Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/vSB7xiNAIRwfOANstOoOfDUcutY.roa
File:                     vSB7xiNAIRwfOANstOoOfDUcutY.roa (raw, json)
Hash identifier:          VrdZP3c/+9FPYlH+vWj4iYp2X/FC1qPo8vOdv6z5YwY=
Subject key identifier:   BD:20:7B:C6:23:40:21:1C:1F:38:03:6C:B4:EA:0E:7C:35:1C:BA:D6
Certificate issuer:       /CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
Certificate serial:       019DAF984BCD4B79F1452F280441973EBFAC
Authority key identifier: 3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/vSB7xiNAIRwfOANstOoOfDUcutY.roa
Signing time:             Tue 21 Apr 2026 10:31:26 +0000
ROA not before:           Tue 21 Apr 2026 10:31:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152913
IP address blocks:        185.241.40.0/22 maxlen: 24
                          209.33.144.0/20 maxlen: 24
                          209.33.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:98:4b:cd:4b:79:f1:45:2f:28:04:41:97:3e:bf:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
        Validity
            Not Before: Apr 21 10:31:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd207bc62340211c1f38036cb4ea0e7c351cbad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:70:2c:dc:34:0e:df:88:89:12:11:46:de:4c:
                    0c:30:2d:10:81:22:ca:01:18:20:79:9b:3b:11:6f:
                    ee:59:9d:bf:9a:96:05:c8:4f:26:20:6e:31:11:73:
                    6f:7a:69:81:a2:6a:50:e5:e6:13:a9:dc:95:92:35:
                    f7:19:7c:07:f6:73:3c:72:5c:6f:c6:4d:8d:1f:1b:
                    e2:23:16:38:ce:5d:9a:af:95:dd:62:e2:6a:19:26:
                    04:31:94:14:cf:1b:01:05:d4:62:9e:0f:10:00:9a:
                    98:e2:63:4e:1c:46:bd:5e:7a:be:e0:c6:b4:68:f0:
                    ca:e6:8c:59:5b:39:a7:20:2f:12:73:60:9e:95:5f:
                    75:50:c6:06:00:94:88:f9:de:82:1c:9e:45:5e:28:
                    c4:82:5a:9d:16:f3:09:cd:54:75:2b:61:f1:46:e7:
                    f4:36:33:87:d5:0f:5d:32:12:57:8a:d8:00:07:dd:
                    d1:23:61:39:30:89:47:d9:9d:24:da:2a:73:a9:5f:
                    f6:e8:0e:a2:83:0e:31:ce:3c:53:ca:02:a2:23:aa:
                    0d:b2:aa:db:5a:6d:9d:18:10:a4:f4:69:cc:53:2c:
                    31:72:f9:d1:95:7a:40:fe:e4:6b:34:ac:96:b0:92:
                    32:b2:ea:0f:da:71:cc:23:9c:3a:9b:9a:21:14:1d:
                    86:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:20:7B:C6:23:40:21:1C:1F:38:03:6C:B4:EA:0E:7C:35:1C:BA:D6
            X509v3 Authority Key Identifier:
                keyid:3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/vSB7xiNAIRwfOANstOoOfDUcutY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.40.0/22
                  209.33.144.0-209.33.175.255

    Signature Algorithm: sha256WithRSAEncryption
         b7:0f:24:b1:be:ba:ad:a8:fd:ae:67:03:87:20:7d:6f:63:cc:
         f2:bb:a4:6c:86:b9:03:c7:6a:c2:67:62:76:30:90:4d:27:97:
         a3:56:0e:84:a7:a0:98:ba:b4:cb:09:04:57:88:38:41:6b:f4:
         bb:24:49:8d:d4:4c:47:4b:ed:07:a4:27:95:0e:84:13:99:64:
         ab:2e:28:29:2f:db:76:ed:25:bf:d6:d3:ce:e3:3e:07:71:8a:
         90:0c:b9:8e:d0:81:65:b9:2c:12:a2:78:97:52:79:5b:37:bf:
         7e:3a:98:30:4a:e1:7a:0b:57:cc:f7:8a:e1:48:6a:cb:55:e0:
         ca:db:a9:76:e4:e9:eb:f3:10:01:ad:58:a0:56:61:2c:99:d5:
         30:3a:f7:e7:1d:97:e9:41:b1:de:24:1d:a7:6f:b7:75:01:8b:
         42:cb:b0:ff:8c:58:21:2d:2a:25:b0:ae:23:11:9d:ae:fc:2e:
         4b:de:f3:0a:f7:80:62:64:7e:0d:75:7b:e8:b2:77:ad:3f:e5:
         9d:a7:b0:b2:f2:36:9d:63:04:ba:70:64:35:f8:eb:21:1e:1e:
         15:4f:26:6f:00:bd:6d:e0:b2:7c:5b:ba:3b:86:ec:f1:fe:2f:
         3d:41:77:ea:42:1e:9b:64:1f:16:90:3f:fa:d0:a4:62:74:7c:
         5c:df:4a:0c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ2vmEvNS3nxRS8oBEGXPr+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMGJmMThkNmJiZGIzM2RhODJmZTYxYTI4NjI0YmE3MmUy
MzUwNDAwHhcNMjYwNDIxMTAzMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDIwN2JjNjIzNDAyMTFjMWYzODAzNmNiNGVhMGU3YzM1MWNiYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXAs3DQO34iJEhFG3kwMMC0QgSLK
ARggeZs7EW/uWZ2/mpYFyE8mIG4xEXNvemmBompQ5eYTqdyVkjX3GXwH9nM8clxv
xk2NHxviIxY4zl2ar5XdYuJqGSYEMZQUzxsBBdRing8QAJqY4mNOHEa9Xnq+4Ma0
aPDK5oxZWzmnIC8Sc2CelV91UMYGAJSI+d6CHJ5FXijEglqdFvMJzVR1K2HxRuf0
NjOH1Q9dMhJXitgAB93RI2E5MIlH2Z0k2ipzqV/26A6igw4xzjxTygKiI6oNsqrb
Wm2dGBCk9GnMUywxcvnRlXpA/uRrNKyWsJIysuoP2nHMI5w6m5ohFB2GTwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFL0ge8YjQCEcHzgDbLTqDnw1HLrWMB8GA1UdIwQY
MBaAFDsL8Y1rvbM9qC/mGihiS6cuI1BAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2Yjgt
ZDQ5OTE2YjVmMmI0LzEvdlNCN3hpTkFJUndmT0FOc3RPb09mRFVjdXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2YjgtZDQ5OTE2YjVmMmI0
LzEvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCufEoMAwD
BATRIZADBATRIaAwDQYJKoZIhvcNAQELBQADggEBALcPJLG+uq2o/a5nA4cgfW9j
zPK7pGyGuQPHasJnYnYwkE0nl6NWDoSnoJi6tMsJBFeIOEFr9LskSY3UTEdL7Qek
J5UOhBOZZKsuKCkv23btJb/W087jPgdxipAMuY7QgWW5LBKieJdSeVs3v346mDBK
4XoLV8z3iuFIastV4MrbqXbk6evzEAGtWKBWYSyZ1TA69+cdl+lBsd4kHadvt3UB
i0LLsP+MWCEtKiWwriMRna78Lkve8wr3gGJkfg11e+iyd60/5Z2nsLLyNp1jBLpw
ZDX46yEeHhVPJm8AvW3gsnxbujuG7PH+Lz1Bd+pCHptkHxaQP/rQpGJ0fFzfSgw=
-----END CERTIFICATE-----