Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/1cfceb-b409-4e89-bcb0-2fe14dd38d5d/1/X2BbHndtPwpXSs2sGEdVgFLq9BU.roa
File:                     X2BbHndtPwpXSs2sGEdVgFLq9BU.roa (raw, json)
Hash identifier:          emzj289yDYGpibBHeVzv0i5u6U+HSsPi/OSfpVmeMAM=
Subject key identifier:   5F:60:5B:1E:77:6D:3F:0A:57:4A:CD:AC:18:47:55:80:52:EA:F4:15
Certificate issuer:       /CN=cc196485e673948d55505db7510f3b9577cd3adb
Certificate serial:       019D2517EC7C1375770AB9ED030CD83FC83F
Authority key identifier: CC:19:64:85:E6:73:94:8D:55:50:5D:B7:51:0F:3B:95:77:CD:3A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zBlkheZzlI1VUF23UQ87lXfNOts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/1cfceb-b409-4e89-bcb0-2fe14dd38d5d/1/X2BbHndtPwpXSs2sGEdVgFLq9BU.roa
Signing time:             Wed 25 Mar 2026 13:03:37 +0000
ROA not before:           Wed 25 Mar 2026 13:03:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202973
IP address blocks:        193.30.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/1cfceb-b409-4e89-bcb0-2fe14dd38d5d/1/zBlkheZzlI1VUF23UQ87lXfNOts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/1cfceb-b409-4e89-bcb0-2fe14dd38d5d/1/zBlkheZzlI1VUF23UQ87lXfNOts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zBlkheZzlI1VUF23UQ87lXfNOts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:17:ec:7c:13:75:77:0a:b9:ed:03:0c:d8:3f:c8:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc196485e673948d55505db7510f3b9577cd3adb
        Validity
            Not Before: Mar 25 13:03:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f605b1e776d3f0a574acdac1847558052eaf415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:26:80:10:2c:f5:56:73:6a:12:f1:d0:ae:9f:
                    14:f7:00:60:eb:5e:cc:26:9c:b1:00:23:8a:7d:37:
                    1f:90:b9:0f:5e:fa:a2:aa:05:a2:e9:59:27:ac:ae:
                    d9:bc:f9:f8:87:ca:96:08:fa:31:f0:64:15:c3:3d:
                    39:c2:ff:09:72:65:18:73:f7:58:45:66:d7:3c:5f:
                    aa:f4:ee:1c:5b:10:04:1a:ee:4e:48:fa:87:b1:65:
                    db:b1:04:8f:2a:09:cc:0d:bd:c8:cc:7f:77:bb:8b:
                    69:cb:94:ab:1a:30:f7:46:31:bf:11:82:5d:22:7a:
                    95:b9:96:14:c0:8f:69:86:39:d9:bb:71:43:04:75:
                    74:2e:77:0f:aa:b5:3c:76:ca:7b:74:c4:a0:b2:8f:
                    54:cf:4c:90:33:bd:8b:7a:04:cc:c6:48:ef:44:f3:
                    d5:62:66:f5:fa:9c:44:2f:53:31:81:a8:98:19:63:
                    20:18:9d:c2:c6:88:d1:df:9a:09:03:9d:ea:b3:c7:
                    67:9c:da:72:5a:65:62:c8:3c:5d:51:40:e4:f6:f9:
                    1a:87:dd:5c:d9:89:b3:6a:26:e4:69:40:36:be:cb:
                    9b:66:c8:39:e5:df:13:f0:0d:6a:6f:72:0d:e5:e4:
                    9b:7a:70:b1:35:95:d8:55:30:39:fa:e0:e5:82:40:
                    7b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:60:5B:1E:77:6D:3F:0A:57:4A:CD:AC:18:47:55:80:52:EA:F4:15
            X509v3 Authority Key Identifier:
