Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/1tnpzS9bPdTi6kptyi5Xot6Lkcs.roa
File:                     1tnpzS9bPdTi6kptyi5Xot6Lkcs.roa (raw, json)
Hash identifier:          m+1o4LcpvjWIHo+6xD8DdTd4ysKSpLSyrCkv5Lyjul4=
Subject key identifier:   D6:D9:E9:CD:2F:5B:3D:D4:E2:EA:4A:6D:CA:2E:57:A2:DE:8B:91:CB
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019E84EB9A4061E3C5D44BD544C2410EEA17
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/1tnpzS9bPdTi6kptyi5Xot6Lkcs.roa
Signing time:             Mon 01 Jun 2026 20:41:33 +0000
ROA not before:           Mon 01 Jun 2026 20:41:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        194.39.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:84:eb:9a:40:61:e3:c5:d4:4b:d5:44:c2:41:0e:ea:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jun  1 20:41:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6d9e9cd2f5b3dd4e2ea4a6dca2e57a2de8b91cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f8:23:fb:76:6e:05:ab:5c:99:e8:dd:7d:32:
                    96:49:b8:e7:cb:c0:6f:32:2d:ae:d5:41:bd:05:a8:
                    64:37:1e:66:30:78:19:5a:7d:21:b7:8a:5d:04:4d:
                    ad:9f:f2:30:10:1d:55:e0:9e:4b:90:5d:2d:27:94:
                    84:01:8b:e8:22:69:ae:04:ca:19:cb:6b:e1:ca:ed:
                    bd:4e:d3:96:0b:5c:6f:9a:4a:3c:ba:52:34:bb:2e:
                    7c:37:ab:9d:79:c3:29:db:25:23:09:a7:90:4f:17:
                    5e:14:58:f1:65:9f:85:05:db:41:7d:e7:db:bc:1d:
                    f8:b8:fd:40:aa:ab:25:82:73:7c:3e:51:a5:78:92:
                    3b:94:05:ac:6f:b8:ca:21:1c:dd:7d:b0:66:ab:b4:
                    a6:3c:cf:c0:af:9c:fc:ed:3a:97:61:dd:32:45:85:
                    80:f9:af:26:72:f7:61:e9:4d:38:f4:a8:47:eb:85:
                    4a:6d:87:96:e2:f7:b1:b1:bc:e0:81:ca:f0:39:3a:
                    db:6d:3b:36:c2:2b:15:2d:2f:ad:27:1d:62:b3:42:
                    94:a9:4c:ff:85:63:00:2c:48:ec:7b:63:78:d4:06:
                    ac:40:b5:5c:94:2d:bc:e9:e1:dd:a9:c0:9c:92:51:
                    c2:68:62:7b:2b:3f:7e:82:3b:81:a0:ed:26:ab:94:
                    b4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D9:E9:CD:2F:5B:3D:D4:E2:EA:4A:6D:CA:2E:57:A2:DE:8B:91:CB
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/1tnpzS9bPdTi6kptyi5Xot6Lkcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:31:dd:c1:f2:b7:47:13:fb:82:6d:4d:18:28:40:dc:63:ff:
         97:b2:d2:97:5a:19:62:51:7a:59:a2:01:59:75:46:66:1c:f2:
         4f:3e:a1:49:f7:30:e4:7b:f1:c9:97:86:b4:52:a0:83:25:b2:
         4d:c2:98:90:e8:bc:32:13:cd:c5:1f:25:bc:f2:3b:d0:d3:be:
         8e:92:31:5b:7b:dc:77:1a:0e:18:10:13:24:93:b9:fb:91:e9:
         36:47:4a:90:bb:60:b5:aa:ba:3a:6f:af:ee:2f:12:2c:97:c9:
         b6:3b:fc:5f:32:5c:a7:a0:fb:77:d7:cf:65:d2:81:3b:58:6e:
         1c:d9:64:eb:e2:ef:05:42:f3:cc:70:ba:4f:76:4a:b7:e1:98:
         d3:0b:e3:a6:ee:8d:1f:22:2d:4b:df:81:3e:bf:47:f7:b6:f7:
         dd:55:21:80:b9:8f:ad:ee:34:1d:a2:6d:1a:ee:44:d1:07:8f:
         87:c3:3f:ca:b6:63:3a:c7:24:36:8a:d4:1d:03:13:80:fd:c8:
         08:48:be:fb:e3:40:eb:49:25:f6:e1:8b:a9:54:37:6f:d5:3a:
         ad:66:bb:b8:f7:05:e7:d6:54:2f:35:70:13:3f:9f:23:8d:9b:
         b9:a0:c1:9a:a6:50:da:82:e4:5c:67:52:79:14:e9:d9:bc:72:
         58:d1:94:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6E65pAYePF1EvVRMJBDuoXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjYwNjAxMjA0MTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQ5ZTljZDJmNWIzZGQ0ZTJlYTRhNmRjYTJlNTdhMmRlOGI5MWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/gj+3ZuBatcmejdfTKWSbjny8Bv
Mi2u1UG9BahkNx5mMHgZWn0ht4pdBE2tn/IwEB1V4J5LkF0tJ5SEAYvoImmuBMoZ
y2vhyu29TtOWC1xvmko8ulI0uy58N6udecMp2yUjCaeQTxdeFFjxZZ+FBdtBfefb
vB34uP1AqqslgnN8PlGleJI7lAWsb7jKIRzdfbBmq7SmPM/Ar5z87TqXYd0yRYWA
+a8mcvdh6U049KhH64VKbYeW4vexsbzggcrwOTrbbTs2wisVLS+tJx1is0KUqUz/
hWMALEjse2N41AasQLVclC286eHdqcCcklHCaGJ7Kz9+gjuBoO0mq5S0mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbZ6c0vWz3U4upKbcouV6Lei5HLMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvMXRucHpTOWJQZFRpNmtwdHlpNVhvdDZMa2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwifYMA0G
CSqGSIb3DQEBCwUAA4IBAQAkMd3B8rdHE/uCbU0YKEDcY/+XstKXWhliUXpZogFZ
dUZmHPJPPqFJ9zDke/HJl4a0UqCDJbJNwpiQ6LwyE83FHyW88jvQ076OkjFbe9x3
Gg4YEBMkk7n7kek2R0qQu2C1qro6b6/uLxIsl8m2O/xfMlynoPt3189l0oE7WG4c
2WTr4u8FQvPMcLpPdkq34ZjTC+Om7o0fIi1L34E+v0f3tvfdVSGAuY+t7jQdom0a
7kTRB4+Hwz/KtmM6xyQ2itQdAxOA/cgISL7740DrSSX24YupVDdv1TqtZru49wXn
1lQvNXATP58jjZu5oMGaplDaguRcZ1J5FOnZvHJY0ZSx
-----END CERTIFICATE-----