Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/5d4004-aac0-4ead-a580-c664b4e86ab5/1/3WjchZn0ZaVWap-kBJDqG0_K268.roa
File:                     3WjchZn0ZaVWap-kBJDqG0_K268.roa (raw, json)
Hash identifier:          mSek/wANUBuae6L6B5/5kvCQ+lsoN15OARfOIY4PvDM=
Subject key identifier:   DD:68:DC:85:99:F4:65:A5:56:6A:9F:A4:04:90:EA:1B:4F:CA:DB:AF
Certificate issuer:       /CN=fb751302af7b5cd6bef3717b68367e02b617d2dc
Certificate serial:       019B7A5A1762ED728C9EFBDF40A6E715564E
Authority key identifier: FB:75:13:02:AF:7B:5C:D6:BE:F3:71:7B:68:36:7E:02:B6:17:D2:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3UTAq97XNa-83F7aDZ-ArYX0tw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/5d4004-aac0-4ead-a580-c664b4e86ab5/1/3WjchZn0ZaVWap-kBJDqG0_K268.roa
Signing time:             Thu 01 Jan 2026 16:18:02 +0000
ROA not before:           Thu 01 Jan 2026 16:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211067
IP address blocks:        185.213.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/5d4004-aac0-4ead-a580-c664b4e86ab5/1/1-3UTAq97XNa-83F7aDZ-ArYX0tw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/5d4004-aac0-4ead-a580-c664b4e86ab5/1/1-3UTAq97XNa-83F7aDZ-ArYX0tw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-3UTAq97XNa-83F7aDZ-ArYX0tw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:17:62:ed:72:8c:9e:fb:df:40:a6:e7:15:56:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb751302af7b5cd6bef3717b68367e02b617d2dc
        Validity
            Not Before: Jan  1 16:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd68dc8599f465a5566a9fa40490ea1b4fcadbaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:1f:db:41:ff:b8:bb:97:5a:ba:e9:3b:60:0d:
                    96:35:95:47:32:3a:1d:3f:0b:8c:b5:43:41:42:41:
                    fe:1f:25:5c:4c:62:12:24:9b:66:db:bb:f1:ef:65:
                    d6:a1:0b:9d:37:99:a3:42:f9:00:a8:dd:14:72:9e:
                    63:a0:b1:3e:41:04:d6:dd:60:93:33:5d:a1:31:29:
                    1d:01:33:49:58:7c:4f:ba:f5:26:e4:8a:e4:4e:3b:
                    98:87:e5:35:d4:9a:8c:ce:ef:68:4c:6e:28:55:00:
                    34:11:45:76:54:5b:90:ee:0a:d2:2e:80:35:b9:23:
                    5c:61:da:27:49:53:30:36:c5:5b:27:c8:7e:32:09:
                    eb:29:34:9c:27:34:fc:51:7d:e0:ef:9d:4d:a7:62:
                    24:b9:d3:7b:80:95:5c:07:48:7c:ce:81:80:7e:fb:
                    83:89:71:fe:ef:5e:9b:b8:f9:76:1f:6d:03:87:24:
                    32:b6:6c:bd:0b:30:74:27:75:8d:2f:f8:33:16:2b:
                    95:c2:62:a0:56:7a:b6:26:ab:83:0f:69:9d:5b:a7:
                    0c:89:87:53:7a:49:a1:ac:bc:a2:62:9f:b9:c4:f3:
                    0b:a7:7c:fb:32:bf:81:74:cc:9b:6c:78:81:36:6d:
                    6e:44:1c:ff:f4:d5:db:af:fe:dc:8e:db:67:3c:c7:
                    0b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:68:DC:85:99:F4:65:A5:56:6A:9F:A4:04:90:EA:1B:4F:CA:DB:AF
            X509v3 Authority Key Identifier:
                keyid:FB:75:13:02:AF:7B:5C:D6:BE:F3:71:7B:68:36:7E:02:B6:17:D2:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3UTAq97XNa-83F7aDZ-ArYX0tw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/5d4004-aac0-4ead-a580-c664b4e86ab5/1/3WjchZn0ZaVWap-kBJDqG0_K268.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/5d4004-aac0-4ead-a580-c664b4e86ab5/1/1-3UTAq97XNa-83F7aDZ-ArYX0tw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:3a:8d:44:fe:3a:ad:e3:4a:14:34:a5:1f:31:c4:42:69:2b:
         1c:6d:be:14:40:e9:0f:cb:ac:9f:78:b5:f2:1e:8c:1f:2c:02:
         a1:35:4d:ae:5e:ce:e5:2b:fc:c4:0e:8c:5f:6f:d6:b6:48:07:
         46:90:72:4b:2c:ba:78:e3:8d:40:57:a1:ee:ff:b1:08:63:51:
         9e:07:45:3b:20:d7:89:aa:65:d5:7f:23:e8:4f:ac:4f:65:e6:
         c9:0e:a2:b4:bc:32:42:a0:4e:ec:d1:7e:dd:ad:e8:f4:16:4f:
         9c:f6:80:5d:62:b5:f5:32:8e:c3:7d:e9:83:20:cf:b4:a4:f9:
         9c:e6:dd:d4:a7:52:c4:d6:4e:98:c3:0b:e0:d5:fa:85:00:7d:
         54:b0:51:f9:1b:e0:cb:f6:be:ab:40:7d:81:a6:e7:cf:9d:31:
         78:5a:d8:54:b7:35:e6:41:62:1c:c8:71:20:aa:2d:79:ed:ec:
         f8:32:69:9e:a8:6c:90:0d:d5:f5:48:06:a5:40:ec:f4:af:a6:
         60:d8:47:e7:b3:30:c9:8e:9d:f6:05:57:0f:a2:8f:33:06:b7:
         a7:56:9d:30:e4:4f:ab:d4:e9:5c:53:88:3a:62:82:63:cb:b8:
         d5:26:1b:8b:d3:eb:69:45:62:b9:94:31:21:f9:70:0e:67:7c:
         e9:f6:8a:a3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt6Whdi7XKMnvvfQKbnFVZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzUxMzAyYWY3YjVjZDZiZWYzNzE3YjY4MzY3ZTAyYjYx
N2QyZGMwHhcNMjYwMTAxMTYxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY4ZGM4NTk5ZjQ2NWE1NTY2YTlmYTQwNDkwZWExYjRmY2FkYmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxx/bQf+4u5dauuk7YA2WNZVHMjod
PwuMtUNBQkH+HyVcTGISJJtm27vx72XWoQudN5mjQvkAqN0Ucp5joLE+QQTW3WCT
M12hMSkdATNJWHxPuvUm5IrkTjuYh+U11JqMzu9oTG4oVQA0EUV2VFuQ7grSLoA1
uSNcYdonSVMwNsVbJ8h+MgnrKTScJzT8UX3g751Np2IkudN7gJVcB0h8zoGAfvuD
iXH+716buPl2H20DhyQytmy9CzB0J3WNL/gzFiuVwmKgVnq2JquDD2mdW6cMiYdT
ekmhrLyiYp+5xPMLp3z7Mr+BdMybbHiBNm1uRBz/9NXbr/7cjttnPMcLUwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFN1o3IWZ9GWlVmqfpASQ6htPytuvMB8GA1UdIwQY
MBaAFPt1EwKve1zWvvNxe2g2fgK2F9LcMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zVVRBcTk3WE5hLTgzRjdhRFotQXJZWDB0dy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjUvNWQ0MDA0LWFhYzAtNGVhZC1hNTgw
LWM2NjRiNGU4NmFiNS8xLzNXamNoWm4wWmFWV2FwLWtCSkRxRzBfSzI2OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjUvNWQ0MDA0LWFhYzAtNGVhZC1hNTgwLWM2NjRiNGU4NmFi
NS8xLzEtM1VUQXE5N1hOYS04M0Y3YURaLUFyWVgwdHcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC51cAw
DQYJKoZIhvcNAQELBQADggEBADU6jUT+Oq3jShQ0pR8xxEJpKxxtvhRA6Q/LrJ94
tfIejB8sAqE1Ta5ezuUr/MQOjF9v1rZIB0aQckssunjjjUBXoe7/sQhjUZ4HRTsg
14mqZdV/I+hPrE9l5skOorS8MkKgTuzRft2t6PQWT5z2gF1itfUyjsN96YMgz7Sk
+Zzm3dSnUsTWTpjDC+DV+oUAfVSwUfkb4Mv2vqtAfYGm58+dMXha2FS3NeZBYhzI
cSCqLXnt7PgyaZ6obJAN1fVIBqVA7PSvpmDYR+ezMMmOnfYFVw+ijzMGt6dWnTDk
T6vU6VxTiDpigmPLuNUmG4vT62lFYrmUMSH5cA5nfOn2iqM=
-----END CERTIFICATE-----