Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/kJdLwlq4tT0_ThSn8KK8MvnKNhQ.roa
File:                     kJdLwlq4tT0_ThSn8KK8MvnKNhQ.roa (raw, json)
Hash identifier:          M0SRuXqVqr9XY+hckmT6i16Fz6tspFxGWFcOgNB9PXg=
Subject key identifier:   90:97:4B:C2:5A:B8:B5:3D:3F:4E:14:A7:F0:A2:BC:32:F9:CA:36:14
Certificate issuer:       /CN=b30e3011a0fb3111fbe8493c1230974aef532704
Certificate serial:       019D43688A47B432F8E11423034F4A8DB9FD
Authority key identifier: B3:0E:30:11:A0:FB:31:11:FB:E8:49:3C:12:30:97:4A:EF:53:27:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/kJdLwlq4tT0_ThSn8KK8MvnKNhQ.roa
Signing time:             Tue 31 Mar 2026 10:20:17 +0000
ROA not before:           Tue 31 Mar 2026 10:20:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212675
IP address blocks:        185.5.206.0/23 maxlen: 23
                          185.5.206.0/24 maxlen: 24
                          185.5.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:68:8a:47:b4:32:f8:e1:14:23:03:4f:4a:8d:b9:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b30e3011a0fb3111fbe8493c1230974aef532704
        Validity
            Not Before: Mar 31 10:20:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90974bc25ab8b53d3f4e14a7f0a2bc32f9ca3614
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:eb:94:a6:f6:4d:12:dd:18:75:8c:c3:81:6c:
                    76:34:76:55:0e:d8:e9:49:af:8e:6f:19:fe:60:34:
                    f0:f6:51:a0:a9:2e:d0:b2:43:92:4e:2f:6f:36:5a:
                    dc:e6:51:e6:91:49:55:9a:a4:00:d1:1b:40:b5:a4:
                    d8:04:fd:17:73:61:4b:ee:5e:f4:ee:35:6e:d3:a6:
                    d0:4d:66:64:7c:bf:aa:99:67:b9:3f:31:f5:cb:89:
                    d5:44:ae:29:ca:a6:13:bd:b8:58:a3:f3:91:ec:da:
                    44:4d:c2:d4:2e:63:35:ed:f6:28:33:29:a1:60:dc:
                    f6:fc:78:bd:5c:21:aa:69:71:d3:b6:85:5f:23:6f:
                    c2:66:25:29:55:21:be:22:7d:81:4c:eb:25:cc:b5:
                    f2:12:38:88:ab:df:37:12:87:40:90:ff:1d:45:cc:
                    96:34:8a:36:84:38:e8:bb:35:cc:6d:30:bc:f2:3d:
                    e0:46:dc:9a:64:2c:74:2c:b5:82:ac:4c:b3:79:31:
                    8c:ae:24:9a:48:6c:53:62:45:cb:84:ca:34:86:03:
                    c1:ec:3a:a0:64:c4:71:51:c3:34:d9:8f:1c:8c:2b:
                    d6:26:8d:c7:e9:e5:fe:b3:0f:46:f5:89:69:8b:05:
                    eb:74:18:5d:0b:39:a4:0b:ed:e9:14:72:1c:a4:e6:
                    09:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:97:4B:C2:5A:B8:B5:3D:3F:4E:14:A7:F0:A2:BC:32:F9:CA:36:14
            X509v3 Authority Key Identifier:
