Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/2fY4hZsSdTh_WzyCJONWuTPYXgI.roa
File:                     2fY4hZsSdTh_WzyCJONWuTPYXgI.roa (raw, json)
Hash identifier:          jMpz0IEZreqrZP5N9+pawfm7cQg+jdhrHzZuUi3cLOw=
Subject key identifier:   D9:F6:38:85:9B:12:75:38:7F:5B:3C:82:24:E3:56:B9:33:D8:5E:02
Certificate issuer:       /CN=590bbeab48842a41afac4921d1357838b6fe6c87
Certificate serial:       019B77C7625A363A1E3D94C8797FB6A4B475
Authority key identifier: 59:0B:BE:AB:48:84:2A:41:AF:AC:49:21:D1:35:78:38:B6:FE:6C:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WQu-q0iEKkGvrEkh0TV4OLb-bIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/2fY4hZsSdTh_WzyCJONWuTPYXgI.roa
Signing time:             Thu 01 Jan 2026 04:18:34 +0000
ROA not before:           Thu 01 Jan 2026 04:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36299
IP address blocks:        195.93.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/WQu-q0iEKkGvrEkh0TV4OLb-bIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/WQu-q0iEKkGvrEkh0TV4OLb-bIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WQu-q0iEKkGvrEkh0TV4OLb-bIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:62:5a:36:3a:1e:3d:94:c8:79:7f:b6:a4:b4:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=590bbeab48842a41afac4921d1357838b6fe6c87
        Validity
            Not Before: Jan  1 04:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9f638859b1275387f5b3c8224e356b933d85e02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:81:3f:30:60:d5:54:4a:6c:0f:38:7e:b0:11:
                    e0:03:2b:b9:50:07:42:a6:3f:1e:95:c6:78:db:8f:
                    92:11:7b:50:8e:37:7a:39:95:76:69:51:0e:ec:8d:
                    ea:18:f9:ea:02:2a:6d:7a:77:88:a9:7e:d2:e4:38:
                    a3:55:b8:7d:c8:b6:37:cc:95:af:ea:1c:cc:81:6c:
                    02:78:cd:34:46:1e:74:f5:4d:9f:3f:7c:5b:70:c3:
                    95:ac:cb:bf:bb:34:75:c5:98:ee:37:1a:34:4a:2a:
                    20:a5:c6:19:27:4e:55:45:b0:f7:2d:ea:8a:a6:73:
                    8b:86:b9:b5:cc:54:77:8a:e8:6e:02:3f:9e:bf:88:
                    74:ef:d6:c3:7b:2f:c8:0f:09:ab:d5:86:20:64:70:
                    ed:8d:b5:a3:69:c1:9d:2d:1a:cf:1c:c4:73:82:94:
                    f9:bc:ce:10:b3:94:44:f6:97:d5:df:80:10:16:81:
                    10:6d:f8:e5:20:e1:83:66:8f:fc:0b:49:2d:46:52:
                    2a:00:8f:a3:43:13:58:d5:3f:43:a5:32:f7:de:f4:
                    84:46:b1:49:89:7b:31:1b:4d:af:a2:bf:28:cb:8c:
                    a2:da:e3:c7:21:98:58:31:ed:64:c6:a5:9f:58:dd:
                    52:28:19:13:2d:38:cd:ba:22:e1:8f:59:60:f2:42:
                    6e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F6:38:85:9B:12:75:38:7F:5B:3C:82:24:E3:56:B9:33:D8:5E:02
            X509v3 Authority Key Identifier:
