Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/c7acee-7749-4e36-a406-ea5bb4a5bb39/1/3LZwc8OKM3EnPozR_o9vjKEwYl4.roa
File:                     3LZwc8OKM3EnPozR_o9vjKEwYl4.roa (raw, json)
Hash identifier:          KE0t0Nmmyf8uv4xhoLCIW4XKb2yD36BrFw5OXJwqiWU=
Subject key identifier:   DC:B6:70:73:C3:8A:33:71:27:3E:8C:D1:FE:8F:6F:8C:A1:30:62:5E
Certificate issuer:       /CN=dbb351101aae91e3b2fcfb25feb03659ba85eca1
Certificate serial:       019D9196EAC20BB2DC06C2B4F29E6B423FEB
Authority key identifier: DB:B3:51:10:1A:AE:91:E3:B2:FC:FB:25:FE:B0:36:59:BA:85:EC:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27NREBqukeOy_Psl_rA2WbqF7KE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/c7acee-7749-4e36-a406-ea5bb4a5bb39/1/3LZwc8OKM3EnPozR_o9vjKEwYl4.roa
Signing time:             Wed 15 Apr 2026 14:41:20 +0000
ROA not before:           Wed 15 Apr 2026 14:41:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49833
IP address blocks:        185.131.76.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/c7acee-7749-4e36-a406-ea5bb4a5bb39/1/27NREBqukeOy_Psl_rA2WbqF7KE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/c7acee-7749-4e36-a406-ea5bb4a5bb39/1/27NREBqukeOy_Psl_rA2WbqF7KE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27NREBqukeOy_Psl_rA2WbqF7KE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:96:ea:c2:0b:b2:dc:06:c2:b4:f2:9e:6b:42:3f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb351101aae91e3b2fcfb25feb03659ba85eca1
        Validity
            Not Before: Apr 15 14:41:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dcb67073c38a3371273e8cd1fe8f6f8ca130625e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5c:7b:48:9d:a5:77:01:b1:c2:46:d8:73:fb:
                    10:cc:88:67:d0:38:26:d8:ab:82:1b:c2:72:38:3c:
                    8b:c1:87:9d:70:50:90:81:4a:1c:3d:d2:be:20:8c:
                    3f:aa:50:c9:8f:6d:c4:00:4c:19:09:a9:50:e5:33:
                    95:47:aa:91:a2:c9:f9:bf:a4:45:b1:1d:8d:32:e9:
                    5a:ba:f7:e5:91:ae:4b:ad:d6:ad:2e:10:c9:8b:0b:
                    ff:df:eb:e2:91:58:50:28:d7:f1:6a:09:be:ae:26:
                    0c:e9:42:5a:46:d2:94:f7:8c:30:40:21:82:a2:78:
                    c2:1a:08:57:4b:ab:9d:27:36:01:e7:3c:48:d9:e8:
                    57:0f:b7:c8:73:72:bb:b7:b5:3c:49:8f:ab:7f:90:
                    a0:1c:63:64:46:41:22:9a:e5:76:7d:2f:eb:a1:f3:
                    da:ac:b9:0e:95:ca:a2:a3:e1:76:87:a4:c8:22:d2:
                    bc:e4:ea:28:d6:bb:46:ed:5d:a2:83:ee:20:3b:4d:
                    45:62:88:b4:9e:e7:48:c8:45:b6:f8:f6:eb:51:9d:
                    36:5b:c4:1f:22:a7:c7:2a:00:00:19:2e:dc:7e:4b:
                    b3:1f:a2:4c:fe:91:91:f1:21:21:33:20:bd:a9:31:
                    78:27:31:17:62:29:e4:ac:98:b4:e9:74:3f:91:62:
                    1a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B6:70:73:C3:8A:33:71:27:3E:8C:D1:FE:8F:6F:8C:A1:30:62:5E
            X509v3 Authority Key Identifier:
