Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/2KBWkcPFqkYA0kPvVy34YeHDaAc.roa
File:                     2KBWkcPFqkYA0kPvVy34YeHDaAc.roa (raw, json)
Hash identifier:          TZpzJmLu+Le01MBZkjnMNOjVGVfhPGdBwTzFj1GAQXw=
Subject key identifier:   D8:A0:56:91:C3:C5:AA:46:00:D2:43:EF:57:2D:F8:61:E1:C3:68:07
Certificate issuer:       /CN=fa0896cf1823c74bfcb7d623e2c438787b9f167b
Certificate serial:       019B7B35D89A165BF6056E2B6A94F2048B95
Authority key identifier: FA:08:96:CF:18:23:C7:4B:FC:B7:D6:23:E2:C4:38:78:7B:9F:16:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-giWzxgjx0v8t9Yj4sQ4eHufFns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/2KBWkcPFqkYA0kPvVy34YeHDaAc.roa
Signing time:             Thu 01 Jan 2026 20:18:04 +0000
ROA not before:           Thu 01 Jan 2026 20:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31350
IP address blocks:        193.151.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/1-giWzxgjx0v8t9Yj4sQ4eHufFns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/1-giWzxgjx0v8t9Yj4sQ4eHufFns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-giWzxgjx0v8t9Yj4sQ4eHufFns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:d8:9a:16:5b:f6:05:6e:2b:6a:94:f2:04:8b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa0896cf1823c74bfcb7d623e2c438787b9f167b
        Validity
            Not Before: Jan  1 20:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8a05691c3c5aa4600d243ef572df861e1c36807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f0:69:a5:be:b1:ae:c9:ab:92:38:94:d9:4a:
                    1d:96:99:79:9d:8b:69:b3:93:7a:09:a3:18:8b:d0:
                    38:30:ef:84:5b:a8:93:2e:08:5e:c8:e3:34:3b:44:
                    70:f5:ad:98:82:ed:0c:e3:ae:1f:29:ae:ab:c0:4a:
                    e3:4d:47:49:4a:44:35:b1:3d:7a:b4:02:de:b7:50:
                    37:58:9a:44:53:a7:18:59:01:a1:f0:4b:dd:9f:32:
                    50:a5:d6:fd:25:fb:dd:ec:a9:41:32:ab:e7:9d:7b:
                    89:03:a0:fa:c8:29:f9:c4:e1:be:af:78:52:22:d7:
                    0d:fb:53:f3:6e:f4:b4:b8:56:f8:51:e8:41:22:b1:
                    78:eb:5b:ff:75:aa:c0:77:65:fa:80:4d:40:0e:b7:
                    dd:16:37:4e:a4:13:8e:7f:92:ca:17:01:1c:cb:7a:
                    6f:c8:8a:00:09:bd:7c:c1:18:d0:2a:7e:82:9b:30:
                    72:f6:c8:76:56:d6:be:e3:f3:68:06:b9:ec:a3:5f:
                    49:bc:45:80:04:4f:5d:e6:2f:53:15:7e:8e:3a:fe:
                    24:00:db:6f:68:3a:15:46:86:79:97:8a:9b:3e:0a:
                    c6:70:ec:a6:82:23:02:64:b5:f1:74:7f:e1:c8:b9:
                    04:2e:8a:47:6f:c9:4a:be:f6:48:a2:38:f6:eb:dd:
                    b1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A0:56:91:C3:C5:AA:46:00:D2:43:EF:57:2D:F8:61:E1:C3:68:07
            X509v3 Authority Key Identifier:
                keyid:FA:08:96:CF:18:23:C7:4B:FC:B7:D6:23:E2:C4:38:78:7B:9F:16:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-giWzxgjx0v8t9Yj4sQ4eHufFns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/2KBWkcPFqkYA0kPvVy34YeHDaAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/1-giWzxgjx0v8t9Yj4sQ4eHufFns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:e5:4b:7f:44:84:90:34:48:5e:dc:58:fb:7e:01:08:8e:83:
         d4:77:94:20:cb:8a:41:06:46:e9:5f:31:9e:bf:a6:66:1a:8c:
         34:e1:95:bc:5c:c6:c3:da:56:db:7a:ec:ae:e6:64:a1:d3:66:
         6b:4c:a8:c1:c3:d1:71:5a:6d:05:6b:79:10:ce:11:f0:a5:68:
         91:0d:b5:cc:20:52:7e:1f:5c:3c:41:9e:cf:02:0d:cd:ad:d1:
         84:94:07:ee:43:f9:79:a3:52:3b:9f:e1:59:58:ea:a8:d7:11:
         59:61:01:db:b8:62:a0:a0:05:ba:33:69:f4:3b:39:6c:1a:27:
         c0:ec:d6:3f:49:01:66:a9:a0:d0:68:69:85:49:ae:fa:df:5e:
         15:3d:e3:53:e5:18:49:cb:88:13:1e:54:d3:4c:31:26:bc:9e:
         d3:8a:b7:2d:72:05:8a:3e:e2:58:45:14:46:4b:af:d3:c7:c6:
         5f:9f:e0:ae:cc:3c:b2:4f:53:90:be:90:b9:7b:2e:a0:0d:5a:
         f8:e9:fa:b1:54:ea:bc:19:f6:a5:c5:7b:94:14:b3:bb:01:1d:
         5a:2e:85:0c:41:33:03:62:88:fd:de:44:7d:f3:5a:16:8d:8e:
         aa:2f:07:13:93:2e:ea:54:aa:2f:89:de:56:7c:fc:bd:78:43:
         e8:11:56:42
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt7NdiaFlv2BW4rapTyBIuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMDg5NmNmMTgyM2M3NGJmY2I3ZDYyM2UyYzQzODc4N2I5
ZjE2N2IwHhcNMjYwMTAxMjAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGEwNTY5MWMzYzVhYTQ2MDBkMjQzZWY1NzJkZjg2MWUxYzM2ODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/Bppb6xrsmrkjiU2Uodlpl5nYtp
s5N6CaMYi9A4MO+EW6iTLgheyOM0O0Rw9a2Ygu0M464fKa6rwErjTUdJSkQ1sT16
tALet1A3WJpEU6cYWQGh8EvdnzJQpdb9Jfvd7KlBMqvnnXuJA6D6yCn5xOG+r3hS
ItcN+1PzbvS0uFb4UehBIrF461v/darAd2X6gE1ADrfdFjdOpBOOf5LKFwEcy3pv
yIoACb18wRjQKn6CmzBy9sh2Vta+4/NoBrnso19JvEWABE9d5i9TFX6OOv4kANtv
aDoVRoZ5l4qbPgrGcOymgiMCZLXxdH/hyLkELopHb8lKvvZIojj2692xXwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNigVpHDxapGANJD71ct+GHhw2gHMB8GA1UdIwQY
MBaAFPoIls8YI8dL/LfWI+LEOHh7nxZ7MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1naVd6eGdqeDB2OHQ5WWo0c1E0ZUh1ZkZucy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkvYTI3NjIwLWQzMmQtNGU5OC1hZWM0
LWJmNmE5N2E1NmYxMC8xLzJLQldrY1BGcWtZQTBrUHZWeTM0WWVIRGFBYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzkvYTI3NjIwLWQzMmQtNGU5OC1hZWM0LWJmNmE5N2E1NmYx
MC8xLzEtZ2lXenhnangwdjh0OVlqNHNRNGVIdWZGbnMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALBlzgw
DQYJKoZIhvcNAQELBQADggEBAEPlS39EhJA0SF7cWPt+AQiOg9R3lCDLikEGRulf
MZ6/pmYajDThlbxcxsPaVtt67K7mZKHTZmtMqMHD0XFabQVreRDOEfClaJENtcwg
Un4fXDxBns8CDc2t0YSUB+5D+XmjUjuf4VlY6qjXEVlhAdu4YqCgBbozafQ7OWwa
J8Ds1j9JAWapoNBoaYVJrvrfXhU941PlGEnLiBMeVNNMMSa8ntOKty1yBYo+4lhF
FEZLr9PHxl+f4K7MPLJPU5C+kLl7LqANWvjp+rFU6rwZ9qXFe5QUs7sBHVouhQxB
MwNiiP3eRH3zWhaNjqovBxOTLupUqi+J3lZ8/L14Q+gRVkI=
-----END CERTIFICATE-----