Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/1-RlwPgkm_UvcXOCMS-B-tCjFDd4.roa
File:                     1-RlwPgkm_UvcXOCMS-B-tCjFDd4.roa (raw, json)
Hash identifier:          JIVt8LRE4P4teDbJAFqyE2U6gD9MsbOuAB3Fl+sGOjU=
Subject key identifier:   F9:19:70:3E:09:26:FD:4B:DC:5C:E0:8C:4B:E0:7E:B4:28:C5:0D:DE
Certificate issuer:       /CN=dfc2603437ef74117fa12272ec42c2527da800c7
Certificate serial:       019D431E60AAB4AD6149DBB606E0B6EEB3B9
Authority key identifier: DF:C2:60:34:37:EF:74:11:7F:A1:22:72:EC:42:C2:52:7D:A8:00:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/38JgNDfvdBF_oSJy7ELCUn2oAMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/1-RlwPgkm_UvcXOCMS-B-tCjFDd4.roa
Signing time:             Tue 31 Mar 2026 08:59:17 +0000
ROA not before:           Tue 31 Mar 2026 08:59:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198175
IP address blocks:        193.134.8.0/21 maxlen: 21
                          2a10:8240::/30 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/38JgNDfvdBF_oSJy7ELCUn2oAMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/38JgNDfvdBF_oSJy7ELCUn2oAMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/38JgNDfvdBF_oSJy7ELCUn2oAMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:1e:60:aa:b4:ad:61:49:db:b6:06:e0:b6:ee:b3:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfc2603437ef74117fa12272ec42c2527da800c7
        Validity
            Not Before: Mar 31 08:59:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f919703e0926fd4bdc5ce08c4be07eb428c50dde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:34:4a:75:d1:a1:1d:33:0e:9b:e4:01:82:f9:
                    f0:3c:16:ca:1d:b1:7b:66:cc:72:2f:5f:7f:13:f0:
                    68:2e:f3:45:22:22:9f:1d:42:04:8a:3a:04:27:69:
                    3e:f5:e9:29:96:69:a8:d7:13:3b:53:b6:ae:e6:ae:
                    3e:e7:a1:47:e4:06:db:ec:01:b3:05:73:9f:32:15:
                    f9:47:88:af:1e:8c:36:a8:24:ee:85:2b:ef:b4:c3:
                    22:96:5e:58:02:60:43:be:50:52:6e:72:70:57:b3:
                    67:06:27:3a:df:e4:d7:09:dc:59:3b:d9:fe:c2:7b:
                    f7:db:95:01:dc:18:94:67:00:2e:3f:11:49:0f:fd:
                    5b:0a:e6:fd:22:ed:da:d6:f5:12:61:51:3c:4b:b3:
                    c0:55:e4:03:5b:a2:41:a8:41:3f:3e:dc:6b:5d:a7:
                    ac:82:d4:69:de:89:e3:29:f6:f7:61:a0:83:b0:16:
                    76:a1:e3:e8:b7:f3:a3:56:a7:18:f6:cb:15:48:ed:
                    50:1b:23:0a:03:be:a2:a5:53:2e:da:d2:53:16:88:
                    ec:a8:22:b7:80:05:c2:45:5b:89:53:35:71:8d:fe:
                    49:61:01:1b:34:74:6c:a2:d3:41:d8:c9:dd:30:1b:
                    32:4b:c5:7f:fe:bd:c4:02:01:86:bd:35:9c:6e:cf:
                    42:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:19:70:3E:09:26:FD:4B:DC:5C:E0:8C:4B:E0:7E:B4:28:C5:0D:DE
            X509v3 Authority Key Identifier:
