Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/d5d1cd-0027-40af-819f-83a22a4faa4f/1/K2Dc5OBuZ-3GVexCh6zp51MBUis.roa
File:                     K2Dc5OBuZ-3GVexCh6zp51MBUis.roa (raw, json)
Hash identifier:          c29k2Uu3E6+pH0/RU1RBK1xurercCYLwxnC+Kb8waAo=
Subject key identifier:   2B:60:DC:E4:E0:6E:67:ED:C6:55:EC:42:87:AC:E9:E7:53:01:52:2B
Certificate issuer:       /CN=778537bdcb35320c78d59819a50b361eb95820b7
Certificate serial:       019DE3924F73FC12B09068FE613E821506E5
Authority key identifier: 77:85:37:BD:CB:35:32:0C:78:D5:98:19:A5:0B:36:1E:B9:58:20:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d4U3vcs1Mgx41ZgZpQs2HrlYILc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/d5d1cd-0027-40af-819f-83a22a4faa4f/1/K2Dc5OBuZ-3GVexCh6zp51MBUis.roa
Signing time:             Fri 01 May 2026 12:45:09 +0000
ROA not before:           Fri 01 May 2026 12:45:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47638
IP address blocks:        192.33.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/d5d1cd-0027-40af-819f-83a22a4faa4f/1/d4U3vcs1Mgx41ZgZpQs2HrlYILc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/d5d1cd-0027-40af-819f-83a22a4faa4f/1/d4U3vcs1Mgx41ZgZpQs2HrlYILc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d4U3vcs1Mgx41ZgZpQs2HrlYILc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e3:92:4f:73:fc:12:b0:90:68:fe:61:3e:82:15:06:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=778537bdcb35320c78d59819a50b361eb95820b7
        Validity
            Not Before: May  1 12:45:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b60dce4e06e67edc655ec4287ace9e75301522b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:49:a7:bd:77:7b:d9:ab:7b:4b:01:e5:92:19:
                    41:23:cd:11:b5:e6:a3:9f:14:44:08:ec:22:c9:cf:
                    bf:a1:dd:3e:72:ba:3f:e0:b5:b8:72:f6:ed:54:2c:
                    e0:44:3f:83:59:80:81:38:cd:c3:26:9b:b5:19:57:
                    b5:da:da:13:f2:8c:7b:85:43:75:b6:5f:4d:a8:01:
                    e9:be:86:7a:e2:cb:c1:b4:27:3f:9e:9f:68:0d:15:
                    56:34:ae:93:ba:49:f5:42:a9:91:90:28:ac:2d:16:
                    6b:6d:c6:ec:fd:5e:e2:5b:9c:b7:ca:d6:c6:13:68:
                    0b:c6:c1:7b:4a:ed:88:f8:e3:e0:e3:e6:73:a4:b4:
                    7e:7c:21:7f:af:1d:8d:69:f1:b9:4f:85:4b:d6:d7:
                    28:3f:3e:c7:ae:87:66:09:67:be:ea:bd:48:76:53:
                    bf:c5:80:5d:8b:c4:8a:60:9e:4a:0c:a3:18:db:e5:
                    b5:06:72:e7:a4:a4:b1:53:76:af:15:d0:56:cd:f0:
                    81:d9:b3:6c:d8:72:c7:ae:bf:9e:88:01:65:86:13:
                    56:43:bf:46:d2:e9:31:ed:07:3d:8c:b7:d5:af:65:
                    22:18:e5:16:e1:e8:70:bc:5d:f8:19:88:84:94:4e:
                    26:67:01:c2:24:4b:31:ea:0a:bb:4b:eb:e9:5c:cf:
                    56:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:60:DC:E4:E0:6E:67:ED:C6:55:EC:42:87:AC:E9:E7:53:01:52:2B
            X509v3 Authority Key Identifier:
                keyid:77:85:37:BD:CB:35:32:0C:78:D5:98:19:A5:0B:36:1E:B9:58:20:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4U3vcs1Mgx41ZgZpQs2HrlYILc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/d5d1cd-0027-40af-819f-83a22a4faa4f/1/K2Dc5OBuZ-3GVexCh6zp51MBUis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/d5d1cd-0027-40af-819f-83a22a4faa4f/1/d4U3vcs1Mgx41ZgZpQs2HrlYILc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.33.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:f7:a3:78:3a:ed:a9:c2:3c:8c:3a:83:f5:5e:87:b8:2e:40:
         34:66:13:3b:1c:82:93:fb:0a:50:22:ed:93:03:8f:79:ea:27:
         db:57:8d:95:8c:af:d4:6d:d6:aa:a5:fb:b6:41:ea:46:ba:c0:
         b8:6c:2f:fa:a8:01:51:33:fd:08:52:0c:6e:58:19:28:69:66:
         bf:a6:ab:c1:eb:c5:87:d1:6d:f6:7a:cb:b3:90:eb:53:d3:61:
         5a:57:85:2e:0a:af:f7:3c:2b:dd:ea:ac:d2:7d:ce:88:5f:c3:
         0b:e2:f8:5a:a9:21:67:cf:d8:88:23:69:05:14:ed:f9:62:14:
         ba:69:46:2e:1a:b7:86:0b:fe:c4:3f:1b:71:10:90:f0:ef:76:
         cf:ae:5a:28:af:d1:ef:e2:6f:bd:3d:f4:52:d2:73:0a:5d:e3:
         41:f2:6b:1f:d6:7d:06:1e:2e:8a:cc:04:cc:64:3c:a9:37:90:
         55:78:cb:f7:72:9c:b1:2f:d7:a6:61:cb:4e:f2:35:65:20:27:
         2c:18:43:b1:55:b4:a0:a2:0c:f3:db:c3:ec:4b:88:b6:31:39:
         f2:fc:bd:74:d9:e4:de:84:61:d6:7a:a0:13:05:a1:6b:78:09:
         24:83:00:f8:13:e1:23:1c:61:26:b8:44:10:1b:f7:aa:ad:11:
         80:fe:ca:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3jkk9z/BKwkGj+YT6CFQblMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ODUzN2JkY2IzNTMyMGM3OGQ1OTgxOWE1MGIzNjFlYjk1
ODIwYjcwHhcNMjYwNTAxMTI0NTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjYwZGNlNGUwNmU2N2VkYzY1NWVjNDI4N2FjZTllNzUzMDE1MjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8kmnvXd72at7SwHlkhlBI80Rteaj
nxRECOwiyc+/od0+cro/4LW4cvbtVCzgRD+DWYCBOM3DJpu1GVe12toT8ox7hUN1
tl9NqAHpvoZ64svBtCc/np9oDRVWNK6Tukn1QqmRkCisLRZrbcbs/V7iW5y3ytbG
E2gLxsF7Su2I+OPg4+ZzpLR+fCF/rx2NafG5T4VL1tcoPz7HrodmCWe+6r1IdlO/
xYBdi8SKYJ5KDKMY2+W1BnLnpKSxU3avFdBWzfCB2bNs2HLHrr+eiAFlhhNWQ79G
0ukx7Qc9jLfVr2UiGOUW4ehwvF34GYiElE4mZwHCJEsx6gq7S+vpXM9WGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtg3OTgbmftxlXsQoes6edTAVIrMB8GA1UdIwQY
MBaAFHeFN73LNTIMeNWYGaULNh65WCC3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDRVM3ZjczFNZ3g0MVpnWnBRczJIcmxZSUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9kNWQxY2QtMDAyNy00MGFmLTgxOWYt
ODNhMjJhNGZhYTRmLzEvSzJEYzVPQnVaLTNHVmV4Q2g2enA1MU1CVWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9kNWQxY2QtMDAyNy00MGFmLTgxOWYtODNhMjJhNGZhYTRm
LzEvZDRVM3ZjczFNZ3g0MVpnWnBRczJIcmxZSUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwCGEMA0G
CSqGSIb3DQEBCwUAA4IBAQCm96N4Ou2pwjyMOoP1Xoe4LkA0ZhM7HIKT+wpQIu2T
A4956ifbV42VjK/Ubdaqpfu2QepGusC4bC/6qAFRM/0IUgxuWBkoaWa/pqvB68WH
0W32esuzkOtT02FaV4UuCq/3PCvd6qzSfc6IX8ML4vhaqSFnz9iII2kFFO35YhS6
aUYuGreGC/7EPxtxEJDw73bPrloor9Hv4m+9PfRS0nMKXeNB8msf1n0GHi6KzATM
ZDypN5BVeMv3cpyxL9emYctO8jVlICcsGEOxVbSgogzz28PsS4i2MTny/L102eTe
hGHWeqATBaFreAkkgwD4E+EjHGEmuEQQG/eqrRGA/spw
-----END CERTIFICATE-----