Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/dc9309-ca08-418e-b518-1aa0166e37e4/1/1dTA6KlWl5sF4kQalZTPxUegVZE.roa
File:                     1dTA6KlWl5sF4kQalZTPxUegVZE.roa (raw, json)
Hash identifier:          rDk2rl5yPqtGgX9/dF9fWYCOXDGqIUWxZCuI1rSvVok=
Subject key identifier:   D5:D4:C0:E8:A9:56:97:9B:05:E2:44:1A:95:94:CF:C5:47:A0:55:91
Certificate issuer:       /CN=8b34f0f9275d980662afbb6cafffe4db9c9c9d47
Certificate serial:       019B7AC8897F930504440414AEFB1D8D926B
Authority key identifier: 8B:34:F0:F9:27:5D:98:06:62:AF:BB:6C:AF:FF:E4:DB:9C:9C:9D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izTw-SddmAZir7tsr__k25ycnUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/dc9309-ca08-418e-b518-1aa0166e37e4/1/1dTA6KlWl5sF4kQalZTPxUegVZE.roa
Signing time:             Thu 01 Jan 2026 18:18:41 +0000
ROA not before:           Thu 01 Jan 2026 18:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206758
IP address blocks:        185.150.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/dc9309-ca08-418e-b518-1aa0166e37e4/1/izTw-SddmAZir7tsr__k25ycnUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/dc9309-ca08-418e-b518-1aa0166e37e4/1/izTw-SddmAZir7tsr__k25ycnUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izTw-SddmAZir7tsr__k25ycnUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:89:7f:93:05:04:44:04:14:ae:fb:1d:8d:92:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b34f0f9275d980662afbb6cafffe4db9c9c9d47
        Validity
            Not Before: Jan  1 18:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5d4c0e8a956979b05e2441a9594cfc547a05591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:47:d6:7d:00:1d:75:1c:d2:3a:41:3e:32:30:
                    ba:50:f6:21:fd:21:83:c1:cb:3a:8f:16:e9:f2:ad:
                    1e:1d:68:b9:06:e8:07:54:2e:c3:01:20:d5:ac:5c:
                    95:45:35:fe:7f:94:46:70:dc:2a:13:a5:c7:8a:ab:
                    9b:7a:27:0b:b4:bf:e4:5d:1b:dc:b5:7a:4f:8a:da:
                    93:c6:36:c9:71:c1:5a:2d:03:73:9b:b1:1f:ee:78:
                    d3:6c:25:33:ab:f5:4b:aa:81:af:7c:52:c6:1e:be:
                    80:fb:45:d5:0b:dc:2c:1c:b3:16:5b:c6:49:60:8c:
                    84:0f:fe:f6:19:9e:6e:d6:f7:2e:6f:d0:cd:d6:8f:
                    17:e4:23:a3:84:cd:b2:82:09:50:0f:30:3d:94:d4:
                    d1:68:a3:1b:53:af:28:fe:8a:08:56:7f:f0:29:d9:
                    8d:f6:c6:fd:62:46:90:99:d7:4b:95:ef:48:94:c4:
                    aa:ba:d3:ad:62:5c:e3:fd:5a:a1:14:cb:42:44:50:
                    4c:51:fc:82:c9:1e:3f:0c:d1:fa:9e:21:22:28:ad:
                    e5:ec:a9:8d:7e:94:6c:02:d8:a3:5a:c1:27:0d:9b:
                    e0:a8:ba:ad:51:a4:fd:21:76:e4:cf:f1:8d:01:b9:
                    b4:f3:9b:a1:09:3f:97:f3:0c:64:4f:1a:e7:61:c3:
                    02:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:D4:C0:E8:A9:56:97:9B:05:E2:44:1A:95:94:CF:C5:47:A0:55:91
            X509v3 Authority Key Identifier:
