Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/viTS2vSEXyeqZB76Pw9I_-D3ags.roa
File:                     viTS2vSEXyeqZB76Pw9I_-D3ags.roa (raw, json)
Hash identifier:          qbDefb8T1pktEql1YHYnA/oWSC1dlY1F7XizmBxKWF8=
Subject key identifier:   BE:24:D2:DA:F4:84:5F:27:AA:64:1E:FA:3F:0F:48:FF:E0:F7:6A:0B
Certificate issuer:       /CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
Certificate serial:       019D2446972511D30EDBE1521FB51DBBF1DB
Authority key identifier: 23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/viTS2vSEXyeqZB76Pw9I_-D3ags.roa
Signing time:             Wed 25 Mar 2026 09:14:59 +0000
ROA not before:           Wed 25 Mar 2026 09:14:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201055
IP address blocks:        185.203.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:46:97:25:11:d3:0e:db:e1:52:1f:b5:1d:bb:f1:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
        Validity
            Not Before: Mar 25 09:14:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be24d2daf4845f27aa641efa3f0f48ffe0f76a0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:fb:45:6d:96:a8:b8:5c:c5:c5:c9:6e:0d:f0:
                    39:9c:f8:12:79:44:4f:df:0f:8b:63:5a:6f:02:6c:
                    c9:bb:21:8b:52:dc:8b:aa:70:37:4a:e6:a2:08:da:
                    c6:6b:c0:13:1e:58:4d:1d:2a:2f:57:b0:2a:b3:f4:
                    7c:0e:4c:81:1b:4f:c0:13:a7:67:f3:77:52:85:92:
                    98:04:b8:72:8d:8e:12:12:11:d4:37:69:9f:aa:4c:
                    86:f1:b4:f2:1c:ea:39:95:29:ea:53:bd:d0:8e:24:
                    c4:f1:64:ef:44:50:0b:3d:97:62:9c:21:cf:df:97:
                    44:e0:62:3c:36:05:5f:69:c0:f4:21:02:8d:df:3c:
                    c8:f2:ff:a6:1d:b8:88:35:9c:41:6f:a6:2e:8a:72:
                    6e:27:28:ae:c6:99:6a:2d:4d:40:04:08:c3:2a:82:
                    cb:3d:82:f8:2b:ae:c9:ee:af:2d:33:1b:96:ac:f2:
                    6e:37:cb:5b:ba:26:8e:f4:dd:42:f9:6d:7c:43:1c:
                    fd:dd:08:80:73:b1:91:dd:b1:a6:d5:ca:c5:f3:04:
                    42:20:3c:50:85:87:d9:65:cc:c7:fa:b4:c1:79:34:
                    a8:ac:db:40:14:f4:2f:bb:42:c6:f2:16:27:2c:99:
                    e6:f9:7c:9a:4a:a1:f0:ab:5f:44:05:51:ba:3a:3f:
                    d7:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:24:D2:DA:F4:84:5F:27:AA:64:1E:FA:3F:0F:48:FF:E0:F7:6A:0B
            X509v3 Authority Key Identifier:
                keyid:23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/viTS2vSEXyeqZB76Pw9I_-D3ags.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:02:df:8c:c8:c1:50:11:5f:98:52:6c:3c:22:b2:b9:d7:73:
         43:88:9d:ce:47:1f:b3:cc:aa:c1:e3:5a:2c:7b:3f:92:6b:e7:
         02:3c:a4:d8:da:b1:2c:3c:6b:ec:fc:c5:16:7e:a1:ac:21:7d:
         48:53:b9:82:7f:d9:ae:67:7e:cb:0b:25:3b:11:42:1c:03:12:
         e6:7d:70:3f:3d:ca:8f:76:4b:d5:c5:fa:ee:5e:c8:a9:ab:4c:
         da:35:34:4d:60:8d:10:16:76:ec:cf:93:44:96:5f:b6:c0:3c:
         e0:5e:99:ad:c4:1b:5c:36:4d:ac:91:40:f9:ab:c0:bd:73:57:
         db:65:86:17:02:7b:33:07:3c:83:ce:b0:ba:a4:d7:00:85:2e:
         d1:95:5d:25:aa:bd:20:a6:a4:63:1c:c0:0b:10:bf:50:0d:4a:
         01:dc:71:e3:11:38:04:70:1f:08:b7:fb:a6:8c:24:27:23:f2:
         2c:ca:0d:3f:f5:4e:d6:fc:9a:79:ef:7e:8e:89:4d:72:9f:7e:
         50:ba:2a:b6:6b:bf:b0:1e:3b:0b:b8:9e:37:dc:4e:98:1d:d8:
         7f:4c:ea:c2:15:75:52:18:72:e2:55:6d:82:07:99:e9:c2:8c:
         cb:80:78:9a:a9:cf:53:a7:48:57:ea:e3:22:05:94:14:f3:27:
         5a:3d:b6:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kRpclEdMO2+FSH7Udu/HbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzBlMjYwNjA5MTNjNzU4MTM3NDg4YmZkN2FiMWJmZTll
MTBhZTIwHhcNMjYwMzI1MDkxNDU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTI0ZDJkYWY0ODQ1ZjI3YWE2NDFlZmEzZjBmNDhmZmUwZjc2YTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivtFbZaouFzFxcluDfA5nPgSeURP
3w+LY1pvAmzJuyGLUtyLqnA3SuaiCNrGa8ATHlhNHSovV7Aqs/R8DkyBG0/AE6dn
83dShZKYBLhyjY4SEhHUN2mfqkyG8bTyHOo5lSnqU73QjiTE8WTvRFALPZdinCHP
35dE4GI8NgVfacD0IQKN3zzI8v+mHbiINZxBb6YuinJuJyiuxplqLU1ABAjDKoLL
PYL4K67J7q8tMxuWrPJuN8tbuiaO9N1C+W18Qxz93QiAc7GR3bGm1crF8wRCIDxQ
hYfZZczH+rTBeTSorNtAFPQvu0LG8hYnLJnm+XyaSqHwq19EBVG6Oj/XqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4k0tr0hF8nqmQe+j8PSP/g92oLMB8GA1UdIwQY
MBaAFCMw4mBgkTx1gTdIi/16sb/p4QriMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0Yjkt
NzA2NzgyY2ZhMDNiLzEvdmlUUzJ2U0VYeWVxWkI3NlB3OUlfLUQzYWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0YjktNzA2NzgyY2ZhMDNi
LzEvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucvqMA0G
CSqGSIb3DQEBCwUAA4IBAQAMAt+MyMFQEV+YUmw8IrK513NDiJ3ORx+zzKrB41os
ez+Sa+cCPKTY2rEsPGvs/MUWfqGsIX1IU7mCf9muZ37LCyU7EUIcAxLmfXA/PcqP
dkvVxfruXsipq0zaNTRNYI0QFnbsz5NEll+2wDzgXpmtxBtcNk2skUD5q8C9c1fb
ZYYXAnszBzyDzrC6pNcAhS7RlV0lqr0gpqRjHMALEL9QDUoB3HHjETgEcB8It/um
jCQnI/Isyg0/9U7W/Jp5736OiU1yn35Quiq2a7+wHjsLuJ433E6YHdh/TOrCFXVS
GHLiVW2CB5npwozLgHiaqc9Tp0hX6uMiBZQU8ydaPbab
-----END CERTIFICATE-----