Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/bec335-5ee0-4c4d-bda7-7e6d12c3736f/1/aUBxr_0mwvSxBzeIL8ewPOiXsVs.roa
File:                     aUBxr_0mwvSxBzeIL8ewPOiXsVs.roa (raw, json)
Hash identifier:          0sR9hlJuSt8VZH0DRx1WxtLAZBtKMtcmaOy1pYfOKOs=
Subject key identifier:   69:40:71:AF:FD:26:C2:F4:B1:07:37:88:2F:C7:B0:3C:E8:97:B1:5B
Certificate issuer:       /CN=1abe5eecb23af569aa701a7ab16cf7ac1f90f960
Certificate serial:       019DEA294F9F5A4DF2C8C6BE7BACD058EC87
Authority key identifier: 1A:BE:5E:EC:B2:3A:F5:69:AA:70:1A:7A:B1:6C:F7:AC:1F:90:F9:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gr5e7LI69WmqcBp6sWz3rB-Q-WA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/bec335-5ee0-4c4d-bda7-7e6d12c3736f/1/aUBxr_0mwvSxBzeIL8ewPOiXsVs.roa
Signing time:             Sat 02 May 2026 19:27:49 +0000
ROA not before:           Sat 02 May 2026 19:27:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39889
IP address blocks:        193.104.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/bec335-5ee0-4c4d-bda7-7e6d12c3736f/1/Gr5e7LI69WmqcBp6sWz3rB-Q-WA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/bec335-5ee0-4c4d-bda7-7e6d12c3736f/1/Gr5e7LI69WmqcBp6sWz3rB-Q-WA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gr5e7LI69WmqcBp6sWz3rB-Q-WA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ea:29:4f:9f:5a:4d:f2:c8:c6:be:7b:ac:d0:58:ec:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1abe5eecb23af569aa701a7ab16cf7ac1f90f960
        Validity
            Not Before: May  2 19:27:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=694071affd26c2f4b10737882fc7b03ce897b15b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:53:fd:cc:48:7b:96:4c:23:bb:84:72:c5:81:
                    c7:d1:05:07:7c:cc:b5:93:eb:33:70:f5:ac:1b:fa:
                    bc:90:68:f8:e6:f5:d6:74:ca:e1:60:01:ac:02:16:
                    8d:1d:5d:c2:f4:a9:5a:02:00:df:97:37:62:73:5c:
                    73:96:53:f4:22:b4:87:c2:98:6a:92:91:d7:6e:af:
                    d8:ca:99:05:6c:e6:48:c4:f9:3d:23:11:5d:35:ba:
                    53:9c:bb:6e:85:83:9f:42:d1:4b:7f:fe:59:c9:8d:
                    16:28:46:d7:22:92:bc:61:fe:63:9b:8c:00:aa:8d:
                    50:63:75:07:2c:62:38:4f:01:47:f9:10:3e:24:b1:
                    98:a0:7d:83:cb:cb:5a:dd:f4:0f:47:c7:ea:94:35:
                    09:a7:2f:1e:4d:25:91:bc:2f:3d:e1:61:20:26:84:
                    55:c6:42:cc:65:66:45:44:6a:6d:b2:8a:64:52:f0:
                    3d:9a:ec:df:2d:d7:fc:d5:22:d3:75:d9:57:45:15:
                    e2:2f:e8:43:6c:9a:ed:09:16:47:bd:77:ea:a2:c8:
                    dd:53:84:32:88:e5:e5:57:3c:6a:ff:85:5f:67:f2:
                    78:72:52:c3:5e:b5:f4:83:ad:b5:41:e2:42:36:72:
                    7a:09:5b:f5:61:db:a1:2f:20:cd:3f:7c:92:6a:fa:
                    84:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:40:71:AF:FD:26:C2:F4:B1:07:37:88:2F:C7:B0:3C:E8:97:B1:5B
            X509v3 Authority Key Identifier:
