Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/IcDMRcqXDP30XWDO3csmueY-Szc.roa
File:                     IcDMRcqXDP30XWDO3csmueY-Szc.roa (raw, json)
Hash identifier:          3XHIRXI5pK3H1pv/yXC4BH8QqmFJjl3YSDQsc89ULII=
Subject key identifier:   21:C0:CC:45:CA:97:0C:FD:F4:5D:60:CE:DD:CB:26:B9:E6:3E:4B:37
Certificate issuer:       /CN=b712b25a2304f7ba44c38d0395ddf2ed04f5c7ef
Certificate serial:       019D9178B50C70AB94400519E536A93C6018
Authority key identifier: B7:12:B2:5A:23:04:F7:BA:44:C3:8D:03:95:DD:F2:ED:04:F5:C7:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txKyWiME97pEw40Dld3y7QT1x-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/IcDMRcqXDP30XWDO3csmueY-Szc.roa
Signing time:             Wed 15 Apr 2026 14:08:20 +0000
ROA not before:           Wed 15 Apr 2026 14:08:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204140
IP address blocks:        185.138.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/txKyWiME97pEw40Dld3y7QT1x-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/txKyWiME97pEw40Dld3y7QT1x-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txKyWiME97pEw40Dld3y7QT1x-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:78:b5:0c:70:ab:94:40:05:19:e5:36:a9:3c:60:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b712b25a2304f7ba44c38d0395ddf2ed04f5c7ef
        Validity
            Not Before: Apr 15 14:08:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21c0cc45ca970cfdf45d60ceddcb26b9e63e4b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6e:0d:3a:8f:2c:bc:eb:00:4c:b3:78:51:f1:
                    89:73:40:ff:6c:1a:d1:b5:11:99:e3:00:d1:31:02:
                    a6:44:74:db:07:53:b3:f4:86:c6:33:22:7a:59:f5:
                    3c:5c:54:b4:87:10:69:ba:1f:ba:56:54:8a:9f:fc:
                    ed:35:aa:bb:de:c2:e3:c6:1a:1e:de:b6:28:75:89:
                    78:d7:66:21:09:20:4a:c1:f7:36:c5:e7:dc:23:6c:
                    10:5f:86:7f:a7:bc:36:fb:c0:b7:b2:2c:81:f0:c1:
                    63:d1:65:0c:86:9f:c4:3b:01:af:38:0a:a7:a8:f0:
                    2a:c8:bf:49:9b:06:42:d5:9d:af:34:24:8b:91:08:
                    8b:91:0e:f2:f9:24:6b:69:be:49:e9:3f:c7:86:d6:
                    d8:fa:e4:de:2d:b3:f5:b8:74:60:f6:60:3d:73:ea:
                    52:f6:9d:be:7f:8f:fe:00:dc:41:3b:79:51:33:b5:
                    02:b6:1c:0c:88:52:26:5e:e0:07:21:ba:e5:9d:b9:
                    58:5d:75:62:ae:09:d2:a9:dd:db:81:23:3b:92:7f:
                    11:96:7f:b5:da:ee:03:82:d5:3d:11:ea:d1:3a:4c:
                    41:93:f6:d8:9b:9c:32:e9:65:44:b6:46:5b:5e:cc:
                    35:24:a7:06:61:c1:37:bf:5b:e8:b5:0c:fd:b2:7e:
                    83:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:C0:CC:45:CA:97:0C:FD:F4:5D:60:CE:DD:CB:26:B9:E6:3E:4B:37
            X509v3 Authority Key Identifier:
