Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/69045e-aacc-4835-8fa5-92e84879dfcc/1/uCsQuS-4rVdPYPXfgacBtl1GxKU.roa
File:                     uCsQuS-4rVdPYPXfgacBtl1GxKU.roa (raw, json)
Hash identifier:          mSrfH4b/LZzb55AU3CME/vQpiQIKZvFXbFgXnOdMHJg=
Subject key identifier:   B8:2B:10:B9:2F:B8:AD:57:4F:60:F5:DF:81:A7:01:B6:5D:46:C4:A5
Certificate issuer:       /CN=fef7c4d570c17c9a8679a10634605c984b9503a4
Certificate serial:       019CC3481661E021254889E61A4F02089659
Authority key identifier: FE:F7:C4:D5:70:C1:7C:9A:86:79:A1:06:34:60:5C:98:4B:95:03:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_vfE1XDBfJqGeaEGNGBcmEuVA6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/69045e-aacc-4835-8fa5-92e84879dfcc/1/uCsQuS-4rVdPYPXfgacBtl1GxKU.roa
Signing time:             Fri 06 Mar 2026 13:13:26 +0000
ROA not before:           Fri 06 Mar 2026 13:13:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        195.137.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/69045e-aacc-4835-8fa5-92e84879dfcc/1/_vfE1XDBfJqGeaEGNGBcmEuVA6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/69045e-aacc-4835-8fa5-92e84879dfcc/1/_vfE1XDBfJqGeaEGNGBcmEuVA6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_vfE1XDBfJqGeaEGNGBcmEuVA6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:48:16:61:e0:21:25:48:89:e6:1a:4f:02:08:96:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fef7c4d570c17c9a8679a10634605c984b9503a4
        Validity
            Not Before: Mar  6 13:13:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b82b10b92fb8ad574f60f5df81a701b65d46c4a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6f:f1:02:3f:19:0b:9c:78:57:8a:cc:06:bd:
                    e0:75:80:d5:d9:5d:4a:1a:5e:72:32:6c:b5:f7:2e:
                    93:af:1c:30:23:2a:b9:15:20:5f:ab:33:fb:bf:ef:
                    46:07:7b:72:2e:f7:69:41:a1:47:b2:bb:0c:96:df:
                    6f:75:89:37:5c:50:56:5a:23:85:90:e2:f3:3e:a7:
                    6d:4f:18:d4:e2:e8:e1:b5:ad:5f:a4:bb:91:11:ae:
                    7b:3c:44:00:b5:78:f5:5c:74:d1:e7:53:54:b8:7d:
                    de:9f:48:4b:15:cd:c9:19:f3:79:a2:46:86:49:f2:
                    cc:63:93:a3:40:7f:9d:98:2f:12:4b:a3:65:36:b4:
                    a9:7d:fa:17:1f:39:57:a3:cf:1c:74:bc:a7:3a:8e:
                    6e:87:89:a4:d0:08:80:f0:c9:f4:2d:fc:54:7b:2d:
                    4f:0c:38:dd:da:35:8d:fd:1a:b9:0e:48:b4:7a:2b:
                    2c:3d:b4:55:31:22:a1:49:9e:2e:63:a5:e4:6d:4e:
                    f8:bf:26:41:06:7f:3b:e4:aa:6f:d8:b1:b8:3d:a4:
                    8a:8d:5a:3c:2b:da:07:ae:fe:9d:af:4f:3b:6c:b1:
                    a9:68:d8:f1:8c:86:23:b7:ef:2b:01:25:ee:11:ea:
                    9c:aa:db:ab:f7:30:df:6f:d0:19:80:f5:33:ab:f2:
                    60:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:2B:10:B9:2F:B8:AD:57:4F:60:F5:DF:81:A7:01:B6:5D:46:C4:A5
            X509v3 Authority Key Identifier:
