Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/23kWo8WKu4VcVOYS6UAti6dc2wQ.roa
File:                     23kWo8WKu4VcVOYS6UAti6dc2wQ.roa (raw, json)
Hash identifier:          RwlIBrzmFIZAZi0sEllzV9DHFTRSKDs5dj1Vung5ip4=
Subject key identifier:   DB:79:16:A3:C5:8A:BB:85:5C:54:E6:12:E9:40:2D:8B:A7:5C:DB:04
Certificate issuer:       /CN=fd1196d98decd38eb03f5f06b48e556c74f231f4
Certificate serial:       019D7131297DA02683142E00BB9580A3F9BC
Authority key identifier: FD:11:96:D9:8D:EC:D3:8E:B0:3F:5F:06:B4:8E:55:6C:74:F2:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_RGW2Y3s046wP18GtI5VbHTyMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/23kWo8WKu4VcVOYS6UAti6dc2wQ.roa
Signing time:             Thu 09 Apr 2026 07:42:20 +0000
ROA not before:           Thu 09 Apr 2026 07:42:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202339
IP address blocks:        185.47.96.0/22 maxlen: 22
                          2a04:a580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/_RGW2Y3s046wP18GtI5VbHTyMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/_RGW2Y3s046wP18GtI5VbHTyMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_RGW2Y3s046wP18GtI5VbHTyMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:31:29:7d:a0:26:83:14:2e:00:bb:95:80:a3:f9:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd1196d98decd38eb03f5f06b48e556c74f231f4
        Validity
            Not Before: Apr  9 07:42:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db7916a3c58abb855c54e612e9402d8ba75cdb04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:24:fc:ac:7b:a6:4c:57:2d:72:1a:20:5d:a7:
                    1d:7c:77:85:0f:35:63:56:1a:eb:91:a9:b7:e7:18:
                    a8:1f:8e:8f:b8:3b:01:b4:d7:f3:fd:4b:70:aa:cf:
                    e9:d3:22:13:44:71:45:3f:ac:93:5d:95:da:4b:81:
                    fc:28:14:52:29:14:b2:69:c1:41:01:3c:56:f3:e8:
                    8d:a5:6c:8b:87:1f:94:8c:5c:ed:69:8f:98:09:98:
                    ca:95:5e:cc:9b:b1:c2:41:db:6c:d3:ec:54:64:46:
                    ed:2a:c6:26:eb:16:72:af:ea:67:d5:8a:9a:15:5d:
                    e7:f5:9b:9a:db:79:13:31:a5:bf:42:54:a6:12:7c:
                    fc:ec:ab:21:97:b2:55:0e:ce:0b:fe:45:50:10:29:
                    42:24:00:32:0c:7c:ed:c1:84:a8:dd:0d:3a:d7:a2:
                    6a:61:c7:b0:5d:94:f6:fb:45:25:aa:be:2b:6c:7b:
                    40:8c:3a:d4:c6:6d:5c:07:2f:5b:ff:bc:48:13:0a:
                    de:0d:9a:b4:0f:17:43:00:6a:e2:34:26:45:4d:ad:
                    76:f9:7e:c5:cf:6c:37:86:21:f8:bd:6d:28:95:00:
                    3c:5f:f4:bf:1d:01:d7:29:a2:e5:09:9d:2b:86:e4:
                    f5:43:4e:55:d2:c7:8c:8a:cf:45:ef:ee:21:92:7d:
                    93:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:79:16:A3:C5:8A:BB:85:5C:54:E6:12:E9:40:2D:8B:A7:5C:DB:04
            X509v3 Authority Key Identifier:
                keyid:FD:11:96:D9:8D:EC:D3:8E:B0:3F:5F:06:B4:8E:55:6C:74:F2:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_RGW2Y3s046wP18GtI5VbHTyMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/23kWo8WKu4VcVOYS6UAti6dc2wQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/_RGW2Y3s046wP18GtI5VbHTyMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.96.0/22
                IPv6:
                  2a04:a580::/29

    Signature Algorithm: sha256WithRSAEncryption
         a8:6d:7e:57:a1:d1:9e:09:24:56:16:75:cd:ba:12:5a:f0:4e:
         95:37:67:de:c5:16:e5:3c:f3:d9:3a:49:77:e7:2a:ff:c1:57:
         fe:ee:e7:90:0b:99:ce:be:5b:5c:78:ef:31:03:89:53:f9:47:
         4c:b6:7b:82:46:a9:40:d7:6e:2d:fd:c3:af:9a:69:02:67:a3:
         60:3f:a6:0f:88:5b:a4:3c:c8:d7:c7:a4:1f:72:6d:ea:36:a2:
         e0:5e:36:87:d1:5a:d1:7c:d8:99:21:49:dd:f2:d9:45:d5:e4:
         bd:68:13:5a:a4:f7:2d:5d:62:9d:fd:03:fe:40:e9:b1:29:76:
         f3:0a:71:04:b4:1c:4e:d5:aa:f9:ac:b5:12:4a:ed:41:4c:45:
         d4:c9:75:0d:a5:1f:73:8f:53:02:e7:a2:f5:bf:49:3f:cb:0c:
         91:bb:e0:a4:66:d1:c8:fe:76:73:dc:84:3a:ed:03:6b:06:03:
         2b:fa:40:c4:2d:47:80:83:98:e5:e4:70:b6:a4:4b:68:c2:bc:
         b1:0d:0f:a0:0b:e8:4c:e7:e7:84:7a:2e:fd:63:c4:a6:33:c6:
         42:50:aa:79:20:fc:7b:a7:16:32:70:66:e0:2c:b0:41:db:27:
         97:30:5d:06:b9:dd:02:02:1d:40:38:b1:52:40:2e:4f:12:96:
         ac:c8:c7:ff
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ1xMSl9oCaDFC4Au5WAo/m8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMTE5NmQ5OGRlY2QzOGViMDNmNWYwNmI0OGU1NTZjNzRm
MjMxZjQwHhcNMjYwNDA5MDc0MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjc5MTZhM2M1OGFiYjg1NWM1NGU2MTJlOTQwMmQ4YmE3NWNkYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsST8rHumTFctchogXacdfHeFDzVj
Vhrrkam35xioH46PuDsBtNfz/Utwqs/p0yITRHFFP6yTXZXaS4H8KBRSKRSyacFB
ATxW8+iNpWyLhx+UjFztaY+YCZjKlV7Mm7HCQdts0+xUZEbtKsYm6xZyr+pn1Yqa
FV3n9Zua23kTMaW/QlSmEnz87Kshl7JVDs4L/kVQEClCJAAyDHztwYSo3Q0616Jq
YcewXZT2+0Ulqr4rbHtAjDrUxm1cBy9b/7xIEwreDZq0DxdDAGriNCZFTa12+X7F
z2w3hiH4vW0olQA8X/S/HQHXKaLlCZ0rhuT1Q05V0seMis9F7+4hkn2T9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNt5FqPFiruFXFTmEulALYunXNsEMB8GA1UdIwQY
MBaAFP0RltmN7NOOsD9fBrSOVWx08jH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1JHVzJZM3MwNDZ3UDE4R3RJNVZiSFR5TWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS80ZDU2NjAtNTM2NC00NDU0LWE5YmUt
NGY4OTAyYmZlMTcyLzEvMjNrV284V0t1NFZjVk9ZUzZVQXRpNmRjMndRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS80ZDU2NjAtNTM2NC00NDU0LWE5YmUtNGY4OTAyYmZlMTcy
LzEvX1JHVzJZM3MwNDZ3UDE4R3RJNVZiSFR5TWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuS9gMA0E
AgACMAcDBQMqBKWAMA0GCSqGSIb3DQEBCwUAA4IBAQCobX5XodGeCSRWFnXNuhJa
8E6VN2fexRblPPPZOkl35yr/wVf+7ueQC5nOvltceO8xA4lT+UdMtnuCRqlA124t
/cOvmmkCZ6NgP6YPiFukPMjXx6Qfcm3qNqLgXjaH0VrRfNiZIUnd8tlF1eS9aBNa
pPctXWKd/QP+QOmxKXbzCnEEtBxO1ar5rLUSSu1BTEXUyXUNpR9zj1MC56L1v0k/
ywyRu+CkZtHI/nZz3IQ67QNrBgMr+kDELUeAg5jl5HC2pEtowryxDQ+gC+hM5+eE
ei79Y8SmM8ZCUKp5IPx7pxYycGbgLLBB2yeXMF0Gud0CAh1AOLFSQC5PEpasyMf/
-----END CERTIFICATE-----