                keyid:B7:12:B2:5A:23:04:F7:BA:44:C3:8D:03:95:DD:F2:ED:04:F5:C7:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txKyWiME97pEw40Dld3y7QT1x-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/IcDMRcqXDP30XWDO3csmueY-Szc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/txKyWiME97pEw40Dld3y7QT1x-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:b7:1a:d3:81:dc:2e:ae:d3:f0:40:3c:22:3c:0f:7c:33:fb:
         ee:a7:4b:18:ae:7f:81:e7:5b:e4:a9:fd:10:76:6b:8a:16:c6:
         8e:04:c3:28:9d:a3:23:5a:0c:df:b1:b3:8e:2b:9c:e8:1d:2b:
         4a:8a:e9:7a:ce:a2:7a:93:f4:a2:6c:75:a8:2e:65:c4:2f:df:
         5d:c4:7c:b9:83:98:07:70:d9:94:c6:62:18:4c:22:cd:5d:a1:
         3e:93:80:1d:78:26:1b:2a:ab:7b:9f:f9:66:a2:14:a7:23:31:
         a2:e8:9a:e8:ba:b3:6b:81:af:95:d0:4f:db:1e:66:e5:39:dc:
         54:90:9e:ab:86:3b:44:aa:e4:5b:74:49:f5:5f:60:97:26:2e:
         4d:de:5e:87:d4:11:ff:38:5a:06:37:c9:d0:97:0f:ef:25:d8:
         dd:d5:b4:38:3e:ae:7f:55:e1:a5:aa:a5:d0:02:83:bb:93:8f:
         4d:79:18:0d:c8:a0:9a:9e:c9:ed:71:f5:c0:68:28:f6:a5:d7:
         68:d0:e2:f9:b3:1a:3e:60:eb:14:05:58:44:a2:ef:a2:31:b6:
         fa:60:01:2a:45:11:94:07:2a:f9:b7:69:e7:60:be:71:24:0b:
         08:dd:e6:9b:b7:4a:1e:31:f0:e9:c7:44:df:0d:18:35:76:5e:
         8e:0b:41:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2ReLUMcKuUQAUZ5TapPGAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTJiMjVhMjMwNGY3YmE0NGMzOGQwMzk1ZGRmMmVkMDRm
NWM3ZWYwHhcNMjYwNDE1MTQwODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWMwY2M0NWNhOTcwY2ZkZjQ1ZDYwY2VkZGNiMjZiOWU2M2U0YjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2m4NOo8svOsATLN4UfGJc0D/bBrR
tRGZ4wDRMQKmRHTbB1Oz9IbGMyJ6WfU8XFS0hxBpuh+6VlSKn/ztNaq73sLjxhoe
3rYodYl412YhCSBKwfc2xefcI2wQX4Z/p7w2+8C3siyB8MFj0WUMhp/EOwGvOAqn
qPAqyL9JmwZC1Z2vNCSLkQiLkQ7y+SRrab5J6T/HhtbY+uTeLbP1uHRg9mA9c+pS
9p2+f4/+ANxBO3lRM7UCthwMiFImXuAHIbrlnblYXXVirgnSqd3bgSM7kn8Rln+1
2u4DgtU9EerROkxBk/bYm5wy6WVEtkZbXsw1JKcGYcE3v1votQz9sn6DrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHAzEXKlwz99F1gzt3LJrnmPks3MB8GA1UdIwQY
MBaAFLcSslojBPe6RMONA5Xd8u0E9cfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhLeVdpTUU5N3BFdzQwRGxkM3k3UVQxeC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi85YWVhZTctZGYxMC00MGE3LWI5MzMt
MDgxY2I3Y2I4OGYzLzEvSWNETVJjcVhEUDMwWFdETzNjc211ZVktU3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi85YWVhZTctZGYxMC00MGE3LWI5MzMtMDgxY2I3Y2I4OGYz
LzEvdHhLeVdpTUU5N3BFdzQwRGxkM3k3UVQxeC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYqUMA0G
CSqGSIb3DQEBCwUAA4IBAQBKtxrTgdwurtPwQDwiPA98M/vup0sYrn+B51vkqf0Q
dmuKFsaOBMMonaMjWgzfsbOOK5zoHStKiul6zqJ6k/SibHWoLmXEL99dxHy5g5gH
cNmUxmIYTCLNXaE+k4AdeCYbKqt7n/lmohSnIzGi6JrourNrga+V0E/bHmblOdxU
kJ6rhjtEquRbdEn1X2CXJi5N3l6H1BH/OFoGN8nQlw/vJdjd1bQ4Pq5/VeGlqqXQ
AoO7k49NeRgNyKCansntcfXAaCj2pddo0OL5sxo+YOsUBVhEou+iMbb6YAEqRRGU
Byr5t2nnYL5xJAsI3eabt0oeMfDpx0TfDRg1dl6OC0GX
-----END CERTIFICATE-----