Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/33gU1W_UI1Ae18rle6T32Am_ap0.roa
File:                     33gU1W_UI1Ae18rle6T32Am_ap0.roa (raw, json)
Hash identifier:          CtHyr3lbVK0nM4M5V+efOeDGbhPQI4ZIEpY0w9de2vw=
Subject key identifier:   DF:78:14:D5:6F:D4:23:50:1E:D7:CA:E5:7B:A4:F7:D8:09:BF:6A:9D
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       019E464DB0D672BE04925D4D9AA926752125
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/33gU1W_UI1Ae18rle6T32Am_ap0.roa
Signing time:             Wed 20 May 2026 16:52:36 +0000
ROA not before:           Wed 20 May 2026 16:52:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201097
IP address blocks:        209.131.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 10:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:4d:b0:d6:72:be:04:92:5d:4d:9a:a9:26:75:21:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: May 20 16:52:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df7814d56fd423501ed7cae57ba4f7d809bf6a9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5c:f6:f3:6c:2b:26:42:ae:e8:87:6b:94:14:
                    4d:c0:65:bf:c2:ca:46:f7:c8:a1:d5:1a:a0:fa:d2:
                    70:7e:b5:fb:73:7a:fc:fe:03:d7:a6:a8:38:ce:33:
                    f6:8a:b8:c3:b4:af:a2:88:e7:fe:9d:8a:74:77:92:
                    6a:44:c4:83:c1:d9:cf:1e:ce:a5:6c:2b:f0:9a:7c:
                    1c:ba:10:d6:3f:52:2c:f1:32:6f:16:e3:d0:24:f2:
                    26:0d:32:76:6c:86:27:d4:e9:9f:bb:ce:16:5b:47:
                    ac:5d:5e:84:3f:4f:0a:e2:80:0e:fc:a6:09:19:d6:
                    51:dd:af:ec:4e:4f:ec:10:b4:bd:52:41:d9:37:02:
                    59:4a:56:c1:cc:96:1c:34:ae:db:73:cd:8f:dc:4e:
                    ba:07:3a:31:a4:f8:b9:65:98:6d:52:4c:bf:d4:2f:
                    e0:97:09:1b:6d:9b:80:50:24:38:b7:8e:64:6b:6e:
                    ca:5d:b1:bb:79:66:d8:13:c1:2b:b0:26:24:34:40:
                    a1:bc:45:23:30:2f:17:47:94:9a:60:5d:9f:45:75:
                    87:4b:02:e7:22:e5:3a:73:ed:d2:1b:d3:e0:a4:35:
                    f5:ac:a2:ae:a6:2f:c6:b2:5d:f4:11:16:e0:5e:69:
                    97:80:d1:dc:58:72:83:fb:2d:64:22:cf:8c:9c:d0:
                    bf:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:78:14:D5:6F:D4:23:50:1E:D7:CA:E5:7B:A4:F7:D8:09:BF:6A:9D
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/33gU1W_UI1Ae18rle6T32Am_ap0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:b9:09:7f:37:3d:89:fc:d7:21:69:43:99:6c:81:39:9f:e1:
         bf:d6:68:35:6b:2e:0b:f3:a7:1d:61:be:6a:c9:60:2f:ff:3c:
         ec:1f:e4:91:d7:86:21:11:fe:e2:fe:8d:bd:80:41:1f:5e:f8:
         ad:1c:9f:48:bd:db:1e:ee:a2:ab:91:55:cc:f7:7c:87:26:b1:
         1e:b4:6f:c7:7a:7e:19:78:bd:48:65:e8:2d:4e:ad:80:91:13:
         6a:f1:5a:e8:b0:ea:04:61:bf:a4:c1:e9:71:a6:b8:40:34:a7:
         51:e9:93:86:43:1b:4e:35:09:31:e0:0f:2b:e7:d8:42:fe:91:
         51:2b:d2:19:9d:86:1b:d5:80:a1:e2:1c:07:94:5c:22:e3:15:
         15:7e:1a:24:0b:5e:4a:96:c1:24:24:d2:33:2e:36:6a:89:84:
         3f:28:6e:f2:da:50:fa:0c:ae:2c:06:cf:fb:4d:89:fc:42:d6:
         fe:1d:fc:35:98:da:eb:cf:e6:99:ec:ef:e4:df:12:cb:39:50:
         06:3b:71:50:27:5d:46:9a:f3:a6:bb:fc:32:16:a9:bf:9c:28:
         cd:e1:63:37:8c:cf:25:f1:f9:76:20:b6:53:c5:36:83:98:da:
         90:31:28:c8:ec:20:d9:10:f2:20:12:a1:f5:ed:df:f9:48:3d:
         f2:40:27:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5GTbDWcr4Ekl1NmqkmdSElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjYwNTIwMTY1MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjc4MTRkNTZmZDQyMzUwMWVkN2NhZTU3YmE0ZjdkODA5YmY2YTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVz282wrJkKu6IdrlBRNwGW/wspG
98ih1Rqg+tJwfrX7c3r8/gPXpqg4zjP2irjDtK+iiOf+nYp0d5JqRMSDwdnPHs6l
bCvwmnwcuhDWP1Is8TJvFuPQJPImDTJ2bIYn1Omfu84WW0esXV6EP08K4oAO/KYJ
GdZR3a/sTk/sELS9UkHZNwJZSlbBzJYcNK7bc82P3E66BzoxpPi5ZZhtUky/1C/g
lwkbbZuAUCQ4t45ka27KXbG7eWbYE8ErsCYkNEChvEUjMC8XR5SaYF2fRXWHSwLn
IuU6c+3SG9PgpDX1rKKupi/Gsl30ERbgXmmXgNHcWHKD+y1kIs+MnNC/pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN94FNVv1CNQHtfK5Xuk99gJv2qdMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvMzNnVTFXX1VJMUFlMThybGU2VDMyQW1fYXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0YNFMA0G
CSqGSIb3DQEBCwUAA4IBAQCCuQl/Nz2J/NchaUOZbIE5n+G/1mg1ay4L86cdYb5q
yWAv/zzsH+SR14YhEf7i/o29gEEfXvitHJ9Ivdse7qKrkVXM93yHJrEetG/Hen4Z
eL1IZegtTq2AkRNq8VrosOoEYb+kwelxprhANKdR6ZOGQxtONQkx4A8r59hC/pFR
K9IZnYYb1YCh4hwHlFwi4xUVfhokC15KlsEkJNIzLjZqiYQ/KG7y2lD6DK4sBs/7
TYn8Qtb+Hfw1mNrrz+aZ7O/k3xLLOVAGO3FQJ11GmvOmu/wyFqm/nCjN4WM3jM8l
8fl2ILZTxTaDmNqQMSjI7CDZEPIgEqH17d/5SD3yQCe+
-----END CERTIFICATE-----