Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3de11e-6e63-4224-8e42-995a28f310e2/1/2wTY5Gm7CSw3ysryU-lsYX_7Wqo.roa
File:                     2wTY5Gm7CSw3ysryU-lsYX_7Wqo.roa (raw, json)
Hash identifier:          tYaP07kcvDwffj5/xbkCu9i1XMAaCPLrJcNb5rto4xs=
Subject key identifier:   DB:04:D8:E4:69:BB:09:2C:37:CA:CA:F2:53:E9:6C:61:7F:FB:5A:AA
Certificate issuer:       /CN=a9cbc126ed4d935c11ceb9dcf7d9728cc4ee8100
Certificate serial:       019CD6D331A0F660D8C603FCEAA552450B4C
Authority key identifier: A9:CB:C1:26:ED:4D:93:5C:11:CE:B9:DC:F7:D9:72:8C:C4:EE:81:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qcvBJu1Nk1wRzrnc99lyjMTugQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3de11e-6e63-4224-8e42-995a28f310e2/1/2wTY5Gm7CSw3ysryU-lsYX_7Wqo.roa
Signing time:             Tue 10 Mar 2026 08:18:10 +0000
ROA not before:           Tue 10 Mar 2026 08:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196861
IP address blocks:        89.31.160.0/21 maxlen: 24
                          2a02:5d00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3de11e-6e63-4224-8e42-995a28f310e2/1/qcvBJu1Nk1wRzrnc99lyjMTugQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3de11e-6e63-4224-8e42-995a28f310e2/1/qcvBJu1Nk1wRzrnc99lyjMTugQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qcvBJu1Nk1wRzrnc99lyjMTugQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d6:d3:31:a0:f6:60:d8:c6:03:fc:ea:a5:52:45:0b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9cbc126ed4d935c11ceb9dcf7d9728cc4ee8100
        Validity
            Not Before: Mar 10 08:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db04d8e469bb092c37cacaf253e96c617ffb5aaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6d:98:f4:58:a6:9d:c7:fd:52:1f:9a:5d:14:
                    3b:36:c6:f5:b2:88:6d:b5:18:a5:83:4d:1b:8f:7f:
                    45:bd:03:1c:94:1e:4e:dc:1f:52:46:a7:ba:1a:5b:
                    08:3d:39:2e:bc:1d:8d:3e:fd:8d:8f:8b:29:38:6e:
                    0f:1d:fb:24:2e:91:5d:4e:e4:26:c9:80:ac:b6:f5:
                    47:11:64:d0:82:27:87:b9:b6:66:d5:7a:56:64:e3:
                    62:df:b3:8e:41:07:91:45:20:43:7c:40:7a:6c:6f:
                    87:d7:0a:d1:a8:1a:8f:3c:ce:d5:6a:3a:26:93:72:
                    c0:d2:12:ec:f0:5e:a6:74:c9:c0:75:0a:f9:fe:cd:
                    e1:b9:97:81:a7:b1:69:20:15:20:1a:97:a9:e6:71:
                    1c:02:34:ec:59:c0:31:e8:4d:35:57:09:76:26:9f:
                    d7:34:44:85:3d:db:ed:f2:85:2c:d4:02:a2:7a:00:
                    5c:ee:40:b3:15:e9:48:51:89:05:f1:81:f1:d3:db:
                    6a:e5:1b:8e:1c:18:93:9b:aa:0e:3c:96:76:f9:9f:
                    d4:7e:0d:b4:f1:6d:f7:c8:3b:a4:25:02:fe:77:5a:
                    95:18:f5:e0:e6:11:b5:2b:ab:8b:1a:ef:61:a1:10:
                    8d:bc:20:17:16:c2:3f:50:e2:9d:b6:89:d1:04:85:
                    be:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:04:D8:E4:69:BB:09:2C:37:CA:CA:F2:53:E9:6C:61:7F:FB:5A:AA
            X509v3 Authority Key Identifier:
                keyid:A9:CB:C1:26:ED:4D:93:5C:11:CE:B9:DC:F7:D9:72:8C:C4:EE:81:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qcvBJu1Nk1wRzrnc99lyjMTugQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3de11e-6e63-4224-8e42-995a28f310e2/1/2wTY5Gm7CSw3ysryU-lsYX_7Wqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3de11e-6e63-4224-8e42-995a28f310e2/1/qcvBJu1Nk1wRzrnc99lyjMTugQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.160.0/21
                IPv6:
                  2a02:5d00::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:f6:17:80:9e:26:69:97:22:a6:41:bb:f1:f7:b1:9e:6d:ee:
         2d:bf:bc:d2:1f:b3:84:ec:f8:5d:b5:8c:b3:cc:6b:b3:40:58:
         3b:72:14:15:7d:0c:5d:94:1c:0f:ec:ef:c1:65:d9:29:ea:2d:
         76:83:19:93:14:0f:b0:00:a1:76:0d:ac:d9:a0:ce:bb:b0:9f:
         2c:1a:41:01:28:46:b8:21:67:3a:bf:84:6d:d4:58:1b:3c:43:
         a3:5c:32:a4:8d:dd:4c:f9:cb:6e:20:1d:26:10:03:98:13:04:
         2a:ab:17:16:40:46:10:35:39:94:3c:a9:f3:3b:9b:bb:50:9b:
         b6:11:bc:4c:cb:89:1a:8f:b0:9e:1e:1e:3f:ae:e4:75:9c:3e:
         a1:25:ef:83:35:d0:14:38:86:7c:ae:fa:3b:10:ef:7a:a9:3c:
         83:25:1f:da:87:fe:e8:5d:15:8a:a9:68:fb:8e:71:7a:4f:47:
         53:cd:0b:ac:f5:6c:c5:5f:62:97:9d:84:f8:41:4a:49:71:5d:
         a8:4c:17:64:58:04:c8:3e:c8:e8:fc:6b:4d:70:08:f8:b4:6d:
         af:59:95:30:5b:e6:7d:74:61:d5:33:fa:eb:42:2f:87:32:20:
         98:ea:b0:8b:e1:c8:e9:1e:96:9c:df:8e:a3:9c:50:15:de:3b:
         9c:69:c5:98
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzW0zGg9mDYxgP86qVSRQtMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Y2JjMTI2ZWQ0ZDkzNWMxMWNlYjlkY2Y3ZDk3MjhjYzRl
ZTgxMDAwHhcNMjYwMzEwMDgxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjA0ZDhlNDY5YmIwOTJjMzdjYWNhZjI1M2U5NmM2MTdmZmI1YWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz22Y9Fimncf9Uh+aXRQ7Nsb1soht
tRilg00bj39FvQMclB5O3B9SRqe6GlsIPTkuvB2NPv2Nj4spOG4PHfskLpFdTuQm
yYCstvVHEWTQgieHubZm1XpWZONi37OOQQeRRSBDfEB6bG+H1wrRqBqPPM7Vajom
k3LA0hLs8F6mdMnAdQr5/s3huZeBp7FpIBUgGpep5nEcAjTsWcAx6E01Vwl2Jp/X
NESFPdvt8oUs1AKiegBc7kCzFelIUYkF8YHx09tq5RuOHBiTm6oOPJZ2+Z/Ufg20
8W33yDukJQL+d1qVGPXg5hG1K6uLGu9hoRCNvCAXFsI/UOKdtonRBIW+yQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNsE2ORpuwksN8rK8lPpbGF/+1qqMB8GA1UdIwQY
MBaAFKnLwSbtTZNcEc653PfZcozE7oEAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWN2Qkp1MU5rMXdSenJuYzk5bHlqTVR1Z1FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zZGUxMWUtNmU2My00MjI0LThlNDIt
OTk1YTI4ZjMxMGUyLzEvMndUWTVHbTdDU3czeXNyeVUtbHNZWF83V3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zZGUxMWUtNmU2My00MjI0LThlNDItOTk1YTI4ZjMxMGUy
LzEvcWN2Qkp1MU5rMXdSenJuYzk5bHlqTVR1Z1FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDWR+gMA0E
AgACMAcDBQAqAl0AMA0GCSqGSIb3DQEBCwUAA4IBAQA09heAniZplyKmQbvx97Ge
be4tv7zSH7OE7PhdtYyzzGuzQFg7chQVfQxdlBwP7O/BZdkp6i12gxmTFA+wAKF2
DazZoM67sJ8sGkEBKEa4IWc6v4Rt1FgbPEOjXDKkjd1M+ctuIB0mEAOYEwQqqxcW
QEYQNTmUPKnzO5u7UJu2EbxMy4kaj7CeHh4/ruR1nD6hJe+DNdAUOIZ8rvo7EO96
qTyDJR/ah/7oXRWKqWj7jnF6T0dTzQus9WzFX2KXnYT4QUpJcV2oTBdkWATIPsjo
/GtNcAj4tG2vWZUwW+Z9dGHVM/rrQi+HMiCY6rCL4cjpHpac346jnFAV3jucacWY
-----END CERTIFICATE-----