                keyid:CC:19:64:85:E6:73:94:8D:55:50:5D:B7:51:0F:3B:95:77:CD:3A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zBlkheZzlI1VUF23UQ87lXfNOts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/1cfceb-b409-4e89-bcb0-2fe14dd38d5d/1/X2BbHndtPwpXSs2sGEdVgFLq9BU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/1cfceb-b409-4e89-bcb0-2fe14dd38d5d/1/zBlkheZzlI1VUF23UQ87lXfNOts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:39:46:16:87:30:0e:30:f1:69:3e:92:09:9b:bd:59:df:86:
         1b:e2:e2:a0:f2:ce:c2:03:32:b7:d3:ab:2d:9c:9c:77:8b:00:
         16:87:c2:e1:ce:07:7c:b6:93:4d:de:89:97:96:aa:f3:c2:8c:
         8a:80:a5:c5:96:6b:c3:9f:a3:17:e7:53:e2:0f:1d:f3:19:b1:
         80:76:21:2e:d9:d7:b2:20:07:a1:11:ff:60:57:20:1c:0e:33:
         b5:78:2c:c7:18:ad:9d:62:bc:c9:8a:1c:c1:e4:c1:1b:d4:d7:
         f6:fb:02:ee:2a:9f:49:fc:fd:7f:ba:4e:5d:31:65:4a:b2:87:
         08:fe:52:4a:a7:28:ce:60:68:f6:55:c2:db:3b:f1:db:77:fb:
         67:20:12:c2:ce:e3:db:9f:fa:75:f8:ef:d5:9e:18:a0:b1:03:
         32:6d:97:df:bb:5b:5e:e1:b8:a0:10:bf:be:89:76:e7:91:fb:
         7b:df:49:68:24:a7:87:84:5d:38:4f:9c:35:53:6e:cd:31:3c:
         e2:e2:cb:27:ea:97:b3:f8:9c:67:09:6e:47:31:fd:bd:84:c6:
         39:b7:41:9c:ac:30:c9:95:33:2d:c2:c1:0e:2c:7f:e7:03:e3:
         3e:04:35:67:35:87:d6:85:88:ab:a1:8b:00:f7:53:fd:d9:55:
         0d:ed:60:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0lF+x8E3V3CrntAwzYP8g/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMTk2NDg1ZTY3Mzk0OGQ1NTUwNWRiNzUxMGYzYjk1Nzdj
ZDNhZGIwHhcNMjYwMzI1MTMwMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjYwNWIxZTc3NmQzZjBhNTc0YWNkYWMxODQ3NTU4MDUyZWFmNDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCaAECz1VnNqEvHQrp8U9wBg617M
JpyxACOKfTcfkLkPXvqiqgWi6VknrK7ZvPn4h8qWCPox8GQVwz05wv8JcmUYc/dY
RWbXPF+q9O4cWxAEGu5OSPqHsWXbsQSPKgnMDb3IzH93u4tpy5SrGjD3RjG/EYJd
InqVuZYUwI9phjnZu3FDBHV0LncPqrU8dsp7dMSgso9Uz0yQM72LegTMxkjvRPPV
Ymb1+pxEL1MxgaiYGWMgGJ3CxojR35oJA53qs8dnnNpyWmViyDxdUUDk9vkah91c
2YmzaibkaUA2vsubZsg55d8T8A1qb3IN5eSbenCxNZXYVTA5+uDlgkB7FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9gWx53bT8KV0rNrBhHVYBS6vQVMB8GA1UdIwQY
MBaAFMwZZIXmc5SNVVBdt1EPO5V3zTrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekJsa2hlWnpsSTFWVUYyM1VRODdsWGZOT3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8xY2ZjZWItYjQwOS00ZTg5LWJjYjAt
MmZlMTRkZDM4ZDVkLzEvWDJCYkhuZHRQd3BYU3Myc0dFZFZnRkxxOUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8xY2ZjZWItYjQwOS00ZTg5LWJjYjAtMmZlMTRkZDM4ZDVk
LzEvekJsa2hlWnpsSTFWVUYyM1VRODdsWGZOT3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5xMA0G
CSqGSIb3DQEBCwUAA4IBAQCmOUYWhzAOMPFpPpIJm71Z34Yb4uKg8s7CAzK306st
nJx3iwAWh8Lhzgd8tpNN3omXlqrzwoyKgKXFlmvDn6MX51PiDx3zGbGAdiEu2dey
IAehEf9gVyAcDjO1eCzHGK2dYrzJihzB5MEb1Nf2+wLuKp9J/P1/uk5dMWVKsocI
/lJKpyjOYGj2VcLbO/Hbd/tnIBLCzuPbn/p1+O/VnhigsQMybZffu1te4bigEL++
iXbnkft730loJKeHhF04T5w1U27NMTzi4ssn6pez+JxnCW5HMf29hMY5t0GcrDDJ
lTMtwsEOLH/nA+M+BDVnNYfWhYiroYsA91P92VUN7WAC
-----END CERTIFICATE-----