                keyid:DF:C2:60:34:37:EF:74:11:7F:A1:22:72:EC:42:C2:52:7D:A8:00:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/38JgNDfvdBF_oSJy7ELCUn2oAMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/1-RlwPgkm_UvcXOCMS-B-tCjFDd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b55e40-d8be-48d9-bd55-c83007327449/1/38JgNDfvdBF_oSJy7ELCUn2oAMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.8.0/21
                IPv6:
                  2a10:8240::/30

    Signature Algorithm: sha256WithRSAEncryption
         63:f9:22:87:bd:7c:8a:ee:e5:33:96:d6:ae:ed:2b:a3:ca:e2:
         b2:19:c2:66:36:43:c5:e8:ee:f7:5e:aa:aa:c1:e5:74:19:c6:
         d9:75:36:56:5a:fb:b1:97:43:67:4b:60:f0:d4:56:a0:56:4b:
         25:20:64:d9:ef:4d:cd:53:86:f0:59:19:d7:c8:67:21:cd:05:
         c9:91:f6:1b:a4:9d:8d:93:1e:ab:66:fb:c4:d6:a4:04:99:48:
         1f:41:66:93:34:80:af:20:ea:02:2f:67:d1:07:d0:e1:e2:68:
         ad:c2:a4:6a:af:de:c6:67:1a:de:3f:92:94:22:68:b3:e1:e1:
         a2:fc:d4:77:7e:a6:94:5e:36:1a:65:d8:dd:12:29:f6:2d:80:
         79:bd:9a:fd:2b:63:f7:ae:2e:37:3f:49:ae:69:48:fa:95:e0:
         cb:43:13:23:4a:8b:da:89:be:36:34:14:5e:38:d3:46:a8:ce:
         7f:25:bf:5d:7c:73:f6:ba:45:ee:33:e5:eb:c2:a5:a1:77:f0:
         5c:b9:cc:b1:64:10:07:85:79:34:a8:c5:f0:91:9a:ce:bb:d7:
         53:90:67:df:5b:91:72:18:a7:18:e0:04:ff:a3:03:55:7a:90:
         22:43:29:72:22:0c:c2:d5:cb:81:c7:e8:97:7f:bb:21:c8:df:
         fe:3e:4d:56
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZ1DHmCqtK1hSdu2BuC27rO5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYzI2MDM0MzdlZjc0MTE3ZmExMjI3MmVjNDJjMjUyN2Rh
ODAwYzcwHhcNMjYwMzMxMDg1OTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTE5NzAzZTA5MjZmZDRiZGM1Y2UwOGM0YmUwN2ViNDI4YzUwZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzRKddGhHTMOm+QBgvnwPBbKHbF7
ZsxyL19/E/BoLvNFIiKfHUIEijoEJ2k+9ekplmmo1xM7U7au5q4+56FH5Abb7AGz
BXOfMhX5R4ivHow2qCTuhSvvtMMill5YAmBDvlBSbnJwV7NnBic63+TXCdxZO9n+
wnv325UB3BiUZwAuPxFJD/1bCub9Iu3a1vUSYVE8S7PAVeQDW6JBqEE/PtxrXaes
gtRp3onjKfb3YaCDsBZ2oePot/OjVqcY9ssVSO1QGyMKA76ipVMu2tJTFojsqCK3
gAXCRVuJUzVxjf5JYQEbNHRsotNB2MndMBsyS8V//r3EAgGGvTWcbs9COQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPkZcD4JJv1L3FzgjEvgfrQoxQ3eMB8GA1UdIwQY
MBaAFN/CYDQ373QRf6EicuxCwlJ9qADHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzhKZ05EZnZkQkZfb1NKeTdFTENVbjJvQU1jLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iNTVlNDAtZDhiZS00OGQ5LWJkNTUt
YzgzMDA3MzI3NDQ5LzEvMS1SbHdQZ2ttX1V2Y1hPQ01TLUItdENqRkRkNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGQvYjU1ZTQwLWQ4YmUtNDhkOS1iZDU1LWM4MzAwNzMyNzQ0
OS8xLzM4SmdORGZ2ZEJGX29TSnk3RUxDVW4yb0FNYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEA8GGCDAN
BAIAAjAHAwUCKhCCQDANBgkqhkiG9w0BAQsFAAOCAQEAY/kih718iu7lM5bWru0r
o8rishnCZjZDxeju916qqsHldBnG2XU2Vlr7sZdDZ0tg8NRWoFZLJSBk2e9NzVOG
8FkZ18hnIc0FyZH2G6SdjZMeq2b7xNakBJlIH0FmkzSAryDqAi9n0QfQ4eJorcKk
aq/exmca3j+SlCJos+HhovzUd36mlF42GmXY3RIp9i2Aeb2a/Stj964uNz9JrmlI
+pXgy0MTI0qL2om+NjQUXjjTRqjOfyW/XXxz9rpF7jPl68KloXfwXLnMsWQQB4V5
NKjF8JGazrvXU5Bn31uRchinGOAE/6MDVXqQIkMpciIMwtXLgcfol3+7Icjf/j5N
Vg==
-----END CERTIFICATE-----