Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/h2fFhltE1j4W1TzV3SImbYKEr0o.roa
File:                     h2fFhltE1j4W1TzV3SImbYKEr0o.roa (raw, json)
Hash identifier:          X5kjZcwd4ieoyDROQzqJxZ1Df7FtqvD2AkJ0544uHm8=
Subject key identifier:   87:67:C5:86:5B:44:D6:3E:16:D5:3C:D5:DD:22:26:6D:82:84:AF:4A
Certificate issuer:       /CN=bd19d4535c7e62b921e859e6557b821f278e716a
Certificate serial:       019E5B3147287E05FFB950EBE32D09FDA13F
Authority key identifier: BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/h2fFhltE1j4W1TzV3SImbYKEr0o.roa
Signing time:             Sun 24 May 2026 18:13:36 +0000
ROA not before:           Sun 24 May 2026 18:13:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        185.23.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5b:31:47:28:7e:05:ff:b9:50:eb:e3:2d:09:fd:a1:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd19d4535c7e62b921e859e6557b821f278e716a
        Validity
            Not Before: May 24 18:13:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8767c5865b44d63e16d53cd5dd22266d8284af4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:df:ab:95:a1:14:5a:df:7f:c3:0c:83:35:e8:
                    cf:69:8d:31:23:91:ed:6b:a7:6c:66:77:54:78:d1:
                    98:9b:43:9f:98:04:78:a0:26:23:ec:59:d5:3b:b6:
                    0a:1b:08:99:80:89:55:f8:52:9e:80:ac:6a:c7:a1:
                    96:c3:99:df:1b:6c:b0:cf:5f:f1:8b:8e:cc:0e:e8:
                    65:6a:a1:37:5c:e2:f3:7f:2d:0d:1d:ed:c2:26:da:
                    51:16:0c:3c:7d:12:62:7f:83:c3:84:4e:05:93:51:
                    5c:c6:7a:e9:a5:a6:52:5d:07:e3:90:e3:4a:58:2d:
                    6a:6e:8e:18:84:e7:40:da:21:c4:bf:fc:ab:70:8c:
                    4f:b2:93:e9:c9:f2:04:8e:09:28:53:fe:3a:bc:97:
                    2e:cd:49:15:47:b9:e5:12:44:21:0b:43:04:67:8d:
                    03:33:40:bd:7a:6e:80:82:d7:b9:da:6a:f1:cb:95:
                    35:b4:74:a7:80:72:64:b3:45:f7:e0:79:75:1c:02:
                    c9:85:f3:57:9f:32:d8:7c:de:10:06:5b:da:ea:a4:
                    46:a1:c7:77:41:ea:00:45:a2:e3:54:18:e6:ac:39:
                    d2:71:9d:f7:b9:71:23:b6:4c:a5:5c:b3:0c:ce:97:
                    82:11:57:f9:bc:0f:6e:f6:b5:a2:75:5e:2d:9b:92:
                    36:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:67:C5:86:5B:44:D6:3E:16:D5:3C:D5:DD:22:26:6D:82:84:AF:4A
            X509v3 Authority Key Identifier:
                keyid:BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/h2fFhltE1j4W1TzV3SImbYKEr0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:0d:1d:e2:0b:d4:83:e9:83:6e:0f:fd:03:75:87:4c:f0:72:
         86:02:6c:7e:cf:4c:37:7a:64:2d:1c:d2:1a:81:0e:54:de:20:
         9a:1e:8e:32:eb:20:e5:f1:64:79:f4:7f:4c:78:3d:6c:bd:c2:
         ff:ed:34:b6:bc:d8:63:de:73:ac:9a:64:04:0c:2b:ca:3f:9b:
         fe:3d:47:f7:53:13:39:3e:c4:ad:4a:2d:a7:05:61:85:31:38:
         62:55:7d:ef:0c:11:21:22:08:c2:2a:15:10:66:a8:ef:91:46:
         e4:d4:ac:f8:97:3e:33:c7:f8:fb:39:0c:1e:84:fe:70:1c:d1:
         6a:59:79:1d:e4:66:62:c2:6a:fc:71:79:65:7f:dd:33:6e:7f:
         f4:d9:44:51:13:b6:9f:9b:0d:2d:c8:f2:8c:43:0d:eb:05:18:
         bc:e0:84:f2:82:08:80:d4:ba:4b:d6:33:40:f4:ec:9d:79:46:
         e2:b5:16:c1:55:f7:c3:c8:06:06:97:48:2b:d2:48:68:0f:a7:
         4d:73:ec:ed:85:2d:12:f2:af:84:db:7a:f1:a4:da:2f:e9:98:
         de:d9:c9:4f:80:86:33:cb:de:77:df:7e:20:d3:a8:ec:fd:cf:
         1a:30:7e:a8:08:07:4a:00:8b:a1:ed:c4:c0:94:e2:94:5e:51:
         7a:97:43:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5bMUcofgX/uVDr4y0J/aE/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTlkNDUzNWM3ZTYyYjkyMWU4NTllNjU1N2I4MjFmMjc4
ZTcxNmEwHhcNMjYwNTI0MTgxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzY3YzU4NjViNDRkNjNlMTZkNTNjZDVkZDIyMjY2ZDgyODRhZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9+rlaEUWt9/wwyDNejPaY0xI5Ht
a6dsZndUeNGYm0OfmAR4oCYj7FnVO7YKGwiZgIlV+FKegKxqx6GWw5nfG2ywz1/x
i47MDuhlaqE3XOLzfy0NHe3CJtpRFgw8fRJif4PDhE4Fk1FcxnrppaZSXQfjkONK
WC1qbo4YhOdA2iHEv/yrcIxPspPpyfIEjgkoU/46vJcuzUkVR7nlEkQhC0MEZ40D
M0C9em6Agte52mrxy5U1tHSngHJks0X34Hl1HALJhfNXnzLYfN4QBlva6qRGocd3
QeoARaLjVBjmrDnScZ33uXEjtkylXLMMzpeCEVf5vA9u9rWidV4tm5I2dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdnxYZbRNY+FtU81d0iJm2ChK9KMB8GA1UdIwQY
MBaAFL0Z1FNcfmK5IehZ5lV7gh8njnFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTct
YzEzMzFmNDlmYzA5LzEvaDJmRmhsdEUxajRXMVR6VjNTSW1iWUtFcjBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTctYzEzMzFmNDlmYzA5
LzEvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRcGMA0G
CSqGSIb3DQEBCwUAA4IBAQBvDR3iC9SD6YNuD/0DdYdM8HKGAmx+z0w3emQtHNIa
gQ5U3iCaHo4y6yDl8WR59H9MeD1svcL/7TS2vNhj3nOsmmQEDCvKP5v+PUf3UxM5
PsStSi2nBWGFMThiVX3vDBEhIgjCKhUQZqjvkUbk1Kz4lz4zx/j7OQwehP5wHNFq
WXkd5GZiwmr8cXllf90zbn/02URRE7afmw0tyPKMQw3rBRi84ITyggiA1LpL1jNA
9OydeUbitRbBVffDyAYGl0gr0khoD6dNc+zthS0S8q+E23rxpNov6Zje2clPgIYz
y953334g06js/c8aMH6oCAdKAIuh7cTAlOKUXlF6l0ON
-----END CERTIFICATE-----