Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/saKUd1nXbIug4fGWqb0fMv0LqfE.roa
File:                     saKUd1nXbIug4fGWqb0fMv0LqfE.roa (raw, json)
Hash identifier:          UTNxxWMancSqCn9jNpepiP9P3sBxTQaMyddSyFTQ6ag=
Subject key identifier:   B1:A2:94:77:59:D7:6C:8B:A0:E1:F1:96:A9:BD:1F:32:FD:0B:A9:F1
Certificate issuer:       /CN=4f412cd26994faf609bdad4e35d576c2cae46555
Certificate serial:       019B790FF7C13B90008CB7DC44E96146875D
Authority key identifier: 4F:41:2C:D2:69:94:FA:F6:09:BD:AD:4E:35:D5:76:C2:CA:E4:65:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0Es0mmU-vYJva1ONdV2wsrkZVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/saKUd1nXbIug4fGWqb0fMv0LqfE.roa
Signing time:             Thu 01 Jan 2026 10:17:28 +0000
ROA not before:           Thu 01 Jan 2026 10:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201688
IP address blocks:        185.67.32.0/22 maxlen: 24
                          2a03:23e0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/T0Es0mmU-vYJva1ONdV2wsrkZVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/T0Es0mmU-vYJva1ONdV2wsrkZVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0Es0mmU-vYJva1ONdV2wsrkZVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:0f:f7:c1:3b:90:00:8c:b7:dc:44:e9:61:46:87:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f412cd26994faf609bdad4e35d576c2cae46555
        Validity
            Not Before: Jan  1 10:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1a2947759d76c8ba0e1f196a9bd1f32fd0ba9f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:79:9a:19:42:b5:b9:fa:7a:36:71:7a:ec:b6:
                    8b:65:cd:e3:b4:97:49:01:39:8c:58:87:61:2c:f0:
                    07:23:df:6b:8c:f1:74:6d:31:9b:4b:f3:de:8b:ee:
                    8a:a0:33:2d:f2:15:65:b6:3e:0f:3e:17:c6:b1:77:
                    8b:bd:d2:20:e7:f1:43:b7:79:88:0a:de:59:25:74:
                    38:6a:57:93:8f:f5:23:a7:54:5d:55:b8:02:41:3e:
                    c1:4c:c1:36:b3:e8:5b:1e:e2:05:2b:1a:fe:ad:6e:
                    a1:62:62:b8:9d:bc:77:be:90:10:00:34:d7:08:b3:
                    c9:92:ef:d6:71:d4:33:bc:2b:ec:41:01:4e:64:34:
                    6e:79:61:f6:0c:a0:dc:1a:9f:92:d0:bb:b8:93:e8:
                    9d:ef:a0:6c:66:7a:a9:5f:49:cc:0e:9e:b1:07:73:
                    a9:a3:34:f3:0f:07:37:05:fd:09:91:a4:55:d8:95:
                    df:66:da:95:99:c8:0e:5c:36:9c:6c:6e:c4:87:6a:
                    40:50:f3:d3:a0:98:54:04:e6:d9:ff:42:b7:27:db:
                    55:10:70:60:40:6a:a7:75:8a:7d:d3:dc:af:91:e2:
                    dc:8f:1b:3d:92:cc:96:0d:24:de:ca:08:bb:47:6b:
                    7c:94:01:09:37:14:54:86:29:92:f4:3a:24:3a:a1:
                    63:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A2:94:77:59:D7:6C:8B:A0:E1:F1:96:A9:BD:1F:32:FD:0B:A9:F1
            X509v3 Authority Key Identifier:
                keyid:4F:41:2C:D2:69:94:FA:F6:09:BD:AD:4E:35:D5:76:C2:CA:E4:65:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0Es0mmU-vYJva1ONdV2wsrkZVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/saKUd1nXbIug4fGWqb0fMv0LqfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/T0Es0mmU-vYJva1ONdV2wsrkZVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.32.0/22
                IPv6:
                  2a03:23e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:d1:f9:95:dc:ad:d8:e6:18:16:bd:55:68:0a:81:cc:7c:e0:
         1e:64:27:58:de:c5:a9:58:37:09:ec:34:bd:78:35:fc:cd:ac:
         69:7b:38:34:51:8d:e9:cb:ce:43:60:0e:ea:98:ff:b7:bc:cc:
         17:7b:e3:47:35:03:82:79:aa:b7:be:48:53:15:1b:3f:5d:2b:
         97:0f:61:26:f6:8b:ba:1a:f7:37:99:fc:c4:6a:37:f0:a8:b0:
         b1:a6:52:14:b9:c6:97:34:31:91:e1:93:52:a0:f1:56:4e:cb:
         6f:e7:6b:c8:40:81:9d:e5:a9:90:c7:b9:22:74:a1:50:70:92:
         73:cf:e4:b4:20:9f:dc:74:14:ba:ec:79:67:db:34:c5:0d:2a:
         a2:1c:d6:3f:a7:69:61:4a:c3:ba:05:79:dd:80:0b:ab:cd:49:
         bb:9e:aa:a3:61:3a:d7:f5:62:b1:9f:04:54:9f:ab:0e:ee:9e:
         cd:d7:ec:74:cd:4e:0d:34:29:0b:b1:e9:62:d6:f2:71:a3:59:
         d8:74:4e:82:78:40:81:a8:73:91:e4:36:87:91:a6:1d:a7:46:
         6f:35:59:9d:0d:1b:c6:bd:be:7d:26:08:7b:62:1b:31:0d:df:
         be:3b:5f:a1:e4:98:6b:69:02:b0:52:fe:b2:9a:19:35:c1:0c:
         45:c8:34:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5D/fBO5AAjLfcROlhRoddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNDEyY2QyNjk5NGZhZjYwOWJkYWQ0ZTM1ZDU3NmMyY2Fl
NDY1NTUwHhcNMjYwMTAxMTAxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWEyOTQ3NzU5ZDc2YzhiYTBlMWYxOTZhOWJkMWYzMmZkMGJhOWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXmaGUK1ufp6NnF67LaLZc3jtJdJ
ATmMWIdhLPAHI99rjPF0bTGbS/Pei+6KoDMt8hVltj4PPhfGsXeLvdIg5/FDt3mI
Ct5ZJXQ4aleTj/Ujp1RdVbgCQT7BTME2s+hbHuIFKxr+rW6hYmK4nbx3vpAQADTX
CLPJku/WcdQzvCvsQQFOZDRueWH2DKDcGp+S0Lu4k+id76BsZnqpX0nMDp6xB3Op
ozTzDwc3Bf0JkaRV2JXfZtqVmcgOXDacbG7Eh2pAUPPToJhUBObZ/0K3J9tVEHBg
QGqndYp909yvkeLcjxs9ksyWDSTeygi7R2t8lAEJNxRUhimS9DokOqFjewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLGilHdZ12yLoOHxlqm9HzL9C6nxMB8GA1UdIwQY
MBaAFE9BLNJplPr2Cb2tTjXVdsLK5GVVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBFczBtbVUtdllKdmExT05kVjJ3c3JrWlZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS80NTkxYTktNTZjNi00MGRlLWExMjQt
NDVmNjFmODcxNDI3LzEvc2FLVWQxblhiSXVnNGZHV3FiMGZNdjBMcWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS80NTkxYTktNTZjNi00MGRlLWExMjQtNDVmNjFmODcxNDI3
LzEvVDBFczBtbVUtdllKdmExT05kVjJ3c3JrWlZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUMgMA0E
AgACMAcDBQAqAyPgMA0GCSqGSIb3DQEBCwUAA4IBAQA/0fmV3K3Y5hgWvVVoCoHM
fOAeZCdY3sWpWDcJ7DS9eDX8zaxpezg0UY3py85DYA7qmP+3vMwXe+NHNQOCeaq3
vkhTFRs/XSuXD2Em9ou6Gvc3mfzEajfwqLCxplIUucaXNDGR4ZNSoPFWTstv52vI
QIGd5amQx7kidKFQcJJzz+S0IJ/cdBS67Hln2zTFDSqiHNY/p2lhSsO6BXndgAur
zUm7nqqjYTrX9WKxnwRUn6sO7p7N1+x0zU4NNCkLseli1vJxo1nYdE6CeECBqHOR
5DaHkaYdp0ZvNVmdDRvGvb59Jgh7YhsxDd++O1+h5JhraQKwUv6ymhk1wQxFyDSy
-----END CERTIFICATE-----