Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u65QAILa4S7_0jg3y5skpy6yvME.roa
File:                     u65QAILa4S7_0jg3y5skpy6yvME.roa (raw, json)
Hash identifier:          00tdRBOG+LK3lVaW+l6PcTuy+Xh2LJKPN8jB6IGaXyo=
Subject key identifier:   BB:AE:50:00:82:DA:E1:2E:FF:D2:38:37:CB:9B:24:A7:2E:B2:BC:C1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019D54B33D54662D4F5C74E2F625FEC33ADA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u65QAILa4S7_0jg3y5skpy6yvME.roa
Signing time:             Fri 03 Apr 2026 18:55:25 +0000
ROA not before:           Fri 03 Apr 2026 18:55:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213820
IP address blocks:        193.124.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 21:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:b3:3d:54:66:2d:4f:5c:74:e2:f6:25:fe:c3:3a:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr  3 18:55:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bbae500082dae12effd23837cb9b24a72eb2bcc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:c7:55:c7:da:b6:bc:95:bd:22:a4:5b:95:8f:
                    8f:95:83:64:d0:47:db:fd:0d:56:42:c5:b4:26:97:
                    81:b7:6d:f9:72:88:7e:b9:45:1c:fd:2a:3c:c7:7e:
                    fd:e7:a5:f6:50:b6:4c:ee:4c:53:91:24:e3:17:50:
                    cc:7a:7b:62:31:71:39:11:be:08:6c:9a:37:77:58:
                    1a:80:c1:be:eb:71:12:f7:ad:a5:6e:01:e7:8d:8a:
                    f3:cc:c9:79:85:b6:f8:3b:47:70:21:0c:6c:bb:78:
                    ab:26:a0:47:47:32:36:c1:81:c3:90:f8:89:42:80:
                    b2:a3:57:46:60:f6:e0:02:7b:aa:e9:a4:2b:8b:ba:
                    24:cd:49:cf:34:c9:0a:a7:bf:45:9d:2b:32:4c:93:
                    93:dc:a9:be:c0:85:9e:11:51:f9:2a:ba:5c:e4:eb:
                    f5:b5:d7:d4:96:bc:c9:eb:88:0e:58:cf:59:52:65:
                    a4:ab:25:af:26:3e:d3:56:89:7e:ac:be:23:af:49:
                    fe:f7:ee:04:60:08:f8:1f:b7:26:a1:9b:c7:03:6a:
                    e7:a4:51:0e:7d:45:cc:9b:05:57:a1:d6:32:50:df:
                    6d:55:ee:43:96:41:fd:ef:56:87:cc:70:49:71:80:
                    83:0a:ca:23:80:27:15:c3:d0:59:2d:1e:f7:2f:b9:
                    a0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:AE:50:00:82:DA:E1:2E:FF:D2:38:37:CB:9B:24:A7:2E:B2:BC:C1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u65QAILa4S7_0jg3y5skpy6yvME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:4f:7a:8f:e7:f1:04:e4:9c:d4:91:0b:bd:c6:dc:f2:d8:0f:
         8d:eb:98:5f:c4:b9:7c:88:8a:69:d5:f7:c5:51:1c:f4:d9:02:
         a6:8b:e2:6e:a1:d1:61:c1:99:cd:d8:31:e7:da:53:d0:0d:e7:
         8d:c2:7b:fa:21:01:2e:d2:11:19:a4:58:10:f7:25:dd:ec:6d:
         f4:e4:3f:7d:fa:76:bf:2b:5e:0d:16:d0:39:ac:05:d5:13:06:
         49:79:29:87:df:23:cd:76:5d:89:79:01:76:99:71:8b:ce:8c:
         4b:e8:45:a5:08:77:ee:71:2f:69:46:e2:f6:24:39:1d:ab:c3:
         9e:84:d2:82:c3:fe:9f:4d:bd:76:26:37:28:85:18:a3:e7:d6:
         8e:67:9a:93:74:34:86:8e:89:5c:5b:59:49:65:4d:68:93:2b:
         f5:ef:09:99:38:06:cc:4b:c6:d7:69:c8:d1:6a:ef:22:37:d2:
         43:f9:d1:fb:72:22:cb:75:94:b5:47:1a:96:69:b1:0e:34:42:
         1e:b4:d9:2f:0b:e3:de:93:17:25:4c:a6:60:c5:da:69:18:f8:
         08:4a:8b:5c:b7:7e:f3:c7:c0:49:d3:79:2f:fe:30:5b:38:69:
         0d:37:88:ff:3d:1c:7d:7a:c9:03:ce:d9:09:72:c5:e1:ac:4a:
         0e:0a:59:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Usz1UZi1PXHTi9iX+wzraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNDAzMTg1NTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmFlNTAwMDgyZGFlMTJlZmZkMjM4MzdjYjliMjRhNzJlYjJiY2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cdVx9q2vJW9IqRblY+PlYNk0Efb
/Q1WQsW0JpeBt235coh+uUUc/So8x37956X2ULZM7kxTkSTjF1DMentiMXE5Eb4I
bJo3d1gagMG+63ES962lbgHnjYrzzMl5hbb4O0dwIQxsu3irJqBHRzI2wYHDkPiJ
QoCyo1dGYPbgAnuq6aQri7okzUnPNMkKp79FnSsyTJOT3Km+wIWeEVH5Krpc5Ov1
tdfUlrzJ64gOWM9ZUmWkqyWvJj7TVol+rL4jr0n+9+4EYAj4H7cmoZvHA2rnpFEO
fUXMmwVXodYyUN9tVe5DlkH971aHzHBJcYCDCsojgCcVw9BZLR73L7mgzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuuUACC2uEu/9I4N8ubJKcusrzBMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdTY1UUFJTGE0UzdfMGpnM3k1c2tweTZ5dk1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXzJMA0G
CSqGSIb3DQEBCwUAA4IBAQCZT3qP5/EE5JzUkQu9xtzy2A+N65hfxLl8iIpp1ffF
URz02QKmi+JuodFhwZnN2DHn2lPQDeeNwnv6IQEu0hEZpFgQ9yXd7G305D99+na/
K14NFtA5rAXVEwZJeSmH3yPNdl2JeQF2mXGLzoxL6EWlCHfucS9pRuL2JDkdq8Oe
hNKCw/6fTb12JjcohRij59aOZ5qTdDSGjolcW1lJZU1okyv17wmZOAbMS8bXacjR
au8iN9JD+dH7ciLLdZS1RxqWabEONEIetNkvC+PekxclTKZgxdppGPgISotct37z
x8BJ03kv/jBbOGkNN4j/PRx9eskDztkJcsXhrEoOCll1
-----END CERTIFICATE-----