Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/RibroSLbM5atdSV966oGKy1ACUA.roa
File:                     RibroSLbM5atdSV966oGKy1ACUA.roa (raw, json)
Hash identifier:          3f+3osaCCH9g8w0ZNEaerpnedjGe/Oe/0N9877SgPPU=
Subject key identifier:   46:26:EB:A1:22:DB:33:96:AD:75:25:7D:EB:AA:06:2B:2D:40:09:40
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D06529A9C0A961CF39EE1FF1973809A31
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/RibroSLbM5atdSV966oGKy1ACUA.roa
Signing time:             Thu 19 Mar 2026 13:39:29 +0000
ROA not before:           Thu 19 Mar 2026 13:39:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19695
IP address blocks:        217.8.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:52:9a:9c:0a:96:1c:f3:9e:e1:ff:19:73:80:9a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Mar 19 13:39:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4626eba122db3396ad75257debaa062b2d400940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ba:eb:73:02:a5:bc:14:43:28:20:01:e4:30:
                    cd:8a:e7:b7:87:3a:f8:af:cc:b1:b5:ee:de:18:b6:
                    28:6c:a0:c7:8c:b6:25:5f:57:54:42:3b:08:42:a2:
                    46:00:48:4d:4e:95:f2:a8:53:39:70:f8:85:0b:01:
                    aa:26:69:3c:5a:40:3c:f0:01:65:40:85:5b:65:4c:
                    29:68:38:4c:72:94:fd:95:89:1d:f1:8a:97:e0:e3:
                    94:72:49:b4:04:e3:e6:a3:dd:18:3e:36:b4:b2:65:
                    6c:9d:4b:3d:7f:12:27:3d:43:69:11:cb:30:42:86:
                    41:1d:d0:2e:20:f6:27:e3:c7:5f:bb:08:5a:94:ec:
                    9a:35:ec:40:12:15:f9:3c:1a:07:7c:0b:8b:1c:e5:
                    f6:a0:f2:44:cd:c2:db:9f:d6:c0:d1:8e:af:3d:07:
                    74:e4:3c:8e:a7:20:e5:5d:54:27:aa:94:e7:a3:47:
                    ae:14:5a:0d:08:1e:be:93:f0:40:9c:72:ad:8e:39:
                    c6:2c:9b:d3:3f:b4:29:ad:0b:e4:a1:b8:56:2d:b1:
                    7d:dc:64:c2:14:5f:02:ad:7e:93:2c:12:10:4c:02:
                    73:92:7d:98:d1:3d:f6:df:10:c2:10:e3:86:b0:1b:
                    0e:03:82:fb:b8:ab:0d:d1:59:15:47:68:d5:23:af:
                    4f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:26:EB:A1:22:DB:33:96:AD:75:25:7D:EB:AA:06:2B:2D:40:09:40
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/RibroSLbM5atdSV966oGKy1ACUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.8.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1d:4d:d2:b7:4c:01:57:4c:34:d8:bf:5b:ae:db:8e:6d:ed:cd:
         43:ef:26:17:d3:80:f7:86:67:c6:8c:52:8d:3b:74:bb:b1:cf:
         c3:c3:07:0c:cc:dc:16:20:c4:49:61:fa:c9:2d:c5:08:33:f5:
         cf:52:c9:e4:dd:da:46:25:2e:c6:92:91:8f:c7:6e:3f:c3:a8:
         27:d5:3f:3b:e0:43:d6:57:59:89:3c:26:de:7b:f3:5e:66:b8:
         11:7d:df:21:32:81:f8:b9:46:eb:9b:ca:ea:eb:3d:4e:04:69:
         96:6e:d0:ff:6a:4b:ae:51:2b:35:b5:23:aa:ef:90:48:eb:84:
         6b:cc:73:29:fd:0e:15:0c:53:93:07:36:f4:59:7a:f1:fe:4a:
         0c:3b:dd:36:af:22:3a:9e:4c:70:21:e3:d6:b7:07:15:58:15:
         19:db:fb:32:bd:38:d2:b6:90:50:5f:8e:bb:23:0b:6a:30:b2:
         f4:f2:d0:01:94:1b:79:d6:45:b5:92:ce:52:a7:c7:91:ac:ce:
         9d:9c:a7:18:69:a4:9f:0b:f8:d3:e4:a4:d0:90:e3:93:d8:6d:
         9a:f1:c9:8e:b0:f3:14:77:15:f8:37:f1:e6:3e:09:e1:33:bc:
         45:8d:fd:1f:91:4e:77:a8:83:10:e1:6e:c0:f0:15:61:89:cf:
         49:dc:1a:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0GUpqcCpYc857h/xlzgJoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMzE5MTMzOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjI2ZWJhMTIyZGIzMzk2YWQ3NTI1N2RlYmFhMDYyYjJkNDAwOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2brrcwKlvBRDKCAB5DDNiue3hzr4
r8yxte7eGLYobKDHjLYlX1dUQjsIQqJGAEhNTpXyqFM5cPiFCwGqJmk8WkA88AFl
QIVbZUwpaDhMcpT9lYkd8YqX4OOUckm0BOPmo90YPja0smVsnUs9fxInPUNpEcsw
QoZBHdAuIPYn48dfuwhalOyaNexAEhX5PBoHfAuLHOX2oPJEzcLbn9bA0Y6vPQd0
5DyOpyDlXVQnqpTno0euFFoNCB6+k/BAnHKtjjnGLJvTP7QprQvkobhWLbF93GTC
FF8CrX6TLBIQTAJzkn2Y0T323xDCEOOGsBsOA4L7uKsN0VkVR2jVI69PmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYm66Ei2zOWrXUlfeuqBistQAlAMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvUmlicm9TTGJNNWF0ZFNWOTY2b0dLeTFBQ1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2QjQMA0G
CSqGSIb3DQEBCwUAA4IBAQAdTdK3TAFXTDTYv1uu245t7c1D7yYX04D3hmfGjFKN
O3S7sc/DwwcMzNwWIMRJYfrJLcUIM/XPUsnk3dpGJS7GkpGPx24/w6gn1T874EPW
V1mJPCbee/NeZrgRfd8hMoH4uUbrm8rq6z1OBGmWbtD/akuuUSs1tSOq75BI64Rr
zHMp/Q4VDFOTBzb0WXrx/koMO902ryI6nkxwIePWtwcVWBUZ2/syvTjStpBQX467
IwtqMLL08tABlBt51kW1ks5Sp8eRrM6dnKcYaaSfC/jT5KTQkOOT2G2a8cmOsPMU
dxX4N/HmPgnhM7xFjf0fkU53qIMQ4W7A8BVhic9J3Bov
-----END CERTIFICATE-----