Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/d2ast_j-Q4SCToZY7g5oBForlZk.roa
File:                     d2ast_j-Q4SCToZY7g5oBForlZk.roa (raw, json)
Hash identifier:          k8s9snRtrYPY9WbL13lKKHlZLDNfe2E7bsytnbRf3kU=
Subject key identifier:   77:66:AC:B7:F8:FE:43:84:82:4E:86:58:EE:0E:68:04:5A:2B:95:99
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019D86797719179F868D97E736DB9D75884E
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/d2ast_j-Q4SCToZY7g5oBForlZk.roa
Signing time:             Mon 13 Apr 2026 10:53:20 +0000
ROA not before:           Mon 13 Apr 2026 10:53:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62300
IP address blocks:        194.32.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Apr 2026 23:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:79:77:19:17:9f:86:8d:97:e7:36:db:9d:75:88:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Apr 13 10:53:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7766acb7f8fe4384824e8658ee0e68045a2b9599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a1:db:dc:77:d4:10:8b:b3:18:b1:1b:6c:70:
                    74:b8:80:bf:dd:71:53:65:7a:3d:b5:3c:cf:d5:35:
                    fc:da:bd:c9:c7:3a:71:5d:5d:a4:d9:ce:f6:f9:bf:
                    e0:05:ba:6b:24:48:24:56:17:ab:8d:58:c5:53:21:
                    03:fe:7e:e4:be:41:c9:c1:a1:cd:00:ed:81:f2:b9:
                    f7:18:6c:51:52:f4:91:f7:94:76:a6:6d:5f:ae:75:
                    f5:f9:f9:46:5f:56:0b:b5:c1:d7:95:0e:94:03:60:
                    b2:53:a4:b9:ca:8f:5e:f2:5a:55:44:66:35:af:cb:
                    e7:77:46:db:74:77:e9:cd:c2:5e:73:82:16:91:f3:
                    2a:3e:4e:f1:c9:4c:fe:08:88:af:12:8f:6a:e7:5b:
                    84:e3:80:7c:fd:52:bc:d7:a1:fd:ef:b8:30:19:ee:
                    5b:3f:9f:2d:ef:f9:c3:60:a1:a1:67:28:8a:bb:c0:
                    79:19:0f:6f:95:fd:32:6d:20:5c:db:3c:bc:e1:24:
                    47:24:d8:f4:2b:38:0a:f0:28:e6:6d:16:e4:a6:62:
                    d5:7a:6b:7c:a9:d7:45:9b:62:65:b4:3d:56:bb:6b:
                    4a:6b:3e:b9:7c:57:c5:93:60:90:59:17:4b:35:25:
                    ec:39:2f:b3:67:61:3b:e3:d3:8e:a4:4d:e1:56:eb:
                    36:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:66:AC:B7:F8:FE:43:84:82:4E:86:58:EE:0E:68:04:5A:2B:95:99
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/d2ast_j-Q4SCToZY7g5oBForlZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:df:dc:44:e1:35:e9:6e:8b:72:b0:75:6c:20:26:5b:e1:45:
         7f:95:3f:6d:8f:5c:b9:11:50:a1:0b:68:df:ad:02:14:28:02:
         75:08:2b:90:e4:df:51:b7:09:44:67:f2:a1:95:e0:bb:e5:67:
         12:30:4a:f0:1c:1b:d8:c8:83:a5:78:bb:6d:83:1d:3e:f2:a4:
         f3:68:69:57:b8:88:94:dc:17:6f:0d:69:58:0b:e9:d5:a0:4e:
         43:fc:6a:e5:d3:8c:82:08:88:9b:34:97:1f:4c:03:f5:3e:c7:
         e3:c5:3d:2e:5a:b5:9a:5c:45:22:55:c6:96:cc:55:f7:b3:53:
         7a:69:80:fe:17:dc:0d:7c:00:75:8b:27:ba:87:1e:bc:56:8b:
         61:58:4b:13:21:e4:af:87:fb:60:57:02:ec:76:d8:22:d9:9e:
         bd:72:de:96:18:2e:70:09:52:ef:df:67:a1:84:c4:22:1a:67:
         c6:48:61:85:df:08:c6:b4:5a:7c:de:bd:b8:41:0e:95:f0:10:
         2c:9c:3b:93:d9:6f:03:c7:10:2f:ad:23:8f:b1:79:03:47:d4:
         43:5a:3f:cd:99:0e:fd:b4:5c:1e:3f:8c:95:ca:df:82:71:41:
         9a:9a:3a:e5:4b:05:b4:b2:75:70:bf:60:57:54:66:10:26:13:
         0e:96:7a:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2GeXcZF5+GjZfnNtuddYhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwNDEzMTA1MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY2YWNiN2Y4ZmU0Mzg0ODI0ZTg2NThlZTBlNjgwNDVhMmI5NTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaHb3HfUEIuzGLEbbHB0uIC/3XFT
ZXo9tTzP1TX82r3JxzpxXV2k2c72+b/gBbprJEgkVherjVjFUyED/n7kvkHJwaHN
AO2B8rn3GGxRUvSR95R2pm1frnX1+flGX1YLtcHXlQ6UA2CyU6S5yo9e8lpVRGY1
r8vnd0bbdHfpzcJec4IWkfMqPk7xyUz+CIivEo9q51uE44B8/VK816H977gwGe5b
P58t7/nDYKGhZyiKu8B5GQ9vlf0ybSBc2zy84SRHJNj0KzgK8CjmbRbkpmLVemt8
qddFm2JltD1Wu2tKaz65fFfFk2CQWRdLNSXsOS+zZ2E749OOpE3hVus2PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdmrLf4/kOEgk6GWO4OaARaK5WZMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvZDJhc3Rfai1RNFNDVG9aWTdnNW9CRm9ybFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiDxMA0G
CSqGSIb3DQEBCwUAA4IBAQAr39xE4TXpbotysHVsICZb4UV/lT9tj1y5EVChC2jf
rQIUKAJ1CCuQ5N9RtwlEZ/KhleC75WcSMErwHBvYyIOleLttgx0+8qTzaGlXuIiU
3BdvDWlYC+nVoE5D/Grl04yCCIibNJcfTAP1PsfjxT0uWrWaXEUiVcaWzFX3s1N6
aYD+F9wNfAB1iye6hx68VothWEsTIeSvh/tgVwLsdtgi2Z69ct6WGC5wCVLv32eh
hMQiGmfGSGGF3wjGtFp83r24QQ6V8BAsnDuT2W8DxxAvrSOPsXkDR9RDWj/NmQ79
tFweP4yVyt+CcUGamjrlSwW0snVwv2BXVGYQJhMOlnoh
-----END CERTIFICATE-----