Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f1af29-7f09-4f9c-acd6-694d78b32d20/1/jBaDpEBDAYie4QVmG2idiVMicHU.roa
File:                     jBaDpEBDAYie4QVmG2idiVMicHU.roa (raw, json)
Hash identifier:          AeUtnpVbiCMHcgah37AQQSPjhAtuX6iYq8o2QCK3d6Q=
Subject key identifier:   8C:16:83:A4:40:43:01:88:9E:E1:05:66:1B:68:9D:89:53:22:70:75
Certificate issuer:       /CN=b1f713cf20552d6c5c23f09e7b37669846f9ca50
Certificate serial:       019D3E2E08E69B20FB5D5CF617CC11B9DCBD
Authority key identifier: B1:F7:13:CF:20:55:2D:6C:5C:23:F0:9E:7B:37:66:98:46:F9:CA:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sfcTzyBVLWxcI_CeezdmmEb5ylA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f1af29-7f09-4f9c-acd6-694d78b32d20/1/jBaDpEBDAYie4QVmG2idiVMicHU.roa
Signing time:             Mon 30 Mar 2026 09:58:17 +0000
ROA not before:           Mon 30 Mar 2026 09:58:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9031
IP address blocks:        31.31.128.0/19 maxlen: 24
                          185.195.28.0/22 maxlen: 24
                          2a11:bfc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f1af29-7f09-4f9c-acd6-694d78b32d20/1/sfcTzyBVLWxcI_CeezdmmEb5ylA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f1af29-7f09-4f9c-acd6-694d78b32d20/1/sfcTzyBVLWxcI_CeezdmmEb5ylA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sfcTzyBVLWxcI_CeezdmmEb5ylA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:2e:08:e6:9b:20:fb:5d:5c:f6:17:cc:11:b9:dc:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1f713cf20552d6c5c23f09e7b37669846f9ca50
        Validity
            Not Before: Mar 30 09:58:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c1683a4404301889ee105661b689d8953227075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2a:7b:76:d2:e0:b6:77:90:73:ab:75:7d:58:
                    66:68:1e:73:38:46:fe:cb:0a:ba:0f:ff:3b:45:14:
                    0c:a6:6a:f7:4b:e5:2d:bb:37:b8:98:23:0c:cc:18:
                    b9:16:a8:1c:6d:0b:e7:10:b6:03:b8:8f:2a:81:f1:
                    fa:f0:13:a8:08:9e:6a:c9:e0:26:c3:6e:5d:7a:1d:
                    3b:a1:62:e1:db:36:18:df:7e:e1:50:30:df:db:27:
                    ff:19:88:c4:3f:5d:67:e2:57:d8:aa:7b:ae:fc:b4:
                    3c:e2:1f:f4:7c:7c:a5:d9:c0:9f:ce:a8:b9:26:37:
                    f2:33:5a:04:92:64:1d:04:91:10:34:f6:0f:55:88:
                    33:3d:c5:d5:55:aa:09:8a:8f:90:50:7d:86:e5:55:
                    5c:82:c9:0d:28:49:fb:32:6b:db:4c:16:67:e4:5b:
                    82:dd:e9:56:1e:8a:47:b1:7f:68:36:8b:2c:32:60:
                    ee:a7:a2:d0:07:46:71:64:1c:9f:45:b9:df:d8:88:
                    d7:9e:b8:ca:2b:d6:cb:6c:a0:f5:83:e2:3d:ce:d4:
                    75:ff:a3:73:1a:34:67:35:c6:45:1e:06:d6:c0:8f:
                    67:c7:e9:d0:40:6e:ab:54:13:84:dc:f4:69:4f:03:
                    d5:cb:64:39:a3:ac:9e:d3:2d:33:d2:ad:57:c9:f6:
                    1a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:16:83:A4:40:43:01:88:9E:E1:05:66:1B:68:9D:89:53:22:70:75
            X509v3 Authority Key Identifier:
