Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/2iC8kbXKFjWmx_dbdVyppAM0-6Y.roa
File:                     2iC8kbXKFjWmx_dbdVyppAM0-6Y.roa (raw, json)
Hash identifier:          tmWp7mxjB9vdgjX2gtWUKioc5qEfAmveNcok4dIUQAo=
Subject key identifier:   DA:20:BC:91:B5:CA:16:35:A6:C7:F7:5B:75:5C:A9:A4:03:34:FB:A6
Certificate issuer:       /CN=62719c6d8b9950378a7489315fb078111a18ad55
Certificate serial:       019DD3E2D6A261E30358FBF3C8DDB608715D
Authority key identifier: 62:71:9C:6D:8B:99:50:37:8A:74:89:31:5F:B0:78:11:1A:18:AD:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YnGcbYuZUDeKdIkxX7B4ERoYrVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/2iC8kbXKFjWmx_dbdVyppAM0-6Y.roa
Signing time:             Tue 28 Apr 2026 11:39:11 +0000
ROA not before:           Tue 28 Apr 2026 11:39:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213535
IP address blocks:        185.71.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/YnGcbYuZUDeKdIkxX7B4ERoYrVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/YnGcbYuZUDeKdIkxX7B4ERoYrVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YnGcbYuZUDeKdIkxX7B4ERoYrVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:e2:d6:a2:61:e3:03:58:fb:f3:c8:dd:b6:08:71:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62719c6d8b9950378a7489315fb078111a18ad55
        Validity
            Not Before: Apr 28 11:39:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da20bc91b5ca1635a6c7f75b755ca9a40334fba6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fa:ad:20:74:6d:b8:e3:76:80:b9:fd:83:0a:
                    d6:8e:a5:d9:06:fe:31:82:c5:ff:91:e7:2a:f1:71:
                    c6:9d:63:b0:b9:d5:fc:b2:20:13:fe:31:4a:92:d9:
                    2a:68:c6:54:2b:1f:79:ed:af:89:c8:93:7c:c5:73:
                    5a:f8:52:86:89:82:92:f6:cc:62:92:38:de:4f:c8:
                    cc:90:7c:12:e0:43:18:98:06:b6:0d:e2:ef:ef:16:
                    08:0c:3f:10:c1:c7:6a:05:7f:1d:be:3c:07:1e:df:
                    3e:5f:6e:a0:c7:e3:68:3f:0d:da:14:df:ba:94:f2:
                    54:14:37:04:e8:1c:92:48:fc:7c:ae:2c:7e:b1:5a:
                    7d:d0:8d:68:e3:4e:ca:ea:8e:23:08:5a:14:08:5c:
                    cc:5c:fb:e7:62:eb:de:e0:a5:8a:8a:8c:00:45:dd:
                    5c:9e:e2:06:0e:8b:2c:f0:36:12:64:66:c3:27:99:
                    75:af:23:fb:62:8f:41:9f:3f:7b:06:32:70:49:97:
                    67:4c:13:0d:9a:fa:3f:59:4e:dd:f4:6d:e4:6a:d0:
                    81:94:9e:e6:8b:4d:53:36:ac:be:c1:41:a4:91:91:
                    a9:34:72:ba:06:a2:61:b4:03:87:ec:0e:0d:77:ad:
                    ab:41:80:3c:eb:ee:23:a4:2d:76:27:3e:e3:e9:27:
                    8e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:20:BC:91:B5:CA:16:35:A6:C7:F7:5B:75:5C:A9:A4:03:34:FB:A6
            X509v3 Authority Key Identifier:
                keyid:62:71:9C:6D:8B:99:50:37:8A:74:89:31:5F:B0:78:11:1A:18:AD:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YnGcbYuZUDeKdIkxX7B4ERoYrVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/2iC8kbXKFjWmx_dbdVyppAM0-6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/072f68-813d-4ba7-b49d-75fa295411f5/1/YnGcbYuZUDeKdIkxX7B4ERoYrVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:26:de:b6:f0:32:0b:a2:9a:54:b6:55:1c:b6:d0:96:e5:b9:
         3c:ea:1e:79:80:f0:07:2d:19:c7:61:a8:8b:d8:c0:83:a6:49:
         3a:af:16:6b:c4:8a:84:4f:ec:26:c1:4d:15:36:9c:83:28:4c:
         4d:8b:2e:dd:e1:b7:19:db:28:92:f2:f0:af:e7:4d:4f:75:a7:
         de:bb:60:31:4e:e1:cb:be:b9:41:35:4f:d0:30:87:6c:c8:c3:
         be:12:a2:02:8b:af:be:92:6f:b8:9b:44:9a:b1:c1:e8:c9:e7:
         0c:ef:9c:20:29:b0:aa:53:04:d2:13:04:fb:6e:53:e7:59:a6:
         02:53:13:22:f8:1a:17:41:0a:ea:27:26:a1:83:51:c1:71:cc:
         bd:da:e3:ed:37:1f:9a:0d:c8:8e:1e:7d:06:0b:2b:e6:69:cf:
         ae:b7:af:6f:33:b1:44:4b:eb:dc:6b:be:79:cf:d1:89:95:45:
         25:f8:c4:b1:54:e9:bd:21:2c:a4:78:68:0e:d3:b9:59:44:59:
         86:c5:a9:0c:e2:a9:2c:30:9b:5f:1d:cc:f7:27:30:c5:38:68:
         c3:2a:4e:a9:5e:bb:ee:37:d2:c3:e3:9b:15:45:c0:e7:c4:12:
         ff:ef:20:67:b2:ff:b1:42:48:c4:54:d1:25:76:30:96:79:26:
         ed:f7:08:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3T4taiYeMDWPvzyN22CHFdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzE5YzZkOGI5OTUwMzc4YTc0ODkzMTVmYjA3ODExMWEx
OGFkNTUwHhcNMjYwNDI4MTEzOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTIwYmM5MWI1Y2ExNjM1YTZjN2Y3NWI3NTVjYTlhNDAzMzRmYmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/qtIHRtuON2gLn9gwrWjqXZBv4x
gsX/kecq8XHGnWOwudX8siAT/jFKktkqaMZUKx957a+JyJN8xXNa+FKGiYKS9sxi
kjjeT8jMkHwS4EMYmAa2DeLv7xYIDD8QwcdqBX8dvjwHHt8+X26gx+NoPw3aFN+6
lPJUFDcE6BySSPx8rix+sVp90I1o407K6o4jCFoUCFzMXPvnYuve4KWKiowARd1c
nuIGDoss8DYSZGbDJ5l1ryP7Yo9Bnz97BjJwSZdnTBMNmvo/WU7d9G3katCBlJ7m
i01TNqy+wUGkkZGpNHK6BqJhtAOH7A4Nd62rQYA86+4jpC12Jz7j6SeOhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNogvJG1yhY1psf3W3VcqaQDNPumMB8GA1UdIwQY
MBaAFGJxnG2LmVA3inSJMV+weBEaGK1VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5HY2JZdVpVRGVLZElreFg3QjRFUm9ZclZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8wNzJmNjgtODEzZC00YmE3LWI0OWQt
NzVmYTI5NTQxMWY1LzEvMmlDOGtiWEtGaldteF9kYmRWeXBwQU0wLTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8wNzJmNjgtODEzZC00YmE3LWI0OWQtNzVmYTI5NTQxMWY1
LzEvWW5HY2JZdVpVRGVLZElreFg3QjRFUm9ZclZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUfbMA0G
CSqGSIb3DQEBCwUAA4IBAQDHJt628DILoppUtlUcttCW5bk86h55gPAHLRnHYaiL
2MCDpkk6rxZrxIqET+wmwU0VNpyDKExNiy7d4bcZ2yiS8vCv501Pdafeu2AxTuHL
vrlBNU/QMIdsyMO+EqICi6++km+4m0SascHoyecM75wgKbCqUwTSEwT7blPnWaYC
UxMi+BoXQQrqJyahg1HBccy92uPtNx+aDciOHn0GCyvmac+ut69vM7FES+vca755
z9GJlUUl+MSxVOm9ISykeGgO07lZRFmGxakM4qksMJtfHcz3JzDFOGjDKk6pXrvu
N9LD45sVRcDnxBL/7yBnsv+xQkjEVNEldjCWeSbt9wiY
-----END CERTIFICATE-----