Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/1zwO-pRpLQjpKdc2fMnL99i_j-Y.roa
File:                     1zwO-pRpLQjpKdc2fMnL99i_j-Y.roa (raw, json)
Hash identifier:          SYfKKB6gtn0cNSUNi0rlTL24CWOzIm0TRFFugkUSGaY=
Subject key identifier:   D7:3C:0E:FA:94:69:2D:08:E9:29:D7:36:7C:C9:CB:F7:D8:BF:8F:E6
Certificate issuer:       /CN=9e795dd011953414715cc6875dfd39c61e5181c8
Certificate serial:       019DAEA0FAF567B4A50C8BE9217704C5DA97
Authority key identifier: 9E:79:5D:D0:11:95:34:14:71:5C:C6:87:5D:FD:39:C6:1E:51:81:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nnld0BGVNBRxXMaHXf05xh5Rgcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/1zwO-pRpLQjpKdc2fMnL99i_j-Y.roa
Signing time:             Tue 21 Apr 2026 06:01:18 +0000
ROA not before:           Tue 21 Apr 2026 06:01:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        193.168.232.0/22 maxlen: 22
                          193.168.234.0/23 maxlen: 23
                          2a09:6f80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/nnld0BGVNBRxXMaHXf05xh5Rgcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/nnld0BGVNBRxXMaHXf05xh5Rgcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nnld0BGVNBRxXMaHXf05xh5Rgcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ae:a0:fa:f5:67:b4:a5:0c:8b:e9:21:77:04:c5:da:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e795dd011953414715cc6875dfd39c61e5181c8
        Validity
            Not Before: Apr 21 06:01:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d73c0efa94692d08e929d7367cc9cbf7d8bf8fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:4c:97:d9:cd:b3:9d:32:6d:2c:fc:49:23:2a:
                    d5:2e:9a:19:73:68:67:f7:80:85:e4:88:81:c1:5e:
                    4b:2f:4b:cf:e7:d6:27:b4:79:97:10:bc:58:b3:3c:
                    4a:cd:fb:8a:82:e3:8c:a8:37:09:04:0a:6a:ef:10:
                    b1:39:cf:be:e0:86:56:e6:8e:b2:df:17:1d:83:52:
                    b6:76:e2:d2:4c:0c:d4:8d:19:e5:0e:5c:b6:62:f7:
                    c6:1d:e9:a4:2d:f5:68:7a:1c:53:d0:28:31:d5:9c:
                    a4:7f:c1:cd:30:f3:80:15:9d:44:c3:36:40:ff:7d:
                    99:90:a5:12:61:f3:1a:27:70:7b:d8:5b:8d:d9:ea:
                    2f:4f:1c:a5:53:63:30:35:d4:7b:37:46:37:56:a0:
                    c2:bb:2a:40:d8:01:77:c0:e6:c6:da:9b:30:25:44:
                    41:83:2c:3c:5b:99:c1:4d:5c:14:9c:d5:83:40:77:
                    47:cc:a8:e8:5a:dc:ee:26:f4:f5:72:88:0b:7c:f7:
                    97:3b:ab:e3:52:88:14:5a:7f:23:aa:2c:d5:17:b8:
                    31:26:37:bd:14:7e:c8:e3:fe:9a:52:48:10:5c:5b:
                    83:de:16:cb:b1:63:d0:1d:f8:16:ea:4f:fd:76:e2:
                    7a:15:1c:c6:27:ce:6f:b4:22:cc:42:79:78:b6:aa:
                    2b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:3C:0E:FA:94:69:2D:08:E9:29:D7:36:7C:C9:CB:F7:D8:BF:8F:E6
            X509v3 Authority Key Identifier:
                keyid:9E:79:5D:D0:11:95:34:14:71:5C:C6:87:5D:FD:39:C6:1E:51:81:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nnld0BGVNBRxXMaHXf05xh5Rgcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/1zwO-pRpLQjpKdc2fMnL99i_j-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/nnld0BGVNBRxXMaHXf05xh5Rgcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.232.0/22
                IPv6:
                  2a09:6f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:d2:c4:76:4f:91:ab:01:c1:e5:98:1d:0c:69:0a:47:6f:2a:
         bd:6e:2f:f3:01:f5:96:ef:f7:af:69:7c:eb:8c:57:44:eb:b3:
         f3:60:6f:05:74:87:bd:c7:b7:a0:d5:89:73:e6:ee:89:bc:0e:
         c8:fa:47:df:22:21:6a:cb:17:d9:5d:c2:a2:f6:98:26:e5:33:
         56:5e:3d:b4:38:87:61:2c:bf:55:fb:4b:dd:ad:76:08:67:1a:
         83:20:56:3e:3c:c1:31:7a:7f:6d:e2:4e:4d:9d:3f:44:80:37:
         12:5a:60:c5:8d:54:4d:24:50:39:6f:e3:9e:de:54:cb:26:65:
         07:a4:dd:4c:07:d8:e2:81:6f:a8:8e:7d:5e:d8:88:52:05:e3:
         49:12:ea:13:4b:03:a5:4b:13:2d:e8:d0:27:e9:f7:8b:77:19:
         1d:bb:a0:09:15:ca:59:84:7e:30:b8:47:22:50:af:5e:3a:a9:
         57:b2:7d:99:5a:ae:e0:d7:7e:81:33:a4:ba:e2:7d:a9:f1:56:
         18:a0:3e:89:b5:8c:9e:cd:40:3c:00:5b:10:cb:b1:26:6f:6c:
         fe:89:20:e5:8b:01:65:d8:dd:cc:15:3e:d7:5c:17:04:c5:f0:
         83:83:42:c8:33:1d:c2:d8:2c:33:16:e9:6a:64:ba:76:b1:61:
         2b:33:dc:74
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2uoPr1Z7SlDIvpIXcExdqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNzk1ZGQwMTE5NTM0MTQ3MTVjYzY4NzVkZmQzOWM2MWU1
MTgxYzgwHhcNMjYwNDIxMDYwMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzNjMGVmYTk0NjkyZDA4ZTkyOWQ3MzY3Y2M5Y2JmN2Q4YmY4ZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7EyX2c2znTJtLPxJIyrVLpoZc2hn
94CF5IiBwV5LL0vP59YntHmXELxYszxKzfuKguOMqDcJBApq7xCxOc++4IZW5o6y
3xcdg1K2duLSTAzUjRnlDly2YvfGHemkLfVoehxT0Cgx1Zykf8HNMPOAFZ1EwzZA
/32ZkKUSYfMaJ3B72FuN2eovTxylU2MwNdR7N0Y3VqDCuypA2AF3wObG2pswJURB
gyw8W5nBTVwUnNWDQHdHzKjoWtzuJvT1cogLfPeXO6vjUogUWn8jqizVF7gxJje9
FH7I4/6aUkgQXFuD3hbLsWPQHfgW6k/9duJ6FRzGJ85vtCLMQnl4tqoruQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNc8DvqUaS0I6SnXNnzJy/fYv4/mMB8GA1UdIwQY
MBaAFJ55XdARlTQUcVzGh139OcYeUYHIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm5sZDBCR1ZOQlJ4WE1hSFhmMDV4aDVSZ2NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9kZjJlNjAtNWIwZi00OTYwLWI5Y2Qt
NTVhMzU0N2FiYmQ2LzEvMXp3Ty1wUnBMUWpwS2RjMmZNbkw5OWlfai1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9kZjJlNjAtNWIwZi00OTYwLWI5Y2QtNTVhMzU0N2FiYmQ2
LzEvbm5sZDBCR1ZOQlJ4WE1hSFhmMDV4aDVSZ2NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwajoMA0E
AgACMAcDBQMqCW+AMA0GCSqGSIb3DQEBCwUAA4IBAQAz0sR2T5GrAcHlmB0MaQpH
byq9bi/zAfWW7/evaXzrjFdE67PzYG8FdIe9x7eg1Ylz5u6JvA7I+kffIiFqyxfZ
XcKi9pgm5TNWXj20OIdhLL9V+0vdrXYIZxqDIFY+PMExen9t4k5NnT9EgDcSWmDF
jVRNJFA5b+Oe3lTLJmUHpN1MB9jigW+ojn1e2IhSBeNJEuoTSwOlSxMt6NAn6feL
dxkdu6AJFcpZhH4wuEciUK9eOqlXsn2ZWq7g136BM6S64n2p8VYYoD6JtYyezUA8
AFsQy7Emb2z+iSDliwFl2N3MFT7XXBcExfCDg0LIMx3C2CwzFulqZLp2sWErM9x0
-----END CERTIFICATE-----