Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/oDPnpuvtEHsATV9FRkwDMG9gw20.roa
File:                     oDPnpuvtEHsATV9FRkwDMG9gw20.roa (raw, json)
Hash identifier:          7csLSZI72bZ4a3TrTZiVkDqta9JrhYK2j1XCxB+edfk=
Subject key identifier:   A0:33:E7:A6:EB:ED:10:7B:00:4D:5F:45:46:4C:03:30:6F:60:C3:6D
Certificate issuer:       /CN=2e4bd4edca29d4e72be86ced0b7ad652c7d261c9
Certificate serial:       019DFE1EC5926B9BB3A0D616F705B552418F
Authority key identifier: 2E:4B:D4:ED:CA:29:D4:E7:2B:E8:6C:ED:0B:7A:D6:52:C7:D2:61:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/oDPnpuvtEHsATV9FRkwDMG9gw20.roa
Signing time:             Wed 06 May 2026 16:28:42 +0000
ROA not before:           Wed 06 May 2026 16:28:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26496
IP address blocks:        185.93.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:1e:c5:92:6b:9b:b3:a0:d6:16:f7:05:b5:52:41:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e4bd4edca29d4e72be86ced0b7ad652c7d261c9
        Validity
            Not Before: May  6 16:28:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a033e7a6ebed107b004d5f45464c03306f60c36d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fd:43:1f:09:a3:23:7d:52:3b:2c:38:65:94:
                    47:69:33:43:af:6a:b9:97:ea:f1:64:a1:52:95:00:
                    f0:11:16:60:98:47:52:90:59:1b:30:8a:dc:aa:78:
                    34:92:d5:1c:1e:1c:81:e6:33:5a:95:a0:6e:cc:ec:
                    de:1d:e5:39:7f:21:ae:5f:24:78:c2:f0:36:93:eb:
                    40:b3:08:7b:0a:75:e0:97:e3:d1:6d:26:50:ec:18:
                    6a:c0:fe:20:72:53:2e:3f:83:0f:2c:1e:08:d7:0c:
                    c8:4c:ab:86:e1:8e:17:94:a7:97:e5:b5:17:59:7e:
                    02:e8:42:d7:be:02:80:4e:26:2e:c1:0f:38:57:0e:
                    06:7e:c0:6f:0f:ad:4b:c2:92:66:9c:e7:af:2c:bc:
                    cf:11:6c:6c:b3:58:e4:a3:29:bd:f3:e3:40:75:0c:
                    80:8a:ac:a0:ad:6d:49:c9:c4:58:b2:e1:4b:8e:51:
                    4d:b5:83:aa:78:da:cf:e1:23:b2:dc:cb:27:5d:38:
                    91:ea:67:fb:32:c5:3f:2f:46:21:39:2f:7d:2e:9d:
                    9f:a2:44:ee:cf:6e:38:81:ee:c3:17:02:7c:16:3a:
                    5e:90:a6:81:e9:a5:9c:04:80:8f:ec:26:25:f4:e9:
                    ce:1a:46:ad:7d:c8:0c:c0:ca:85:58:35:77:86:c2:
                    ac:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:33:E7:A6:EB:ED:10:7B:00:4D:5F:45:46:4C:03:30:6F:60:C3:6D
            X509v3 Authority Key Identifier:
                keyid:2E:4B:D4:ED:CA:29:D4:E7:2B:E8:6C:ED:0B:7A:D6:52:C7:D2:61:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/oDPnpuvtEHsATV9FRkwDMG9gw20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:8c:f0:0d:4b:98:0b:9a:d3:67:62:1a:85:47:02:56:f0:7d:
