Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/bNRuTlB0fzyI9CGmSgXBXA-B5so.roa
File:                     bNRuTlB0fzyI9CGmSgXBXA-B5so.roa (raw, json)
Hash identifier:          3U824o26TdTCJO0oNfs1eyzOIoGDTofZcJsuKnrhEM0=
Subject key identifier:   6C:D4:6E:4E:50:74:7F:3C:88:F4:21:A6:4A:05:C1:5C:0F:81:E6:CA
Certificate issuer:       /CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Certificate serial:       019B78A309D4D0E7E7BE19169E7A78C95F7F
Authority key identifier: BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/bNRuTlB0fzyI9CGmSgXBXA-B5so.roa
Signing time:             Thu 01 Jan 2026 08:18:29 +0000
ROA not before:           Thu 01 Jan 2026 08:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2026
IP address blocks:        37.35.81.0/24 maxlen: 24
                          37.35.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:09:d4:d0:e7:e7:be:19:16:9e:7a:78:c9:5f:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
        Validity
            Not Before: Jan  1 08:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6cd46e4e50747f3c88f421a64a05c15c0f81e6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:85:20:db:38:34:90:ce:46:c6:a1:c1:5d:82:
                    b3:fd:fe:b9:73:c7:9d:90:83:18:0d:92:7a:ab:eb:
                    be:ff:ad:27:f3:f7:64:23:9d:87:bd:9e:86:ad:7b:
                    9f:8e:c3:50:d1:74:97:bc:78:9b:bf:02:63:03:80:
                    5c:b4:7c:86:38:0d:fe:a5:b3:48:17:72:08:05:a2:
                    3e:76:1c:86:24:f9:71:15:9f:83:fd:51:ab:e8:ee:
                    66:9d:04:0e:0c:e0:8e:1f:ac:a2:77:b8:85:3c:a5:
                    af:c2:7b:f0:b3:1a:0c:2a:29:e0:fe:5c:e4:7e:e5:
                    a0:f9:14:15:ba:4c:50:a8:01:17:96:63:0b:9f:1e:
                    8e:71:b3:d0:77:bf:d1:bb:3c:f4:38:ff:53:2b:5b:
                    6c:e4:41:72:00:83:c8:22:06:e8:55:d3:43:a7:03:
                    42:49:b1:e5:76:06:aa:93:fe:b4:b3:4e:76:a7:ab:
                    3e:40:c7:f6:9a:01:f7:09:7f:4a:56:b3:92:b2:bf:
                    4b:bb:aa:46:4e:e6:b4:13:68:fe:0c:65:8f:b2:23:
                    4e:ab:fe:09:e1:33:e8:cb:dc:15:f5:6b:b7:7c:f9:
                    ee:c5:2f:e3:2f:20:f2:52:b7:b4:fd:c8:74:d9:11:
                    f3:04:c6:9a:6d:67:81:6b:a0:64:b4:c7:c3:39:25:
                    13:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:D4:6E:4E:50:74:7F:3C:88:F4:21:A6:4A:05:C1:5C:0F:81:E6:CA
            X509v3 Authority Key Identifier:
                keyid:BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/bNRuTlB0fzyI9CGmSgXBXA-B5so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.35.81.0-37.35.83.255

    Signature Algorithm: sha256WithRSAEncryption
         72:bb:6b:88:54:62:bf:90:c7:80:61:82:a5:6d:ed:ba:18:5d:
         5a:90:5f:c7:3c:21:3b:2c:7b:a4:37:f4:a0:e6:87:5e:05:e8:
         66:89:15:4f:d2:4e:b4:d3:99:6c:39:48:46:34:7a:e5:e8:28:
         9f:8a:00:5e:df:a8:bf:2f:e4:98:02:e5:c9:73:a4:b0:cc:24:
         6f:a9:e5:9e:2d:2e:9d:de:5d:91:ea:d5:41:60:5d:c8:dd:9b:
         17:7b:37:af:3f:21:1d:9f:37:29:56:de:44:6c:c6:f6:6a:f9:
         19:fa:9f:5e:32:2c:13:c4:c5:0a:53:a5:30:9e:cc:cc:09:65:
         e3:7c:7a:14:ea:08:08:e8:0d:42:38:ff:10:cd:36:2d:96:99:
         ae:a2:12:33:95:35:c4:4e:a5:a0:9f:6c:74:49:99:f5:7c:9c:
         d0:99:b8:48:08:35:55:8c:3e:e3:6a:ab:65:77:d0:57:51:27:
         f8:b1:90:a8:37:15:1f:42:17:2e:30:b2:b4:f4:8c:52:69:e3:
         3d:d8:98:1e:db:ca:bd:73:9e:ca:aa:1e:03:0c:42:8d:f9:03:
         11:eb:df:8f:70:ab:4a:21:23:07:f7:ec:00:21:68:ed:e1:8c:
         23:21:9e:d5:62:1e:b7:ac:f8:cf:93:0f:b3:6c:bc:0d:fe:e2:
         59:ac:5d:cf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt4ownU0OfnvhkWnnp4yV9/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMzFiY2Y5MjNjNWYyNWNhZmJkYWJkZmRkNDZlNTExZjk1
ZGYwZDEwHhcNMjYwMTAxMDgxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Q0NmU0ZTUwNzQ3ZjNjODhmNDIxYTY0YTA1YzE1YzBmODFlNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIUg2zg0kM5GxqHBXYKz/f65c8ed
kIMYDZJ6q+u+/60n8/dkI52HvZ6GrXufjsNQ0XSXvHibvwJjA4BctHyGOA3+pbNI
F3IIBaI+dhyGJPlxFZ+D/VGr6O5mnQQODOCOH6yid7iFPKWvwnvwsxoMKing/lzk
fuWg+RQVukxQqAEXlmMLnx6OcbPQd7/Ruzz0OP9TK1ts5EFyAIPIIgboVdNDpwNC
SbHldgaqk/60s052p6s+QMf2mgH3CX9KVrOSsr9Lu6pGTua0E2j+DGWPsiNOq/4J
4TPoy9wV9Wu3fPnuxS/jLyDyUre0/ch02RHzBMaabWeBa6BktMfDOSUTPQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGzUbk5QdH88iPQhpkoFwVwPgebKMB8GA1UdIwQY
MBaAFLoxvPkjxfJcr72r391G5RH5XfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYt
MWJhMzQzZjE3ZWMyLzEvYk5SdVRsQjBmenlJOUNHbVNnWEJYQS1CNXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYtMWJhMzQzZjE3ZWMy
LzEvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAlI1ED
BAIlI1AwDQYJKoZIhvcNAQELBQADggEBAHK7a4hUYr+Qx4BhgqVt7boYXVqQX8c8
ITsse6Q39KDmh14F6GaJFU/STrTTmWw5SEY0euXoKJ+KAF7fqL8v5JgC5clzpLDM
JG+p5Z4tLp3eXZHq1UFgXcjdmxd7N68/IR2fNylW3kRsxvZq+Rn6n14yLBPExQpT
pTCezMwJZeN8ehTqCAjoDUI4/xDNNi2Wma6iEjOVNcROpaCfbHRJmfV8nNCZuEgI
NVWMPuNqq2V30FdRJ/ixkKg3FR9CFy4wsrT0jFJp4z3YmB7byr1znsqqHgMMQo35
AxHr349wq0ohIwf37AAhaO3hjCMhntViHres+M+TD7NsvA3+4lmsXc8=
-----END CERTIFICATE-----