Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/szG4-iX-wy9Ea4Hl_ZxkAAsV2VI.roa
File:                     szG4-iX-wy9Ea4Hl_ZxkAAsV2VI.roa (raw, json)
Hash identifier:          KBtNUYEno10Fs+9SpyYwnipEOPhepmYstt4xaQRcuLg=
Subject key identifier:   B3:31:B8:FA:25:FE:C3:2F:44:6B:81:E5:FD:9C:64:00:0B:15:D9:52
Certificate issuer:       /CN=dc7fbd677441cbb5c0bd47bcd2f38ba192a336a6
Certificate serial:       019CB7EE3218EB225FF115636034BC0CA8BD
Authority key identifier: DC:7F:BD:67:74:41:CB:B5:C0:BD:47:BC:D2:F3:8B:A1:92:A3:36:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3H-9Z3RBy7XAvUe80vOLoZKjNqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/szG4-iX-wy9Ea4Hl_ZxkAAsV2VI.roa
Signing time:             Wed 04 Mar 2026 08:19:26 +0000
ROA not before:           Wed 04 Mar 2026 08:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200373
IP address blocks:        193.56.28.0/24 maxlen: 24
                          2a14:6380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/3H-9Z3RBy7XAvUe80vOLoZKjNqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/3H-9Z3RBy7XAvUe80vOLoZKjNqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3H-9Z3RBy7XAvUe80vOLoZKjNqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b7:ee:32:18:eb:22:5f:f1:15:63:60:34:bc:0c:a8:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc7fbd677441cbb5c0bd47bcd2f38ba192a336a6
        Validity
            Not Before: Mar  4 08:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b331b8fa25fec32f446b81e5fd9c64000b15d952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bb:bf:7f:5b:53:fb:36:a4:da:71:88:34:08:
                    33:b4:f4:47:cf:25:68:22:27:15:7d:1f:7d:41:e8:
                    b0:eb:9a:16:35:a4:87:4e:b6:df:02:75:e2:dc:72:
                    81:9b:db:c8:0f:38:ee:a1:48:3a:53:e5:68:7f:a0:
                    cb:89:45:40:59:d4:6b:79:4c:fc:64:e8:4e:79:f4:
                    4d:8f:e9:bd:e8:2f:ae:50:81:42:96:f6:b8:3d:62:
                    23:7d:2c:5b:30:ed:8e:da:21:65:5f:17:1c:ac:0d:
                    df:96:ab:fa:2d:69:cf:72:21:dc:42:88:14:9d:e6:
                    b8:55:94:96:e8:01:56:b0:8f:af:e1:ce:48:ac:d4:
                    6b:fa:a3:e9:9c:bf:b1:06:4c:b5:f8:8f:65:47:79:
                    61:d9:e1:15:00:6f:9c:3b:e6:0d:35:22:d1:77:a2:
                    9e:8d:28:c8:35:14:c8:51:72:2a:d2:04:56:0a:8c:
                    8a:21:ac:bc:26:7b:37:cf:f7:41:a3:e9:7f:c3:c0:
                    f5:82:5d:ca:d0:6b:d4:a6:dc:ab:54:26:42:56:88:
                    5a:d7:46:56:ed:3b:ff:e7:e8:16:15:f1:05:04:c4:
                    51:54:ec:48:4f:5a:ae:e8:11:98:14:ab:df:09:53:
                    12:3b:11:4c:ae:9f:d5:f6:37:32:71:dd:6f:9d:04:
                    5e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:31:B8:FA:25:FE:C3:2F:44:6B:81:E5:FD:9C:64:00:0B:15:D9:52
            X509v3 Authority Key Identifier:
