Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/89e2b5-a1bf-4839-b536-e4456f57d482/1/ORD0ibB7Qbi2VAqjn7de--YwbBw.roa
File:                     ORD0ibB7Qbi2VAqjn7de--YwbBw.roa (raw, json)
Hash identifier:          EySJQ7PIleQkWh762AOp7DMGiFBRJZ4vqqitqSVoVfU=
Subject key identifier:   39:10:F4:89:B0:7B:41:B8:B6:54:0A:A3:9F:B7:5E:FB:E6:30:6C:1C
Certificate issuer:       /CN=ff2e1672463b7f15f12b22f8b96704b04a5dbe95
Certificate serial:       019CAFED3F404878D325265D1C5B1113FF0A
Authority key identifier: FF:2E:16:72:46:3B:7F:15:F1:2B:22:F8:B9:67:04:B0:4A:5D:BE:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_y4WckY7fxXxKyL4uWcEsEpdvpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/89e2b5-a1bf-4839-b536-e4456f57d482/1/ORD0ibB7Qbi2VAqjn7de--YwbBw.roa
Signing time:             Mon 02 Mar 2026 19:01:26 +0000
ROA not before:           Mon 02 Mar 2026 19:01:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48779
IP address blocks:        131.222.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/89e2b5-a1bf-4839-b536-e4456f57d482/1/_y4WckY7fxXxKyL4uWcEsEpdvpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/89e2b5-a1bf-4839-b536-e4456f57d482/1/_y4WckY7fxXxKyL4uWcEsEpdvpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_y4WckY7fxXxKyL4uWcEsEpdvpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 19:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:af:ed:3f:40:48:78:d3:25:26:5d:1c:5b:11:13:ff:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff2e1672463b7f15f12b22f8b96704b04a5dbe95
        Validity
            Not Before: Mar  2 19:01:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3910f489b07b41b8b6540aa39fb75efbe6306c1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:74:87:23:bc:91:ee:dd:d2:a4:b1:aa:10:5d:
                    24:76:3b:22:87:c5:cf:fe:5b:6d:bc:2f:47:ae:f0:
                    a4:55:f7:6b:d5:ea:9d:4c:5a:9b:20:e8:83:ef:b8:
                    67:79:d2:31:4a:bf:8c:86:bb:ba:07:88:b5:e2:ee:
                    55:16:f3:6c:c0:ed:96:ce:8d:b8:f0:ad:d3:7d:63:
                    a9:11:4d:8c:2b:78:20:a9:00:35:89:03:6a:95:89:
                    81:49:7d:e5:0e:4b:9f:3a:9b:5c:f3:4a:f1:c4:7d:
                    93:d4:01:89:df:7b:fc:da:8c:03:45:55:4e:f1:8a:
                    22:36:be:42:dd:87:c1:ac:84:5a:de:28:ee:06:7e:
                    c4:7e:2e:37:24:fc:30:14:5c:eb:98:00:94:14:4a:
                    77:5c:f2:32:49:d4:8a:c7:00:e7:3e:13:b3:00:39:
                    9d:5e:ca:f2:70:0d:9c:52:b3:24:e3:2a:4a:2c:85:
                    72:aa:c3:66:23:89:ac:27:1f:52:ae:b9:71:d2:3e:
                    3b:0e:9f:2c:90:70:0a:c7:e5:4f:6b:12:14:d3:0e:
                    20:b5:20:40:da:94:20:42:17:55:ad:b3:51:f8:af:
                    71:6d:d5:27:c7:d5:81:01:0e:81:30:ac:03:60:1f:
                    2d:41:68:51:32:c2:73:fb:7f:56:36:e5:02:6d:b3:
                    e0:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:10:F4:89:B0:7B:41:B8:B6:54:0A:A3:9F:B7:5E:FB:E6:30:6C:1C
            X509v3 Authority Key Identifier:
                keyid:FF:2E:16:72:46:3B:7F:15:F1:2B:22:F8:B9:67:04:B0:4A:5D:BE:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_y4WckY7fxXxKyL4uWcEsEpdvpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/89e2b5-a1bf-4839-b536-e4456f57d482/1/ORD0ibB7Qbi2VAqjn7de--YwbBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/89e2b5-a1bf-4839-b536-e4456f57d482/1/_y4WckY7fxXxKyL4uWcEsEpdvpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:ff:98:ea:bf:b9:d8:90:73:97:3d:ae:d4:f7:a3:95:de:6d:
         1d:8f:91:11:ff:bc:dc:5b:e1:07:8b:4a:2c:7a:a6:e8:df:41:
         e4:95:cf:6d:d4:01:2b:4f:74:7b:69:d9:23:74:76:ae:cd:e7:
         d0:57:91:a4:04:a0:d7:93:55:83:f8:2d:1a:87:67:31:30:29:
         b4:6c:59:3e:eb:b6:17:3d:a3:3d:ef:16:ae:b1:9a:1b:88:22:
         69:c1:81:7e:e0:34:9c:c0:c2:74:d7:17:84:03:80:c3:60:a4:
         ff:9d:02:56:89:ac:06:5b:ee:8c:9f:70:47:93:31:17:90:28:
         30:23:a0:f4:e6:0a:50:58:4a:04:18:91:d4:fe:d4:5d:8a:94:
         fe:bc:b4:dc:0b:94:b2:63:31:35:56:bb:59:ef:44:36:85:ac:
         a3:54:fd:f2:b2:8d:b1:39:49:2e:93:fa:ad:80:fa:29:8f:71:
         96:c1:e2:3a:96:25:82:92:82:13:08:1e:2f:a5:c1:54:14:a2:
         b8:c8:d4:b4:c6:70:1f:31:17:22:d5:b6:ee:ba:0c:2d:9c:97:
         9c:71:ef:63:a9:24:40:19:c2:84:75:c3:f5:9f:c2:12:73:63:
         b0:87:ba:5e:72:fe:d9:8c:3f:36:1a:9b:3f:26:11:4c:0a:1d:
         1c:78:d5:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyv7T9ASHjTJSZdHFsRE/8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMmUxNjcyNDYzYjdmMTVmMTJiMjJmOGI5NjcwNGIwNGE1
ZGJlOTUwHhcNMjYwMzAyMTkwMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTEwZjQ4OWIwN2I0MWI4YjY1NDBhYTM5ZmI3NWVmYmU2MzA2YzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3SHI7yR7t3SpLGqEF0kdjsih8XP
/lttvC9HrvCkVfdr1eqdTFqbIOiD77hnedIxSr+Mhru6B4i14u5VFvNswO2Wzo24
8K3TfWOpEU2MK3ggqQA1iQNqlYmBSX3lDkufOptc80rxxH2T1AGJ33v82owDRVVO
8YoiNr5C3YfBrIRa3ijuBn7Efi43JPwwFFzrmACUFEp3XPIySdSKxwDnPhOzADmd
XsrycA2cUrMk4ypKLIVyqsNmI4msJx9Srrlx0j47Dp8skHAKx+VPaxIU0w4gtSBA
2pQgQhdVrbNR+K9xbdUnx9WBAQ6BMKwDYB8tQWhRMsJz+39WNuUCbbPgfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkQ9Imwe0G4tlQKo5+3XvvmMGwcMB8GA1UdIwQY
MBaAFP8uFnJGO38V8Ssi+LlnBLBKXb6VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3k0V2NrWTdmeFh4S3lMNHVXY0VzRXBkdnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny84OWUyYjUtYTFiZi00ODM5LWI1MzYt
ZTQ0NTZmNTdkNDgyLzEvT1JEMGliQjdRYmkyVkFxam43ZGUtLVl3YkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny84OWUyYjUtYTFiZi00ODM5LWI1MzYtZTQ0NTZmNTdkNDgy
LzEvX3k0V2NrWTdmeFh4S3lMNHVXY0VzRXBkdnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg96AMA0G
CSqGSIb3DQEBCwUAA4IBAQCI/5jqv7nYkHOXPa7U96OV3m0dj5ER/7zcW+EHi0os
eqbo30Hklc9t1AErT3R7adkjdHauzefQV5GkBKDXk1WD+C0ah2cxMCm0bFk+67YX
PaM97xausZobiCJpwYF+4DScwMJ01xeEA4DDYKT/nQJWiawGW+6Mn3BHkzEXkCgw
I6D05gpQWEoEGJHU/tRdipT+vLTcC5SyYzE1VrtZ70Q2hayjVP3yso2xOUkuk/qt
gPopj3GWweI6liWCkoITCB4vpcFUFKK4yNS0xnAfMRci1bbuugwtnJecce9jqSRA
GcKEdcP1n8ISc2Owh7pecv7ZjD82Gps/JhFMCh0ceNXw
-----END CERTIFICATE-----