Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/75fa91-6794-4c21-8d48-3e5e5b315ec6/1/X2DmUx0pbN5guKhNJtTsv2u4c3Y.roa
File:                     X2DmUx0pbN5guKhNJtTsv2u4c3Y.roa (raw, json)
Hash identifier:          VTwewHc51dPE2RalZVl+hHr3MWkt8tZDjDqcqb8c2w4=
Subject key identifier:   5F:60:E6:53:1D:29:6C:DE:60:B8:A8:4D:26:D4:EC:BF:6B:B8:73:76
Certificate issuer:       /CN=c9224208eeaf3ebdaf53727734e12191b931fb53
Certificate serial:       019E88C2C78BEA521078533ABBB78759FD28
Authority key identifier: C9:22:42:08:EE:AF:3E:BD:AF:53:72:77:34:E1:21:91:B9:31:FB:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ySJCCO6vPr2vU3J3NOEhkbkx-1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/75fa91-6794-4c21-8d48-3e5e5b315ec6/1/X2DmUx0pbN5guKhNJtTsv2u4c3Y.roa
Signing time:             Tue 02 Jun 2026 14:35:26 +0000
ROA not before:           Tue 02 Jun 2026 14:35:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197344
IP address blocks:        185.145.188.0/24 maxlen: 24
                          2a06:d840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/75fa91-6794-4c21-8d48-3e5e5b315ec6/1/ySJCCO6vPr2vU3J3NOEhkbkx-1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/75fa91-6794-4c21-8d48-3e5e5b315ec6/1/ySJCCO6vPr2vU3J3NOEhkbkx-1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ySJCCO6vPr2vU3J3NOEhkbkx-1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:c2:c7:8b:ea:52:10:78:53:3a:bb:b7:87:59:fd:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9224208eeaf3ebdaf53727734e12191b931fb53
        Validity
            Not Before: Jun  2 14:35:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f60e6531d296cde60b8a84d26d4ecbf6bb87376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:bb:45:e2:3f:9c:1f:51:5a:b1:57:67:c1:ea:
                    65:53:ba:dc:36:33:49:05:d9:29:f0:d5:4b:fb:e1:
                    2d:f7:fe:16:9a:5a:e2:83:92:b6:55:92:d1:01:ca:
                    22:91:20:f3:ab:87:18:a3:dc:56:c6:6b:6d:9a:76:
                    99:01:1e:76:05:4a:e7:e4:e8:27:a3:18:0c:ef:a4:
                    53:fb:93:5c:07:c3:0a:07:d4:54:f9:2c:8a:d6:03:
                    5d:05:9b:06:cc:38:95:00:9f:e7:d6:39:2f:a6:8e:
                    6d:8e:b6:e4:e5:9d:87:85:6a:6a:17:92:85:9a:ef:
                    ac:94:13:80:dd:6f:da:c6:46:73:48:bb:3c:8e:36:
                    b6:b3:33:79:d7:48:36:ef:13:ef:bc:30:3c:d8:96:
                    c7:e0:64:55:93:81:e4:5e:d2:5b:73:42:83:3c:05:
                    64:c6:17:91:aa:9a:2a:64:4c:6d:ab:e7:30:b1:36:
                    90:c2:a9:77:87:f7:c9:ca:41:49:e1:01:07:05:f1:
                    23:36:dc:77:4a:69:0f:e0:c1:89:69:ba:3c:d6:78:
                    5e:9a:d1:f7:72:f1:a3:67:ec:b2:e7:40:db:69:42:
                    ab:ab:af:33:1b:74:71:de:59:d1:ee:33:94:8e:68:
                    c2:ea:88:5d:73:53:eb:bb:43:18:82:46:63:e9:6c:
                    c8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:60:E6:53:1D:29:6C:DE:60:B8:A8:4D:26:D4:EC:BF:6B:B8:73:76
            X509v3 Authority Key Identifier:
                keyid:C9:22:42:08:EE:AF:3E:BD:AF:53:72:77:34:E1:21:91:B9:31:FB:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ySJCCO6vPr2vU3J3NOEhkbkx-1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/75fa91-6794-4c21-8d48-3e5e5b315ec6/1/X2DmUx0pbN5guKhNJtTsv2u4c3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/75fa91-6794-4c21-8d48-3e5e5b315ec6/1/ySJCCO6vPr2vU3J3NOEhkbkx-1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.188.0/24
                IPv6:
                  2a06:d840::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:45:9c:6e:84:bb:47:51:32:3c:50:a5:62:5b:b5:6a:a3:4e:
         14:10:01:2b:2f:34:0f:55:70:71:eb:3e:54:45:c1:e0:c3:e5:
         98:72:d9:2b:30:25:a3:a5:d8:02:39:6a:8b:7d:ad:0b:ed:62:
         9c:04:5c:a1:54:4c:da:35:4f:e4:8f:a9:2f:05:f1:ff:a1:75:
         03:fc:9a:d9:e2:83:4e:81:24:44:92:96:e2:79:97:9d:bc:c9:
         3d:d9:dd:17:69:be:f4:67:1f:db:b3:d1:07:91:f2:31:b5:13:
         b8:24:9c:4d:23:fd:4a:a9:aa:8f:59:94:44:2c:46:20:9c:45:
         b8:d6:61:8a:40:28:45:29:35:41:c2:fc:27:a6:35:6f:58:e7:
         72:f4:8b:d6:a6:a4:e2:9c:ce:d9:aa:3f:e7:72:c6:c1:55:f1:
         2a:0f:06:bd:1c:9b:b3:a1:a1:97:8b:44:9c:63:52:7a:2e:2a:
         e1:86:3e:0c:5a:47:59:83:68:72:c9:ba:12:93:87:af:bc:2d:
         be:ab:2a:05:d7:85:40:b2:e9:b9:14:43:f9:87:b9:9d:cd:55:
         f9:69:e0:a7:38:03:a5:da:68:7f:03:5d:f5:94:5e:2c:28:40:
         cf:6b:07:1b:97:b1:2d:3a:a9:db:db:95:1c:a8:71:3c:44:43:
         0d:8a:17:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ6IwseL6lIQeFM6u7eHWf0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MjI0MjA4ZWVhZjNlYmRhZjUzNzI3NzM0ZTEyMTkxYjkz
MWZiNTMwHhcNMjYwNjAyMTQzNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjYwZTY1MzFkMjk2Y2RlNjBiOGE4NGQyNmQ0ZWNiZjZiYjg3Mzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17tF4j+cH1FasVdnweplU7rcNjNJ
Bdkp8NVL++Et9/4Wmlrig5K2VZLRAcoikSDzq4cYo9xWxmttmnaZAR52BUrn5Ogn
oxgM76RT+5NcB8MKB9RU+SyK1gNdBZsGzDiVAJ/n1jkvpo5tjrbk5Z2HhWpqF5KF
mu+slBOA3W/axkZzSLs8jja2szN510g27xPvvDA82JbH4GRVk4HkXtJbc0KDPAVk
xheRqpoqZExtq+cwsTaQwql3h/fJykFJ4QEHBfEjNtx3SmkP4MGJabo81nhemtH3
cvGjZ+yy50DbaUKrq68zG3Rx3lnR7jOUjmjC6ohdc1Pru0MYgkZj6WzIPwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF9g5lMdKWzeYLioTSbU7L9ruHN2MB8GA1UdIwQY
MBaAFMkiQgjurz69r1NydzThIZG5MftTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVNKQ0NPNnZQcjJ2VTNKM05PRWhrYmt4LTFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83NWZhOTEtNjc5NC00YzIxLThkNDgt
M2U1ZTViMzE1ZWM2LzEvWDJEbVV4MHBiTjVndUtoTkp0VHN2MnU0YzNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83NWZhOTEtNjc5NC00YzIxLThkNDgtM2U1ZTViMzE1ZWM2
LzEveVNKQ0NPNnZQcjJ2VTNKM05PRWhrYmt4LTFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZG8MA0E
AgACMAcDBQMqBthAMA0GCSqGSIb3DQEBCwUAA4IBAQAsRZxuhLtHUTI8UKViW7Vq
o04UEAErLzQPVXBx6z5URcHgw+WYctkrMCWjpdgCOWqLfa0L7WKcBFyhVEzaNU/k
j6kvBfH/oXUD/JrZ4oNOgSREkpbieZedvMk92d0Xab70Zx/bs9EHkfIxtRO4JJxN
I/1KqaqPWZRELEYgnEW41mGKQChFKTVBwvwnpjVvWOdy9IvWpqTinM7Zqj/ncsbB
VfEqDwa9HJuzoaGXi0ScY1J6Lirhhj4MWkdZg2hyyboSk4evvC2+qyoF14VAsum5
FEP5h7mdzVX5aeCnOAOl2mh/A131lF4sKEDPawcbl7EtOqnb25UcqHE8REMNihcz
-----END CERTIFICATE-----