                keyid:DC:7F:BD:67:74:41:CB:B5:C0:BD:47:BC:D2:F3:8B:A1:92:A3:36:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3H-9Z3RBy7XAvUe80vOLoZKjNqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/szG4-iX-wy9Ea4Hl_ZxkAAsV2VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/3H-9Z3RBy7XAvUe80vOLoZKjNqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.28.0/24
                IPv6:
                  2a14:6380::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:4c:23:f8:3c:5d:1b:79:46:09:26:1a:f3:60:45:3e:41:65:
         a4:13:ed:00:05:15:08:66:88:02:62:36:90:90:a8:84:53:64:
         ff:03:63:26:33:ee:b3:46:2b:66:04:e7:61:d3:dd:77:99:a7:
         bf:16:46:a5:fb:8a:c9:c2:57:65:02:d5:0a:06:03:d5:2c:36:
         07:21:33:e6:66:6c:c2:a6:d4:13:97:22:ff:cd:d7:80:b1:34:
         ed:78:84:22:c4:71:3c:9d:64:a3:7e:12:dc:50:ed:eb:5d:d3:
         d2:83:28:c5:b0:c2:d0:bc:58:85:3a:a3:56:a3:0f:06:e9:8a:
         88:f9:65:46:72:c1:bd:5b:0f:2f:08:cb:f0:32:1d:b0:7a:81:
         b8:bb:01:ed:c0:5e:a4:4c:13:f0:8d:04:b6:91:50:23:f5:3a:
         f6:8e:c4:cf:bd:da:30:d7:82:d6:9a:c8:86:e6:fd:43:0f:7f:
         48:6b:c6:78:4d:41:c3:1d:74:9c:99:44:b8:d0:fb:1e:72:c6:
         94:89:22:76:03:d3:4a:a6:6e:e2:d5:f1:27:60:dd:32:b5:f0:
         45:11:3a:9d:eb:c0:67:fd:5d:29:d7:8f:dd:03:49:63:5b:bc:
         bf:1a:99:9d:34:12:75:a8:8e:76:0b:64:6e:21:4d:f3:c1:27:
         39:32:20:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZy37jIY6yJf8RVjYDS8DKi9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjN2ZiZDY3NzQ0MWNiYjVjMGJkNDdiY2QyZjM4YmExOTJh
MzM2YTYwHhcNMjYwMzA0MDgxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzMxYjhmYTI1ZmVjMzJmNDQ2YjgxZTVmZDljNjQwMDBiMTVkOTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbu/f1tT+zak2nGINAgztPRHzyVo
IicVfR99Qeiw65oWNaSHTrbfAnXi3HKBm9vIDzjuoUg6U+Vof6DLiUVAWdRreUz8
ZOhOefRNj+m96C+uUIFClva4PWIjfSxbMO2O2iFlXxccrA3flqv6LWnPciHcQogU
nea4VZSW6AFWsI+v4c5IrNRr+qPpnL+xBky1+I9lR3lh2eEVAG+cO+YNNSLRd6Ke
jSjINRTIUXIq0gRWCoyKIay8Jns3z/dBo+l/w8D1gl3K0GvUptyrVCZCVoha10ZW
7Tv/5+gWFfEFBMRRVOxIT1qu6BGYFKvfCVMSOxFMrp/V9jcycd1vnQRepwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLMxuPol/sMvRGuB5f2cZAALFdlSMB8GA1UdIwQY
MBaAFNx/vWd0Qcu1wL1HvNLzi6GSozamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0gtOVozUkJ5N1hBdlVlODB2T0xvWktqTnFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iMjVjM2EtMGMwYi00ZDRlLTk4MTMt
NzZkM2Q0ODBmYTY4LzEvc3pHNC1pWC13eTlFYTRIbF9aeGtBQXNWMlZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iMjVjM2EtMGMwYi00ZDRlLTk4MTMtNzZkM2Q0ODBmYTY4
LzEvM0gtOVozUkJ5N1hBdlVlODB2T0xvWktqTnFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwTgcMA0E
AgACMAcDBQMqFGOAMA0GCSqGSIb3DQEBCwUAA4IBAQBHTCP4PF0beUYJJhrzYEU+
QWWkE+0ABRUIZogCYjaQkKiEU2T/A2MmM+6zRitmBOdh0913mae/Fkal+4rJwldl
AtUKBgPVLDYHITPmZmzCptQTlyL/zdeAsTTteIQixHE8nWSjfhLcUO3rXdPSgyjF
sMLQvFiFOqNWow8G6YqI+WVGcsG9Ww8vCMvwMh2weoG4uwHtwF6kTBPwjQS2kVAj
9Tr2jsTPvdow14LWmsiG5v1DD39Ia8Z4TUHDHXScmUS40PsecsaUiSJ2A9NKpm7i
1fEnYN0ytfBFETqd68Bn/V0p14/dA0ljW7y/GpmdNBJ1qI52C2RuIU3zwSc5MiDm
-----END CERTIFICATE-----