                keyid:FE:F7:C4:D5:70:C1:7C:9A:86:79:A1:06:34:60:5C:98:4B:95:03:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_vfE1XDBfJqGeaEGNGBcmEuVA6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/69045e-aacc-4835-8fa5-92e84879dfcc/1/uCsQuS-4rVdPYPXfgacBtl1GxKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/69045e-aacc-4835-8fa5-92e84879dfcc/1/_vfE1XDBfJqGeaEGNGBcmEuVA6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:31:f8:bc:dc:b5:1a:cb:b3:1e:9d:80:02:d5:77:2d:6f:51:
         23:8d:b4:ea:c4:2d:72:ad:45:e6:ca:4f:45:91:6e:34:97:58:
         e5:72:a6:ab:b5:d1:5e:1a:2d:5b:21:db:9a:f5:9b:44:81:2c:
         1a:49:6b:57:90:13:fb:78:de:2f:11:17:64:61:25:56:f2:3e:
         94:7e:4a:d4:10:00:d9:2c:f7:99:3c:2e:15:31:84:b2:3a:34:
         fd:d0:c7:de:eb:46:de:b9:a3:e9:93:42:ed:bb:5b:ef:b4:84:
         11:bf:21:ec:87:b1:7a:86:8c:c0:80:b0:21:2d:d0:94:3c:44:
         90:ab:fa:08:f5:01:27:f4:85:b5:88:90:b8:56:71:89:95:c4:
         ae:4a:90:e3:b7:90:c2:e6:a9:f3:52:55:d5:e7:9e:d4:8a:88:
         90:69:21:62:b1:54:c1:1a:16:e1:97:f7:d6:ad:5e:f7:d7:b6:
         5d:16:64:1b:02:ea:b0:34:61:ab:8e:bb:29:ba:bd:4e:1a:a3:
         e0:f0:02:43:7f:02:7f:4e:99:40:7b:06:b4:5c:aa:fa:1c:76:
         b9:76:dc:f0:ea:93:52:dc:09:cb:f9:4b:dd:49:26:00:ad:c9:
         fd:c4:a0:13:23:15:bc:2f:85:ed:11:63:30:06:a8:6a:e7:75:
         89:c6:57:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzDSBZh4CElSInmGk8CCJZZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZjdjNGQ1NzBjMTdjOWE4Njc5YTEwNjM0NjA1Yzk4NGI5
NTAzYTQwHhcNMjYwMzA2MTMxMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODJiMTBiOTJmYjhhZDU3NGY2MGY1ZGY4MWE3MDFiNjVkNDZjNGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArm/xAj8ZC5x4V4rMBr3gdYDV2V1K
Gl5yMmy19y6TrxwwIyq5FSBfqzP7v+9GB3tyLvdpQaFHsrsMlt9vdYk3XFBWWiOF
kOLzPqdtTxjU4ujhta1fpLuREa57PEQAtXj1XHTR51NUuH3en0hLFc3JGfN5okaG
SfLMY5OjQH+dmC8SS6NlNrSpffoXHzlXo88cdLynOo5uh4mk0AiA8Mn0LfxUey1P
DDjd2jWN/Rq5Dki0eissPbRVMSKhSZ4uY6XkbU74vyZBBn875Kpv2LG4PaSKjVo8
K9oHrv6dr087bLGpaNjxjIYjt+8rASXuEeqcqtur9zDfb9AZgPUzq/JgYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgrELkvuK1XT2D134GnAbZdRsSlMB8GA1UdIwQY
MBaAFP73xNVwwXyahnmhBjRgXJhLlQOkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3ZmRTFYREJmSnFHZWFFR05HQmNtRXVWQTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC82OTA0NWUtYWFjYy00ODM1LThmYTUt
OTJlODQ4NzlkZmNjLzEvdUNzUXVTLTRyVmRQWVBYZmdhY0J0bDFHeEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC82OTA0NWUtYWFjYy00ODM1LThmYTUtOTJlODQ4NzlkZmNj
LzEvX3ZmRTFYREJmSnFHZWFFR05HQmNtRXVWQTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4nzMA0G
CSqGSIb3DQEBCwUAA4IBAQAqMfi83LUay7MenYAC1Xctb1EjjbTqxC1yrUXmyk9F
kW40l1jlcqartdFeGi1bIdua9ZtEgSwaSWtXkBP7eN4vERdkYSVW8j6UfkrUEADZ
LPeZPC4VMYSyOjT90Mfe60beuaPpk0Ltu1vvtIQRvyHsh7F6hozAgLAhLdCUPESQ
q/oI9QEn9IW1iJC4VnGJlcSuSpDjt5DC5qnzUlXV557UioiQaSFisVTBGhbhl/fW
rV7317ZdFmQbAuqwNGGrjrspur1OGqPg8AJDfwJ/TplAewa0XKr6HHa5dtzw6pNS
3AnL+UvdSSYArcn9xKATIxW8L4XtEWMwBqhq53WJxlea
-----END CERTIFICATE-----