                keyid:8B:34:F0:F9:27:5D:98:06:62:AF:BB:6C:AF:FF:E4:DB:9C:9C:9D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izTw-SddmAZir7tsr__k25ycnUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/dc9309-ca08-418e-b518-1aa0166e37e4/1/1dTA6KlWl5sF4kQalZTPxUegVZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/dc9309-ca08-418e-b518-1aa0166e37e4/1/izTw-SddmAZir7tsr__k25ycnUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:9f:6e:ab:5f:2a:38:e7:59:7b:22:9d:6d:c2:10:0a:f4:6c:
         c4:68:61:9e:f4:17:6c:02:f4:7b:c7:da:b9:b9:27:eb:03:de:
         66:8c:cb:22:ba:3e:64:c2:e4:a8:ac:e9:9c:23:3c:47:5d:56:
         e3:25:31:1e:1b:d3:ce:95:a1:24:3e:69:19:f3:e4:25:78:05:
         f6:fa:58:57:73:33:1e:1b:f2:ca:b1:a6:b0:ab:d7:72:31:8a:
         e9:e5:2f:71:3c:7b:9c:60:5b:20:e2:b7:80:da:90:87:18:ee:
         d2:c6:b5:ab:e9:8f:65:08:75:9f:98:4e:f3:99:56:70:4e:78:
         76:19:6f:0e:ec:89:01:d1:f9:cb:7e:78:38:59:13:33:45:f6:
         96:07:0d:51:ee:87:b3:a3:ea:10:7a:85:ac:8f:69:c3:4b:bc:
         c6:67:24:31:76:80:09:bf:f2:f1:9e:3c:cb:e8:01:8d:22:20:
         9f:7e:6b:67:f9:cc:a7:e8:7f:6a:29:59:5e:0f:79:aa:92:67:
         85:8d:f4:aa:c8:ec:36:89:f8:ee:cd:c6:81:9c:b2:dd:62:5d:
         df:c7:9d:48:1c:3a:89:09:d1:4e:aa:df:71:ee:45:08:6e:3c:
         b7:21:72:95:c0:2f:1c:55:40:e2:da:c1:d8:bf:ef:11:f2:3c:
         cf:24:d3:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yIl/kwUERAQUrvsdjZJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzRmMGY5Mjc1ZDk4MDY2MmFmYmI2Y2FmZmZlNGRiOWM5
YzlkNDcwHhcNMjYwMTAxMTgxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWQ0YzBlOGE5NTY5NzliMDVlMjQ0MWE5NTk0Y2ZjNTQ3YTA1NTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kfWfQAddRzSOkE+MjC6UPYh/SGD
wcs6jxbp8q0eHWi5BugHVC7DASDVrFyVRTX+f5RGcNwqE6XHiqubeicLtL/kXRvc
tXpPitqTxjbJccFaLQNzm7Ef7njTbCUzq/VLqoGvfFLGHr6A+0XVC9wsHLMWW8ZJ
YIyED/72GZ5u1vcub9DN1o8X5COjhM2ygglQDzA9lNTRaKMbU68o/ooIVn/wKdmN
9sb9YkaQmddLle9IlMSqutOtYlzj/VqhFMtCRFBMUfyCyR4/DNH6niEiKK3l7KmN
fpRsAtijWsEnDZvgqLqtUaT9IXbkz/GNAbm085uhCT+X8wxkTxrnYcMCbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXUwOipVpebBeJEGpWUz8VHoFWRMB8GA1UdIwQY
MBaAFIs08PknXZgGYq+7bK//5NucnJ1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpUdy1TZGRtQVppcjd0c3JfX2syNXljblVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9kYzkzMDktY2EwOC00MThlLWI1MTgt
MWFhMDE2NmUzN2U0LzEvMWRUQTZLbFdsNXNGNGtRYWxaVFB4VWVnVlpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9kYzkzMDktY2EwOC00MThlLWI1MTgtMWFhMDE2NmUzN2U0
LzEvaXpUdy1TZGRtQVppcjd0c3JfX2syNXljblVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZbsMA0G
CSqGSIb3DQEBCwUAA4IBAQB9n26rXyo451l7Ip1twhAK9GzEaGGe9BdsAvR7x9q5
uSfrA95mjMsiuj5kwuSorOmcIzxHXVbjJTEeG9POlaEkPmkZ8+QleAX2+lhXczMe
G/LKsaawq9dyMYrp5S9xPHucYFsg4reA2pCHGO7SxrWr6Y9lCHWfmE7zmVZwTnh2
GW8O7IkB0fnLfng4WRMzRfaWBw1R7oezo+oQeoWsj2nDS7zGZyQxdoAJv/LxnjzL
6AGNIiCffmtn+cyn6H9qKVleD3mqkmeFjfSqyOw2ifjuzcaBnLLdYl3fx51IHDqJ
CdFOqt9x7kUIbjy3IXKVwC8cVUDi2sHYv+8R8jzPJNPz
-----END CERTIFICATE-----