Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/DSezdrP9gy21X_YsA_sM_mUG7ZY.roa
File:                     DSezdrP9gy21X_YsA_sM_mUG7ZY.roa (raw, json)
Hash identifier:          qoW6fyKLZn8Z7/AgsCgpfsigtdkhI6Ya3YqI5YnpmiM=
Subject key identifier:   0D:27:B3:76:B3:FD:83:2D:B5:5F:F6:2C:03:FB:0C:FE:65:06:ED:96
Certificate issuer:       /CN=bd19d4535c7e62b921e859e6557b821f278e716a
Certificate serial:       019D14F31EAF524F3E96B74EA1239311DD97
Authority key identifier: BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/DSezdrP9gy21X_YsA_sM_mUG7ZY.roa
Signing time:             Sun 22 Mar 2026 09:49:30 +0000
ROA not before:           Sun 22 Mar 2026 09:49:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.23.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:14:f3:1e:af:52:4f:3e:96:b7:4e:a1:23:93:11:dd:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd19d4535c7e62b921e859e6557b821f278e716a
        Validity
            Not Before: Mar 22 09:49:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d27b376b3fd832db55ff62c03fb0cfe6506ed96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:97:3c:28:0e:af:fa:66:6d:f1:dc:68:66:24:
                    e0:85:3c:7f:01:0e:d4:af:ed:cb:f4:d6:ba:65:8f:
                    37:d3:04:59:72:25:b6:10:29:62:d2:ca:b0:db:db:
                    66:7c:e7:97:1a:d6:2d:b1:b4:fc:81:d2:70:de:f8:
                    02:23:19:39:a3:99:e0:31:ab:bd:d0:00:aa:20:41:
                    84:53:7f:03:c5:e9:62:cc:39:b7:34:93:a1:c2:62:
                    14:ca:85:f7:59:52:f5:1f:f7:8b:7a:66:0c:0e:c4:
                    b7:7a:fd:ea:87:62:72:30:e1:29:1b:13:cd:7d:a5:
                    3b:9a:28:5a:1f:e6:35:f9:0b:cb:47:27:18:62:ae:
                    1c:e6:89:5b:8f:db:a9:bc:04:83:8e:5c:97:7e:67:
                    53:69:33:0f:6a:b4:fa:4f:65:74:bd:57:b8:46:7e:
                    5f:15:44:1e:1b:22:86:ef:a0:e1:a9:4d:86:b0:27:
                    72:0f:b5:49:72:10:66:7b:e7:2f:91:41:29:bb:72:
                    a3:48:4a:60:ee:d5:bb:16:92:89:2f:58:0b:9a:03:
                    26:c4:a1:48:2c:3d:47:92:42:31:af:a8:bb:43:4f:
                    e7:bc:bb:f8:3b:82:5c:e9:be:19:84:e7:57:07:eb:
                    f1:e3:74:b0:29:c2:51:0d:d6:28:3e:81:5d:1b:d7:
                    ed:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:27:B3:76:B3:FD:83:2D:B5:5F:F6:2C:03:FB:0C:FE:65:06:ED:96
            X509v3 Authority Key Identifier:
                keyid:BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/DSezdrP9gy21X_YsA_sM_mUG7ZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:4f:b8:89:a0:f9:c7:fd:82:2e:a8:df:3a:5a:e4:34:a3:e4:
         d8:7c:71:da:64:82:49:96:21:e8:e7:2f:df:27:f6:1b:61:08:
         0f:60:c4:3c:43:d4:57:e0:8b:60:2b:b2:74:db:e8:66:b3:83:
         06:8e:78:3b:5e:28:a3:e6:d2:98:52:66:fd:dc:e1:87:d4:e8:
         b9:91:f1:43:38:4f:06:d2:dd:27:75:23:33:4d:59:58:46:1d:
         77:6b:9b:c0:8c:a8:14:bf:1f:91:98:21:71:bd:29:b5:be:68:
         59:bd:06:68:70:7f:46:cc:a2:cd:2d:63:88:64:4e:d8:d4:cd:
         6c:99:f5:bf:f2:81:73:83:16:07:12:7a:28:98:15:ad:e5:63:
         1f:4a:55:4a:bb:fe:aa:fa:99:cb:b9:b4:8f:84:34:78:74:6e:
         bb:1f:66:2e:db:a9:e7:1a:96:d4:16:2a:ec:91:84:2c:dc:22:
         ec:41:d8:8e:be:21:5d:74:bc:7f:00:3e:8a:c8:74:1d:81:9a:
         c3:82:79:b6:b9:b3:bb:6d:3f:5a:01:ae:9d:49:62:6c:7c:de:
         c2:0a:04:0e:80:f4:bb:9e:61:c0:81:a5:30:a6:9c:06:70:9a:
         2d:b6:7e:f6:f4:23:f2:a4:d6:53:c1:fb:c0:c3:7c:f9:f7:14:
         ec:00:fc:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0U8x6vUk8+lrdOoSOTEd2XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTlkNDUzNWM3ZTYyYjkyMWU4NTllNjU1N2I4MjFmMjc4
ZTcxNmEwHhcNMjYwMzIyMDk0OTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDI3YjM3NmIzZmQ4MzJkYjU1ZmY2MmMwM2ZiMGNmZTY1MDZlZDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pc8KA6v+mZt8dxoZiTghTx/AQ7U
r+3L9Na6ZY830wRZciW2ECli0sqw29tmfOeXGtYtsbT8gdJw3vgCIxk5o5ngMau9
0ACqIEGEU38DxelizDm3NJOhwmIUyoX3WVL1H/eLemYMDsS3ev3qh2JyMOEpGxPN
faU7mihaH+Y1+QvLRycYYq4c5olbj9upvASDjlyXfmdTaTMParT6T2V0vVe4Rn5f
FUQeGyKG76DhqU2GsCdyD7VJchBme+cvkUEpu3KjSEpg7tW7FpKJL1gLmgMmxKFI
LD1HkkIxr6i7Q0/nvLv4O4Jc6b4ZhOdXB+vx43SwKcJRDdYoPoFdG9ftqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0ns3az/YMttV/2LAP7DP5lBu2WMB8GA1UdIwQY
MBaAFL0Z1FNcfmK5IehZ5lV7gh8njnFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTct
YzEzMzFmNDlmYzA5LzEvRFNlemRyUDlneTIxWF9Zc0Ffc01fbVVHN1pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTctYzEzMzFmNDlmYzA5
LzEvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRcGMA0G
CSqGSIb3DQEBCwUAA4IBAQBAT7iJoPnH/YIuqN86WuQ0o+TYfHHaZIJJliHo5y/f
J/YbYQgPYMQ8Q9RX4ItgK7J02+hms4MGjng7Xiij5tKYUmb93OGH1Oi5kfFDOE8G
0t0ndSMzTVlYRh13a5vAjKgUvx+RmCFxvSm1vmhZvQZocH9GzKLNLWOIZE7Y1M1s
mfW/8oFzgxYHEnoomBWt5WMfSlVKu/6q+pnLubSPhDR4dG67H2Yu26nnGpbUFirs
kYQs3CLsQdiOviFddLx/AD6KyHQdgZrDgnm2ubO7bT9aAa6dSWJsfN7CCgQOgPS7
nmHAgaUwppwGcJottn729CPypNZTwfvAw3z59xTsAPze
-----END CERTIFICATE-----