                keyid:B1:F7:13:CF:20:55:2D:6C:5C:23:F0:9E:7B:37:66:98:46:F9:CA:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sfcTzyBVLWxcI_CeezdmmEb5ylA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f1af29-7f09-4f9c-acd6-694d78b32d20/1/jBaDpEBDAYie4QVmG2idiVMicHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f1af29-7f09-4f9c-acd6-694d78b32d20/1/sfcTzyBVLWxcI_CeezdmmEb5ylA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.31.128.0/19
                  185.195.28.0/22
                IPv6:
                  2a11:bfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:b0:6e:2e:bb:28:9d:80:ae:4d:f8:04:fd:74:09:79:af:aa:
         13:d8:cd:c0:0d:23:2d:dd:aa:f6:29:f3:e2:5b:c1:18:4b:0a:
         6c:c9:13:bc:be:c3:0a:ca:f4:0a:dd:04:62:c4:c6:cd:4e:46:
         48:e4:a9:2b:b2:98:21:f9:72:3b:ef:d0:68:d0:75:2e:40:e6:
         c4:26:c1:52:cc:f0:1d:8c:0a:e1:76:97:65:14:8c:43:cb:17:
         8d:86:4c:90:f7:64:ca:a1:48:f8:14:46:1f:1b:91:fa:a3:d2:
         fc:a7:1b:9c:cd:66:36:f1:a1:c0:93:34:0f:5c:e1:77:e1:8d:
         9e:4f:34:fc:65:81:60:8b:16:72:64:c6:ba:9e:21:8f:bc:19:
         b0:23:63:79:ca:16:ae:76:7b:9e:ac:b6:22:fd:3d:02:82:b1:
         1b:da:32:ca:43:40:d8:e5:77:97:62:0b:90:1b:b5:67:07:f1:
         82:d0:0f:2f:21:63:b5:75:3e:4a:b1:f1:fe:73:3e:d5:93:d6:
         7a:70:00:86:27:11:2f:60:25:52:38:c4:b3:c7:03:8d:66:75:
         9c:d4:9a:e7:29:7a:00:cf:17:a2:17:a4:bd:df:fb:07:8e:e7:
         c3:d7:f2:20:3e:d2:5d:10:8e:5a:1f:31:7e:ad:57:5a:a0:b6:
         4b:a3:e5:9d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ0+LgjmmyD7XVz2F8wRudy9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZjcxM2NmMjA1NTJkNmM1YzIzZjA5ZTdiMzc2Njk4NDZm
OWNhNTAwHhcNMjYwMzMwMDk1ODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzE2ODNhNDQwNDMwMTg4OWVlMTA1NjYxYjY4OWQ4OTUzMjI3MDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyp7dtLgtneQc6t1fVhmaB5zOEb+
ywq6D/87RRQMpmr3S+Utuze4mCMMzBi5FqgcbQvnELYDuI8qgfH68BOoCJ5qyeAm
w25deh07oWLh2zYY337hUDDf2yf/GYjEP11n4lfYqnuu/LQ84h/0fHyl2cCfzqi5
JjfyM1oEkmQdBJEQNPYPVYgzPcXVVaoJio+QUH2G5VVcgskNKEn7MmvbTBZn5FuC
3elWHopHsX9oNossMmDup6LQB0ZxZByfRbnf2IjXnrjKK9bLbKD1g+I9ztR1/6Nz
GjRnNcZFHgbWwI9nx+nQQG6rVBOE3PRpTwPVy2Q5o6ye0y0z0q1XyfYayQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIwWg6RAQwGInuEFZhtonYlTInB1MB8GA1UdIwQY
MBaAFLH3E88gVS1sXCPwnns3ZphG+cpQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2ZjVHp5QlZMV3hjSV9DZWV6ZG1tRWI1eWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mMWFmMjktN2YwOS00ZjljLWFjZDYt
Njk0ZDc4YjMyZDIwLzEvakJhRHBFQkRBWWllNFFWbUcyaWRpVk1pY0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mMWFmMjktN2YwOS00ZjljLWFjZDYtNjk0ZDc4YjMyZDIw
LzEvc2ZjVHp5QlZMV3hjSV9DZWV6ZG1tRWI1eWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFHx+AAwQC
ucMcMA0EAgACMAcDBQMqEb/AMA0GCSqGSIb3DQEBCwUAA4IBAQBSsG4uuyidgK5N
+AT9dAl5r6oT2M3ADSMt3ar2KfPiW8EYSwpsyRO8vsMKyvQK3QRixMbNTkZI5Kkr
spgh+XI779Bo0HUuQObEJsFSzPAdjArhdpdlFIxDyxeNhkyQ92TKoUj4FEYfG5H6
o9L8pxuczWY28aHAkzQPXOF34Y2eTzT8ZYFgixZyZMa6niGPvBmwI2N5yhaudnue
rLYi/T0CgrEb2jLKQ0DY5XeXYguQG7VnB/GC0A8vIWO1dT5KsfH+cz7Vk9Z6cACG
JxEvYCVSOMSzxwONZnWc1JrnKXoAzxeiF6S93/sHjufD1/IgPtJdEI5aHzF+rVda
oLZLo+Wd
-----END CERTIFICATE-----