         df:11:97:84:9e:e6:00:56:32:73:eb:b1:41:4e:fa:fc:e8:6d:
         fe:30:bd:99:72:6b:d1:4e:66:c9:a1:23:6f:d7:78:76:af:25:
         20:9b:5b:05:4a:f9:09:47:28:1f:5f:d0:62:3b:4c:49:96:e8:
         0c:e4:1e:90:a1:f4:7f:f5:52:0a:32:0b:c6:48:18:85:9f:cd:
         2a:9d:64:25:de:72:79:08:3b:6c:22:be:aa:0f:27:20:db:4f:
         2e:59:54:f7:be:b5:6a:aa:79:5b:30:75:e5:76:0d:61:f4:89:
         2c:41:12:ff:63:c3:f0:43:4f:98:8f:f4:60:e8:96:45:71:c6:
         81:30:99:e4:7f:35:d8:40:f8:f1:b5:09:0c:ff:10:72:46:c1:
         c6:00:a7:10:c5:df:17:a6:6f:94:10:68:4b:3c:88:d1:b1:61:
         80:d7:26:97:44:d5:36:6d:02:9b:73:e1:4f:6b:ae:1d:3c:88:
         75:6f:13:42:9b:9b:58:ac:6c:bb:e9:f7:78:3f:ef:c9:f9:db:
         72:94:33:31:5d:05:a7:2b:25:fd:1e:f8:1e:fd:5a:fc:85:dc:
         60:8b:20:54:0c:89:da:4a:3d:29:24:d6:0a:b0:21:cd:31:38:
         fe:f7:1b:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+HsWSa5uzoNYW9wW1UkGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNGJkNGVkY2EyOWQ0ZTcyYmU4NmNlZDBiN2FkNjUyYzdk
MjYxYzkwHhcNMjYwNTA2MTYyODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDMzZTdhNmViZWQxMDdiMDA0ZDVmNDU0NjRjMDMzMDZmNjBjMzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP1DHwmjI31SOyw4ZZRHaTNDr2q5
l+rxZKFSlQDwERZgmEdSkFkbMIrcqng0ktUcHhyB5jNalaBuzOzeHeU5fyGuXyR4
wvA2k+tAswh7CnXgl+PRbSZQ7BhqwP4gclMuP4MPLB4I1wzITKuG4Y4XlKeX5bUX
WX4C6ELXvgKATiYuwQ84Vw4GfsBvD61LwpJmnOevLLzPEWxss1jkoym98+NAdQyA
iqygrW1JycRYsuFLjlFNtYOqeNrP4SOy3MsnXTiR6mf7MsU/L0YhOS99Lp2fokTu
z244ge7DFwJ8FjpekKaB6aWcBICP7CYl9OnOGkatfcgMwMqFWDV3hsKs5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAz56br7RB7AE1fRUZMAzBvYMNtMB8GA1UdIwQY
MBaAFC5L1O3KKdTnK+hs7Qt61lLH0mHJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGt2VTdjb3AxT2NyNkd6dEMzcldVc2ZTWWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hNTNiYjYtNjZjMC00ODYxLWIyODgt
MmE2MzcyZTA1NGQyLzEvb0RQbnB1dnRFSHNBVFY5RlJrd0RNRzlndzIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hNTNiYjYtNjZjMC00ODYxLWIyODgtMmE2MzcyZTA1NGQy
LzEvTGt2VTdjb3AxT2NyNkd6dEMzcldVc2ZTWWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV3kMA0G
CSqGSIb3DQEBCwUAA4IBAQAIjPANS5gLmtNnYhqFRwJW8H3fEZeEnuYAVjJz67FB
Tvr86G3+ML2ZcmvRTmbJoSNv13h2ryUgm1sFSvkJRygfX9BiO0xJlugM5B6QofR/
9VIKMgvGSBiFn80qnWQl3nJ5CDtsIr6qDycg208uWVT3vrVqqnlbMHXldg1h9Iks
QRL/Y8PwQ0+Yj/Rg6JZFccaBMJnkfzXYQPjxtQkM/xByRsHGAKcQxd8Xpm+UEGhL
PIjRsWGA1yaXRNU2bQKbc+FPa64dPIh1bxNCm5tYrGy76fd4P+/J+dtylDMxXQWn
KyX9Hvge/Vr8hdxgiyBUDInaSj0pJNYKsCHNMTj+9xud
-----END CERTIFICATE-----