Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/LDPUn5qMpeiJBc3Itpk7rApmM1s.roa
File:                     LDPUn5qMpeiJBc3Itpk7rApmM1s.roa (raw, json)
Hash identifier:          sRlyMRF4OcX3avZvd3yAuC5yZNhunKqTXOZ9uPyot0A=
Subject key identifier:   2C:33:D4:9F:9A:8C:A5:E8:89:05:CD:C8:B6:99:3B:AC:0A:66:33:5B
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019DE442B153B3DA67797AFAC019A71F9947
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/LDPUn5qMpeiJBc3Itpk7rApmM1s.roa
Signing time:             Fri 01 May 2026 15:57:49 +0000
ROA not before:           Fri 01 May 2026 15:57:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201136
IP address blocks:        194.143.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:42:b1:53:b3:da:67:79:7a:fa:c0:19:a7:1f:99:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: May  1 15:57:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c33d49f9a8ca5e88905cdc8b6993bac0a66335b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2d:36:e7:fc:dc:7b:a0:ff:d6:86:87:2a:ac:
                    31:76:09:c6:d1:a2:0d:b6:53:78:13:dd:73:f2:21:
                    6a:5c:29:68:a3:f0:8d:ef:d7:54:4c:73:0c:b1:ed:
                    c3:c5:b6:12:27:28:90:5a:cd:7f:5a:06:a4:4b:a9:
                    4b:9a:9e:5b:dd:2d:e7:ce:a7:29:fa:52:42:19:4e:
                    0e:91:04:e4:3e:c6:96:0e:e3:92:70:87:f6:74:b3:
                    e8:81:51:ed:7b:ce:27:a9:e0:6e:84:5c:2a:02:e4:
                    3f:f4:92:a7:fd:b3:03:0b:73:92:5c:76:79:59:63:
                    5b:01:e5:b4:79:41:2c:ca:01:ba:b4:f3:8e:07:e2:
                    52:d3:c1:5f:3e:94:c7:09:35:b9:e6:60:10:5d:01:
                    b2:7d:2c:65:99:e2:10:84:5e:01:18:04:7d:48:76:
                    c2:80:98:54:2e:9f:75:6e:05:be:db:0f:cc:10:8a:
                    07:a9:cd:7c:ae:85:cc:a1:04:a3:4c:1b:91:4b:3e:
                    19:91:c3:b5:4f:17:86:74:8b:0c:83:e9:d3:3d:d3:
                    71:ca:46:5d:51:34:2e:99:39:91:8d:b5:5c:10:0f:
                    3b:8e:f7:07:bc:0a:69:10:f7:44:bf:69:e2:09:82:
                    b6:94:99:c8:bd:c5:41:0d:fb:c6:93:fc:77:8e:6f:
                    94:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:33:D4:9F:9A:8C:A5:E8:89:05:CD:C8:B6:99:3B:AC:0A:66:33:5B
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/LDPUn5qMpeiJBc3Itpk7rApmM1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:6c:22:25:0b:1d:f9:e8:59:00:9f:73:9e:17:85:93:ec:e5:
         02:24:b8:62:4e:ab:ec:bc:53:a8:85:d0:d3:b1:dc:94:af:9a:
         80:a7:d5:a7:7d:f7:9d:3d:39:53:10:65:98:2a:dd:c9:14:bb:
         47:ce:3d:1a:14:3a:75:a7:7e:a3:12:14:7a:5a:34:c8:06:1b:
         df:db:c6:7f:70:e0:cd:02:0b:a2:96:6c:a6:5a:b6:f4:9d:4b:
         ea:d5:a9:87:5a:4b:5c:51:d8:9f:8a:c6:34:76:b0:13:f5:78:
         72:1c:55:db:30:96:86:4b:cc:b3:36:35:a5:56:a4:e7:b8:a4:
         6c:c8:96:51:00:22:ff:31:b6:01:07:da:6d:2e:8a:6d:63:45:
         29:39:6a:01:2d:32:db:e0:93:e5:5e:f5:d7:10:a5:9e:71:67:
         4b:cb:78:5d:ec:c3:5b:1f:18:cc:cf:d0:b9:e9:9e:fd:83:37:
         18:4b:46:e0:14:ab:20:53:a4:2e:2a:96:99:ef:c8:5e:6b:e6:
         ca:12:ad:f2:56:57:2a:e6:75:a7:ce:aa:9a:ee:fc:75:fc:ee:
         0e:1d:5b:b1:79:01:3f:2d:dd:b3:d1:db:01:07:c1:6b:71:37:
         ad:ea:53:9c:8b:27:99:97:57:40:fc:ed:1c:98:71:5d:d6:45:
         43:a8:e1:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3kQrFTs9pneXr6wBmnH5lHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwNTAxMTU1NzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzMzZDQ5ZjlhOGNhNWU4ODkwNWNkYzhiNjk5M2JhYzBhNjYzMzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy025/zce6D/1oaHKqwxdgnG0aIN
tlN4E91z8iFqXCloo/CN79dUTHMMse3DxbYSJyiQWs1/WgakS6lLmp5b3S3nzqcp
+lJCGU4OkQTkPsaWDuOScIf2dLPogVHte84nqeBuhFwqAuQ/9JKn/bMDC3OSXHZ5
WWNbAeW0eUEsygG6tPOOB+JS08FfPpTHCTW55mAQXQGyfSxlmeIQhF4BGAR9SHbC
gJhULp91bgW+2w/MEIoHqc18roXMoQSjTBuRSz4ZkcO1TxeGdIsMg+nTPdNxykZd
UTQumTmRjbVcEA87jvcHvAppEPdEv2niCYK2lJnIvcVBDfvGk/x3jm+UdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwz1J+ajKXoiQXNyLaZO6wKZjNbMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvTERQVW41cU1wZWlKQmMzSXRwazdyQXBtTTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwo/OMA0G
CSqGSIb3DQEBCwUAA4IBAQCybCIlCx356FkAn3OeF4WT7OUCJLhiTqvsvFOohdDT
sdyUr5qAp9WnffedPTlTEGWYKt3JFLtHzj0aFDp1p36jEhR6WjTIBhvf28Z/cODN
AguilmymWrb0nUvq1amHWktcUdifisY0drAT9XhyHFXbMJaGS8yzNjWlVqTnuKRs
yJZRACL/MbYBB9ptLoptY0UpOWoBLTLb4JPlXvXXEKWecWdLy3hd7MNbHxjMz9C5
6Z79gzcYS0bgFKsgU6QuKpaZ78hea+bKEq3yVlcq5nWnzqqa7vx1/O4OHVuxeQE/
Ld2z0dsBB8FrcTet6lOciyeZl1dA/O0cmHFd1kVDqOEt
-----END CERTIFICATE-----