Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/kP1iKAvRfxtQ5wSZVHkzs_4tz2A.roa
File:                     kP1iKAvRfxtQ5wSZVHkzs_4tz2A.roa (raw, json)
Hash identifier:          TCxYw6H5tNRPevpD8j6N6iWYDsSRAM2INgdF57aLPMQ=
Subject key identifier:   90:FD:62:28:0B:D1:7F:1B:50:E7:04:99:54:79:33:B3:FE:2D:CF:60
Certificate issuer:       /CN=d7d0674bd6f0cc9175219a328c8b396829f6c0af
Certificate serial:       019D96263997EFEC1B2B0433126448B6D3B5
Authority key identifier: D7:D0:67:4B:D6:F0:CC:91:75:21:9A:32:8C:8B:39:68:29:F6:C0:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/kP1iKAvRfxtQ5wSZVHkzs_4tz2A.roa
Signing time:             Thu 16 Apr 2026 11:56:20 +0000
ROA not before:           Thu 16 Apr 2026 11:56:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32787
IP address blocks:        89.147.32.0/23 maxlen: 23
                          89.147.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:26:39:97:ef:ec:1b:2b:04:33:12:64:48:b6:d3:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7d0674bd6f0cc9175219a328c8b396829f6c0af
        Validity
            Not Before: Apr 16 11:56:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90fd62280bd17f1b50e70499547933b3fe2dcf60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8f:ad:82:de:24:9e:b7:2b:2b:60:9b:d1:4f:
                    e9:9b:12:24:16:46:1d:d2:98:e7:38:51:da:51:77:
                    61:c8:2b:83:86:f7:1e:d5:88:a0:a7:e7:85:d4:5d:
                    10:87:d5:08:4f:1f:45:2a:fb:38:c3:10:20:3c:07:
                    36:ac:f2:2b:2f:9a:76:1b:89:49:87:6e:0e:ba:e2:
                    31:3c:94:e3:20:af:8e:b3:c1:5d:8a:a8:18:dc:dd:
                    cc:cd:00:d9:c4:9a:ae:1d:bb:3e:90:97:ad:c1:96:
                    c0:bf:a5:d8:7d:7b:2f:3b:1b:f0:ae:11:af:6f:a0:
                    9f:7d:75:7d:76:88:ee:d2:3f:ff:ed:9d:26:9d:32:
                    46:dd:b1:a3:07:ca:a5:2f:a6:5b:0f:d6:cc:b3:31:
                    7f:d5:75:5e:b8:aa:4b:6e:5d:7b:4d:93:77:24:20:
                    40:dd:4e:81:c4:82:d1:68:dd:a8:eb:dc:cc:94:f5:
                    28:74:99:b7:fc:94:24:30:ca:cf:e6:5d:0f:ba:c6:
                    f6:ab:8a:a3:a8:b6:7e:f1:73:64:c4:e9:0d:2b:f2:
                    b8:67:e5:b2:fe:f8:79:df:67:a2:42:b5:46:a1:a2:
                    69:e3:e4:a3:4f:39:d0:59:ce:a0:63:5f:4b:5f:4a:
                    3b:89:8c:8b:1e:2f:97:dd:b0:26:6c:5d:a7:44:95:
                    3d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:FD:62:28:0B:D1:7F:1B:50:E7:04:99:54:79:33:B3:FE:2D:CF:60
            X509v3 Authority Key Identifier:
                keyid:D7:D0:67:4B:D6:F0:CC:91:75:21:9A:32:8C:8B:39:68:29:F6:C0:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/kP1iKAvRfxtQ5wSZVHkzs_4tz2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.147.32.0-89.147.34.255

