Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/RVARB5gmjTf2RYyiXEPOpOXxCDs.roa
File:                     RVARB5gmjTf2RYyiXEPOpOXxCDs.roa (raw, json)
Hash identifier:          K6dew7DJ4uzjFiJigW12hfzcSGSynvBz3c731CNk5sM=
Subject key identifier:   45:50:11:07:98:26:8D:37:F6:45:8C:A2:5C:43:CE:A4:E5:F1:08:3B
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       019E17284B188EAB5223C24FD8D4D70969A5
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/RVARB5gmjTf2RYyiXEPOpOXxCDs.roa
Signing time:             Mon 11 May 2026 13:09:36 +0000
ROA not before:           Mon 11 May 2026 13:09:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44090
IP address blocks:        185.129.232.0/21 maxlen: 21
                          185.129.232.0/22 maxlen: 22
                          185.129.236.0/23 maxlen: 23
                          185.129.238.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 16:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:17:28:4b:18:8e:ab:52:23:c2:4f:d8:d4:d7:09:69:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: May 11 13:09:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4550110798268d37f6458ca25c43cea4e5f1083b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f1:57:23:78:8d:52:24:83:55:4e:0d:39:63:
                    d2:70:a2:65:09:da:23:25:1b:04:7a:4d:80:f1:c1:
                    bd:a4:b9:7a:81:05:17:4b:7b:2c:63:81:3d:e7:09:
                    00:4a:52:04:11:f2:67:99:84:2d:09:0a:ac:e1:c0:
                    aa:9a:47:9f:5f:81:d1:50:5c:ab:90:b9:25:af:98:
                    2c:29:93:d3:18:93:a9:2a:55:99:9a:c1:c3:dc:9c:
                    3d:1c:b9:1e:dc:05:fc:33:59:6c:b3:56:d2:91:e8:
                    83:ac:d0:1c:cc:10:55:5d:3b:44:bc:6a:44:73:43:
                    5c:8a:76:42:1d:e1:fe:7b:ba:e3:7c:ab:d6:17:ca:
                    5a:de:79:00:07:3e:b7:ce:21:26:eb:b6:c3:43:cc:
                    ca:07:9d:22:09:16:01:45:4e:32:ea:6b:b1:91:d6:
                    6e:43:4c:a2:35:5d:c6:7c:e1:61:59:bb:09:e9:6c:
                    6e:a4:ef:22:f2:60:74:fb:3c:17:d3:55:c6:11:09:
                    b5:80:64:75:72:27:34:1c:1b:41:54:94:b4:45:db:
                    3c:0d:fb:ff:17:9a:bc:5d:03:c3:2a:58:6d:42:d0:
                    35:74:57:ce:38:1d:ac:16:2d:de:f2:3a:85:fd:0e:
                    45:da:09:8b:a9:27:a9:75:f0:f2:6d:14:7d:dd:38:
                    5e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:50:11:07:98:26:8D:37:F6:45:8C:A2:5C:43:CE:A4:E5:F1:08:3B
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/RVARB5gmjTf2RYyiXEPOpOXxCDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1c:2a:b7:60:3a:cf:ab:2f:a4:2c:cd:8a:0b:4a:55:38:0d:eb:
         80:c5:98:db:0d:7a:39:2f:39:75:89:3d:1e:84:2c:10:d1:5d:
         9f:90:23:b5:87:9d:06:31:7d:fb:38:eb:f3:97:b4:7e:85:54:
         27:0a:d4:a8:84:56:8b:1a:a9:8a:76:3f:3c:f6:1f:28:52:17:
         e3:a3:d8:20:3f:6d:93:0d:0f:0e:29:65:2b:b3:bd:cd:5f:07:
         52:38:ec:94:cc:d1:f5:5f:f7:82:8d:07:91:b9:8c:01:28:0b:
         fb:f8:39:f9:3f:c3:5c:8d:66:ab:51:6b:9b:01:0b:71:36:ff:
         de:fc:5d:89:c1:1b:19:56:c9:19:8d:90:e1:32:e8:3a:30:e6:
         6f:fc:6c:03:3f:e1:02:ba:4f:4d:b4:ea:a2:0d:a2:5f:e7:65:
         97:90:80:3e:99:ee:c1:73:7e:c5:44:4a:8b:95:d9:6d:06:28:
         54:73:66:66:09:9d:46:08:48:18:4e:d7:0f:59:81:8b:f6:67:
         a0:10:0d:7a:9d:76:ed:71:57:e6:5a:0c:30:3c:f1:af:9f:45:
         25:bf:fc:a5:ce:41:a3:45:47:7f:9f:51:08:8f:0c:ec:39:99:
         6c:02:30:b5:2b:19:a5:fe:8c:03:57:fc:5c:9f:4e:36:9e:84:
         6e:df:8d:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4XKEsYjqtSI8JP2NTXCWmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjYwNTExMTMwOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTUwMTEwNzk4MjY4ZDM3ZjY0NThjYTI1YzQzY2VhNGU1ZjEwODNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfFXI3iNUiSDVU4NOWPScKJlCdoj
JRsEek2A8cG9pLl6gQUXS3ssY4E95wkASlIEEfJnmYQtCQqs4cCqmkefX4HRUFyr
kLklr5gsKZPTGJOpKlWZmsHD3Jw9HLke3AX8M1lss1bSkeiDrNAczBBVXTtEvGpE
c0NcinZCHeH+e7rjfKvWF8pa3nkABz63ziEm67bDQ8zKB50iCRYBRU4y6muxkdZu
Q0yiNV3GfOFhWbsJ6WxupO8i8mB0+zwX01XGEQm1gGR1cic0HBtBVJS0Rds8Dfv/
F5q8XQPDKlhtQtA1dFfOOB2sFi3e8jqF/Q5F2gmLqSepdfDybRR93TheuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVQEQeYJo039kWMolxDzqTl8Qg7MB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEvUlZBUkI1Z21qVGYyUll5aVhFUE9wT1h4Q0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDuYHoMA0G
CSqGSIb3DQEBCwUAA4IBAQAcKrdgOs+rL6QszYoLSlU4DeuAxZjbDXo5Lzl1iT0e
hCwQ0V2fkCO1h50GMX37OOvzl7R+hVQnCtSohFaLGqmKdj889h8oUhfjo9ggP22T
DQ8OKWUrs73NXwdSOOyUzNH1X/eCjQeRuYwBKAv7+Dn5P8NcjWarUWubAQtxNv/e
/F2JwRsZVskZjZDhMug6MOZv/GwDP+ECuk9NtOqiDaJf52WXkIA+me7Bc37FREqL
ldltBihUc2ZmCZ1GCEgYTtcPWYGL9megEA16nXbtcVfmWgwwPPGvn0Ulv/ylzkGj
RUd/n1EIjwzsOZlsAjC1Kxml/owDV/xcn042noRu341Y
-----END CERTIFICATE-----