Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/arOEcwZhUNm3Hj36Uwng_wKeV9E.roa
File:                     arOEcwZhUNm3Hj36Uwng_wKeV9E.roa (raw, json)
Hash identifier:          B20xitz9JymuHol/jxxjXdJ6lXpi2xW/yyUd53yf3d8=
Subject key identifier:   6A:B3:84:73:06:61:50:D9:B7:1E:3D:FA:53:09:E0:FF:02:9E:57:D1
Certificate issuer:       /CN=287e1c97f71f355867e3fb877f21aa5130b6cf5d
Certificate serial:       019B79EC2FCC7DBA8BE8BF9397980068CF6E
Authority key identifier: 28:7E:1C:97:F7:1F:35:58:67:E3:FB:87:7F:21:AA:51:30:B6:CF:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/arOEcwZhUNm3Hj36Uwng_wKeV9E.roa
Signing time:             Thu 01 Jan 2026 14:18:00 +0000
ROA not before:           Thu 01 Jan 2026 14:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211385
IP address blocks:        193.107.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:2f:cc:7d:ba:8b:e8:bf:93:97:98:00:68:cf:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=287e1c97f71f355867e3fb877f21aa5130b6cf5d
        Validity
            Not Before: Jan  1 14:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ab38473066150d9b71e3dfa5309e0ff029e57d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2a:eb:c3:ad:a0:5d:f2:63:6f:92:f2:43:17:
                    8f:0a:0f:f2:12:73:a6:48:fd:c9:90:cb:dc:0d:ac:
                    26:5e:8a:0b:af:38:47:68:5a:4f:b7:77:57:ad:97:
                    38:85:63:3d:80:96:c8:3b:44:47:1b:24:7c:71:9f:
                    c4:59:f1:05:bb:86:9d:df:8b:15:5c:69:3f:4e:96:
                    27:c6:d6:4e:b4:54:83:4d:e2:39:a1:10:36:23:64:
                    5e:48:f0:81:1a:96:4a:e4:8e:24:0d:0e:c5:6a:95:
                    3f:6f:34:0a:b5:94:e8:cb:69:45:94:25:61:de:14:
                    62:2e:b1:75:9c:10:a3:a6:19:ff:a2:84:b0:08:ba:
                    03:6c:6e:28:82:aa:30:58:06:bf:97:b5:5a:47:fc:
                    0c:45:3a:53:69:fb:1c:4c:0d:c0:68:e5:e7:ba:36:
                    a6:6a:f5:63:2e:78:3a:97:2f:79:7c:2d:ae:bd:f8:
                    82:21:48:b7:f9:5e:25:4d:e6:85:19:ff:fb:96:0e:
                    9e:06:06:fb:08:62:08:55:fb:4c:e5:4c:69:73:c8:
                    0a:92:f2:d9:94:20:8f:4d:34:e7:12:ea:18:af:bc:
                    13:d2:c3:76:e2:a0:32:07:db:da:35:a1:04:50:df:
                    d9:0f:66:4b:44:35:60:f2:49:80:dd:c7:90:9b:b1:
                    2d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:B3:84:73:06:61:50:D9:B7:1E:3D:FA:53:09:E0:FF:02:9E:57:D1
            X509v3 Authority Key Identifier:
                keyid:28:7E:1C:97:F7:1F:35:58:67:E3:FB:87:7F:21:AA:51:30:B6:CF:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/arOEcwZhUNm3Hj36Uwng_wKeV9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:bb:58:1d:08:9a:f3:80:6f:3a:ac:27:7e:77:18:23:60:aa:
         a7:7b:1a:66:74:37:27:28:8f:ba:ac:c7:eb:f8:78:b3:69:9e:
         10:7c:fd:bc:75:a8:7f:c4:6c:2d:cf:d9:4b:f0:e1:c6:13:af:
         bc:ef:77:91:f2:24:b4:81:47:a3:a4:72:2c:1f:a7:85:2f:84:
         a2:52:19:f3:08:61:2b:49:98:2a:cb:aa:36:9e:c6:a9:05:fa:
         80:72:6a:e7:a2:d2:43:b0:42:e1:43:9c:cd:e3:b2:7b:01:0b:
         ed:1f:6e:19:0d:4b:46:29:77:1f:0d:a9:12:15:ba:8b:80:da:
         d2:dc:63:62:d4:91:c9:62:9b:7b:97:58:d8:e2:4a:25:e9:a3:
         bf:ad:54:bc:7e:77:45:a3:84:fd:6c:c1:e2:4b:61:30:05:b9:
         e2:45:7a:c6:e1:e5:95:cc:3c:c3:07:77:73:e5:ee:c0:5b:c9:
         c5:e0:35:91:57:2c:7f:60:0d:06:00:8b:6f:6a:7b:9a:a3:2b:
         12:c0:0a:ea:b5:f1:04:1f:e1:9e:a8:04:b8:a4:6f:75:38:a6:
         7c:c5:4b:07:e6:b7:a5:18:62:23:04:17:bb:32:bb:a5:0d:29:
         e9:68:a6:01:78:e7:a9:81:d6:94:7f:13:78:64:11:dc:43:38:
         56:0e:76:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57C/MfbqL6L+Tl5gAaM9uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4N2UxYzk3ZjcxZjM1NTg2N2UzZmI4NzdmMjFhYTUxMzBi
NmNmNWQwHhcNMjYwMTAxMTQxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWIzODQ3MzA2NjE1MGQ5YjcxZTNkZmE1MzA5ZTBmZjAyOWU1N2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxirrw62gXfJjb5LyQxePCg/yEnOm
SP3JkMvcDawmXooLrzhHaFpPt3dXrZc4hWM9gJbIO0RHGyR8cZ/EWfEFu4ad34sV
XGk/TpYnxtZOtFSDTeI5oRA2I2ReSPCBGpZK5I4kDQ7FapU/bzQKtZToy2lFlCVh
3hRiLrF1nBCjphn/ooSwCLoDbG4ogqowWAa/l7VaR/wMRTpTafscTA3AaOXnujam
avVjLng6ly95fC2uvfiCIUi3+V4lTeaFGf/7lg6eBgb7CGIIVftM5Uxpc8gKkvLZ
lCCPTTTnEuoYr7wT0sN24qAyB9vaNaEEUN/ZD2ZLRDVg8kmA3ceQm7Et1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqzhHMGYVDZtx49+lMJ4P8CnlfRMB8GA1UdIwQY
MBaAFCh+HJf3HzVYZ+P7h38hqlEwts9dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0g0Y2xfY2ZOVmhuNF91SGZ5R3FVVEMyejEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hZjE2MWItZWY1MS00NGJkLThlMGEt
OWViM2M2ODJiMDA5LzEvYXJPRWN3WmhVTm0zSGozNlV3bmdfd0tlVjlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hZjE2MWItZWY1MS00NGJkLThlMGEtOWViM2M2ODJiMDA5
LzEvS0g0Y2xfY2ZOVmhuNF91SGZ5R3FVVEMyejEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWsMMA0G
CSqGSIb3DQEBCwUAA4IBAQCnu1gdCJrzgG86rCd+dxgjYKqnexpmdDcnKI+6rMfr
+HizaZ4QfP28dah/xGwtz9lL8OHGE6+873eR8iS0gUejpHIsH6eFL4SiUhnzCGEr
SZgqy6o2nsapBfqAcmrnotJDsELhQ5zN47J7AQvtH24ZDUtGKXcfDakSFbqLgNrS
3GNi1JHJYpt7l1jY4kol6aO/rVS8fndFo4T9bMHiS2EwBbniRXrG4eWVzDzDB3dz
5e7AW8nF4DWRVyx/YA0GAItvanuaoysSwArqtfEEH+GeqAS4pG91OKZ8xUsH5rel
GGIjBBe7MrulDSnpaKYBeOepgdaUfxN4ZBHcQzhWDnYi
-----END CERTIFICATE-----