Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/IUNZ7k6Be0InVz26bkrmn4bWfkw.roa
File:                     IUNZ7k6Be0InVz26bkrmn4bWfkw.roa (raw, json)
Hash identifier:          DDlLvGK0psVjxhmGzrMeKyqnXmOhbxm+rWrp7gXndKE=
Subject key identifier:   21:43:59:EE:4E:81:7B:42:27:57:3D:BA:6E:4A:E6:9F:86:D6:7E:4C
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019C19B2BED1A894563AD1DC944203FBDBE2
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/IUNZ7k6Be0InVz26bkrmn4bWfkw.roa
Signing time:             Sun 01 Feb 2026 14:54:30 +0000
ROA not before:           Sun 01 Feb 2026 14:54:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46559
IP address blocks:        193.168.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:19:b2:be:d1:a8:94:56:3a:d1:dc:94:42:03:fb:db:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Feb  1 14:54:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=214359ee4e817b4227573dba6e4ae69f86d67e4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:68:b0:ff:a9:cf:70:d1:3c:17:dc:ab:9e:4b:
                    51:f1:a1:33:ff:9b:7b:aa:4c:6a:8d:70:57:a2:b9:
                    1d:12:9a:a8:e0:f2:0f:04:d3:eb:4a:64:fc:e2:df:
                    3d:1e:05:d8:05:d9:82:b0:c5:9b:52:4a:a6:bc:db:
                    72:4c:ed:6d:3b:51:cd:40:0f:3e:21:6c:d7:35:75:
                    8e:6a:db:bd:a8:e1:c4:18:d8:dc:1b:e3:7c:fd:a1:
                    2b:5c:9e:2d:88:54:05:dd:7d:cc:50:b4:10:04:84:
                    71:6a:27:75:10:17:20:b1:cb:18:08:8a:5a:f8:e7:
                    2d:ca:ce:47:ea:be:ce:1a:51:8d:11:b4:13:ef:d2:
                    50:34:d7:7a:e7:f8:42:9c:be:12:51:d7:34:6a:c4:
                    05:f4:fc:da:e7:7b:d2:e8:2c:a8:29:0b:c5:89:40:
                    9e:2d:9f:19:28:83:03:b1:71:38:71:22:c2:ac:5f:
                    b3:27:49:13:9f:1f:87:c6:52:39:a6:80:c8:2f:f0:
                    6d:3a:f2:fa:86:b4:be:03:93:95:a6:3c:44:2a:09:
                    4c:a8:50:fe:91:1d:b6:18:78:6b:c9:c2:9a:79:72:
                    2d:f2:f9:b2:14:c3:22:9b:31:b0:1e:fa:81:ef:4d:
                    02:20:33:e1:a3:9c:b7:20:a6:70:d9:2e:46:ca:36:
                    4e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:43:59:EE:4E:81:7B:42:27:57:3D:BA:6E:4A:E6:9F:86:D6:7E:4C
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/IUNZ7k6Be0InVz26bkrmn4bWfkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:8a:53:a8:b3:0f:a0:fa:3a:a3:1b:af:61:e5:3b:13:4d:de:
         c4:9a:4b:98:72:de:80:5d:e0:30:81:50:4d:39:04:ff:d0:e6:
         e6:f1:8b:b6:c5:a7:af:dc:5f:22:65:30:f3:0c:ac:bd:14:66:
         07:fa:ab:88:11:c5:80:6e:84:81:fd:2c:4c:e0:89:56:56:e0:
         fb:5d:40:e3:65:3b:57:15:8a:47:29:87:a8:b8:8f:04:84:5d:
         f7:b3:fa:f2:b9:d9:55:1f:5d:8f:a0:7f:04:44:54:be:bd:2d:
         dc:46:b3:2a:12:5a:bb:5a:c5:aa:c3:57:ab:f2:86:28:83:43:
         c2:7a:7b:56:36:e1:b7:de:85:bb:f5:a4:7f:40:73:0f:11:00:
         78:00:65:6e:2a:2d:6f:d5:ed:10:3e:d4:da:55:3f:a2:3c:c6:
         df:4b:b2:92:e1:b9:20:8c:9b:47:ef:6e:05:b4:07:be:e1:76:
         23:9b:7d:25:08:2e:4b:af:ff:e5:7b:a9:63:ef:86:63:b0:25:
         ea:a1:e7:7f:05:78:5a:c0:da:68:c8:09:6b:3d:20:fb:3a:74:
         4a:5f:d6:73:28:62:ae:ab:49:06:5d:89:a8:ce:f8:0d:e4:0d:
         9c:93:bf:e0:c7:82:fd:98:6e:ee:b3:ff:0f:2a:5e:bd:8a:e5:
         cc:52:6f:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwZsr7RqJRWOtHclEID+9viMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjYwMjAxMTQ1NDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQzNTllZTRlODE3YjQyMjc1NzNkYmE2ZTRhZTY5Zjg2ZDY3ZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumiw/6nPcNE8F9yrnktR8aEz/5t7
qkxqjXBXorkdEpqo4PIPBNPrSmT84t89HgXYBdmCsMWbUkqmvNtyTO1tO1HNQA8+
IWzXNXWOatu9qOHEGNjcG+N8/aErXJ4tiFQF3X3MULQQBIRxaid1EBcgscsYCIpa
+Octys5H6r7OGlGNEbQT79JQNNd65/hCnL4SUdc0asQF9Pza53vS6CyoKQvFiUCe
LZ8ZKIMDsXE4cSLCrF+zJ0kTnx+HxlI5poDIL/BtOvL6hrS+A5OVpjxEKglMqFD+
kR22GHhrycKaeXIt8vmyFMMimzGwHvqB700CIDPho5y3IKZw2S5GyjZOGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFDWe5OgXtCJ1c9um5K5p+G1n5MMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvSVVOWjdrNkJlMEluVnoyNmJrcm1uNGJXZmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwajKMA0G
CSqGSIb3DQEBCwUAA4IBAQACilOosw+g+jqjG69h5TsTTd7EmkuYct6AXeAwgVBN
OQT/0Obm8Yu2xaev3F8iZTDzDKy9FGYH+quIEcWAboSB/SxM4IlWVuD7XUDjZTtX
FYpHKYeouI8EhF33s/ryudlVH12PoH8ERFS+vS3cRrMqElq7WsWqw1er8oYog0PC
entWNuG33oW79aR/QHMPEQB4AGVuKi1v1e0QPtTaVT+iPMbfS7KS4bkgjJtH724F
tAe+4XYjm30lCC5Lr//le6lj74ZjsCXqoed/BXhawNpoyAlrPSD7OnRKX9ZzKGKu
q0kGXYmozvgN5A2ck7/gx4L9mG7us/8PKl69iuXMUm8F
-----END CERTIFICATE-----