Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/635b1a-5118-4d9c-8133-c1787499ef33/1/iJp_w0Gl7GfcqdbyhdzmWteUnPM.roa
File:                     iJp_w0Gl7GfcqdbyhdzmWteUnPM.roa (raw, json)
Hash identifier:          /auo9AQw4p5lVFg1b3B3tCWgJ3vnfszd/oteep42U3s=
Subject key identifier:   88:9A:7F:C3:41:A5:EC:67:DC:A9:D6:F2:85:DC:E6:5A:D7:94:9C:F3
Certificate issuer:       /CN=32dd8a17fc672871b9f20395adedb85d035eaa43
Certificate serial:       019CB936DF2BE6C63DC82D3A7C1CD0CDE6A0
Authority key identifier: 32:DD:8A:17:FC:67:28:71:B9:F2:03:95:AD:ED:B8:5D:03:5E:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mt2KF_xnKHG58gOVre24XQNeqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/635b1a-5118-4d9c-8133-c1787499ef33/1/iJp_w0Gl7GfcqdbyhdzmWteUnPM.roa
Signing time:             Wed 04 Mar 2026 14:18:26 +0000
ROA not before:           Wed 04 Mar 2026 14:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215981
IP address blocks:        185.165.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/635b1a-5118-4d9c-8133-c1787499ef33/1/Mt2KF_xnKHG58gOVre24XQNeqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/635b1a-5118-4d9c-8133-c1787499ef33/1/Mt2KF_xnKHG58gOVre24XQNeqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mt2KF_xnKHG58gOVre24XQNeqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Mar 2026 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b9:36:df:2b:e6:c6:3d:c8:2d:3a:7c:1c:d0:cd:e6:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32dd8a17fc672871b9f20395adedb85d035eaa43
        Validity
            Not Before: Mar  4 14:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=889a7fc341a5ec67dca9d6f285dce65ad7949cf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:73:26:f0:a6:ee:5e:db:69:75:0f:bb:5b:a0:
                    00:a5:57:87:61:5c:b0:80:f7:76:9e:32:39:1f:8b:
                    83:94:c6:6c:17:08:c0:c6:25:db:5c:a2:4a:c3:6e:
                    0f:0f:59:60:08:ea:60:03:05:2a:5f:79:6a:c7:85:
                    3f:6c:64:e1:be:68:f3:20:8e:c4:ad:e0:1a:a9:53:
                    4f:e7:07:e1:4c:dc:95:b3:23:75:5d:f4:b7:0d:d4:
                    bb:49:fa:45:cb:f1:7f:fd:85:b1:04:29:02:e8:0e:
                    8d:a4:ee:f5:4e:f3:c5:64:1d:c8:93:99:0e:8e:06:
                    24:3c:bc:9b:50:b9:f8:93:47:f9:da:fc:eb:22:67:
                    31:f0:c3:62:2a:ea:e4:c4:1c:62:3d:00:3a:65:12:
                    f9:e3:f8:1c:9e:b6:8d:e6:42:d3:47:0a:4a:b4:26:
                    83:2c:38:5d:e3:f6:5c:fa:0e:d4:22:a7:9b:c4:7b:
                    e3:87:c3:1b:78:cb:0a:60:df:35:06:1e:ba:c5:02:
                    33:bd:b2:07:4d:6b:ec:30:02:3f:6c:81:51:0c:cc:
                    b2:ef:09:bb:a4:0e:39:80:b8:a7:3c:d1:9d:21:cf:
                    23:d0:ed:6c:5f:a7:af:3c:59:2b:11:9d:25:0f:c0:
                    cd:02:9d:ed:8c:32:ae:72:e5:0a:52:43:c2:1e:4b:
                    b5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:9A:7F:C3:41:A5:EC:67:DC:A9:D6:F2:85:DC:E6:5A:D7:94:9C:F3
            X509v3 Authority Key Identifier:
                keyid:32:DD:8A:17:FC:67:28:71:B9:F2:03:95:AD:ED:B8:5D:03:5E:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mt2KF_xnKHG58gOVre24XQNeqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/635b1a-5118-4d9c-8133-c1787499ef33/1/iJp_w0Gl7GfcqdbyhdzmWteUnPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/635b1a-5118-4d9c-8133-c1787499ef33/1/Mt2KF_xnKHG58gOVre24XQNeqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c1:b9:84:69:ab:e3:27:7e:07:bd:67:73:12:2d:96:45:8b:
         c0:6e:f1:93:46:42:a8:28:3a:d0:5e:2e:fb:db:2f:cd:f2:83:
         1b:95:93:0f:0d:37:fe:61:18:51:80:20:1f:ff:e7:3b:28:0d:
         7c:90:11:5b:35:9c:6d:fd:23:5e:25:ed:6d:14:d7:5a:a6:00:
         32:40:6e:e2:87:26:08:eb:25:59:95:80:84:d5:c8:6e:43:3a:
         48:c7:34:fa:61:6c:1a:ec:91:85:4d:c4:4d:a6:39:8b:4b:02:
         72:73:99:90:8d:84:4a:44:9e:8a:49:c8:6d:39:d5:a5:26:97:
         d8:b3:b4:08:64:22:cf:d6:7e:4c:6f:02:98:89:21:32:68:4f:
         b9:f7:28:bc:7a:91:3c:f9:b3:e6:29:bd:3a:34:90:a5:4d:ef:
         b1:4b:90:41:52:fd:4b:78:e7:49:36:b9:3e:54:c8:3b:f0:21:
         48:7f:98:d9:da:06:eb:4c:30:ab:58:b6:d6:35:cf:59:72:a5:
         cd:df:6c:10:7e:b4:03:bc:e6:7d:fc:8e:ae:a3:63:0e:27:14:
         66:ee:52:33:14:84:8a:3c:06:bb:17:b8:5f:03:01:d0:90:f7:
         cd:09:b3:dd:e3:32:b2:97:a0:eb:ff:b4:78:07:b6:d5:9b:46:
         38:bf:3c:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy5Nt8r5sY9yC06fBzQzeagMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZGQ4YTE3ZmM2NzI4NzFiOWYyMDM5NWFkZWRiODVkMDM1
ZWFhNDMwHhcNMjYwMzA0MTQxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODlhN2ZjMzQxYTVlYzY3ZGNhOWQ2ZjI4NWRjZTY1YWQ3OTQ5Y2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8HMm8KbuXttpdQ+7W6AApVeHYVyw
gPd2njI5H4uDlMZsFwjAxiXbXKJKw24PD1lgCOpgAwUqX3lqx4U/bGThvmjzII7E
reAaqVNP5wfhTNyVsyN1XfS3DdS7SfpFy/F//YWxBCkC6A6NpO71TvPFZB3Ik5kO
jgYkPLybULn4k0f52vzrImcx8MNiKurkxBxiPQA6ZRL54/gcnraN5kLTRwpKtCaD
LDhd4/Zc+g7UIqebxHvjh8MbeMsKYN81Bh66xQIzvbIHTWvsMAI/bIFRDMyy7wm7
pA45gLinPNGdIc8j0O1sX6evPFkrEZ0lD8DNAp3tjDKucuUKUkPCHku17wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiaf8NBpexn3KnW8oXc5lrXlJzzMB8GA1UdIwQY
MBaAFDLdihf8ZyhxufIDla3tuF0DXqpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXQyS0ZfeG5LSEc1OGdPVnJlMjRYUU5lcWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82MzViMWEtNTExOC00ZDljLTgxMzMt
YzE3ODc0OTllZjMzLzEvaUpwX3cwR2w3R2ZjcWRieWhkem1XdGVVblBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82MzViMWEtNTExOC00ZDljLTgxMzMtYzE3ODc0OTllZjMz
LzEvTXQyS0ZfeG5LSEc1OGdPVnJlMjRYUU5lcWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaVeMA0G
CSqGSIb3DQEBCwUAA4IBAQBJwbmEaavjJ34HvWdzEi2WRYvAbvGTRkKoKDrQXi77
2y/N8oMblZMPDTf+YRhRgCAf/+c7KA18kBFbNZxt/SNeJe1tFNdapgAyQG7ihyYI
6yVZlYCE1chuQzpIxzT6YWwa7JGFTcRNpjmLSwJyc5mQjYRKRJ6KSchtOdWlJpfY
s7QIZCLP1n5MbwKYiSEyaE+59yi8epE8+bPmKb06NJClTe+xS5BBUv1LeOdJNrk+
VMg78CFIf5jZ2gbrTDCrWLbWNc9ZcqXN32wQfrQDvOZ9/I6uo2MOJxRm7lIzFISK
PAa7F7hfAwHQkPfNCbPd4zKyl6Dr/7R4B7bVm0Y4vzzu
-----END CERTIFICATE-----