                keyid:1A:BE:5E:EC:B2:3A:F5:69:AA:70:1A:7A:B1:6C:F7:AC:1F:90:F9:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gr5e7LI69WmqcBp6sWz3rB-Q-WA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/bec335-5ee0-4c4d-bda7-7e6d12c3736f/1/aUBxr_0mwvSxBzeIL8ewPOiXsVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/bec335-5ee0-4c4d-bda7-7e6d12c3736f/1/Gr5e7LI69WmqcBp6sWz3rB-Q-WA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:78:75:e4:f1:e7:cb:fb:6f:6d:c6:74:a8:36:36:40:fd:19:
         84:c7:b6:80:3d:23:0f:04:78:68:a9:52:8c:e7:ff:38:bd:e3:
         af:eb:0a:eb:a0:aa:5c:9f:6a:40:cb:55:0b:c4:c9:c0:6f:a4:
         e9:91:25:91:bd:73:33:ac:c2:71:a9:44:39:57:a6:b2:c5:36:
         cb:f6:27:43:55:02:27:56:b7:4b:f7:2c:86:3c:ac:69:6d:29:
         18:54:dd:9b:e0:ce:c7:33:9b:35:f1:35:d1:f2:ab:91:17:21:
         b4:45:d7:fc:5a:bb:57:2d:13:0f:e0:8f:a5:af:72:6c:02:a1:
         e8:f0:86:e3:38:27:f5:fc:1c:0f:d9:79:24:68:46:3a:91:a5:
         2d:d2:8a:2c:db:d3:70:b8:12:1a:13:3a:da:a5:38:bd:84:a5:
         25:54:10:7a:0d:ee:a4:30:a5:7e:24:ce:2f:eb:d5:ac:bd:27:
         6b:75:59:8b:e6:d2:dc:20:0d:46:d9:4f:92:db:dc:c7:d4:1b:
         bf:33:a9:33:c6:f4:b5:12:e4:b0:ab:c1:a6:0a:b1:be:2f:5a:
         11:48:05:3b:71:c5:d5:77:ab:a6:93:27:74:08:b5:a0:c1:24:
         2f:49:60:40:8c:71:0b:ac:09:33:89:78:17:3d:ec:c2:b3:3c:
         45:d5:c7:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3qKU+fWk3yyMa+e6zQWOyHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYmU1ZWVjYjIzYWY1NjlhYTcwMWE3YWIxNmNmN2FjMWY5
MGY5NjAwHhcNMjYwNTAyMTkyNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTQwNzFhZmZkMjZjMmY0YjEwNzM3ODgyZmM3YjAzY2U4OTdiMTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1P9zEh7lkwju4RyxYHH0QUHfMy1
k+szcPWsG/q8kGj45vXWdMrhYAGsAhaNHV3C9KlaAgDflzdic1xzllP0IrSHwphq
kpHXbq/YypkFbOZIxPk9IxFdNbpTnLtuhYOfQtFLf/5ZyY0WKEbXIpK8Yf5jm4wA
qo1QY3UHLGI4TwFH+RA+JLGYoH2Dy8ta3fQPR8fqlDUJpy8eTSWRvC894WEgJoRV
xkLMZWZFRGptsopkUvA9muzfLdf81SLTddlXRRXiL+hDbJrtCRZHvXfqosjdU4Qy
iOXlVzxq/4VfZ/J4clLDXrX0g621QeJCNnJ6CVv1YduhLyDNP3ySavqEHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlAca/9JsL0sQc3iC/HsDzol7FbMB8GA1UdIwQY
MBaAFBq+XuyyOvVpqnAaerFs96wfkPlgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3I1ZTdMSTY5V21xY0JwNnNXejNyQi1RLVdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9iZWMzMzUtNWVlMC00YzRkLWJkYTct
N2U2ZDEyYzM3MzZmLzEvYVVCeHJfMG13dlN4QnplSUw4ZXdQT2lYc1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9iZWMzMzUtNWVlMC00YzRkLWJkYTctN2U2ZDEyYzM3MzZm
LzEvR3I1ZTdMSTY5V21xY0JwNnNXejNyQi1RLVdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWjWMA0G
CSqGSIb3DQEBCwUAA4IBAQANeHXk8efL+29txnSoNjZA/RmEx7aAPSMPBHhoqVKM
5/84veOv6wrroKpcn2pAy1ULxMnAb6TpkSWRvXMzrMJxqUQ5V6ayxTbL9idDVQIn
VrdL9yyGPKxpbSkYVN2b4M7HM5s18TXR8quRFyG0Rdf8WrtXLRMP4I+lr3JsAqHo
8IbjOCf1/BwP2XkkaEY6kaUt0oos29NwuBIaEzrapTi9hKUlVBB6De6kMKV+JM4v
69WsvSdrdVmL5tLcIA1G2U+S29zH1Bu/M6kzxvS1EuSwq8GmCrG+L1oRSAU7ccXV
d6umkyd0CLWgwSQvSWBAjHELrAkziXgXPezCszxF1ceA
-----END CERTIFICATE-----