Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/C2k_ry-5nUB31fUOzP7TTIFMyJY.roa
File:                     C2k_ry-5nUB31fUOzP7TTIFMyJY.roa (raw, json)
Hash identifier:          ATU8gyUnpCXWsUsJP4hbZmzcEdI4j0CYhulo4Isa9c4=
Subject key identifier:   0B:69:3F:AF:2F:B9:9D:40:77:D5:F5:0E:CC:FE:D3:4C:81:4C:C8:96
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       019DFDBF8ECFABB30E3CFC169C88931DF7C5
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/C2k_ry-5nUB31fUOzP7TTIFMyJY.roa
Signing time:             Wed 06 May 2026 14:44:42 +0000
ROA not before:           Wed 06 May 2026 14:44:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207474
IP address blocks:        131.222.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:bf:8e:cf:ab:b3:0e:3c:fc:16:9c:88:93:1d:f7:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: May  6 14:44:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b693faf2fb99d4077d5f50eccfed34c814cc896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e5:b4:7a:dd:69:6d:48:89:57:21:dc:0d:b6:
                    cc:c6:08:b1:53:db:6b:e7:3e:df:86:78:24:67:34:
                    8b:72:69:b0:c5:1d:07:80:bb:ee:99:b3:a4:4f:76:
                    d5:ad:de:22:30:39:1c:42:fe:1f:c7:53:69:5e:f4:
                    36:6d:b0:f3:d3:8d:e7:01:a9:0d:9f:08:15:68:46:
                    7b:1f:e0:eb:97:fd:fd:1d:c7:df:5f:50:48:e8:86:
                    87:f4:99:4e:34:bd:86:4f:b1:ad:69:3d:9e:91:af:
                    98:f6:86:50:dc:cb:9d:41:84:ad:81:fe:57:c3:30:
                    9a:d2:e4:cd:d0:e8:d0:85:a3:6f:22:38:b3:32:a1:
                    37:10:b9:52:07:f8:77:11:23:47:2c:9b:07:df:e0:
                    67:45:11:d0:e5:83:68:13:97:ad:8e:fd:0b:12:0e:
                    cb:eb:ba:07:15:8c:3a:8d:7c:2d:80:f8:9a:24:b8:
                    20:c3:ba:d3:8b:2c:a7:5f:3d:ef:2c:6a:1e:04:95:
                    40:8b:54:79:79:69:ac:14:82:9e:10:6b:59:ef:1b:
                    94:87:50:76:dd:d0:56:a3:1f:d0:cb:73:cb:6e:7c:
                    5b:87:38:fd:bd:df:47:0c:f8:05:fd:ec:c3:39:f6:
                    36:1d:e4:7d:04:ff:6b:3d:f4:d0:de:05:10:a7:83:
                    b4:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:69:3F:AF:2F:B9:9D:40:77:D5:F5:0E:CC:FE:D3:4C:81:4C:C8:96
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/C2k_ry-5nUB31fUOzP7TTIFMyJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:9b:c2:32:92:38:d4:0e:2f:c7:33:55:0c:dc:3f:b1:54:9f:
         a1:27:9c:6e:db:f4:43:ee:bd:fd:e5:3f:ac:c7:7c:b7:c9:9a:
         d9:36:99:f6:b3:8c:fa:22:47:a0:fe:fe:4a:b5:0c:21:ee:d8:
         fb:af:d8:79:cd:43:b0:5f:0a:49:1b:72:75:e5:91:a6:96:cc:
         4c:44:15:b0:91:b2:34:e1:10:f5:fb:a7:0d:2c:69:b0:ef:07:
         ae:03:a7:9a:02:f0:92:2d:9a:88:55:ab:d8:f8:61:d1:bb:16:
         24:15:04:98:94:20:23:36:ff:96:d5:24:69:d2:7d:01:36:62:
         ce:1e:ed:6c:cc:78:ed:26:00:c5:62:23:eb:c1:79:4d:7a:49:
         d0:c4:5f:bb:c6:c8:92:e2:ae:8a:06:26:32:15:da:85:a2:40:
         46:d3:ff:0d:3e:d9:ef:ef:db:56:d1:c5:8b:3b:6e:48:47:87:
         e6:b7:9a:ae:79:21:11:14:f6:01:5e:4a:81:b2:a6:fb:ea:e3:
         b4:92:b0:e4:c4:03:b4:42:e5:4a:9a:7c:ad:d9:d5:6b:5c:88:
         59:88:5f:8e:80:b1:d9:14:64:2c:44:ac:8d:52:c0:24:7b:08:
         7d:59:88:49:00:28:47:39:d0:53:79:5b:c2:47:65:f9:87:52:
         bc:96:ef:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39v47Pq7MOPPwWnIiTHffFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjYwNTA2MTQ0NDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjY5M2ZhZjJmYjk5ZDQwNzdkNWY1MGVjY2ZlZDM0YzgxNGNjODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuW0et1pbUiJVyHcDbbMxgixU9tr
5z7fhngkZzSLcmmwxR0HgLvumbOkT3bVrd4iMDkcQv4fx1NpXvQ2bbDz043nAakN
nwgVaEZ7H+Drl/39HcffX1BI6IaH9JlONL2GT7GtaT2eka+Y9oZQ3MudQYStgf5X
wzCa0uTN0OjQhaNvIjizMqE3ELlSB/h3ESNHLJsH3+BnRRHQ5YNoE5etjv0LEg7L
67oHFYw6jXwtgPiaJLggw7rTiyynXz3vLGoeBJVAi1R5eWmsFIKeEGtZ7xuUh1B2
3dBWox/Qy3PLbnxbhzj9vd9HDPgF/ezDOfY2HeR9BP9rPfTQ3gUQp4O0bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtpP68vuZ1Ad9X1Dsz+00yBTMiWMB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvQzJrX3J5LTVuVUIzMWZVT3pQN1RUSUZNeUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg97PMA0G
CSqGSIb3DQEBCwUAA4IBAQCzm8IykjjUDi/HM1UM3D+xVJ+hJ5xu2/RD7r395T+s
x3y3yZrZNpn2s4z6Ikeg/v5KtQwh7tj7r9h5zUOwXwpJG3J15ZGmlsxMRBWwkbI0
4RD1+6cNLGmw7weuA6eaAvCSLZqIVavY+GHRuxYkFQSYlCAjNv+W1SRp0n0BNmLO
Hu1szHjtJgDFYiPrwXlNeknQxF+7xsiS4q6KBiYyFdqFokBG0/8NPtnv79tW0cWL
O25IR4fmt5queSERFPYBXkqBsqb76uO0krDkxAO0QuVKmnyt2dVrXIhZiF+OgLHZ
FGQsRKyNUsAkewh9WYhJAChHOdBTeVvCR2X5h1K8lu/P
-----END CERTIFICATE-----