    Signature Algorithm: sha256WithRSAEncryption
         74:11:55:61:3e:0a:6f:4b:b1:93:81:86:b4:5c:cb:f0:fa:53:
         2d:cb:26:3b:e7:91:c9:34:36:d7:17:b9:08:a6:38:72:e7:a4:
         64:50:c0:6b:46:e4:4d:63:75:29:a9:bd:02:a4:09:0f:d7:8e:
         50:67:6e:5a:1c:26:8c:6b:54:23:1c:2e:59:52:e7:a7:73:17:
         1f:eb:60:5e:d7:43:de:c2:b6:41:61:e7:1a:1b:54:a5:36:98:
         6d:0d:3e:cf:a0:7f:f6:da:0d:c0:49:b7:5c:c0:71:d4:49:f5:
         c3:3e:1c:df:db:92:77:86:9d:4d:5e:dc:54:98:8d:d5:05:bd:
         79:a6:34:35:97:d4:23:7d:f2:8e:1a:0a:ca:f0:e2:51:18:6e:
         7b:87:e7:2b:30:3f:49:9a:c9:3c:22:06:5c:98:4f:ea:04:9c:
         fb:a3:e6:60:fd:d2:5a:0d:ad:2e:b6:03:1f:4c:c6:84:2f:84:
         bc:df:b1:8b:0e:8e:c9:b2:11:60:05:43:a2:df:21:7b:ae:a5:
         26:33:d9:f4:f5:3c:9a:ac:a9:e6:f8:e8:73:42:5e:ca:f5:b3:
         7b:fb:da:04:b6:f9:77:45:9d:89:38:49:6e:4b:ea:23:86:2d:
         43:79:c7:9b:ca:91:d7:0a:74:42:71:b0:e0:17:c3:9a:52:e4:
         19:39:74:00
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ2WJjmX7+wbKwQzEmRIttO1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZDA2NzRiZDZmMGNjOTE3NTIxOWEzMjhjOGIzOTY4Mjlm
NmMwYWYwHhcNMjYwNDE2MTE1NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGZkNjIyODBiZDE3ZjFiNTBlNzA0OTk1NDc5MzNiM2ZlMmRjZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmI+tgt4knrcrK2Cb0U/pmxIkFkYd
0pjnOFHaUXdhyCuDhvce1Yigp+eF1F0Qh9UITx9FKvs4wxAgPAc2rPIrL5p2G4lJ
h24OuuIxPJTjIK+Os8FdiqgY3N3MzQDZxJquHbs+kJetwZbAv6XYfXsvOxvwrhGv
b6CffXV9doju0j//7Z0mnTJG3bGjB8qlL6ZbD9bMszF/1XVeuKpLbl17TZN3JCBA
3U6BxILRaN2o69zMlPUodJm3/JQkMMrP5l0Pusb2q4qjqLZ+8XNkxOkNK/K4Z+Wy
/vh532eiQrVGoaJp4+SjTznQWc6gY19LX0o7iYyLHi+X3bAmbF2nRJU92QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJD9YigL0X8bUOcEmVR5M7P+Lc9gMB8GA1UdIwQY
MBaAFNfQZ0vW8MyRdSGaMoyLOWgp9sCvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTlCblM5Ynd6SkYxSVpveWpJczVhQ24yd0s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iMzBlNWQtOGIzYi00Mjg3LTliM2It
ODIzMmZhM2U2MjlkLzEva1AxaUtBdlJmeHRRNXdTWlZIa3pzXzR0ejJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iMzBlNWQtOGIzYi00Mjg3LTliM2ItODIzMmZhM2U2Mjlk
LzEvMTlCblM5Ynd6SkYxSVpveWpJczVhQ24yd0s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAVZkyAD
BABZkyIwDQYJKoZIhvcNAQELBQADggEBAHQRVWE+Cm9LsZOBhrRcy/D6Uy3LJjvn
kck0NtcXuQimOHLnpGRQwGtG5E1jdSmpvQKkCQ/XjlBnblocJoxrVCMcLllS56dz
Fx/rYF7XQ97CtkFh5xobVKU2mG0NPs+gf/baDcBJt1zAcdRJ9cM+HN/bkneGnU1e
3FSYjdUFvXmmNDWX1CN98o4aCsrw4lEYbnuH5yswP0mayTwiBlyYT+oEnPuj5mD9
0loNrS62Ax9MxoQvhLzfsYsOjsmyEWAFQ6LfIXuupSYz2fT1PJqsqeb46HNCXsr1
s3v72gS2+XdFnYk4SW5L6iOGLUN5x5vKkdcKdEJxsOAXw5pS5Bk5dAA=
-----END CERTIFICATE-----