Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ivg0Hzi6z2PxBcYuivJFWqzWrFU.roa
File:                     Ivg0Hzi6z2PxBcYuivJFWqzWrFU.roa (raw, json)
Hash identifier:          21RhDrobbtoUSTMbP49T/kQFFtkuvX6KF+Z7vHzIVho=
Subject key identifier:   22:F8:34:1F:38:BA:CF:63:F1:05:C6:2E:8A:F2:45:5A:AC:D6:AC:55
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019E3A75760F8CD416786C78D996DD8DDEEB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ivg0Hzi6z2PxBcYuivJFWqzWrFU.roa
Signing time:             Mon 18 May 2026 09:40:36 +0000
ROA not before:           Mon 18 May 2026 09:40:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200367
IP address blocks:        192.124.177.0/24 maxlen: 24
                          193.124.89.0/24 maxlen: 24
                          193.124.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 06:29:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3a:75:76:0f:8c:d4:16:78:6c:78:d9:96:dd:8d:de:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 18 09:40:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22f8341f38bacf63f105c62e8af2455aacd6ac55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e0:43:c5:a4:93:7d:b7:2e:98:9a:ad:c5:f6:
                    a5:35:24:e6:e0:74:75:e6:69:22:01:2b:bf:38:b4:
                    b6:b0:0f:f0:03:68:86:02:6d:72:91:22:c1:0a:8e:
                    db:1f:94:e7:61:83:4b:5c:cf:fd:e7:7b:b1:86:09:
                    18:c8:da:44:fe:22:20:2a:ed:2d:50:1b:05:e3:54:
                    4b:3b:e0:a4:87:b8:21:5c:60:95:71:04:89:d8:3b:
                    5a:f1:a7:f4:db:5f:1b:4b:f4:2f:14:44:dd:fb:ed:
                    bf:aa:ff:9c:a9:58:8f:75:93:0d:6a:e2:e2:14:fc:
                    f1:b4:29:de:03:c0:e1:f3:64:30:cf:9d:df:3d:c5:
                    5d:ab:04:bd:3b:eb:8b:bd:03:24:3a:cc:55:f8:ad:
                    bc:83:fb:fd:42:57:07:9c:65:fe:c4:f8:c4:07:bd:
                    1c:ac:99:ca:8d:e9:20:02:b9:8d:0b:43:67:11:d7:
                    5b:4a:37:d0:f7:7d:fe:a6:49:b8:7a:66:af:15:8d:
                    cc:26:bb:45:0e:7f:14:a5:84:08:92:96:de:9d:2c:
                    42:6f:3b:96:39:07:ac:a4:58:e8:55:8d:f5:c3:8d:
                    c2:ca:07:2d:93:a6:5c:54:6f:bd:58:80:6e:0f:ed:
                    77:79:6e:48:04:6a:e9:1d:60:2a:97:55:9f:a6:4c:
                    34:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F8:34:1F:38:BA:CF:63:F1:05:C6:2E:8A:F2:45:5A:AC:D6:AC:55
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ivg0Hzi6z2PxBcYuivJFWqzWrFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.177.0/24
                  193.124.89.0/24
                  193.124.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:1d:6b:74:5f:6c:c2:6d:0a:45:3f:a4:b8:13:7f:38:e6:37:
         e7:87:dc:aa:1e:2e:28:80:09:02:81:3c:00:bf:59:49:00:10:
         eb:0d:9b:a8:47:1b:91:a9:41:2b:1e:e4:c1:a8:e1:b1:05:06:
         74:4a:f6:7f:72:b9:e9:f2:bd:96:b3:91:2b:59:39:76:ed:c3:
         9a:3a:da:88:bf:92:62:2d:8f:a8:0d:25:8a:7d:94:15:79:d8:
         31:2e:ed:04:ab:f0:88:c9:27:54:99:d4:9b:f0:37:46:40:ec:
         a9:ed:de:9b:89:fb:3f:eb:d3:29:eb:3c:50:8c:2e:4e:17:8f:
         da:50:42:19:06:2e:bf:ea:f5:23:ec:f9:03:17:23:b2:48:09:
         22:22:0b:e7:aa:8c:83:a8:84:a7:77:ad:fd:bd:c2:ff:f5:b0:
         b8:c5:f3:c7:d1:84:8c:46:cf:e5:eb:08:2b:5d:7a:e5:2f:ad:
         6a:c0:86:a1:f4:a3:c6:0e:b6:64:64:a9:d4:e0:fa:0e:fe:0b:
         af:ac:bc:83:24:bf:52:a8:88:29:92:3a:36:98:20:7c:07:4c:
         6b:da:3f:5b:c3:a1:94:be:6b:c8:0b:e0:71:2b:61:6d:27:71:
         f2:65:2d:77:51:1f:cd:f6:88:1d:1e:44:93:d5:ac:48:54:46:
         32:fd:33:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ46dXYPjNQWeGx42Zbdjd7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNTE4MDk0MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY4MzQxZjM4YmFjZjYzZjEwNWM2MmU4YWYyNDU1YWFjZDZhYzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuBDxaSTfbcumJqtxfalNSTm4HR1
5mkiASu/OLS2sA/wA2iGAm1ykSLBCo7bH5TnYYNLXM/953uxhgkYyNpE/iIgKu0t
UBsF41RLO+Ckh7ghXGCVcQSJ2Dta8af0218bS/QvFETd++2/qv+cqViPdZMNauLi
FPzxtCneA8Dh82Qwz53fPcVdqwS9O+uLvQMkOsxV+K28g/v9QlcHnGX+xPjEB70c
rJnKjekgArmNC0NnEddbSjfQ933+pkm4emavFY3MJrtFDn8UpYQIkpbenSxCbzuW
OQespFjoVY31w43Cygctk6ZcVG+9WIBuD+13eW5IBGrpHWAql1Wfpkw0CQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCL4NB84us9j8QXGLoryRVqs1qxVMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSXZnMEh6aTZ6MlB4QmNZdWl2SkZXcXpXckZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwHyxAwQA
wXxZAwQAwXziMA0GCSqGSIb3DQEBCwUAA4IBAQBmHWt0X2zCbQpFP6S4E3845jfn
h9yqHi4ogAkCgTwAv1lJABDrDZuoRxuRqUErHuTBqOGxBQZ0SvZ/crnp8r2Ws5Er
WTl27cOaOtqIv5JiLY+oDSWKfZQVedgxLu0Eq/CIySdUmdSb8DdGQOyp7d6bifs/
69Mp6zxQjC5OF4/aUEIZBi6/6vUj7PkDFyOySAkiIgvnqoyDqISnd639vcL/9bC4
xfPH0YSMRs/l6wgrXXrlL61qwIah9KPGDrZkZKnU4PoO/guvrLyDJL9SqIgpkjo2
mCB8B0xr2j9bw6GUvmvIC+BxK2FtJ3HyZS13UR/N9ogdHkST1axIVEYy/TNE
-----END CERTIFICATE-----