Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/bbf75d-c1dd-44b0-a5e0-cdcc704b38a7/1/d4L-FfCJi-TRFfvJn9FVd3tN0HM.roa
File:                     d4L-FfCJi-TRFfvJn9FVd3tN0HM.roa (raw, json)
Hash identifier:          09s9hMCH6+vMJqB7Z4OsoUlNTmV4UB/7dD3lc0/pknA=
Subject key identifier:   77:82:FE:15:F0:89:8B:E4:D1:15:FB:C9:9F:D1:55:77:7B:4D:D0:73
Certificate issuer:       /CN=2d0c21cffa80b5a1e5cbd631930e7fc55fddfc48
Certificate serial:       019B7834D08C2D0BD88AF94344B95C590234
Authority key identifier: 2D:0C:21:CF:FA:80:B5:A1:E5:CB:D6:31:93:0E:7F:C5:5F:DD:FC:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LQwhz_qAtaHly9Yxkw5_xV_d_Eg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/bbf75d-c1dd-44b0-a5e0-cdcc704b38a7/1/d4L-FfCJi-TRFfvJn9FVd3tN0HM.roa
Signing time:             Thu 01 Jan 2026 06:18:05 +0000
ROA not before:           Thu 01 Jan 2026 06:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209587
IP address blocks:        185.236.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/bbf75d-c1dd-44b0-a5e0-cdcc704b38a7/1/LQwhz_qAtaHly9Yxkw5_xV_d_Eg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/bbf75d-c1dd-44b0-a5e0-cdcc704b38a7/1/LQwhz_qAtaHly9Yxkw5_xV_d_Eg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LQwhz_qAtaHly9Yxkw5_xV_d_Eg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:d0:8c:2d:0b:d8:8a:f9:43:44:b9:5c:59:02:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d0c21cffa80b5a1e5cbd631930e7fc55fddfc48
        Validity
            Not Before: Jan  1 06:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7782fe15f0898be4d115fbc99fd155777b4dd073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d0:c8:35:06:06:77:89:80:4d:81:c5:11:c8:
                    a7:8c:84:12:6b:c0:f0:c2:12:e8:74:81:41:c1:5d:
                    b5:b3:c3:0f:34:38:cb:bf:95:45:83:84:4b:be:f3:
                    1a:9a:d0:dc:2d:cf:24:89:e3:bf:0e:fd:f3:0c:ce:
                    ed:1b:56:be:31:43:56:df:b5:10:78:56:42:cb:b5:
                    af:c3:13:5b:8e:8b:3a:9a:77:5e:ea:37:2e:eb:d6:
                    ea:d2:09:d3:66:17:fb:03:03:0f:9e:19:cd:2c:b3:
                    64:e5:22:f4:dc:f1:6d:c5:22:c4:cf:22:25:71:4b:
                    89:4b:a0:34:51:96:07:c9:d3:6a:a2:f7:d6:3d:f0:
                    50:ad:79:14:4e:ac:a0:4d:85:38:19:57:3a:a9:f9:
                    08:1a:87:0c:e9:02:c3:19:4c:db:46:4a:be:1d:78:
                    00:fa:39:69:1c:f6:db:f7:a4:0b:73:a1:c5:b7:4c:
                    b6:af:9c:be:26:4d:34:08:7c:93:53:e5:2c:3c:81:
                    21:52:f6:63:a7:22:7c:bc:b5:7e:f8:28:7f:fc:e6:
                    58:12:20:5f:4d:df:87:f5:8b:d7:d3:90:3b:00:56:
                    a8:de:2f:93:18:7c:b1:43:30:79:07:dd:93:9d:83:
                    58:c2:b1:e8:11:c9:5a:3b:a5:55:d2:a1:81:d7:d7:
                    30:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:82:FE:15:F0:89:8B:E4:D1:15:FB:C9:9F:D1:55:77:7B:4D:D0:73
            X509v3 Authority Key Identifier:
                keyid:2D:0C:21:CF:FA:80:B5:A1:E5:CB:D6:31:93:0E:7F:C5:5F:DD:FC:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LQwhz_qAtaHly9Yxkw5_xV_d_Eg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/bbf75d-c1dd-44b0-a5e0-cdcc704b38a7/1/d4L-FfCJi-TRFfvJn9FVd3tN0HM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/bbf75d-c1dd-44b0-a5e0-cdcc704b38a7/1/LQwhz_qAtaHly9Yxkw5_xV_d_Eg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:ab:c3:1a:17:0c:82:09:1d:18:e6:c8:53:30:06:68:60:39:
         96:9c:dd:2b:3d:49:50:84:0d:00:3c:ca:bf:a9:4d:ea:d7:7c:
         28:1f:62:c8:19:c7:85:a9:42:e2:ae:45:96:c9:42:57:c9:0b:
         11:a9:a1:2f:89:53:cd:0c:88:e6:04:de:32:13:89:f5:1e:ca:
         7d:cd:89:e8:d9:58:00:19:63:39:9f:db:4e:89:bb:12:2f:db:
         cf:09:41:a5:33:7a:44:ac:df:56:35:ac:8a:ff:e5:ec:b4:17:
         81:d6:c0:d0:5c:21:6c:c7:e4:5d:5d:16:b8:24:46:ff:e5:11:
         a6:55:0e:f6:ef:f5:a1:36:0f:cc:d6:4a:ab:fd:8a:9a:4c:3a:
         8d:fa:a8:73:cd:52:79:cc:f8:ba:3c:da:7a:65:40:65:03:b4:
         8c:44:9d:9e:aa:9e:42:90:c4:0f:7a:be:f2:78:7e:a6:3d:77:
         64:45:5b:d2:3f:6b:ec:9f:9e:2b:b7:75:55:8f:84:6c:10:42:
         e0:1e:fa:66:23:11:dc:09:f8:b4:1f:ed:42:be:b1:3a:78:80:
         8d:a4:33:c6:e6:25:01:f4:1f:b1:ea:8e:7e:fa:93:5c:6d:ab:
         02:5d:9d:31:61:02:b9:71:9f:eb:c3:45:0a:bb:b3:66:60:19:
         37:08:d4:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NNCMLQvYivlDRLlcWQI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMGMyMWNmZmE4MGI1YTFlNWNiZDYzMTkzMGU3ZmM1NWZk
ZGZjNDgwHhcNMjYwMTAxMDYxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzgyZmUxNWYwODk4YmU0ZDExNWZiYzk5ZmQxNTU3NzdiNGRkMDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodDINQYGd4mATYHFEcinjIQSa8Dw
whLodIFBwV21s8MPNDjLv5VFg4RLvvMamtDcLc8kieO/Dv3zDM7tG1a+MUNW37UQ
eFZCy7WvwxNbjos6mnde6jcu69bq0gnTZhf7AwMPnhnNLLNk5SL03PFtxSLEzyIl
cUuJS6A0UZYHydNqovfWPfBQrXkUTqygTYU4GVc6qfkIGocM6QLDGUzbRkq+HXgA
+jlpHPbb96QLc6HFt0y2r5y+Jk00CHyTU+UsPIEhUvZjpyJ8vLV++Ch//OZYEiBf
Td+H9YvX05A7AFao3i+TGHyxQzB5B92TnYNYwrHoEclaO6VV0qGB19cw5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHeC/hXwiYvk0RX7yZ/RVXd7TdBzMB8GA1UdIwQY
MBaAFC0MIc/6gLWh5cvWMZMOf8Vf3fxIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFF3aHpfcUF0YUhseTlZeGt3NV94Vl9kX0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9iYmY3NWQtYzFkZC00NGIwLWE1ZTAt
Y2RjYzcwNGIzOGE3LzEvZDRMLUZmQ0ppLVRSRmZ2Sm45RlZkM3ROMEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9iYmY3NWQtYzFkZC00NGIwLWE1ZTAtY2RjYzcwNGIzOGE3
LzEvTFF3aHpfcUF0YUhseTlZeGt3NV94Vl9kX0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuewgMA0G
CSqGSIb3DQEBCwUAA4IBAQCsq8MaFwyCCR0Y5shTMAZoYDmWnN0rPUlQhA0APMq/
qU3q13woH2LIGceFqULirkWWyUJXyQsRqaEviVPNDIjmBN4yE4n1Hsp9zYno2VgA
GWM5n9tOibsSL9vPCUGlM3pErN9WNayK/+XstBeB1sDQXCFsx+RdXRa4JEb/5RGm
VQ727/WhNg/M1kqr/YqaTDqN+qhzzVJ5zPi6PNp6ZUBlA7SMRJ2eqp5CkMQPer7y
eH6mPXdkRVvSP2vsn54rt3VVj4RsEELgHvpmIxHcCfi0H+1CvrE6eICNpDPG5iUB
9B+x6o5++pNcbasCXZ0xYQK5cZ/rw0UKu7NmYBk3CNSe
-----END CERTIFICATE-----