Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/6e10f0-46a7-4b5b-9805-30d45ee2d237/1/isDHjLZi5e7PjA-RQURpNt9I86M.roa
File:                     isDHjLZi5e7PjA-RQURpNt9I86M.roa (raw, json)
Hash identifier:          yVhhgdkZ5w0XiZKF+zDh4Ntak4NYBkV3G6ArzCghqPU=
Subject key identifier:   8A:C0:C7:8C:B6:62:E5:EE:CF:8C:0F:91:41:44:69:36:DF:48:F3:A3
Certificate issuer:       /CN=ef32ab01f8c9662b892903bdb5719a2cad09fd34
Certificate serial:       019CFF8D80FDE3EB6A038B76A9D916F6F0B4
Authority key identifier: EF:32:AB:01:F8:C9:66:2B:89:29:03:BD:B5:71:9A:2C:AD:09:FD:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7zKrAfjJZiuJKQO9tXGaLK0J_TQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/6e10f0-46a7-4b5b-9805-30d45ee2d237/1/isDHjLZi5e7PjA-RQURpNt9I86M.roa
Signing time:             Wed 18 Mar 2026 06:06:29 +0000
ROA not before:           Wed 18 Mar 2026 06:06:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200440
IP address blocks:        193.36.133.0/24 maxlen: 24
                          2a12:f6c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/6e10f0-46a7-4b5b-9805-30d45ee2d237/1/7zKrAfjJZiuJKQO9tXGaLK0J_TQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/6e10f0-46a7-4b5b-9805-30d45ee2d237/1/7zKrAfjJZiuJKQO9tXGaLK0J_TQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7zKrAfjJZiuJKQO9tXGaLK0J_TQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ff:8d:80:fd:e3:eb:6a:03:8b:76:a9:d9:16:f6:f0:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef32ab01f8c9662b892903bdb5719a2cad09fd34
        Validity
            Not Before: Mar 18 06:06:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ac0c78cb662e5eecf8c0f9141446936df48f3a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:41:8a:81:46:ef:0b:d9:0d:d8:cd:81:df:d3:
                    a8:2c:ef:4b:fa:29:be:48:8e:d0:2d:48:6a:ec:ed:
                    d7:c3:a5:c4:fe:35:9e:1e:33:0d:05:9a:ac:69:ff:
                    f7:d6:0e:85:02:95:fc:7b:39:ac:1d:a8:78:44:fd:
                    3d:0a:19:de:95:69:19:23:be:db:73:51:cc:86:f6:
                    9f:bd:ff:3c:fe:8e:7e:36:71:3d:2b:41:cc:dd:5f:
                    71:41:38:e6:1c:a1:63:d6:0c:ad:59:0b:fe:81:93:
                    b0:19:2c:b8:ed:b3:7e:56:b1:8d:f4:6d:4a:bd:71:
                    2b:9a:08:f2:1f:d9:d6:cf:6b:90:30:f7:15:f6:35:
                    45:d0:93:d3:87:b5:72:60:21:f5:3f:4f:99:05:d2:
                    ce:0a:6f:d9:d2:53:c9:f7:8f:7c:87:0d:0e:d6:ea:
                    fb:9b:d6:c1:26:b9:0e:51:ab:60:d7:a9:61:6a:23:
                    af:31:39:e1:74:d1:bd:70:fb:ba:99:4a:12:98:96:
                    b7:01:20:b4:f9:c8:3c:c9:e1:51:f2:82:60:40:fa:
                    75:7d:c7:24:25:63:e1:d6:ec:a1:bc:31:e8:e1:cd:
                    b5:fa:cd:a5:17:3f:04:d5:78:5a:08:d6:ee:ac:7b:
                    41:55:53:86:a5:0e:76:b9:f0:06:f0:86:d2:95:74:
                    e5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:C0:C7:8C:B6:62:E5:EE:CF:8C:0F:91:41:44:69:36:DF:48:F3:A3
            X509v3 Authority Key Identifier:
                keyid:EF:32:AB:01:F8:C9:66:2B:89:29:03:BD:B5:71:9A:2C:AD:09:FD:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7zKrAfjJZiuJKQO9tXGaLK0J_TQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/6e10f0-46a7-4b5b-9805-30d45ee2d237/1/isDHjLZi5e7PjA-RQURpNt9I86M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/6e10f0-46a7-4b5b-9805-30d45ee2d237/1/7zKrAfjJZiuJKQO9tXGaLK0J_TQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.133.0/24
                IPv6:
                  2a12:f6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:cf:2f:9e:e2:54:92:42:d9:d7:36:b3:ea:60:8d:6d:08:a1:
         fe:9b:3e:fa:82:41:d7:3b:00:f8:fe:da:4c:b1:ce:3b:39:c2:
         63:c7:07:b1:40:08:36:23:d0:3f:37:9b:e1:52:83:9e:bf:f6:
         02:8b:09:37:a4:2d:1e:3c:b0:dc:3a:a6:04:9b:a8:0f:68:95:
         46:63:a8:c4:67:9a:c5:3a:a9:4d:8f:f0:81:eb:d2:fa:31:99:
         ec:90:43:6f:fe:1d:ac:04:da:25:da:98:40:d5:13:5a:d1:8a:
         33:d2:e6:40:55:d5:b7:ae:81:55:ce:ca:d8:d3:02:1b:8a:d7:
         ac:f3:8a:5f:1a:0d:0a:25:6d:95:cd:86:d7:a7:bb:d4:71:ec:
         2b:16:0c:cf:5b:bf:f8:57:b1:bc:24:3f:50:81:be:99:7f:79:
         42:02:59:85:ea:ce:37:9a:38:bd:59:5d:63:05:ce:27:ba:4e:
         ee:06:74:2b:ab:3d:77:20:b0:c6:a7:cd:ed:74:5b:fe:55:33:
         09:35:3a:7e:38:5a:f0:28:7a:c9:57:63:fd:27:a0:c4:25:2e:
         af:e7:24:f9:ad:1d:c5:5e:e5:82:4b:28:a2:d5:c6:7a:7b:d5:
         eb:7a:1a:84:43:e6:79:9d:28:21:64:6e:87:7e:84:44:48:4a:
         87:09:3a:aa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZz/jYD94+tqA4t2qdkW9vC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMzJhYjAxZjhjOTY2MmI4OTI5MDNiZGI1NzE5YTJjYWQw
OWZkMzQwHhcNMjYwMzE4MDYwNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWMwYzc4Y2I2NjJlNWVlY2Y4YzBmOTE0MTQ0NjkzNmRmNDhmM2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukGKgUbvC9kN2M2B39OoLO9L+im+
SI7QLUhq7O3Xw6XE/jWeHjMNBZqsaf/31g6FApX8ezmsHah4RP09ChnelWkZI77b
c1HMhvafvf88/o5+NnE9K0HM3V9xQTjmHKFj1gytWQv+gZOwGSy47bN+VrGN9G1K
vXErmgjyH9nWz2uQMPcV9jVF0JPTh7VyYCH1P0+ZBdLOCm/Z0lPJ9498hw0O1ur7
m9bBJrkOUatg16lhaiOvMTnhdNG9cPu6mUoSmJa3ASC0+cg8yeFR8oJgQPp1fcck
JWPh1uyhvDHo4c21+s2lFz8E1XhaCNburHtBVVOGpQ52ufAG8IbSlXTluwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIrAx4y2YuXuz4wPkUFEaTbfSPOjMB8GA1UdIwQY
MBaAFO8yqwH4yWYriSkDvbVxmiytCf00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3pLckFmakpaaXVKS1FPOXRYR2FMSzBKX1RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi82ZTEwZjAtNDZhNy00YjViLTk4MDUt
MzBkNDVlZTJkMjM3LzEvaXNESGpMWmk1ZTdQakEtUlFVUnBOdDlJODZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi82ZTEwZjAtNDZhNy00YjViLTk4MDUtMzBkNDVlZTJkMjM3
LzEvN3pLckFmakpaaXVKS1FPOXRYR2FMSzBKX1RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSSFMA0E
AgACMAcDBQMqEvbAMA0GCSqGSIb3DQEBCwUAA4IBAQAmzy+e4lSSQtnXNrPqYI1t
CKH+mz76gkHXOwD4/tpMsc47OcJjxwexQAg2I9A/N5vhUoOev/YCiwk3pC0ePLDc
OqYEm6gPaJVGY6jEZ5rFOqlNj/CB69L6MZnskENv/h2sBNol2phA1RNa0Yoz0uZA
VdW3roFVzsrY0wIbites84pfGg0KJW2VzYbXp7vUcewrFgzPW7/4V7G8JD9Qgb6Z
f3lCAlmF6s43mji9WV1jBc4nuk7uBnQrqz13ILDGp83tdFv+VTMJNTp+OFrwKHrJ
V2P9J6DEJS6v5yT5rR3FXuWCSyii1cZ6e9XrehqEQ+Z5nSghZG6HfoRESEqHCTqq
-----END CERTIFICATE-----