Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/u74Y2DtNYCrFLzeUZsDA2ek1RJQ.roa
File:                     u74Y2DtNYCrFLzeUZsDA2ek1RJQ.roa (raw, json)
Hash identifier:          v4D4CGF7IK7jFQI/k7wDX6FIFSnqg7cuKSN4Jo5u5mc=
Subject key identifier:   BB:BE:18:D8:3B:4D:60:2A:C5:2F:37:94:66:C0:C0:D9:E9:35:44:94
Certificate issuer:       /CN=d23b6477e1c84f52907cd60c63ea83ef5e4ac782
Certificate serial:       019B7B35709F1B8139258AC9096F1DB79390
Authority key identifier: D2:3B:64:77:E1:C8:4F:52:90:7C:D6:0C:63:EA:83:EF:5E:4A:C7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0jtkd-HIT1KQfNYMY-qD715Kx4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/u74Y2DtNYCrFLzeUZsDA2ek1RJQ.roa
Signing time:             Thu 01 Jan 2026 20:17:38 +0000
ROA not before:           Thu 01 Jan 2026 20:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41299
IP address blocks:        195.60.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/0jtkd-HIT1KQfNYMY-qD715Kx4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/0jtkd-HIT1KQfNYMY-qD715Kx4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0jtkd-HIT1KQfNYMY-qD715Kx4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:70:9f:1b:81:39:25:8a:c9:09:6f:1d:b7:93:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d23b6477e1c84f52907cd60c63ea83ef5e4ac782
        Validity
            Not Before: Jan  1 20:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bbbe18d83b4d602ac52f379466c0c0d9e9354494
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:67:83:d4:8f:72:cd:f4:43:9b:c7:9b:df:c1:
                    45:6f:11:ec:93:ee:5e:5e:b7:4a:ce:86:38:22:66:
                    7a:e3:ed:07:10:28:d7:ae:b2:2c:1e:ec:4d:63:3a:
                    81:94:6b:77:1a:77:48:cc:87:e0:63:66:3a:4f:d9:
                    af:31:94:56:cc:ae:cf:62:69:3b:34:e6:c3:bc:97:
                    db:6d:b9:f7:ee:55:59:77:bb:e6:c9:38:2e:f6:61:
                    9e:a8:75:56:c9:38:34:19:cc:03:b8:bf:95:40:62:
                    43:29:5a:ed:ea:15:4b:de:d7:14:3a:b0:57:05:96:
                    c1:1b:85:40:d6:70:a6:98:8c:45:da:a8:ab:af:0f:
                    45:db:f9:72:00:c6:65:37:72:ed:4b:32:be:14:53:
                    66:5a:fb:c2:fe:84:15:07:65:07:e8:42:db:05:3c:
                    7b:24:c4:4d:86:87:f9:65:b9:b1:71:c2:84:63:54:
                    a6:46:4b:af:c8:52:0b:61:d8:d3:18:16:23:cc:9b:
                    f7:f8:e4:20:26:23:a8:30:d5:87:e2:e6:56:17:b0:
                    18:5a:ff:b7:f9:f1:99:0d:68:e6:75:1a:13:6f:1d:
                    c5:0e:c1:5e:28:36:e2:d4:bc:0d:a6:aa:04:c4:be:
                    d7:30:a9:94:e5:32:5e:40:01:4c:ce:dd:fe:1c:4b:
                    ae:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:BE:18:D8:3B:4D:60:2A:C5:2F:37:94:66:C0:C0:D9:E9:35:44:94
            X509v3 Authority Key Identifier:
                keyid:D2:3B:64:77:E1:C8:4F:52:90:7C:D6:0C:63:EA:83:EF:5E:4A:C7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0jtkd-HIT1KQfNYMY-qD715Kx4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/u74Y2DtNYCrFLzeUZsDA2ek1RJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/0jtkd-HIT1KQfNYMY-qD715Kx4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:5a:01:7e:e0:38:ee:72:ce:b5:af:4f:eb:c9:3f:08:a3:11:
         b4:fa:0d:31:1a:74:3b:eb:5d:26:6a:1c:de:70:f2:69:db:95:
         85:31:1e:53:e1:3b:b1:70:92:69:94:0e:31:9d:d7:61:36:03:
         f0:62:a2:b4:cf:4d:73:59:6c:cc:0e:5f:0b:3b:37:b8:88:5b:
         c9:23:d2:dc:fa:40:1d:de:7d:52:1a:6b:89:15:43:d3:83:76:
         a5:c9:10:42:36:aa:f9:b5:13:19:ac:03:2b:cb:a7:61:8c:e8:
         ba:19:9b:71:e4:68:1c:46:a4:9c:b6:43:0f:72:f3:18:9f:c1:
         1c:8b:4b:40:d2:06:c3:0f:5d:43:69:30:df:2b:80:cd:01:e2:
         14:84:06:84:8b:d4:4d:0f:5b:b8:4c:4f:b0:98:fc:26:36:07:
         35:9c:d6:6e:18:ca:09:11:0f:37:d1:61:12:7e:b4:58:3f:e3:
         0c:3b:48:d3:98:d0:ae:df:a6:08:a0:e2:15:c3:1f:bd:12:2e:
         4e:3e:c1:86:6e:69:2e:8d:52:a2:51:d2:da:f7:8b:73:31:fc:
         96:eb:20:96:b5:28:44:dc:e1:d6:c7:31:71:4e:29:01:e9:50:
         30:7c:1d:ee:60:ed:da:47:5f:b0:68:55:77:e7:99:87:66:27:
         13:30:41:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NXCfG4E5JYrJCW8dt5OQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyM2I2NDc3ZTFjODRmNTI5MDdjZDYwYzYzZWE4M2VmNWU0
YWM3ODIwHhcNMjYwMTAxMjAxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmJlMThkODNiNGQ2MDJhYzUyZjM3OTQ2NmMwYzBkOWU5MzU0NDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2eD1I9yzfRDm8eb38FFbxHsk+5e
XrdKzoY4ImZ64+0HECjXrrIsHuxNYzqBlGt3GndIzIfgY2Y6T9mvMZRWzK7PYmk7
NObDvJfbbbn37lVZd7vmyTgu9mGeqHVWyTg0GcwDuL+VQGJDKVrt6hVL3tcUOrBX
BZbBG4VA1nCmmIxF2qirrw9F2/lyAMZlN3LtSzK+FFNmWvvC/oQVB2UH6ELbBTx7
JMRNhof5ZbmxccKEY1SmRkuvyFILYdjTGBYjzJv3+OQgJiOoMNWH4uZWF7AYWv+3
+fGZDWjmdRoTbx3FDsFeKDbi1LwNpqoExL7XMKmU5TJeQAFMzt3+HEuuUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLu+GNg7TWAqxS83lGbAwNnpNUSUMB8GA1UdIwQY
MBaAFNI7ZHfhyE9SkHzWDGPqg+9eSseCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGp0a2QtSElUMUtRZk5ZTVktcUQ3MTVLeDRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS80NTU5ZmQtYjQwOS00NzljLWE0MGYt
MjI1NTU4NWRkZWNiLzEvdTc0WTJEdE5ZQ3JGTHplVVpzREEyZWsxUkpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS80NTU5ZmQtYjQwOS00NzljLWE0MGYtMjI1NTU4NWRkZWNi
LzEvMGp0a2QtSElUMUtRZk5ZTVktcUQ3MTVLeDRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwzzYMA0G
CSqGSIb3DQEBCwUAA4IBAQALWgF+4Djucs61r0/ryT8IoxG0+g0xGnQ7610mahze
cPJp25WFMR5T4TuxcJJplA4xnddhNgPwYqK0z01zWWzMDl8LOze4iFvJI9Lc+kAd
3n1SGmuJFUPTg3alyRBCNqr5tRMZrAMry6dhjOi6GZtx5GgcRqSctkMPcvMYn8Ec
i0tA0gbDD11DaTDfK4DNAeIUhAaEi9RND1u4TE+wmPwmNgc1nNZuGMoJEQ830WES
frRYP+MMO0jTmNCu36YIoOIVwx+9Ei5OPsGGbmkujVKiUdLa94tzMfyW6yCWtShE
3OHWxzFxTikB6VAwfB3uYO3aR1+waFV355mHZicTMEH2
-----END CERTIFICATE-----