                keyid:59:0B:BE:AB:48:84:2A:41:AF:AC:49:21:D1:35:78:38:B6:FE:6C:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WQu-q0iEKkGvrEkh0TV4OLb-bIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/2fY4hZsSdTh_WzyCJONWuTPYXgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/WQu-q0iEKkGvrEkh0TV4OLb-bIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:65:53:d4:63:da:62:36:a7:bf:0b:71:69:2a:9f:b1:bc:2d:
         53:d6:22:85:2e:d2:fa:63:e0:de:16:3d:ea:32:5b:a0:2f:03:
         03:2b:7c:36:b4:45:8a:7e:b6:ce:b6:41:d9:db:8b:d7:53:ae:
         e0:af:9a:d0:7e:38:f7:44:6b:b8:31:b5:ac:08:c1:b0:ff:93:
         16:48:8e:35:da:25:9a:ef:86:6e:83:12:e8:46:47:f1:3b:93:
         8d:b4:ff:52:82:0d:51:65:aa:39:6d:93:ea:07:24:4c:d9:40:
         24:fa:75:b1:82:78:01:df:db:f0:80:8d:fc:7b:c6:63:25:bf:
         0a:03:77:e5:60:3f:9a:4b:0b:3d:a5:94:0a:5a:26:94:5c:7b:
         63:7a:aa:23:45:fc:f6:95:e9:c5:8f:e4:0a:35:b5:ea:5b:c8:
         ff:82:02:23:87:3d:78:02:21:d2:68:6f:12:24:e3:df:da:31:
         dd:11:80:8f:62:0f:a1:1e:8d:8b:46:92:3f:be:66:77:8a:91:
         a3:a8:aa:ea:66:ed:cd:fb:da:c8:3f:16:b8:a7:24:58:be:27:
         f9:7d:26:fa:df:81:e1:d5:b4:37:b7:02:b6:ab:90:e3:72:24:
         11:12:ff:c9:41:70:90:15:0f:6a:61:ab:b2:8f:29:78:b4:9d:
         f0:c6:e7:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x2JaNjoePZTIeX+2pLR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MGJiZWFiNDg4NDJhNDFhZmFjNDkyMWQxMzU3ODM4YjZm
ZTZjODcwHhcNMjYwMTAxMDQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWY2Mzg4NTliMTI3NTM4N2Y1YjNjODIyNGUzNTZiOTMzZDg1ZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4E/MGDVVEpsDzh+sBHgAyu5UAdC
pj8elcZ424+SEXtQjjd6OZV2aVEO7I3qGPnqAipteneIqX7S5DijVbh9yLY3zJWv
6hzMgWwCeM00Rh509U2fP3xbcMOVrMu/uzR1xZjuNxo0SiogpcYZJ05VRbD3LeqK
pnOLhrm1zFR3iuhuAj+ev4h079bDey/IDwmr1YYgZHDtjbWjacGdLRrPHMRzgpT5
vM4Qs5RE9pfV34AQFoEQbfjlIOGDZo/8C0ktRlIqAI+jQxNY1T9DpTL33vSERrFJ
iXsxG02vor8oy4yi2uPHIZhYMe1kxqWfWN1SKBkTLTjNuiLhj1lg8kJuSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNn2OIWbEnU4f1s8giTjVrkz2F4CMB8GA1UdIwQY
MBaAFFkLvqtIhCpBr6xJIdE1eDi2/myHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1F1LXEwaUVLa0d2ckVraDBUVjRPTGItYkljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kN2Q1ODMtMmQ0YS00YWJkLTkyM2Ut
MjNhNThmM2Q2MWQ3LzEvMmZZNGhac1NkVGhfV3p5Q0pPTld1VFBZWGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kN2Q1ODMtMmQ0YS00YWJkLTkyM2UtMjNhNThmM2Q2MWQ3
LzEvV1F1LXEwaUVLa0d2ckVraDBUVjRPTGItYkljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw12aMA0G
CSqGSIb3DQEBCwUAA4IBAQAkZVPUY9piNqe/C3FpKp+xvC1T1iKFLtL6Y+DeFj3q
MlugLwMDK3w2tEWKfrbOtkHZ24vXU67gr5rQfjj3RGu4MbWsCMGw/5MWSI412iWa
74ZugxLoRkfxO5ONtP9Sgg1RZao5bZPqByRM2UAk+nWxgngB39vwgI38e8ZjJb8K
A3flYD+aSws9pZQKWiaUXHtjeqojRfz2lenFj+QKNbXqW8j/ggIjhz14AiHSaG8S
JOPf2jHdEYCPYg+hHo2LRpI/vmZ3ipGjqKrqZu3N+9rIPxa4pyRYvif5fSb634Hh
1bQ3twK2q5DjciQREv/JQXCQFQ9qYauyjyl4tJ3wxucG
-----END CERTIFICATE-----