Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/H-zR6ky2pDadloAxkXUrEUDR0Lw.roa
File:                     H-zR6ky2pDadloAxkXUrEUDR0Lw.roa (raw, json)
Hash identifier:          lG6oXiAUIS6xft8V5DugdkR0sps6sV68ctJDl4dFR2E=
Subject key identifier:   1F:EC:D1:EA:4C:B6:A4:36:9D:96:80:31:91:75:2B:11:40:D1:D0:BC
Certificate issuer:       /CN=32ad80d411acb93685f558aa7e12f46bd170a7fb
Certificate serial:       019D019B043645FC2A9F6FAD1D66223B69F8
Authority key identifier: 32:AD:80:D4:11:AC:B9:36:85:F5:58:AA:7E:12:F4:6B:D1:70:A7:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/H-zR6ky2pDadloAxkXUrEUDR0Lw.roa
Signing time:             Wed 18 Mar 2026 15:40:29 +0000
ROA not before:           Wed 18 Mar 2026 15:40:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        147.189.20.0/24 maxlen: 24
                          147.189.237.0/24 maxlen: 24
                          147.189.238.0/24 maxlen: 24
                          147.189.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:9b:04:36:45:fc:2a:9f:6f:ad:1d:66:22:3b:69:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ad80d411acb93685f558aa7e12f46bd170a7fb
        Validity
            Not Before: Mar 18 15:40:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1fecd1ea4cb6a4369d96803191752b1140d1d0bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b3:e4:ee:eb:9d:12:8f:9a:7d:84:f6:33:1a:
                    77:fb:a1:c4:32:56:7c:37:cd:ab:60:9c:85:66:8d:
                    43:9d:b4:9e:25:6d:59:6c:44:9b:d0:24:59:50:cd:
                    78:72:a8:22:20:d0:eb:88:6c:a8:13:57:2d:5e:6d:
                    58:3c:2d:58:bf:75:a1:0e:42:df:39:3d:2a:37:a6:
                    8c:a2:f2:6f:c1:85:62:7c:93:93:c4:0c:a3:0e:8f:
                    66:e4:c4:8c:4b:f8:1c:8b:0a:b9:a9:7a:64:89:28:
                    78:cd:af:91:f2:1f:46:e1:49:f0:f6:f4:77:c6:f0:
                    61:ba:96:19:dd:12:63:c9:b0:a0:d6:65:94:3f:c0:
                    9b:22:d6:32:8d:0e:24:5d:9b:2e:8b:83:2f:7b:8d:
                    7b:23:02:86:40:0c:1d:0d:1f:59:bd:3c:c0:3d:37:
                    b5:02:d7:45:49:4e:df:c2:47:a3:06:ba:bf:b8:0f:
                    cc:49:1e:ba:d8:2e:36:e8:31:f6:0f:84:3e:6f:93:
                    be:ea:73:b8:1e:8b:c0:11:2d:4b:4f:3f:15:02:e2:
                    7c:39:bf:fe:4e:bd:79:b2:ce:c5:a4:a0:a5:e4:bd:
                    da:e2:98:06:25:c0:7b:c7:67:a9:67:b2:2a:a0:9a:
                    7a:12:64:66:a3:a6:21:19:79:b1:b6:fd:74:3d:17:
                    d5:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:EC:D1:EA:4C:B6:A4:36:9D:96:80:31:91:75:2B:11:40:D1:D0:BC
            X509v3 Authority Key Identifier:
                keyid:32:AD:80:D4:11:AC:B9:36:85:F5:58:AA:7E:12:F4:6B:D1:70:A7:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/H-zR6ky2pDadloAxkXUrEUDR0Lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.20.0/24
