Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/2zW08BKeRm7D1IDPo_HIO01939Y.roa
File:                     2zW08BKeRm7D1IDPo_HIO01939Y.roa (raw, json)
Hash identifier:          47sX7u1KvuJt0tJls26PNQunkQblcdvkWNhCFldDuVU=
Subject key identifier:   DB:35:B4:F0:12:9E:46:6E:C3:D4:80:CF:A3:F1:C8:3B:4D:7D:DF:D6
Certificate issuer:       /CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Certificate serial:       019D1786867E534DD6138BA122D071FAC1AC
Authority key identifier: B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/2zW08BKeRm7D1IDPo_HIO01939Y.roa
Signing time:             Sun 22 Mar 2026 21:49:45 +0000
ROA not before:           Sun 22 Mar 2026 21:49:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64160
IP address blocks:        195.128.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:17:86:86:7e:53:4d:d6:13:8b:a1:22:d0:71:fa:c1:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
        Validity
            Not Before: Mar 22 21:49:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db35b4f0129e466ec3d480cfa3f1c83b4d7ddfd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:36:3c:06:e4:a2:c6:ff:1c:0a:91:f2:fd:95:
                    a9:31:ed:cb:86:06:65:d9:a8:e0:05:42:d8:a6:d3:
                    79:00:2d:8c:5b:69:a1:32:24:41:d7:01:c9:1c:d0:
                    41:ca:03:26:55:7d:61:b4:59:e6:e0:de:3c:6b:4c:
                    61:f6:e2:b6:cd:ef:72:ba:54:e5:50:f2:07:83:a5:
                    18:79:59:a9:cc:ad:19:d3:10:1d:3b:67:ac:9b:f5:
                    67:ff:01:3a:ed:3a:b4:20:30:18:b6:f7:ac:72:fb:
                    4e:ae:c2:00:9a:1d:6b:39:8c:a1:ad:ec:cd:49:3d:
                    77:e9:59:f3:85:35:28:98:37:a0:47:0e:1a:16:2e:
                    8f:00:05:f3:54:59:c1:16:1c:3e:aa:bf:16:9e:18:
                    a4:c9:b2:58:24:ac:81:ee:ae:28:0b:6a:ff:09:d4:
                    c2:a0:8e:00:78:6f:18:e9:57:8d:27:7f:5f:ee:68:
                    68:d9:a0:c9:d0:dd:f5:19:bd:76:8a:94:1d:f0:3f:
                    09:a0:54:f1:9a:eb:75:e2:bd:cd:0e:09:bb:4f:2a:
                    7b:68:19:cb:39:2a:e7:08:a6:95:ab:e3:41:da:f1:
                    11:01:1f:01:bc:3c:26:a7:a1:64:ca:57:27:0c:d3:
                    1b:19:76:3a:0c:d3:bf:92:ba:34:84:e3:43:47:17:
                    de:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:35:B4:F0:12:9E:46:6E:C3:D4:80:CF:A3:F1:C8:3B:4D:7D:DF:D6
            X509v3 Authority Key Identifier:
                keyid:B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/2zW08BKeRm7D1IDPo_HIO01939Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:0d:ac:f4:b4:c1:13:3a:3e:f6:fa:17:e9:0e:ed:85:ee:e3:
         ef:48:59:12:c5:b9:23:2f:6f:6e:a1:81:7b:b5:d3:be:5e:71:
         26:7e:21:d1:f0:47:1b:bc:96:da:0a:b2:0e:d6:46:98:07:de:
         0f:ae:65:09:f7:20:e5:f9:d5:a3:31:6c:b2:b1:46:04:b4:82:
         d7:16:41:3d:7e:16:6a:da:94:bf:a0:57:6d:2c:b7:76:bd:69:
         4e:c3:4f:a6:34:aa:de:54:28:e2:8b:01:b1:9b:0f:e6:d2:73:
         ef:cb:68:ad:9d:ff:60:b7:0c:9b:97:fb:60:63:65:8d:bd:7f:
         21:41:8c:06:21:5a:71:ed:1d:ef:f9:a8:89:ae:2a:6b:4d:6f:
         b6:11:43:00:50:dc:a6:f2:75:83:aa:f3:51:e3:f1:2f:96:32:
         8a:b0:60:f7:2c:55:f2:3f:40:d3:a6:dc:b2:2b:e3:0f:fe:ee:
         cd:c8:84:75:91:df:d0:09:7d:45:b4:ae:2e:a0:12:58:a3:c8:
         77:1f:c8:63:63:43:28:6c:b8:02:8b:16:43:ca:26:00:5e:76:
         8c:75:a6:ff:af:b0:35:67:a6:c9:16:33:48:a4:19:88:24:c4:
         3b:3a:6d:3f:e2:a9:e7:16:7f:5d:c4:5a:3d:1e:4d:6a:22:2b:
         a0:cd:dc:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0XhoZ+U03WE4uhItBx+sGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTNkZjg3N2JmMmYwY2YwMWE5NzE4OTczZWFlZWU4N2Iw
Njk3ZDkwHhcNMjYwMzIyMjE0OTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjM1YjRmMDEyOWU0NjZlYzNkNDgwY2ZhM2YxYzgzYjRkN2RkZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDY8BuSixv8cCpHy/ZWpMe3LhgZl
2ajgBULYptN5AC2MW2mhMiRB1wHJHNBBygMmVX1htFnm4N48a0xh9uK2ze9yulTl
UPIHg6UYeVmpzK0Z0xAdO2esm/Vn/wE67Tq0IDAYtvescvtOrsIAmh1rOYyhrezN
ST136VnzhTUomDegRw4aFi6PAAXzVFnBFhw+qr8WnhikybJYJKyB7q4oC2r/CdTC
oI4AeG8Y6VeNJ39f7mho2aDJ0N31Gb12ipQd8D8JoFTxmut14r3NDgm7Typ7aBnL
OSrnCKaVq+NB2vERAR8BvDwmp6FkylcnDNMbGXY6DNO/kro0hONDRxfeSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs1tPASnkZuw9SAz6PxyDtNfd/WMB8GA1UdIwQY
MBaAFLOT34d78vDPAalxiXPq7uh7BpfZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYt
Mzk2YmM3MjBlMmI0LzEvMnpXMDhCS2VSbTdEMUlEUG9fSElPMDE5MzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYtMzk2YmM3MjBlMmI0
LzEvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4AYMA0G
CSqGSIb3DQEBCwUAA4IBAQB6Daz0tMETOj72+hfpDu2F7uPvSFkSxbkjL29uoYF7
tdO+XnEmfiHR8EcbvJbaCrIO1kaYB94PrmUJ9yDl+dWjMWyysUYEtILXFkE9fhZq
2pS/oFdtLLd2vWlOw0+mNKreVCjiiwGxmw/m0nPvy2itnf9gtwybl/tgY2WNvX8h
QYwGIVpx7R3v+aiJriprTW+2EUMAUNym8nWDqvNR4/EvljKKsGD3LFXyP0DTptyy
K+MP/u7NyIR1kd/QCX1FtK4uoBJYo8h3H8hjY0MobLgCixZDyiYAXnaMdab/r7A1
Z6bJFjNIpBmIJMQ7Om0/4qnnFn9dxFo9Hk1qIiugzdzR
-----END CERTIFICATE-----