Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/i5BUiR-n3mmiaPsMxAMrVd86lT0.roa
File:                     i5BUiR-n3mmiaPsMxAMrVd86lT0.roa (raw, json)
Hash identifier:          n/P9pvL3nE7CtswgFmDKftt7a4/Q3NyuHRhQfMHZP6g=
Subject key identifier:   8B:90:54:89:1F:A7:DE:69:A2:68:FB:0C:C4:03:2B:55:DF:3A:95:3D
Certificate issuer:       /CN=19b390b62d09950d500cd6bbbd78d0390560ec42
Certificate serial:       019CB1D279DD083DAEBCCD1954E79D814E24
Authority key identifier: 19:B3:90:B6:2D:09:95:0D:50:0C:D6:BB:BD:78:D0:39:05:60:EC:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/i5BUiR-n3mmiaPsMxAMrVd86lT0.roa
Signing time:             Tue 03 Mar 2026 03:51:26 +0000
ROA not before:           Tue 03 Mar 2026 03:51:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        185.133.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b1:d2:79:dd:08:3d:ae:bc:cd:19:54:e7:9d:81:4e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19b390b62d09950d500cd6bbbd78d0390560ec42
        Validity
            Not Before: Mar  3 03:51:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b9054891fa7de69a268fb0cc4032b55df3a953d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:13:ec:b7:ba:4c:0b:c3:66:30:0c:22:56:a6:
                    28:8c:a1:2d:47:75:a3:70:02:4b:ec:a4:f7:9c:30:
                    e3:2f:a0:6f:c0:95:68:38:96:3a:23:0c:95:2a:2a:
                    5e:9e:62:fb:4b:56:ca:b9:8c:85:a5:f7:c3:ae:80:
                    9f:7a:53:78:71:4c:5f:26:65:5b:35:96:c4:02:a8:
                    41:c9:b0:de:28:43:0e:d5:4a:92:a0:aa:ec:43:b8:
                    af:04:08:e8:9b:03:eb:58:f9:b8:9d:14:d1:42:55:
                    1d:1b:65:64:5b:6b:cd:ba:28:5f:e5:a1:d5:d5:7e:
                    c1:2f:c8:bb:ba:8f:5a:bf:94:2a:a6:da:8c:90:df:
                    2f:a7:14:ec:79:45:1a:b7:b0:4b:fb:1a:95:43:f9:
                    2f:a6:4a:97:de:ab:e8:ca:12:06:d2:b4:b2:71:d7:
                    68:23:b9:44:de:d6:af:52:d8:a8:26:2f:ee:19:91:
                    bf:72:9b:a9:7b:0a:12:fa:39:d6:cb:99:46:ce:b0:
                    81:56:9d:82:3d:c2:b1:62:af:9d:c9:86:c1:8b:48:
                    82:a7:39:d8:4a:1f:36:63:c7:2d:15:29:c5:0f:e3:
                    85:5d:9a:1c:06:9d:ec:f7:b1:ba:42:4d:94:cf:16:
                    f8:7a:4c:61:6b:c3:28:21:bd:d0:21:4b:7b:53:5a:
                    c8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:90:54:89:1F:A7:DE:69:A2:68:FB:0C:C4:03:2B:55:DF:3A:95:3D
            X509v3 Authority Key Identifier:
                keyid:19:B3:90:B6:2D:09:95:0D:50:0C:D6:BB:BD:78:D0:39:05:60:EC:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GbOQti0JlQ1QDNa7vXjQOQVg7EI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/i5BUiR-n3mmiaPsMxAMrVd86lT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b31586-3566-47b0-95cc-144d7473ea59/1/GbOQti0JlQ1QDNa7vXjQOQVg7EI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f9:d1:bd:b0:5e:ef:ee:7f:14:2d:79:66:c2:58:9d:ac:e1:
         33:1a:71:85:fe:ec:46:00:9b:93:5b:68:78:ae:ce:1e:87:3a:
         78:47:fe:9e:63:c1:59:c3:40:03:a2:2f:ab:12:6c:a5:9e:7c:
         ba:42:15:83:66:3c:86:e4:8f:e7:14:d8:a4:a2:e9:8d:32:77:
         47:23:98:03:c6:c8:ad:fe:f5:0c:b7:9b:21:26:e9:15:b5:45:
         c6:53:6a:61:56:aa:b4:98:e5:2a:b1:d5:fd:b1:af:ad:32:04:
         56:65:75:ca:bf:0c:90:d9:2a:e4:a7:37:f7:01:08:8d:60:8b:
         25:8b:da:e4:83:f8:93:58:90:3c:be:18:27:09:43:2a:f1:cd:
         ef:43:c2:4b:2a:e0:2e:78:30:81:c2:ed:5a:66:6e:b7:2b:4d:
         f3:df:2f:1d:08:97:27:c4:ee:08:b4:7e:16:e8:b4:ab:e3:3d:
         a6:c2:fe:2c:2a:3f:36:03:ec:e6:17:81:f5:50:24:e7:76:98:
         2d:ad:af:e3:e9:92:c3:04:f9:f5:06:bf:46:cd:12:3b:d4:5f:
         4a:29:aa:e2:25:ac:0a:fe:b3:91:e2:c8:7f:ce:e8:95:e5:2f:
         45:29:e1:02:72:c1:e3:cb:bf:6e:0f:74:48:c0:ae:e3:1e:d5:
         ed:cf:17:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyx0nndCD2uvM0ZVOedgU4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YjM5MGI2MmQwOTk1MGQ1MDBjZDZiYmJkNzhkMDM5MDU2
MGVjNDIwHhcNMjYwMzAzMDM1MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjkwNTQ4OTFmYTdkZTY5YTI2OGZiMGNjNDAzMmI1NWRmM2E5NTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhPst7pMC8NmMAwiVqYojKEtR3Wj
cAJL7KT3nDDjL6BvwJVoOJY6IwyVKipenmL7S1bKuYyFpffDroCfelN4cUxfJmVb
NZbEAqhBybDeKEMO1UqSoKrsQ7ivBAjomwPrWPm4nRTRQlUdG2VkW2vNuihf5aHV
1X7BL8i7uo9av5QqptqMkN8vpxTseUUat7BL+xqVQ/kvpkqX3qvoyhIG0rSycddo
I7lE3tavUtioJi/uGZG/cpupewoS+jnWy5lGzrCBVp2CPcKxYq+dyYbBi0iCpznY
Sh82Y8ctFSnFD+OFXZocBp3s97G6Qk2Uzxb4ekxha8MoIb3QIUt7U1rIPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuQVIkfp95pomj7DMQDK1XfOpU9MB8GA1UdIwQY
MBaAFBmzkLYtCZUNUAzWu7140DkFYOxCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2JPUXRpMEpsUTFRRE5hN3ZYalFPUVZnN0VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9iMzE1ODYtMzU2Ni00N2IwLTk1Y2Mt
MTQ0ZDc0NzNlYTU5LzEvaTVCVWlSLW4zbW1pYVBzTXhBTXJWZDg2bFQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9iMzE1ODYtMzU2Ni00N2IwLTk1Y2MtMTQ0ZDc0NzNlYTU5
LzEvR2JPUXRpMEpsUTFRRE5hN3ZYalFPUVZnN0VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYXxMA0G
CSqGSIb3DQEBCwUAA4IBAQBV+dG9sF7v7n8ULXlmwlidrOEzGnGF/uxGAJuTW2h4
rs4ehzp4R/6eY8FZw0ADoi+rEmylnny6QhWDZjyG5I/nFNikoumNMndHI5gDxsit
/vUMt5shJukVtUXGU2phVqq0mOUqsdX9sa+tMgRWZXXKvwyQ2Srkpzf3AQiNYIsl
i9rkg/iTWJA8vhgnCUMq8c3vQ8JLKuAueDCBwu1aZm63K03z3y8dCJcnxO4ItH4W
6LSr4z2mwv4sKj82A+zmF4H1UCTndpgtra/j6ZLDBPn1Br9GzRI71F9KKariJawK
/rOR4sh/zuiV5S9FKeECcsHjy79uD3RIwK7jHtXtzxce
-----END CERTIFICATE-----