                keyid:DB:B3:51:10:1A:AE:91:E3:B2:FC:FB:25:FE:B0:36:59:BA:85:EC:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27NREBqukeOy_Psl_rA2WbqF7KE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c7acee-7749-4e36-a406-ea5bb4a5bb39/1/3LZwc8OKM3EnPozR_o9vjKEwYl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c7acee-7749-4e36-a406-ea5bb4a5bb39/1/27NREBqukeOy_Psl_rA2WbqF7KE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:f1:d4:66:9f:a2:02:b4:57:45:02:6e:fa:15:fd:c6:21:8a:
         f0:9f:a0:9f:96:73:10:33:be:92:ab:e5:39:a4:c7:5a:fd:9e:
         4a:83:e9:91:63:c4:71:8a:2f:b6:e0:15:80:e4:3c:26:a7:e7:
         72:09:67:de:f1:5c:43:6a:9a:26:d5:72:27:c5:e3:5b:d4:14:
         ac:2a:43:57:2b:0c:f0:e2:88:2e:5c:64:1c:aa:39:51:e5:70:
         be:ed:63:28:37:15:14:29:aa:c8:76:82:fa:24:d5:1d:0f:e4:
         05:60:d0:db:b9:93:59:a5:09:fd:e2:7d:f8:2a:7c:24:dd:58:
         19:34:f9:66:7a:bf:41:36:4b:7d:c4:59:14:c9:1b:d1:34:e2:
         6c:61:ef:74:9d:dc:08:b0:93:c7:4c:3a:65:5b:1b:db:d3:e5:
         bd:4a:c8:8a:ac:46:8e:e4:a2:56:96:10:b6:62:f1:ba:ab:c4:
         fc:a2:08:41:84:ff:1d:27:28:c4:a1:bf:ac:f9:da:5d:b6:16:
         41:86:23:e9:ca:44:82:19:b5:ca:d3:01:d3:85:5d:fd:fe:27:
         90:ff:fe:c3:d6:cf:89:5d:70:53:08:38:f2:4b:36:62:c2:93:
         ef:52:be:07:cd:0c:9e:5f:e9:30:e1:d9:5c:fd:33:33:ca:b8:
         e7:56:b1:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2RlurCC7LcBsK08p5rQj/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM1MTEwMWFhZTkxZTNiMmZjZmIyNWZlYjAzNjU5YmE4
NWVjYTEwHhcNMjYwNDE1MTQ0MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2I2NzA3M2MzOGEzMzcxMjczZThjZDFmZThmNmY4Y2ExMzA2MjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVx7SJ2ldwGxwkbYc/sQzIhn0Dgm
2KuCG8JyODyLwYedcFCQgUocPdK+IIw/qlDJj23EAEwZCalQ5TOVR6qRosn5v6RF
sR2NMulauvflka5LrdatLhDJiwv/3+vikVhQKNfxagm+riYM6UJaRtKU94wwQCGC
onjCGghXS6udJzYB5zxI2ehXD7fIc3K7t7U8SY+rf5CgHGNkRkEimuV2fS/rofPa
rLkOlcqio+F2h6TIItK85Ooo1rtG7V2ig+4gO01FYoi0nudIyEW2+PbrUZ02W8Qf
IqfHKgAAGS7cfkuzH6JM/pGR8SEhMyC9qTF4JzEXYinkrJi06XQ/kWIaUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNy2cHPDijNxJz6M0f6Pb4yhMGJeMB8GA1UdIwQY
MBaAFNuzURAarpHjsvz7Jf6wNlm6heyhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdOUkVCcXVrZU95X1BzbF9yQTJXYnFGN0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jN2FjZWUtNzc0OS00ZTM2LWE0MDYt
ZWE1YmI0YTViYjM5LzEvM0xad2M4T0tNM0VuUG96Ul9vOXZqS0V3WWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jN2FjZWUtNzc0OS00ZTM2LWE0MDYtZWE1YmI0YTViYjM5
LzEvMjdOUkVCcXVrZU95X1BzbF9yQTJXYnFGN0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYNMMA0G
CSqGSIb3DQEBCwUAA4IBAQAN8dRmn6ICtFdFAm76Ff3GIYrwn6CflnMQM76Sq+U5
pMda/Z5Kg+mRY8Rxii+24BWA5Dwmp+dyCWfe8VxDapom1XInxeNb1BSsKkNXKwzw
4oguXGQcqjlR5XC+7WMoNxUUKarIdoL6JNUdD+QFYNDbuZNZpQn94n34Knwk3VgZ
NPlmer9BNkt9xFkUyRvRNOJsYe90ndwIsJPHTDplWxvb0+W9SsiKrEaO5KJWlhC2
YvG6q8T8oghBhP8dJyjEob+s+dpdthZBhiPpykSCGbXK0wHThV39/ieQ//7D1s+J
XXBTCDjySzZiwpPvUr4HzQyeX+kw4dlc/TMzyrjnVrEy
-----END CERTIFICATE-----