Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/b2Anhcba4-1XQ3_KqvGEvDh-6z8.roa
File:                     b2Anhcba4-1XQ3_KqvGEvDh-6z8.roa (raw, json)
Hash identifier:          IL867zlsQE5TVas3yygcFF6kLWMTjmfzIf5QjUmdb4o=
Subject key identifier:   6F:60:27:85:C6:DA:E3:ED:57:43:7F:CA:AA:F1:84:BC:38:7E:EB:3F
Certificate issuer:       /CN=95b81f4e45d711da0c148dc2baad1504ddbb427b
Certificate serial:       019B78343BBF7487666026D552C3875A4E74
Authority key identifier: 95:B8:1F:4E:45:D7:11:DA:0C:14:8D:C2:BA:AD:15:04:DD:BB:42:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbgfTkXXEdoMFI3Cuq0VBN27Qns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/b2Anhcba4-1XQ3_KqvGEvDh-6z8.roa
Signing time:             Thu 01 Jan 2026 06:17:27 +0000
ROA not before:           Thu 01 Jan 2026 06:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209189
IP address blocks:        2.57.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/lbgfTkXXEdoMFI3Cuq0VBN27Qns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/lbgfTkXXEdoMFI3Cuq0VBN27Qns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbgfTkXXEdoMFI3Cuq0VBN27Qns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:3b:bf:74:87:66:60:26:d5:52:c3:87:5a:4e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b81f4e45d711da0c148dc2baad1504ddbb427b
        Validity
            Not Before: Jan  1 06:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f602785c6dae3ed57437fcaaaf184bc387eeb3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fd:9f:bb:4c:73:45:71:b7:08:93:08:d0:67:
                    a1:f1:01:24:b4:86:8d:32:fb:88:0b:88:84:6b:54:
                    02:c1:fe:00:32:c0:fa:b8:f4:9b:3d:0d:71:b8:d2:
                    0a:6d:d3:04:07:c0:f0:12:07:65:16:28:de:a6:74:
                    4d:f3:cf:d9:d6:6e:9d:c2:53:51:d5:70:29:57:88:
                    51:18:26:3b:0e:67:23:e6:e8:29:6d:48:48:f5:bc:
                    61:31:b1:8e:8b:ea:a0:ba:de:eb:51:99:52:76:68:
                    5a:9a:2d:46:1d:5c:8a:93:92:67:60:03:8c:68:f6:
                    27:7a:5e:0b:b8:db:f9:af:ad:3c:d6:53:cd:88:bf:
                    2b:de:5f:9c:55:ad:da:4a:47:aa:61:be:02:a6:ba:
                    bd:48:63:aa:d5:86:db:44:f4:18:25:2d:7b:72:d3:
                    8e:0d:38:83:e7:2f:6c:c1:9f:40:22:84:6f:f7:75:
                    ad:11:d6:da:c7:19:c2:99:67:3e:40:b8:29:22:31:
                    15:8a:77:ab:17:f4:09:ec:28:ad:85:c1:5b:e5:ad:
                    a3:e4:86:0f:47:93:ea:26:58:95:b2:0d:86:2f:25:
                    cb:19:74:30:f3:07:e0:de:6d:35:be:eb:a1:16:40:
                    5b:08:25:f5:7c:d3:e8:dc:27:99:45:be:6a:dd:bf:
                    6b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:60:27:85:C6:DA:E3:ED:57:43:7F:CA:AA:F1:84:BC:38:7E:EB:3F
            X509v3 Authority Key Identifier:
                keyid:95:B8:1F:4E:45:D7:11:DA:0C:14:8D:C2:BA:AD:15:04:DD:BB:42:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbgfTkXXEdoMFI3Cuq0VBN27Qns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/b2Anhcba4-1XQ3_KqvGEvDh-6z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/0aab78-66de-444c-a843-0b3cb4c6b79a/1/lbgfTkXXEdoMFI3Cuq0VBN27Qns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:bf:a8:b4:2d:a7:35:e8:94:b0:bb:da:21:05:a3:6e:bc:5c:
         c7:ec:af:61:f2:27:57:d5:29:b4:de:3e:f5:91:67:57:a7:c8:
         67:11:73:8b:f3:bd:b7:36:69:d0:80:09:90:53:03:c5:73:83:
         e5:a1:38:8f:68:d9:58:74:c4:7b:fc:13:c5:63:eb:a7:b5:08:
         af:2a:c2:76:61:98:22:dd:e8:5a:70:2b:a2:ac:4b:5b:c7:1c:
         7c:f3:07:28:5c:9b:0a:7b:0b:32:aa:97:d7:cf:c7:95:12:7b:
         88:a8:77:6a:bd:2e:c1:b4:1c:9d:50:28:0a:0e:18:db:6c:87:
         7f:1d:fc:35:9c:c7:b9:8b:f5:70:e1:0e:ef:8d:ae:7d:13:1b:
         d8:59:b8:aa:89:93:06:1b:45:85:7e:6e:92:a9:b5:d3:a3:88:
         9e:2e:6b:9f:98:fb:61:8d:4b:a8:5c:af:7b:cc:58:1d:f5:e3:
         7e:5b:6f:81:59:8e:2d:bb:9e:9f:58:fd:0e:09:0c:af:4b:9c:
         85:0c:58:ec:e5:bf:53:ad:8e:b9:bd:b8:07:3e:af:62:27:71:
         b2:9d:95:55:4b:f2:56:14:96:6f:31:7d:bf:c7:be:ef:eb:7c:
         e3:c1:2b:6b:9a:c6:2e:48:89:57:02:a4:bf:55:18:2a:fa:3b:
         79:07:02:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NDu/dIdmYCbVUsOHWk50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjgxZjRlNDVkNzExZGEwYzE0OGRjMmJhYWQxNTA0ZGRi
YjQyN2IwHhcNMjYwMTAxMDYxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjYwMjc4NWM2ZGFlM2VkNTc0MzdmY2FhYWYxODRiYzM4N2VlYjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/2fu0xzRXG3CJMI0Geh8QEktIaN
MvuIC4iEa1QCwf4AMsD6uPSbPQ1xuNIKbdMEB8DwEgdlFijepnRN88/Z1m6dwlNR
1XApV4hRGCY7Dmcj5ugpbUhI9bxhMbGOi+qgut7rUZlSdmhami1GHVyKk5JnYAOM
aPYnel4LuNv5r6081lPNiL8r3l+cVa3aSkeqYb4Cprq9SGOq1YbbRPQYJS17ctOO
DTiD5y9swZ9AIoRv93WtEdbaxxnCmWc+QLgpIjEVinerF/QJ7CithcFb5a2j5IYP
R5PqJliVsg2GLyXLGXQw8wfg3m01vuuhFkBbCCX1fNPo3CeZRb5q3b9rdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9gJ4XG2uPtV0N/yqrxhLw4fus/MB8GA1UdIwQY
MBaAFJW4H05F1xHaDBSNwrqtFQTdu0J7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJnZlRrWFhFZG9NRkkzQ3VxMFZCTjI3UW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8wYWFiNzgtNjZkZS00NDRjLWE4NDMt
MGIzY2I0YzZiNzlhLzEvYjJBbmhjYmE0LTFYUTNfS3F2R0V2RGgtNno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8wYWFiNzgtNjZkZS00NDRjLWE4NDMtMGIzY2I0YzZiNzlh
LzEvbGJnZlRrWFhFZG9NRkkzQ3VxMFZCTjI3UW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjm8MA0G
CSqGSIb3DQEBCwUAA4IBAQBiv6i0Lac16JSwu9ohBaNuvFzH7K9h8idX1Sm03j71
kWdXp8hnEXOL8723NmnQgAmQUwPFc4PloTiPaNlYdMR7/BPFY+untQivKsJ2YZgi
3ehacCuirEtbxxx88wcoXJsKewsyqpfXz8eVEnuIqHdqvS7BtBydUCgKDhjbbId/
Hfw1nMe5i/Vw4Q7vja59ExvYWbiqiZMGG0WFfm6SqbXTo4ieLmufmPthjUuoXK97
zFgd9eN+W2+BWY4tu56fWP0OCQyvS5yFDFjs5b9TrY65vbgHPq9iJ3GynZVVS/JW
FJZvMX2/x77v63zjwStrmsYuSIlXAqS/VRgq+jt5BwJw
-----END CERTIFICATE-----