Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/IGOBSd3ZuJbm4C5TrnSQrR-a0jU.roa
File:                     IGOBSd3ZuJbm4C5TrnSQrR-a0jU.roa (raw, json)
Hash identifier:          gqwFBRnGvAPBp+VnF0Uw0nntvsm6cNUPb90FQlaPVzo=
Subject key identifier:   20:63:81:49:DD:D9:B8:96:E6:E0:2E:53:AE:74:90:AD:1F:9A:D2:35
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       019D0EE8C8B220C3CD26B70A2C2D00F85AF6
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/IGOBSd3ZuJbm4C5TrnSQrR-a0jU.roa
Signing time:             Sat 21 Mar 2026 05:40:29 +0000
ROA not before:           Sat 21 Mar 2026 05:40:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213440
IP address blocks:        212.52.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0e:e8:c8:b2:20:c3:cd:26:b7:0a:2c:2d:00:f8:5a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Mar 21 05:40:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20638149ddd9b896e6e02e53ae7490ad1f9ad235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:76:27:5d:1c:52:01:5a:aa:e0:04:62:33:f4:
                    25:c3:8c:5c:9a:c2:70:91:7d:6c:0b:c1:54:33:b9:
                    bb:2f:95:2c:7e:d6:d9:c6:d7:77:90:08:a1:82:43:
                    57:02:66:21:0a:b2:fa:95:34:3e:86:4a:ed:38:df:
                    de:96:64:08:4e:ad:37:8a:3f:80:c8:0d:02:ef:bc:
                    d3:ed:fb:55:68:fc:31:d5:3c:d5:eb:d3:cb:57:1d:
                    a7:96:4a:a1:a6:73:ab:a7:bc:db:28:9d:c3:f5:00:
                    1d:b2:6e:76:06:6a:07:f9:7c:0e:a1:85:08:ff:b0:
                    8b:b0:cf:4d:d9:32:54:68:49:51:c0:c2:b4:2f:ac:
                    83:5f:ea:f5:83:8a:43:c5:e7:aa:90:27:a1:54:83:
                    67:5a:53:50:8d:d6:25:13:a9:06:d7:45:5a:35:30:
                    9f:26:48:54:14:9d:ef:9c:68:2b:db:75:4d:eb:40:
                    32:bf:4f:4d:68:4e:93:0f:66:e8:4c:24:a5:19:ad:
                    c9:e3:0a:d4:6c:37:49:99:6a:78:97:1e:95:c9:5a:
                    16:dd:70:19:d3:bc:55:87:0c:34:3a:a6:07:b6:e5:
                    06:ef:16:92:48:f6:21:03:4f:1c:2c:33:aa:2b:5b:
                    65:04:83:8d:6f:25:7b:85:8b:bc:f9:92:51:fa:4e:
                    c7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:63:81:49:DD:D9:B8:96:E6:E0:2E:53:AE:74:90:AD:1F:9A:D2:35
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/IGOBSd3ZuJbm4C5TrnSQrR-a0jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.52.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:a0:71:26:6c:ed:ba:e6:2f:fd:3a:40:fb:f6:d6:72:11:51:
         9d:c0:32:bf:8c:72:2d:e7:8c:39:ea:5f:33:8a:d4:7a:1c:24:
         20:e3:37:b1:84:be:e8:1f:fb:ad:37:4b:50:6b:73:74:cb:ee:
         d0:41:44:bb:a8:31:75:e7:d3:22:f8:e1:3e:41:9a:91:ad:c8:
         ef:b7:98:2a:69:4e:b8:0d:d4:6e:c3:e8:8b:83:80:f8:09:1e:
         0d:ab:0b:3b:4b:de:6b:95:2a:11:1d:12:78:60:0c:e3:c6:2c:
         af:e3:a9:97:f8:a5:de:dc:39:01:24:a4:56:52:a2:b1:a2:62:
         12:10:f4:12:6f:37:9b:4a:cc:8e:d9:70:57:58:f9:1d:95:1b:
         e4:c3:e4:76:08:0a:39:07:73:6e:04:fd:4f:10:7a:c4:cd:40:
         af:46:2e:60:51:bd:9c:3b:a4:89:54:25:66:6b:d6:60:57:6e:
         14:32:17:af:ea:e7:d9:1e:31:45:2f:de:cd:f8:fd:3c:f5:e8:
         de:94:2c:db:85:c6:d7:ba:61:27:b5:aa:b9:9e:6a:1c:70:3f:
         93:c1:33:43:06:72:d7:18:7e:98:c0:a8:1a:e1:1b:12:fd:15:
         d9:d6:f5:b3:6e:8d:d0:5c:ec:b9:b5:e0:46:cf:cc:11:b4:09:
         31:32:75:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0O6MiyIMPNJrcKLC0A+Fr2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjYwMzIxMDU0MDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDYzODE0OWRkZDliODk2ZTZlMDJlNTNhZTc0OTBhZDFmOWFkMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nYnXRxSAVqq4ARiM/Qlw4xcmsJw
kX1sC8FUM7m7L5UsftbZxtd3kAihgkNXAmYhCrL6lTQ+hkrtON/elmQITq03ij+A
yA0C77zT7ftVaPwx1TzV69PLVx2nlkqhpnOrp7zbKJ3D9QAdsm52BmoH+XwOoYUI
/7CLsM9N2TJUaElRwMK0L6yDX+r1g4pDxeeqkCehVINnWlNQjdYlE6kG10VaNTCf
JkhUFJ3vnGgr23VN60Ayv09NaE6TD2boTCSlGa3J4wrUbDdJmWp4lx6VyVoW3XAZ
07xVhww0OqYHtuUG7xaSSPYhA08cLDOqK1tlBIONbyV7hYu8+ZJR+k7H0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBjgUnd2biW5uAuU650kK0fmtI1MB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvSUdPQlNkM1p1SmJtNEM1VHJuU1FyUi1hMGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DQOMA0G
CSqGSIb3DQEBCwUAA4IBAQCFoHEmbO265i/9OkD79tZyEVGdwDK/jHIt54w56l8z
itR6HCQg4zexhL7oH/utN0tQa3N0y+7QQUS7qDF159Mi+OE+QZqRrcjvt5gqaU64
DdRuw+iLg4D4CR4Nqws7S95rlSoRHRJ4YAzjxiyv46mX+KXe3DkBJKRWUqKxomIS
EPQSbzebSsyO2XBXWPkdlRvkw+R2CAo5B3NuBP1PEHrEzUCvRi5gUb2cO6SJVCVm
a9ZgV24UMhev6ufZHjFFL97N+P089ejelCzbhcbXumEntaq5nmoccD+TwTNDBnLX
GH6YwKga4RsS/RXZ1vWzbo3QXOy5teBGz8wRtAkxMnUc
-----END CERTIFICATE-----