Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/uZerU1VFymarw95eI6TPiaIDHis.roa
File:                     uZerU1VFymarw95eI6TPiaIDHis.roa (raw, json)
Hash identifier:          C1hv+0PjM/vZjHfsuivW+vQVr2csnV+QB+NjMqb8++s=
Subject key identifier:   B9:97:AB:53:55:45:CA:66:AB:C3:DE:5E:23:A4:CF:89:A2:03:1E:2B
Certificate issuer:       /CN=b05a0604e76876fa03e6ad8687fa1db6c63d3908
Certificate serial:       019E96D60A10EE59A0F3DB69ECB243C3A084
Authority key identifier: B0:5A:06:04:E7:68:76:FA:03:E6:AD:86:87:FA:1D:B6:C6:3D:39:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sFoGBOdodvoD5q2Gh_odtsY9OQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/uZerU1VFymarw95eI6TPiaIDHis.roa
Signing time:             Fri 05 Jun 2026 08:11:09 +0000
ROA not before:           Fri 05 Jun 2026 08:11:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214503
IP address blocks:        185.243.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/sFoGBOdodvoD5q2Gh_odtsY9OQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/sFoGBOdodvoD5q2Gh_odtsY9OQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sFoGBOdodvoD5q2Gh_odtsY9OQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:d6:0a:10:ee:59:a0:f3:db:69:ec:b2:43:c3:a0:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05a0604e76876fa03e6ad8687fa1db6c63d3908
        Validity
            Not Before: Jun  5 08:11:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b997ab535545ca66abc3de5e23a4cf89a2031e2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ed:57:78:28:98:17:ad:ca:ae:19:fd:ed:53:
                    41:fa:84:26:5f:7b:1d:ef:36:e6:2f:6d:b5:24:73:
                    14:6e:45:c3:ff:6d:07:57:13:e3:e1:b9:20:32:b2:
                    ed:19:28:7a:71:1f:ed:2c:7c:6d:4f:7a:91:76:36:
                    1d:42:aa:81:80:45:19:a1:ce:01:c7:c0:dd:0b:6e:
                    47:fb:8b:cb:ab:66:3e:75:82:51:f1:9e:41:3c:28:
                    9f:78:64:58:47:21:f7:48:5b:60:b7:a1:be:a2:e0:
                    24:4f:ea:91:77:67:47:47:92:c6:42:e5:ea:91:cc:
                    45:a8:5a:82:a1:0b:69:ac:9f:63:45:a2:f7:fd:3a:
                    88:d3:98:56:01:9f:69:5d:2e:e1:55:bc:ab:d3:3b:
                    f4:b5:68:c7:27:3f:a1:24:14:c7:fc:60:14:57:f8:
                    f5:2a:ab:3f:ab:99:26:87:8a:04:c6:2d:5e:72:10:
                    7a:20:b3:8b:88:5b:0c:5c:fb:19:aa:92:cd:b5:11:
                    b6:61:0b:83:9e:fe:51:7f:b9:22:13:fa:0d:a0:6d:
                    9a:74:ce:de:f8:f1:c0:20:c8:07:32:29:83:f2:84:
                    8e:41:71:3c:be:07:25:e1:00:ab:c8:7d:68:47:a3:
                    f2:df:11:ff:3d:10:72:61:cd:78:e5:91:f0:69:bd:
                    e6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:97:AB:53:55:45:CA:66:AB:C3:DE:5E:23:A4:CF:89:A2:03:1E:2B
            X509v3 Authority Key Identifier:
                keyid:B0:5A:06:04:E7:68:76:FA:03:E6:AD:86:87:FA:1D:B6:C6:3D:39:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFoGBOdodvoD5q2Gh_odtsY9OQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/uZerU1VFymarw95eI6TPiaIDHis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/sFoGBOdodvoD5q2Gh_odtsY9OQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:d5:fc:b7:5f:a9:25:60:59:30:1d:e4:a7:9f:ae:0c:06:60:
         e0:77:3f:60:c7:c4:42:1a:80:8b:37:8f:b4:24:e1:f4:cf:05:
         05:1a:13:d1:e8:cf:02:e6:b4:1f:ed:3c:ce:ef:b5:80:a8:e6:
         f1:8a:b0:f9:1f:a3:6b:fb:94:62:e2:96:cb:6f:5d:b9:78:34:
         13:2a:98:c1:6c:27:c8:97:cd:3d:72:30:61:ef:69:d9:24:a1:
         ae:9e:ff:b5:86:91:2d:5d:76:9b:ae:44:e8:bf:95:e4:05:c9:
         52:17:14:b3:f4:2a:16:19:0b:16:61:de:9f:fe:a5:56:12:fc:
         18:37:6f:05:21:9f:36:29:81:10:10:a0:d7:e7:89:73:10:cd:
         f4:c4:f7:5d:8a:1f:64:19:11:c3:86:9c:be:82:cc:8a:a7:2d:
         66:1d:fb:60:05:75:f3:40:80:fa:be:31:1b:0d:a3:ae:7b:d0:
         16:d3:52:41:f6:b5:e2:eb:9e:6d:d0:0d:d3:b9:eb:e0:b4:d6:
         1e:16:72:ed:1e:64:a5:3e:00:d7:09:f6:6b:23:be:e2:06:26:
         b6:59:f7:61:ce:7a:ca:ac:83:fc:69:b8:38:73:4a:aa:a0:1b:
         ba:b3:22:06:f1:98:2e:d0:da:8f:29:4f:1e:00:70:0b:ea:d5:
         76:ff:6e:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6W1goQ7lmg89tp7LJDw6CEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWEwNjA0ZTc2ODc2ZmEwM2U2YWQ4Njg3ZmExZGI2YzYz
ZDM5MDgwHhcNMjYwNjA1MDgxMTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTk3YWI1MzU1NDVjYTY2YWJjM2RlNWUyM2E0Y2Y4OWEyMDMxZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+1XeCiYF63Krhn97VNB+oQmX3sd
7zbmL221JHMUbkXD/20HVxPj4bkgMrLtGSh6cR/tLHxtT3qRdjYdQqqBgEUZoc4B
x8DdC25H+4vLq2Y+dYJR8Z5BPCifeGRYRyH3SFtgt6G+ouAkT+qRd2dHR5LGQuXq
kcxFqFqCoQtprJ9jRaL3/TqI05hWAZ9pXS7hVbyr0zv0tWjHJz+hJBTH/GAUV/j1
Kqs/q5kmh4oExi1echB6ILOLiFsMXPsZqpLNtRG2YQuDnv5Rf7kiE/oNoG2adM7e
+PHAIMgHMimD8oSOQXE8vgcl4QCryH1oR6Py3xH/PRByYc145ZHwab3mBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmXq1NVRcpmq8PeXiOkz4miAx4rMB8GA1UdIwQY
MBaAFLBaBgTnaHb6A+athof6HbbGPTkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZvR0JPZG9kdm9ENXEyR2hfb2R0c1k5T1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84MWFhNDktOGI0YS00YzI4LWE1Nzgt
YTYwNTcxN2QzNGFlLzEvdVplclUxVkZ5bWFydzk1ZUk2VFBpYUlESGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84MWFhNDktOGI0YS00YzI4LWE1NzgtYTYwNTcxN2QzNGFl
LzEvc0ZvR0JPZG9kdm9ENXEyR2hfb2R0c1k5T1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufMXMA0G
CSqGSIb3DQEBCwUAA4IBAQAG1fy3X6klYFkwHeSnn64MBmDgdz9gx8RCGoCLN4+0
JOH0zwUFGhPR6M8C5rQf7TzO77WAqObxirD5H6Nr+5Ri4pbLb125eDQTKpjBbCfI
l809cjBh72nZJKGunv+1hpEtXXabrkTov5XkBclSFxSz9CoWGQsWYd6f/qVWEvwY
N28FIZ82KYEQEKDX54lzEM30xPddih9kGRHDhpy+gsyKpy1mHftgBXXzQID6vjEb
DaOue9AW01JB9rXi655t0A3TuevgtNYeFnLtHmSlPgDXCfZrI77iBia2WfdhznrK
rIP8abg4c0qqoBu6syIG8Zgu0NqPKU8eAHAL6tV2/24d
-----END CERTIFICATE-----