Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/9SPgem7U2gCiDmpSRDU-ukyx9XE.roa
File:                     9SPgem7U2gCiDmpSRDU-ukyx9XE.roa (raw, json)
Hash identifier:          wROgdUdJkJ9IiAUVLRETnuoxv5G7976oJBmCHeMjAS8=
Subject key identifier:   F5:23:E0:7A:6E:D4:DA:00:A2:0E:6A:52:44:35:3E:BA:4C:B1:F5:71
Certificate issuer:       /CN=2b5d0851911bc949d0f47c5d33d0a607b378cdf1
Certificate serial:       019CF5B1666C8D8DBE4F0DB74CFB29EEFAEB
Authority key identifier: 2B:5D:08:51:91:1B:C9:49:D0:F4:7C:5D:33:D0:A6:07:B3:78:CD:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K10IUZEbyUnQ9HxdM9CmB7N4zfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/9SPgem7U2gCiDmpSRDU-ukyx9XE.roa
Signing time:             Mon 16 Mar 2026 08:09:29 +0000
ROA not before:           Mon 16 Mar 2026 08:09:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202655
IP address blocks:        185.255.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/K10IUZEbyUnQ9HxdM9CmB7N4zfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/K10IUZEbyUnQ9HxdM9CmB7N4zfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K10IUZEbyUnQ9HxdM9CmB7N4zfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:b1:66:6c:8d:8d:be:4f:0d:b7:4c:fb:29:ee:fa:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b5d0851911bc949d0f47c5d33d0a607b378cdf1
        Validity
            Not Before: Mar 16 08:09:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f523e07a6ed4da00a20e6a5244353eba4cb1f571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:67:26:60:33:d2:5d:d8:ca:e3:84:1d:75:0c:
                    27:8a:2b:aa:ee:d5:f8:7d:c0:c6:98:20:20:ad:c1:
                    c8:12:2e:36:d0:41:47:88:b4:2c:2f:ad:86:cc:4d:
                    7a:9e:5c:46:4e:43:92:47:21:53:87:38:ef:d8:51:
                    b3:9a:90:19:56:c2:6b:b3:9f:e5:d7:f3:80:da:a7:
                    63:3a:77:94:6b:94:b4:f6:51:6f:92:61:89:e9:ba:
                    32:19:20:25:d4:75:95:4d:0f:96:fc:98:9c:8c:bb:
                    99:df:02:0e:cb:cc:c1:55:30:38:f9:6b:eb:79:b5:
                    b7:66:f7:ec:9f:3d:04:6b:a1:cb:2c:f8:18:bf:3a:
                    92:53:8a:af:8e:ea:f6:39:87:6b:e5:25:50:43:43:
                    81:44:3b:29:22:71:58:3f:8f:5e:0b:d1:46:73:55:
                    60:f7:85:8e:b5:82:92:c7:1d:b0:86:08:91:52:23:
                    72:ca:32:24:5e:e6:36:54:42:71:72:fd:1d:8d:34:
                    15:3f:c3:38:a3:f4:22:a8:4c:5d:8b:b9:87:84:5b:
                    2c:b7:78:ae:bc:80:e2:f2:81:33:3d:e1:f5:46:43:
                    d4:fb:ab:51:aa:65:42:fa:98:35:4f:40:b7:aa:1b:
                    b5:f0:45:1c:06:d2:66:9e:81:5b:11:6e:2d:0d:52:
                    3e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:23:E0:7A:6E:D4:DA:00:A2:0E:6A:52:44:35:3E:BA:4C:B1:F5:71
            X509v3 Authority Key Identifier:
                keyid:2B:5D:08:51:91:1B:C9:49:D0:F4:7C:5D:33:D0:A6:07:B3:78:CD:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K10IUZEbyUnQ9HxdM9CmB7N4zfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/9SPgem7U2gCiDmpSRDU-ukyx9XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/K10IUZEbyUnQ9HxdM9CmB7N4zfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:63:fa:6f:dd:07:61:99:26:9e:0a:94:d6:77:f7:45:14:48:
         0e:ff:25:38:3a:4c:13:22:70:b5:52:45:df:88:74:53:43:f3:
         23:a3:aa:09:c9:38:6b:ab:1d:3c:4f:47:c2:10:e0:69:42:ff:
         cf:c6:41:e1:26:cd:1e:bc:45:1f:97:0f:26:e6:93:d0:51:a1:
         dd:9f:44:4b:82:ad:7b:1b:b3:c5:ad:e9:e7:c8:62:e4:98:43:
         47:55:2a:53:fe:e4:26:70:a3:6d:62:47:4c:a2:e5:05:bb:89:
         7b:aa:12:13:4a:77:4a:21:f8:59:00:ac:bf:04:c0:f7:50:56:
         11:f6:e7:6d:cf:33:92:8b:11:ad:41:44:6e:e9:5d:e7:c4:4a:
         22:a0:54:2e:23:f9:f9:b6:b4:ae:a9:d4:65:04:b5:42:33:0b:
         53:4e:fc:d4:53:e7:06:c8:e8:93:e7:b6:3e:98:f1:b8:9d:a8:
         14:b2:40:b2:9a:9c:7b:8f:2d:66:a9:4d:3e:4d:c0:68:6e:ba:
         e7:52:cf:c5:9c:87:3a:dd:86:6f:30:0a:88:90:ac:c5:88:67:
         f9:a8:04:3d:c0:5e:e7:9c:0c:0f:72:20:59:36:73:15:a6:f1:
         c2:57:86:d6:db:94:c3:c1:a9:c5:98:34:b3:ab:f6:6b:61:a3:
         75:25:0f:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz1sWZsjY2+Tw23TPsp7vrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNWQwODUxOTExYmM5NDlkMGY0N2M1ZDMzZDBhNjA3YjM3
OGNkZjEwHhcNMjYwMzE2MDgwOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTIzZTA3YTZlZDRkYTAwYTIwZTZhNTI0NDM1M2ViYTRjYjFmNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmcmYDPSXdjK44QddQwniiuq7tX4
fcDGmCAgrcHIEi420EFHiLQsL62GzE16nlxGTkOSRyFThzjv2FGzmpAZVsJrs5/l
1/OA2qdjOneUa5S09lFvkmGJ6boyGSAl1HWVTQ+W/JicjLuZ3wIOy8zBVTA4+Wvr
ebW3Zvfsnz0Ea6HLLPgYvzqSU4qvjur2OYdr5SVQQ0OBRDspInFYP49eC9FGc1Vg
94WOtYKSxx2whgiRUiNyyjIkXuY2VEJxcv0djTQVP8M4o/QiqExdi7mHhFsst3iu
vIDi8oEzPeH1RkPU+6tRqmVC+pg1T0C3qhu18EUcBtJmnoFbEW4tDVI+mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUj4Hpu1NoAog5qUkQ1PrpMsfVxMB8GA1UdIwQY
MBaAFCtdCFGRG8lJ0PR8XTPQpgezeM3xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzEwSVVaRWJ5VW5ROUh4ZE05Q21CN040emZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83YmEyZDAtN2EyOC00YjhlLWE2N2Qt
NDMyMTk2NjlhMzBiLzEvOVNQZ2VtN1UyZ0NpRG1wU1JEVS11a3l4OVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83YmEyZDAtN2EyOC00YjhlLWE2N2QtNDMyMTk2NjlhMzBi
LzEvSzEwSVVaRWJ5VW5ROUh4ZE05Q21CN040emZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf/MMA0G
CSqGSIb3DQEBCwUAA4IBAQAMY/pv3QdhmSaeCpTWd/dFFEgO/yU4OkwTInC1UkXf
iHRTQ/Mjo6oJyThrqx08T0fCEOBpQv/PxkHhJs0evEUflw8m5pPQUaHdn0RLgq17
G7PFrennyGLkmENHVSpT/uQmcKNtYkdMouUFu4l7qhITSndKIfhZAKy/BMD3UFYR
9udtzzOSixGtQURu6V3nxEoioFQuI/n5trSuqdRlBLVCMwtTTvzUU+cGyOiT57Y+
mPG4nagUskCympx7jy1mqU0+TcBobrrnUs/FnIc63YZvMAqIkKzFiGf5qAQ9wF7n
nAwPciBZNnMVpvHCV4bW25TDwanFmDSzq/ZrYaN1JQ+B
-----END CERTIFICATE-----