                  147.189.237.0-147.189.239.255

    Signature Algorithm: sha256WithRSAEncryption
         92:57:8f:39:3d:a9:aa:6f:30:29:11:10:74:be:eb:d2:26:9b:
         66:4d:b4:df:27:79:98:6c:08:99:48:23:db:88:54:7b:1e:f4:
         e7:7c:a6:87:57:9b:48:71:9a:84:40:91:b9:6e:e1:2c:c4:48:
         86:1e:d0:c6:d5:fb:77:fe:04:72:7f:ce:c9:d7:41:cf:ba:48:
         81:3f:28:62:12:80:3e:0d:1a:1b:ef:2e:a9:c6:78:1c:80:dd:
         2a:5a:11:b7:03:2e:10:0f:a8:b7:ec:0a:4d:c4:9a:65:4f:6a:
         66:ea:54:2b:ea:a3:83:32:f4:f5:e9:4f:c7:02:d6:04:20:57:
         51:75:55:44:3b:b1:8e:85:e9:da:54:09:3f:f0:f4:b1:53:a8:
         06:bf:a2:fe:1f:f7:79:f2:79:cb:79:f3:36:31:e4:0f:f2:91:
         f2:6c:1a:24:50:51:b0:48:70:2c:31:6d:6c:1e:18:5b:2d:e2:
         f6:ee:e9:0c:20:bd:a1:fc:4b:45:64:2c:ce:f2:dc:29:44:67:
         a7:6c:67:14:67:47:eb:5c:50:33:9f:bb:d5:7d:e8:57:f0:8f:
         71:3b:1f:09:3f:d3:6a:e2:19:d3:18:51:f0:66:57:b2:05:2f:
         f2:29:2a:8f:c6:f1:74:12:e4:75:e8:7d:ad:6f:ef:29:4c:b1:
         82:3b:49:fb
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ0BmwQ2Rfwqn2+tHWYiO2n4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYWQ4MGQ0MTFhY2I5MzY4NWY1NThhYTdlMTJmNDZiZDE3
MGE3ZmIwHhcNMjYwMzE4MTU0MDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmVjZDFlYTRjYjZhNDM2OWQ5NjgwMzE5MTc1MmIxMTQwZDFkMGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rPk7uudEo+afYT2Mxp3+6HEMlZ8
N82rYJyFZo1DnbSeJW1ZbESb0CRZUM14cqgiINDriGyoE1ctXm1YPC1Yv3WhDkLf
OT0qN6aMovJvwYVifJOTxAyjDo9m5MSMS/gciwq5qXpkiSh4za+R8h9G4Unw9vR3
xvBhupYZ3RJjybCg1mWUP8CbItYyjQ4kXZsui4Mve417IwKGQAwdDR9ZvTzAPTe1
AtdFSU7fwkejBrq/uA/MSR662C426DH2D4Q+b5O+6nO4HovAES1LTz8VAuJ8Ob/+
Tr15ss7FpKCl5L3a4pgGJcB7x2epZ7IqoJp6EmRmo6YhGXmxtv10PRfViwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFB/s0epMtqQ2nZaAMZF1KxFA0dC8MB8GA1UdIwQY
MBaAFDKtgNQRrLk2hfVYqn4S9GvRcKf7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXEyQTFCR3N1VGFGOVZpcWZoTDBhOUZ3cF9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS85YzI1MDgtZjY5Yi00NDRiLWI4NjAt
ZGMwZTgxYTlkN2I0LzEvSC16UjZreTJwRGFkbG9BeGtYVXJFVURSMEx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS85YzI1MDgtZjY5Yi00NDRiLWI4NjAtZGMwZTgxYTlkN2I0
LzEvTXEyQTFCR3N1VGFGOVZpcWZoTDBhOUZ3cF9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAk70UMAwD
BACTve0DBASTveAwDQYJKoZIhvcNAQELBQADggEBAJJXjzk9qapvMCkREHS+69Im
m2ZNtN8neZhsCJlII9uIVHse9Od8podXm0hxmoRAkblu4SzESIYe0MbV+3f+BHJ/
zsnXQc+6SIE/KGISgD4NGhvvLqnGeByA3SpaEbcDLhAPqLfsCk3EmmVPambqVCvq
o4My9PXpT8cC1gQgV1F1VUQ7sY6F6dpUCT/w9LFTqAa/ov4f93nyect58zYx5A/y
kfJsGiRQUbBIcCwxbWweGFst4vbu6QwgvaH8S0VkLM7y3ClEZ6dsZxRnR+tcUDOf
u9V96Ffwj3E7Hwk/02riGdMYUfBmV7IFL/IpKo/G8XQS5HXofa1v7ylMsYI7Sfs=
-----END CERTIFICATE-----