a7:4c:63:40:cc:f6:36:05:7a:e1:34:93:0f:4c:be:
                    dc:78:5a:94:04:26:e5:bd:61:ad:de:d2:95:76:22:
                    79:30:53:e4:a3:b7:a3:0b:0c:ca:50:0e:f9:19:0e:
                    33:07:f2:e3:b6:3c:61:e6:45:8f:41:51:0a:f9:66:
                    16:34:dd:bb:2d:a5:1a:32:75:d6:0d:4b:cd:51:5b:
                    3a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:24:64:01:18:8A:0A:42:17:3D:89:4F:46:3F:EB:39:34:10:F5:AE
            X509v3 Authority Key Identifier:
                keyid:8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/pyRkARiKCkIXPYlPRj_rOTQQ9a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:7f:ee:18:45:f4:c5:56:a6:74:67:c1:27:3c:7d:69:0a:5c:
         9f:10:9e:9e:a1:2e:47:90:93:b1:3d:a5:43:7b:0e:0c:dd:99:
         12:6f:bf:88:9b:37:af:91:75:2d:84:1b:67:37:38:ac:d9:6a:
         aa:a0:09:89:8b:59:1c:4d:08:78:19:73:96:e9:7f:0b:23:98:
         25:de:14:ea:ac:c9:21:4b:47:6d:06:80:f4:13:43:fb:d0:b5:
         6c:12:d2:fa:42:4b:3a:5c:5c:bc:a8:89:15:88:b6:b9:d1:48:
         2a:35:5e:4b:12:e2:20:6c:6c:f3:a7:0c:c5:85:10:5d:25:63:
         dc:10:15:36:24:13:a9:91:45:95:fb:85:ab:54:9a:10:6c:90:
         e8:de:6e:55:76:6e:6c:f7:6b:cb:9c:ea:47:3d:84:97:f3:69:
         89:da:9f:d8:3f:8a:14:21:c2:41:fa:cd:87:04:c2:c3:a2:94:
         11:26:9d:34:0d:39:bd:15:2b:58:3a:83:e7:7f:8d:ea:50:3a:
         1c:94:23:31:5a:8a:07:37:b5:95:3d:08:e8:a1:fc:1e:3c:1e:
         d0:d2:c5:5b:6f:b7:c6:f5:60:c4:a6:93:53:71:83:bf:af:d5:
         f6:42:60:b5:ca:50:83:2b:9a:f0:4b:50:03:c3:03:c0:64:5b:
         7a:86:70:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20A+L3VMGi2d6WbajlztXjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjdjMDljMWEzZjczZWJlNjE3NDBhYjY1ZTU4OWY5MTY1
NWJkZWQwHhcNMjYwNDIyMDcwNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzI0NjQwMTE4OGEwYTQyMTczZDg5NGY0NjNmZWIzOTM0MTBmNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGewgb/y3U9I/LTgKfqkkJThxJJ+
pJG+pli7McjqxFBqvrcxzv2mhEDnkRtIcVsG8I99y6azh6AwPZZE6/qxOplqP1UO
CrS+yEAf6ARQBkCQIHkUrztIkh4J1SzdUDowW26JHByhJ5ATZadeUFepKGZawEJ/
FRYNlOz/4zQgHTrbeXXyaYu1EKu4LvNdeQgS9N0t2rwElK9YKWAeVhjcpDEeJwfb
dvfHDW/TTS/NMvUwQGSnTGNAzPY2BXrhNJMPTL7ceFqUBCblvWGt3tKVdiJ5MFPk
o7ejCwzKUA75GQ4zB/Ljtjxh5kWPQVEK+WYWNN27LaUaMnXWDUvNUVs60wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKckZAEYigpCFz2JT0Y/6zk0EPWuMB8GA1UdIwQY
MBaAFI73wJwaP3Pr5hdAq2XlifkWVb3tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDkt
ZjYyYmU5ZThhNjcxLzEvcHlSa0FSaUtDa0lYUFlsUFJqX3JPVFFROWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDktZjYyYmU5ZThhNjcx
LzEvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjsMA0G
CSqGSIb3DQEBCwUAA4IBAQAZf+4YRfTFVqZ0Z8EnPH1pClyfEJ6eoS5HkJOxPaVD
ew4M3ZkSb7+ImzevkXUthBtnNzis2WqqoAmJi1kcTQh4GXOW6X8LI5gl3hTqrMkh
S0dtBoD0E0P70LVsEtL6Qks6XFy8qIkViLa50UgqNV5LEuIgbGzzpwzFhRBdJWPc
EBU2JBOpkUWV+4WrVJoQbJDo3m5Vdm5s92vLnOpHPYSX82mJ2p/YP4oUIcJB+s2H
BMLDopQRJp00DTm9FStYOoPnf43qUDoclCMxWooHN7WVPQjoofwePB7Q0sVbb7fG
9WDEppNTcYO/r9X2QmC1ylCDK5rwS1ADwwPAZFt6hnD0
-----END CERTIFICATE-----