Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/2bWalxPeCQJ8hBsQRSAPBex2fq0.roa
File:                     2bWalxPeCQJ8hBsQRSAPBex2fq0.roa (raw, json)
Hash identifier:          cNxILQXB6Mynw64tQNRAKKJy7J8sm0Mm5cAcElFdefE=
Subject key identifier:   D9:B5:9A:97:13:DE:09:02:7C:84:1B:10:45:20:0F:05:EC:76:7E:AD
Certificate issuer:       /CN=b41bb1cdd5b86be77806889d2e1b202acc27b225
Certificate serial:       019DFD23C11A7FED5F94094A4FF72842797E
Authority key identifier: B4:1B:B1:CD:D5:B8:6B:E7:78:06:88:9D:2E:1B:20:2A:CC:27:B2:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBuxzdW4a-d4BoidLhsgKswnsiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/2bWalxPeCQJ8hBsQRSAPBex2fq0.roa
Signing time:             Wed 06 May 2026 11:54:31 +0000
ROA not before:           Wed 06 May 2026 11:54:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197815
IP address blocks:        188.95.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/tBuxzdW4a-d4BoidLhsgKswnsiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/tBuxzdW4a-d4BoidLhsgKswnsiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBuxzdW4a-d4BoidLhsgKswnsiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:23:c1:1a:7f:ed:5f:94:09:4a:4f:f7:28:42:79:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b41bb1cdd5b86be77806889d2e1b202acc27b225
        Validity
            Not Before: May  6 11:54:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9b59a9713de09027c841b1045200f05ec767ead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:be:05:8c:88:2e:62:ef:f7:34:9f:e6:07:70:
                    09:5c:ce:78:a9:6a:43:99:6c:a0:74:44:c3:db:ab:
                    62:f8:35:3d:cc:b0:8f:d4:b4:e9:2e:4a:1d:2e:a8:
                    2d:4b:f3:b8:9a:7e:c4:4e:f7:03:62:db:46:f6:6a:
                    0c:44:1b:d6:96:ab:ed:51:74:75:92:16:87:7f:73:
                    33:76:0d:58:8b:ee:62:e6:8e:8d:a9:c9:9e:de:f8:
                    40:68:25:db:7b:ba:4d:d9:a9:98:03:1e:bc:20:7e:
                    f6:06:6e:db:f3:c8:d3:d4:29:ad:b2:c3:d5:00:0f:
                    a0:fe:62:4d:60:0a:07:16:ca:d4:c1:09:6e:1c:1a:
                    fb:03:07:9e:cd:cc:23:72:7e:46:b3:35:7b:2e:0b:
                    95:03:1f:89:22:2f:68:39:89:13:cb:b3:32:76:7e:
                    07:0a:c5:8e:d7:ba:ff:92:7c:9a:6e:46:93:2f:c5:
                    59:c1:f0:c1:2a:e0:e4:1e:6a:1e:71:22:68:37:29:
                    a4:4d:17:60:29:bb:64:9a:e4:f1:62:96:2b:c2:b7:
                    c3:d6:0e:d7:a7:73:50:87:24:08:99:ff:fc:5f:c3:
                    56:5f:15:33:da:b9:55:2b:7c:3c:84:be:92:f0:17:
                    3f:a4:73:d6:ce:be:fe:21:7d:1f:15:d5:72:41:fb:
                    cf:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:B5:9A:97:13:DE:09:02:7C:84:1B:10:45:20:0F:05:EC:76:7E:AD
            X509v3 Authority Key Identifier:
                keyid:B4:1B:B1:CD:D5:B8:6B:E7:78:06:88:9D:2E:1B:20:2A:CC:27:B2:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBuxzdW4a-d4BoidLhsgKswnsiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/2bWalxPeCQJ8hBsQRSAPBex2fq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/tBuxzdW4a-d4BoidLhsgKswnsiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:90:2a:ee:88:2f:16:e1:35:29:61:e0:5c:8c:9a:dc:cb:28:
         fd:c1:09:4b:1b:0a:8f:68:e0:7d:7e:70:71:4c:fe:05:f3:47:
         87:61:86:8e:45:e4:a9:52:8d:66:7c:78:0a:41:a0:cf:75:38:
         03:f6:cc:09:73:1a:9d:ed:93:75:91:e2:cc:d9:38:21:54:b1:
         2c:64:a1:8d:30:e9:25:df:6c:df:98:55:c9:12:7c:c9:b9:23:
         58:14:a1:15:3f:19:1f:9b:a2:b2:26:9c:43:4d:df:db:6b:c4:
         02:dc:f9:32:48:3d:9d:db:f1:94:48:c3:a0:c1:c5:c1:ed:b1:
         44:ad:28:9e:87:d0:69:96:6d:a9:64:82:1c:d7:3c:9d:6d:5c:
         04:66:a1:b2:88:b0:47:db:6e:9a:cf:1b:21:e4:88:b9:85:77:
         70:01:20:78:03:af:9a:ff:e9:69:e4:d5:8f:16:8e:80:ca:f5:
         fc:be:4e:13:d3:d7:9b:1d:f7:bb:1f:fa:5e:4d:15:98:2e:8f:
         02:53:90:b4:8c:84:d0:54:f7:a4:4b:0e:72:8c:2f:93:e5:ec:
         d9:1c:81:3e:b4:fc:2f:1e:b1:21:58:5a:bb:71:34:da:a3:d8:
         a2:f5:f9:a0:6a:f5:c1:c1:9f:0d:ed:cd:83:48:97:a4:7e:2b:
         14:24:63:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39I8Eaf+1flAlKT/coQnl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MWJiMWNkZDViODZiZTc3ODA2ODg5ZDJlMWIyMDJhY2My
N2IyMjUwHhcNMjYwNTA2MTE1NDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWI1OWE5NzEzZGUwOTAyN2M4NDFiMTA0NTIwMGYwNWVjNzY3ZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0r4FjIguYu/3NJ/mB3AJXM54qWpD
mWygdETD26ti+DU9zLCP1LTpLkodLqgtS/O4mn7ETvcDYttG9moMRBvWlqvtUXR1
khaHf3Mzdg1Yi+5i5o6Nqcme3vhAaCXbe7pN2amYAx68IH72Bm7b88jT1CmtssPV
AA+g/mJNYAoHFsrUwQluHBr7Aweezcwjcn5GszV7LguVAx+JIi9oOYkTy7Mydn4H
CsWO17r/knyabkaTL8VZwfDBKuDkHmoecSJoNymkTRdgKbtkmuTxYpYrwrfD1g7X
p3NQhyQImf/8X8NWXxUz2rlVK3w8hL6S8Bc/pHPWzr7+IX0fFdVyQfvPTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNm1mpcT3gkCfIQbEEUgDwXsdn6tMB8GA1UdIwQY
MBaAFLQbsc3VuGvneAaInS4bICrMJ7IlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJ1eHpkVzRhLWQ0Qm9pZExoc2dLc3duc2lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8xOGM4ZDUtMDg5YS00NzBlLTkwNmQt
ZGM0ZTc5ODhhMjhhLzEvMmJXYWx4UGVDUUo4aEJzUVJTQVBCZXgyZnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8xOGM4ZDUtMDg5YS00NzBlLTkwNmQtZGM0ZTc5ODhhMjhh
LzEvdEJ1eHpkVzRhLWQ0Qm9pZExoc2dLc3duc2lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9HMA0G
CSqGSIb3DQEBCwUAA4IBAQCLkCruiC8W4TUpYeBcjJrcyyj9wQlLGwqPaOB9fnBx
TP4F80eHYYaOReSpUo1mfHgKQaDPdTgD9swJcxqd7ZN1keLM2TghVLEsZKGNMOkl
32zfmFXJEnzJuSNYFKEVPxkfm6KyJpxDTd/ba8QC3PkySD2d2/GUSMOgwcXB7bFE
rSieh9Bplm2pZIIc1zydbVwEZqGyiLBH226azxsh5Ii5hXdwASB4A6+a/+lp5NWP
Fo6AyvX8vk4T09ebHfe7H/peTRWYLo8CU5C0jITQVPekSw5yjC+T5ezZHIE+tPwv
HrEhWFq7cTTao9ii9fmgavXBwZ8N7c2DSJekfisUJGNc
-----END CERTIFICATE-----