                keyid:B3:0E:30:11:A0:FB:31:11:FB:E8:49:3C:12:30:97:4A:EF:53:27:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/kJdLwlq4tT0_ThSn8KK8MvnKNhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0ffb64-efcb-49f5-8342-f9fb38c77c55/1/sw4wEaD7MRH76Ek8EjCXSu9TJwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:3d:74:37:6b:e6:97:79:ea:f1:70:51:0a:98:7c:a5:0b:bd:
         f4:db:09:94:85:93:c9:68:9e:9d:24:74:da:d3:02:b9:8c:0a:
         8e:a5:27:15:39:d3:ba:53:8f:a9:6b:4f:aa:49:68:94:01:7c:
         72:bb:7b:25:58:52:90:c5:70:52:7c:8f:a2:1b:50:78:1d:12:
         41:59:17:a3:a4:91:3d:6f:02:2a:3c:aa:b3:29:ac:83:dd:cd:
         4b:4f:96:6a:58:a8:71:d4:a6:50:49:14:08:5b:b9:4f:50:dd:
         7f:2d:87:89:f2:7f:5e:cf:f3:86:1d:66:0b:8d:9e:fa:ef:e4:
         40:06:45:a7:74:6e:99:e0:9f:dd:52:db:97:06:97:8b:73:10:
         2e:f2:cd:d8:93:9e:52:98:f5:cb:55:dd:35:80:25:0f:a6:23:
         24:d8:92:58:76:67:d1:28:a4:98:17:f3:92:32:cd:00:44:33:
         8e:2c:63:a0:c2:6e:89:10:52:99:cf:1a:64:5e:17:b1:05:d5:
         0d:cd:f9:19:7b:4d:63:82:ca:de:cf:59:a2:49:e2:0e:7a:52:
         0c:9b:c1:7a:a2:ae:31:42:42:71:57:45:e1:3f:64:83:2a:c3:
         05:d0:22:33:86:30:a6:1f:d3:df:92:f1:3b:95:c2:44:27:b7:
         6a:63:25:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1DaIpHtDL44RQjA09Kjbn9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMGUzMDExYTBmYjMxMTFmYmU4NDkzYzEyMzA5NzRhZWY1
MzI3MDQwHhcNMjYwMzMxMTAyMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDk3NGJjMjVhYjhiNTNkM2Y0ZTE0YTdmMGEyYmMzMmY5Y2EzNjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruuUpvZNEt0YdYzDgWx2NHZVDtjp
Sa+Obxn+YDTw9lGgqS7QskOSTi9vNlrc5lHmkUlVmqQA0RtAtaTYBP0Xc2FL7l70
7jVu06bQTWZkfL+qmWe5PzH1y4nVRK4pyqYTvbhYo/OR7NpETcLULmM17fYoMymh
YNz2/Hi9XCGqaXHTtoVfI2/CZiUpVSG+In2BTOslzLXyEjiIq983EodAkP8dRcyW
NIo2hDjouzXMbTC88j3gRtyaZCx0LLWCrEyzeTGMriSaSGxTYkXLhMo0hgPB7Dqg
ZMRxUcM02Y8cjCvWJo3H6eX+sw9G9YlpiwXrdBhdCzmkC+3pFHIcpOYJzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCXS8JauLU9P04Up/CivDL5yjYUMB8GA1UdIwQY
MBaAFLMOMBGg+zER++hJPBIwl0rvUycEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3c0d0VhRDdNUkg3NkVrOEVqQ1hTdTlUSndRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8wZmZiNjQtZWZjYi00OWY1LTgzNDIt
ZjlmYjM4Yzc3YzU1LzEva0pkTHdscTR0VDBfVGhTbjhLSzhNdm5LTmhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8wZmZiNjQtZWZjYi00OWY1LTgzNDItZjlmYjM4Yzc3YzU1
LzEvc3c0d0VhRDdNUkg3NkVrOEVqQ1hTdTlUSndRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQXOMA0G
CSqGSIb3DQEBCwUAA4IBAQBQPXQ3a+aXeerxcFEKmHylC7302wmUhZPJaJ6dJHTa
0wK5jAqOpScVOdO6U4+pa0+qSWiUAXxyu3slWFKQxXBSfI+iG1B4HRJBWRejpJE9
bwIqPKqzKayD3c1LT5ZqWKhx1KZQSRQIW7lPUN1/LYeJ8n9ez/OGHWYLjZ767+RA
BkWndG6Z4J/dUtuXBpeLcxAu8s3Yk55SmPXLVd01gCUPpiMk2JJYdmfRKKSYF/OS
Ms0ARDOOLGOgwm6JEFKZzxpkXhexBdUNzfkZe01jgsrez1miSeIOelIMm8F6oq4x
QkJxV0XhP2SDKsMF0CIzhjCmH9PfkvE7lcJEJ7dqYyX+
-----END CERTIFICATE-----