Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/dsBCfGRnTmwg820ADrWuX61_Uj0.roa
File:                     dsBCfGRnTmwg820ADrWuX61_Uj0.roa (raw, json)
Hash identifier:          B2WdEL12Jb6JNjIpkYaPzBgjyykDmH1Uab0A0AbXatg=
Subject key identifier:   76:C0:42:7C:64:67:4E:6C:20:F3:6D:00:0E:B5:AE:5F:AD:7F:52:3D
Certificate issuer:       /CN=279fdf3e491ef66d77714389ae36f045715f2768
Certificate serial:       019E2071E98C29C32CDA6D76480F228D7B8C
Authority key identifier: 27:9F:DF:3E:49:1E:F6:6D:77:71:43:89:AE:36:F0:45:71:5F:27:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5_fPkke9m13cUOJrjbwRXFfJ2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/dsBCfGRnTmwg820ADrWuX61_Uj0.roa
Signing time:             Wed 13 May 2026 08:26:36 +0000
ROA not before:           Wed 13 May 2026 08:26:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12401
IP address blocks:        193.148.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/J5_fPkke9m13cUOJrjbwRXFfJ2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/J5_fPkke9m13cUOJrjbwRXFfJ2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5_fPkke9m13cUOJrjbwRXFfJ2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:71:e9:8c:29:c3:2c:da:6d:76:48:0f:22:8d:7b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279fdf3e491ef66d77714389ae36f045715f2768
        Validity
            Not Before: May 13 08:26:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76c0427c64674e6c20f36d000eb5ae5fad7f523d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cd:91:de:84:01:b2:76:6a:1e:0f:f1:8b:4e:
                    9f:69:cf:c6:44:ab:8d:52:c4:40:14:d0:0c:2c:35:
                    82:dd:93:29:d9:b6:13:a4:65:d9:1f:35:45:29:16:
                    cd:3f:45:47:57:92:fb:74:1c:69:9b:72:7a:1b:9b:
                    ab:98:f3:38:d0:b9:64:8d:63:50:4d:2e:96:d7:d9:
                    0c:a0:37:ab:c0:a4:35:34:c1:bc:57:c6:5c:68:d6:
                    0c:fc:5e:08:66:25:c1:02:25:b2:ea:0f:98:fb:32:
                    58:18:a8:ff:5b:4b:fb:4b:f0:9d:86:64:2c:3d:a4:
                    d6:49:64:d9:93:bc:c3:08:a1:6e:1e:69:58:6c:52:
                    9b:01:72:46:cd:55:f9:47:42:02:4e:15:7d:cd:b0:
                    8c:17:2f:b0:5e:ff:a3:60:81:c1:b5:19:11:3b:b2:
                    db:0e:f4:8e:64:05:9c:0b:53:39:02:bb:71:93:05:
                    13:e3:a4:75:20:7f:50:ed:f6:15:6c:55:c3:18:63:
                    11:42:b8:72:a0:bb:d1:8c:53:98:42:2f:c1:36:de:
                    33:be:0e:e1:f2:28:89:e0:e9:71:af:8a:d9:f7:7d:
                    b4:e8:4e:fe:2c:52:68:0e:75:eb:52:69:3f:6f:94:
                    05:0c:4b:c4:cc:fe:b2:8d:45:2d:4e:e0:56:1d:45:
                    f4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:C0:42:7C:64:67:4E:6C:20:F3:6D:00:0E:B5:AE:5F:AD:7F:52:3D
            X509v3 Authority Key Identifier:
                keyid:27:9F:DF:3E:49:1E:F6:6D:77:71:43:89:AE:36:F0:45:71:5F:27:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5_fPkke9m13cUOJrjbwRXFfJ2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/dsBCfGRnTmwg820ADrWuX61_Uj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/J5_fPkke9m13cUOJrjbwRXFfJ2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:5f:22:ee:38:7a:d8:44:1e:30:e7:66:6c:2c:ea:6b:a3:7e:
         67:ac:36:b4:46:1b:09:5a:ca:b1:88:09:fe:02:e8:09:1d:56:
         e7:66:e9:3a:da:08:10:5c:7f:b3:b1:61:bf:3b:af:c7:4f:e7:
         69:7f:f6:cc:51:ea:1a:cb:eb:7b:ce:26:11:90:82:8c:5d:09:
         4a:27:67:a4:b6:a4:dd:d3:65:df:a3:b7:b3:93:9d:79:d5:17:
         58:f6:36:d7:93:dd:f5:47:35:2a:bb:95:ba:7a:8e:61:11:73:
         4a:23:5a:bb:fe:47:5c:bc:86:e3:74:f9:d2:fb:68:89:44:f9:
         93:98:a2:58:09:53:2d:1c:85:4a:a4:55:6e:d9:ee:81:2e:58:
         9b:6d:72:c4:81:5a:70:b2:04:1e:f4:54:c8:59:3b:f2:01:de:
         b2:72:5a:25:d6:0b:01:fe:38:b3:3c:df:1d:a6:4e:e7:58:86:
         f8:24:07:f9:2e:a6:e5:3b:41:6e:ff:51:c5:0d:4e:47:0f:c2:
         f4:fb:f7:55:1b:7b:2c:ab:10:0c:da:b2:fd:59:3e:0c:4e:d9:
         83:c1:f4:d3:21:b0:98:9e:54:19:59:ef:3f:2c:e3:0e:73:8b:
         d6:b8:ea:1e:4f:ae:f9:55:4a:98:d6:4d:11:4c:84:a2:48:de:
         91:61:6f:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4gcemMKcMs2m12SA8ijXuMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWZkZjNlNDkxZWY2NmQ3NzcxNDM4OWFlMzZmMDQ1NzE1
ZjI3NjgwHhcNMjYwNTEzMDgyNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmMwNDI3YzY0Njc0ZTZjMjBmMzZkMDAwZWI1YWU1ZmFkN2Y1MjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2s2R3oQBsnZqHg/xi06fac/GRKuN
UsRAFNAMLDWC3ZMp2bYTpGXZHzVFKRbNP0VHV5L7dBxpm3J6G5urmPM40LlkjWNQ
TS6W19kMoDerwKQ1NMG8V8ZcaNYM/F4IZiXBAiWy6g+Y+zJYGKj/W0v7S/CdhmQs
PaTWSWTZk7zDCKFuHmlYbFKbAXJGzVX5R0ICThV9zbCMFy+wXv+jYIHBtRkRO7Lb
DvSOZAWcC1M5ArtxkwUT46R1IH9Q7fYVbFXDGGMRQrhyoLvRjFOYQi/BNt4zvg7h
8iiJ4Olxr4rZ93206E7+LFJoDnXrUmk/b5QFDEvEzP6yjUUtTuBWHUX0pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbAQnxkZ05sIPNtAA61rl+tf1I9MB8GA1UdIwQY
MBaAFCef3z5JHvZtd3FDia428EVxXydoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVfZlBra2U5bTEzY1VPSnJqYndSWEZmSjJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8yZjNhNDQtNTAyMy00Njk1LWE1ZmIt
N2I2NmUzMmE0MGZhLzEvZHNCQ2ZHUm5UbXdnODIwQURyV3VYNjFfVWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8yZjNhNDQtNTAyMy00Njk1LWE1ZmItN2I2NmUzMmE0MGZh
LzEvSjVfZlBra2U5bTEzY1VPSnJqYndSWEZmSjJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZT3MA0G
CSqGSIb3DQEBCwUAA4IBAQAxXyLuOHrYRB4w52ZsLOpro35nrDa0RhsJWsqxiAn+
AugJHVbnZuk62ggQXH+zsWG/O6/HT+dpf/bMUeoay+t7ziYRkIKMXQlKJ2ektqTd
02Xfo7ezk5151RdY9jbXk931RzUqu5W6eo5hEXNKI1q7/kdcvIbjdPnS+2iJRPmT
mKJYCVMtHIVKpFVu2e6BLlibbXLEgVpwsgQe9FTIWTvyAd6yclol1gsB/jizPN8d
pk7nWIb4JAf5LqblO0Fu/1HFDU5HD8L0+/dVG3ssqxAM2rL9WT4MTtmDwfTTIbCY
nlQZWe8/LOMOc4vWuOoeT675VUqY1k0RTISiSN6RYW8/
-----END CERTIFICATE-----