Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Y03Bj_cfV6GrY4rgJnnKhSzV_jM.roa
File:                     Y03Bj_cfV6GrY4rgJnnKhSzV_jM.roa (raw, json)
Hash identifier:          D5vh+VFJlz+8o4oKiG+O2bClK57PpqgXE/Pe+OVddhw=
Subject key identifier:   63:4D:C1:8F:F7:1F:57:A1:AB:63:8A:E0:26:79:CA:85:2C:D5:FE:33
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D6349AD5627046EAAF157E77BB184D03F
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Y03Bj_cfV6GrY4rgJnnKhSzV_jM.roa
Signing time:             Mon 06 Apr 2026 14:54:26 +0000
ROA not before:           Mon 06 Apr 2026 14:54:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60840
IP address blocks:        185.201.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:49:ad:56:27:04:6e:aa:f1:57:e7:7b:b1:84:d0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  6 14:54:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=634dc18ff71f57a1ab638ae02679ca852cd5fe33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2a:e2:bd:5d:b4:73:88:02:bf:20:50:92:c3:
                    02:a7:18:3c:9e:0c:be:1c:f7:8b:ab:48:36:6a:ae:
                    cd:f4:4a:2a:62:c9:e1:0f:33:06:9f:14:3c:ae:7f:
                    2b:57:b3:eb:a3:ce:67:68:95:35:aa:75:d1:89:a7:
                    95:26:19:ff:74:61:cc:c4:e2:93:f1:22:00:87:c0:
                    07:89:16:f9:01:30:52:a2:e2:74:8c:4c:0b:11:cb:
                    25:06:c8:a8:15:2e:b1:58:cc:9c:45:fb:b8:88:77:
                    05:0c:b9:14:b4:b6:4d:25:91:6a:e9:87:e5:1c:54:
                    00:d7:ee:25:ea:a7:f4:38:ca:ec:33:79:83:d0:d4:
                    c6:30:f5:65:58:03:87:2e:e9:7d:e5:91:d8:4a:ab:
                    77:ec:95:18:f7:46:26:49:ad:a2:61:f5:fd:e1:f9:
                    cc:be:d4:9b:aa:6b:5b:72:af:d5:d7:3f:f9:94:ed:
                    1e:78:7c:16:2c:2c:c9:da:ca:2d:34:37:fb:a9:06:
                    59:52:ef:51:43:a5:31:d7:bc:6b:b3:29:fe:d3:36:
                    19:04:ad:45:43:3b:3b:83:23:9f:fc:4c:3c:ec:bd:
                    0c:01:24:ca:e3:70:8c:da:07:28:08:cf:a4:f1:a5:
                    d5:3d:73:23:e1:65:76:69:91:70:d4:de:38:0c:6f:
                    30:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:4D:C1:8F:F7:1F:57:A1:AB:63:8A:E0:26:79:CA:85:2C:D5:FE:33
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Y03Bj_cfV6GrY4rgJnnKhSzV_jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:18:5d:16:94:51:a8:10:c9:16:ae:a9:17:be:e6:56:48:53:
         bf:ce:67:b8:79:25:9a:da:2d:94:0c:f7:09:50:7b:1d:e2:12:
         f9:ea:85:03:41:9c:e5:ac:19:96:d1:0b:0b:88:52:33:6b:3f:
         e3:38:5c:04:29:58:98:b9:5d:9d:d3:50:02:e8:96:4d:0e:5b:
         13:55:7a:ba:65:20:48:b5:1d:47:4c:18:52:c8:74:02:c4:be:
         1a:f5:d2:2f:c6:1f:25:2d:9d:7d:03:5d:f7:df:75:74:85:80:
         c2:8e:f5:d6:f8:46:87:fa:7c:f6:b3:a4:0e:88:e5:03:4c:41:
         60:ff:98:0f:48:3f:29:d0:6c:46:1f:99:8f:3b:5f:3a:9b:b3:
         c8:90:5d:23:a6:d8:94:c5:ec:00:80:1b:b6:24:22:1c:4e:b4:
         10:7a:f3:ee:d0:5b:b3:b8:0a:18:2f:b7:8d:aa:45:f8:cb:9a:
         e1:6b:44:b6:16:b0:96:43:84:36:1f:f6:b4:5f:51:c3:d8:a1:
         43:22:f4:40:d3:a2:c3:5e:93:7d:4e:f5:71:a5:0f:a2:c8:9c:
         61:31:30:96:91:42:b3:ad:8f:9b:4f:99:c8:b8:6e:f7:6f:0d:
         cf:ac:9a:dc:e0:78:8e:cb:c2:aa:30:07:16:ff:92:20:97:b0:
         96:9f:40:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1jSa1WJwRuqvFX53uxhNA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNDA2MTQ1NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzRkYzE4ZmY3MWY1N2ExYWI2MzhhZTAyNjc5Y2E4NTJjZDVmZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAririvV20c4gCvyBQksMCpxg8ngy+
HPeLq0g2aq7N9EoqYsnhDzMGnxQ8rn8rV7Pro85naJU1qnXRiaeVJhn/dGHMxOKT
8SIAh8AHiRb5ATBSouJ0jEwLEcslBsioFS6xWMycRfu4iHcFDLkUtLZNJZFq6Yfl
HFQA1+4l6qf0OMrsM3mD0NTGMPVlWAOHLul95ZHYSqt37JUY90YmSa2iYfX94fnM
vtSbqmtbcq/V1z/5lO0eeHwWLCzJ2sotNDf7qQZZUu9RQ6Ux17xrsyn+0zYZBK1F
Qzs7gyOf/Ew87L0MASTK43CM2gcoCM+k8aXVPXMj4WV2aZFw1N44DG8wIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNNwY/3H1ehq2OK4CZ5yoUs1f4zMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvWTAzQmpfY2ZWNkdyWTRyZ0pubktoU3pWX2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuckfMA0G
CSqGSIb3DQEBCwUAA4IBAQAYGF0WlFGoEMkWrqkXvuZWSFO/zme4eSWa2i2UDPcJ
UHsd4hL56oUDQZzlrBmW0QsLiFIzaz/jOFwEKViYuV2d01AC6JZNDlsTVXq6ZSBI
tR1HTBhSyHQCxL4a9dIvxh8lLZ19A13333V0hYDCjvXW+EaH+nz2s6QOiOUDTEFg
/5gPSD8p0GxGH5mPO186m7PIkF0jptiUxewAgBu2JCIcTrQQevPu0FuzuAoYL7eN
qkX4y5rha0S2FrCWQ4Q2H/a0X1HD2KFDIvRA06LDXpN9TvVxpQ+iyJxhMTCWkUKz
rY+bT5nIuG73bw3PrJrc4HiOy8KqMAcW/5Igl7CWn0A8
-----END CERTIFICATE-----