Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/djUu5cDQt6LB-q5h21NnwtOkzBw.roa
File:                     djUu5cDQt6LB-q5h21NnwtOkzBw.roa (raw, json)
Hash identifier:          Idnm5AsXzl27XEprh2dKbOw6LLxc15uJ3a91oVCGgsw=
Subject key identifier:   76:35:2E:E5:C0:D0:B7:A2:C1:FA:AE:61:DB:53:67:C2:D3:A4:CC:1C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D014FF3E401927F988CFC5C03D06F8AA6
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/djUu5cDQt6LB-q5h21NnwtOkzBw.roa
Signing time:             Wed 18 Mar 2026 14:18:30 +0000
ROA not before:           Wed 18 Mar 2026 14:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205397
IP address blocks:        185.99.98.0/24 maxlen: 24
                          193.5.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:4f:f3:e4:01:92:7f:98:8c:fc:5c:03:d0:6f:8a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 18 14:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76352ee5c0d0b7a2c1faae61db5367c2d3a4cc1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:91:66:6a:2b:1f:f9:ac:7a:0c:45:ff:08:8a:
                    49:df:69:c0:1c:8d:35:ce:a9:10:6b:ca:3b:5d:b6:
                    b7:c5:51:43:8a:b4:8d:ab:a7:0f:fd:05:4c:bd:aa:
                    3a:8a:08:bc:91:24:28:b6:07:dc:18:9a:52:79:72:
                    ce:e3:4b:92:dc:13:5b:54:be:cb:ca:60:d7:3d:d0:
                    f5:12:04:0d:5b:56:37:a8:ea:8a:91:6d:46:fd:c4:
                    e2:0c:bf:a8:8e:89:96:ba:a9:5f:5b:d3:c4:ef:5d:
                    2f:85:0a:56:fe:8e:77:13:09:f6:45:cc:87:19:9d:
                    8c:6a:6f:d9:2a:3d:45:96:25:c9:2a:1c:b0:cf:74:
                    b0:c2:37:5e:87:d0:98:53:4a:ea:3a:1f:e2:7e:de:
                    35:b8:65:82:db:47:5e:e2:59:5a:1a:cb:25:3c:2e:
                    90:87:78:8a:95:3d:b8:a7:04:a7:1e:8a:22:da:31:
                    9c:47:08:c4:6a:c3:db:d8:7e:a5:48:2c:9b:66:f0:
                    4f:6a:c5:09:99:dc:a0:09:07:41:49:f9:d3:60:86:
                    60:de:3b:74:c8:e3:8e:e7:f8:4b:f3:ce:0b:4b:d0:
                    d3:15:e9:f9:64:68:ac:3e:a4:31:d7:dc:7f:15:22:
                    6a:fa:6d:4b:1e:5f:b6:21:14:9e:e7:71:67:68:80:
                    8d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:35:2E:E5:C0:D0:B7:A2:C1:FA:AE:61:DB:53:67:C2:D3:A4:CC:1C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/djUu5cDQt6LB-q5h21NnwtOkzBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.98.0/24
                  193.5.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:0f:fe:f5:95:84:a2:e9:b8:d6:f9:2a:11:7e:70:c0:13:20:
         6a:03:0e:ad:26:0d:f9:72:fd:25:d6:c5:05:d6:3b:12:79:3a:
         a8:24:a4:b0:f8:2e:06:09:62:6b:54:82:bd:ad:be:4a:f5:c1:
         44:32:f9:53:00:13:ef:f9:e4:f2:96:8b:de:8a:c2:c5:ef:6d:
         d0:8f:e9:03:4d:73:6c:9a:0c:d7:cb:4c:bc:b3:98:9d:d3:9b:
         5e:9f:49:b9:47:c6:22:e7:c8:64:db:95:c0:31:8c:bc:0c:28:
         eb:a6:18:f2:67:36:73:87:be:b7:ef:28:cb:5a:e1:5e:7c:f7:
         ed:8c:23:bf:01:58:bb:e0:58:d5:44:d1:e7:37:4a:a4:8e:68:
         f6:f8:dc:e0:7b:5b:14:68:bf:8e:40:1a:d9:ec:a9:58:33:d2:
         35:78:80:86:24:1c:ab:bb:d1:83:e8:41:04:18:52:33:38:d1:
         17:94:be:84:8e:b1:36:27:0c:7b:9e:2a:4e:d6:e8:33:9d:92:
         9d:1b:77:63:ea:f1:20:a4:9f:a5:20:79:9a:94:67:11:71:9c:
         4f:f7:b4:ca:6c:39:4e:51:a1:d9:49:f3:e4:63:ec:ac:5b:83:
         5a:8d:5c:1b:00:d2:fa:d6:df:a8:37:ee:a2:11:ae:7d:0f:90:
         4e:c7:87:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0BT/PkAZJ/mIz8XAPQb4qmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzE4MTQxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjM1MmVlNWMwZDBiN2EyYzFmYWFlNjFkYjUzNjdjMmQzYTRjYzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJFmaisf+ax6DEX/CIpJ32nAHI01
zqkQa8o7Xba3xVFDirSNq6cP/QVMvao6igi8kSQotgfcGJpSeXLO40uS3BNbVL7L
ymDXPdD1EgQNW1Y3qOqKkW1G/cTiDL+ojomWuqlfW9PE710vhQpW/o53Ewn2RcyH
GZ2Mam/ZKj1FliXJKhywz3Swwjdeh9CYU0rqOh/ift41uGWC20de4llaGsslPC6Q
h3iKlT24pwSnHooi2jGcRwjEasPb2H6lSCybZvBPasUJmdygCQdBSfnTYIZg3jt0
yOOO5/hL884LS9DTFen5ZGisPqQx19x/FSJq+m1LHl+2IRSe53FnaICN5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHY1LuXA0LeiwfquYdtTZ8LTpMwcMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZGpVdTVjRFF0NkxCLXE1aDIxTm53dE9rekJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWNiAwQA
wQX7MA0GCSqGSIb3DQEBCwUAA4IBAQAoD/71lYSi6bjW+SoRfnDAEyBqAw6tJg35
cv0l1sUF1jsSeTqoJKSw+C4GCWJrVIK9rb5K9cFEMvlTABPv+eTyloveisLF723Q
j+kDTXNsmgzXy0y8s5id05ten0m5R8Yi58hk25XAMYy8DCjrphjyZzZzh7637yjL
WuFefPftjCO/AVi74FjVRNHnN0qkjmj2+Nzge1sUaL+OQBrZ7KlYM9I1eICGJByr
u9GD6EEEGFIzONEXlL6EjrE2Jwx7nipO1ugznZKdG3dj6vEgpJ+lIHmalGcRcZxP
97TKbDlOUaHZSfPkY+ysW4NajVwbANL61t+oN+6iEa59D5BOx4fL
-----END CERTIFICATE-----