Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/dcb70d-7947-4569-bc84-e060b4fcbccb/1/I2z_u1HFVyAFRP_JemBtGXPqUOM.roa
File:                     I2z_u1HFVyAFRP_JemBtGXPqUOM.roa (raw, json)
Hash identifier:          KjvN1hJG2Jo9AmvFDfqlBp8D6WjXOdoinz7mXh/U4ho=
Subject key identifier:   23:6C:FF:BB:51:C5:57:20:05:44:FF:C9:7A:60:6D:19:73:EA:50:E3
Certificate issuer:       /CN=dcbfb0048a8da556fd9d3df1077402f843f5d703
Certificate serial:       019D784A7A8D1C80FEC9DE4C146AB6D28188
Authority key identifier: DC:BF:B0:04:8A:8D:A5:56:FD:9D:3D:F1:07:74:02:F8:43:F5:D7:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3L-wBIqNpVb9nT3xB3QC-EP11wM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/dcb70d-7947-4569-bc84-e060b4fcbccb/1/I2z_u1HFVyAFRP_JemBtGXPqUOM.roa
Signing time:             Fri 10 Apr 2026 16:47:20 +0000
ROA not before:           Fri 10 Apr 2026 16:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32519
IP address blocks:        193.110.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/dcb70d-7947-4569-bc84-e060b4fcbccb/1/3L-wBIqNpVb9nT3xB3QC-EP11wM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/dcb70d-7947-4569-bc84-e060b4fcbccb/1/3L-wBIqNpVb9nT3xB3QC-EP11wM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3L-wBIqNpVb9nT3xB3QC-EP11wM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:4a:7a:8d:1c:80:fe:c9:de:4c:14:6a:b6:d2:81:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcbfb0048a8da556fd9d3df1077402f843f5d703
        Validity
            Not Before: Apr 10 16:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=236cffbb51c557200544ffc97a606d1973ea50e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7e:0d:20:e7:bd:ff:e5:f1:f7:29:28:54:3d:
                    58:e5:10:46:2a:0c:76:04:42:c1:d3:f8:64:6a:3e:
                    04:cd:6e:93:84:a7:19:0f:e2:17:a6:30:87:02:d8:
                    48:e8:3c:00:3f:e9:b8:b7:8a:2b:95:bd:19:67:fc:
                    be:22:6c:b1:b2:00:83:81:23:d2:37:82:3e:84:89:
                    90:b2:bb:09:b2:d4:21:47:09:5e:88:1d:86:19:78:
                    8a:5b:85:62:40:4f:c5:48:c6:12:2d:11:94:b4:af:
                    26:92:30:f3:37:16:f4:12:ab:6a:88:28:40:2b:49:
                    23:c9:4b:c1:71:58:e1:22:0e:2d:fa:0d:c3:dc:b5:
                    e9:0a:72:56:fc:23:a0:ef:92:07:3e:39:1e:39:84:
                    d6:80:bb:3f:4e:ed:c4:19:2e:f3:7e:2d:ee:4d:c7:
                    66:8e:b1:31:85:b7:47:a8:06:03:74:76:7f:2c:d5:
                    75:51:43:7d:10:73:56:87:49:a5:c0:9f:e2:af:3f:
                    a7:ee:b8:a8:99:5b:74:99:23:c1:9e:f8:96:fb:94:
                    72:44:08:6f:d1:4c:63:c1:f9:fb:aa:24:2c:89:f4:
                    fd:d4:66:33:cd:f4:2a:da:05:cb:21:c3:78:18:bb:
                    82:1c:85:71:98:c8:f3:2e:f6:4d:06:42:ec:62:74:
                    b4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:6C:FF:BB:51:C5:57:20:05:44:FF:C9:7A:60:6D:19:73:EA:50:E3
            X509v3 Authority Key Identifier:
                keyid:DC:BF:B0:04:8A:8D:A5:56:FD:9D:3D:F1:07:74:02:F8:43:F5:D7:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3L-wBIqNpVb9nT3xB3QC-EP11wM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/dcb70d-7947-4569-bc84-e060b4fcbccb/1/I2z_u1HFVyAFRP_JemBtGXPqUOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/dcb70d-7947-4569-bc84-e060b4fcbccb/1/3L-wBIqNpVb9nT3xB3QC-EP11wM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:8c:78:8a:c2:fb:12:6c:55:9d:ac:ac:23:c8:b3:ae:1c:04:
         2d:07:0c:fd:90:2f:7a:e1:3a:3c:28:a7:5f:7a:d6:4f:7e:db:
         2e:ba:71:77:5a:08:d4:37:29:66:87:a0:b1:38:21:1f:70:f7:
         ab:b4:6a:57:6a:8b:36:5d:ce:cf:14:30:06:63:37:c9:40:f6:
         4d:4f:b8:bf:4d:76:fd:04:6d:88:c4:07:b1:9a:8b:01:b1:47:
         17:c0:ac:92:92:00:59:67:f2:41:17:f8:a2:e1:7e:7a:bf:f2:
         c2:eb:92:a4:e4:39:0b:9e:0c:d3:94:f1:66:12:30:3b:08:ca:
         be:c8:dc:6a:90:e2:ac:94:5e:8d:f7:6a:a6:c5:fc:33:8c:ef:
         bc:d7:b9:72:50:43:86:bf:83:05:c3:b5:0e:97:e3:ce:e1:bf:
         04:ea:00:3f:fd:d1:46:b1:bd:88:71:24:dd:ab:c6:4c:4c:e8:
         87:e4:fc:f6:84:76:6f:11:f5:ef:9a:3a:2f:fe:fc:b3:bd:d1:
         4b:6d:57:38:fc:b2:d7:3a:02:12:4e:48:c2:6a:dd:9e:8b:c5:
         e6:b3:24:ec:e1:86:d2:66:ad:1e:c9:7c:0a:11:75:f0:a4:9c:
         51:ef:7e:56:32:ba:a8:cf:17:b3:86:c2:ae:e1:0f:4a:27:d0:
         fb:1b:60:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ14SnqNHID+yd5MFGq20oGIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYmZiMDA0OGE4ZGE1NTZmZDlkM2RmMTA3NzQwMmY4NDNm
NWQ3MDMwHhcNMjYwNDEwMTY0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzZjZmZiYjUxYzU1NzIwMDU0NGZmYzk3YTYwNmQxOTczZWE1MGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX4NIOe9/+Xx9ykoVD1Y5RBGKgx2
BELB0/hkaj4EzW6ThKcZD+IXpjCHAthI6DwAP+m4t4orlb0ZZ/y+ImyxsgCDgSPS
N4I+hImQsrsJstQhRwleiB2GGXiKW4ViQE/FSMYSLRGUtK8mkjDzNxb0EqtqiChA
K0kjyUvBcVjhIg4t+g3D3LXpCnJW/COg75IHPjkeOYTWgLs/Tu3EGS7zfi3uTcdm
jrExhbdHqAYDdHZ/LNV1UUN9EHNWh0mlwJ/irz+n7riomVt0mSPBnviW+5RyRAhv
0Uxjwfn7qiQsifT91GYzzfQq2gXLIcN4GLuCHIVxmMjzLvZNBkLsYnS0hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNs/7tRxVcgBUT/yXpgbRlz6lDjMB8GA1UdIwQY
MBaAFNy/sASKjaVW/Z098Qd0AvhD9dcDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0wtd0JJcU5wVmI5blQzeEIzUUMtRVAxMXdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9kY2I3MGQtNzk0Ny00NTY5LWJjODQt
ZTA2MGI0ZmNiY2NiLzEvSTJ6X3UxSEZWeUFGUlBfSmVtQnRHWFBxVU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9kY2I3MGQtNzk0Ny00NTY5LWJjODQtZTA2MGI0ZmNiY2Ni
LzEvM0wtd0JJcU5wVmI5blQzeEIzUUMtRVAxMXdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW7IMA0G
CSqGSIb3DQEBCwUAA4IBAQAnjHiKwvsSbFWdrKwjyLOuHAQtBwz9kC964To8KKdf
etZPftsuunF3WgjUNylmh6CxOCEfcPertGpXaos2Xc7PFDAGYzfJQPZNT7i/TXb9
BG2IxAexmosBsUcXwKySkgBZZ/JBF/ii4X56v/LC65Kk5DkLngzTlPFmEjA7CMq+
yNxqkOKslF6N92qmxfwzjO+817lyUEOGv4MFw7UOl+PO4b8E6gA//dFGsb2IcSTd
q8ZMTOiH5Pz2hHZvEfXvmjov/vyzvdFLbVc4/LLXOgISTkjCat2ei8XmsyTs4YbS
Zq0eyXwKEXXwpJxR735WMrqozxezhsKu4Q9KJ9D7G2C4
-----END CERTIFICATE-----