Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/sPWdnd-6eDj5X9yNO4z9PSISSlQ.roa
File:                     sPWdnd-6eDj5X9yNO4z9PSISSlQ.roa (raw, json)
Hash identifier:          agHieGTKdf4veiuZ5e0ZnuSvZ/4cBqOGV3qPQeuYVLw=
Subject key identifier:   B0:F5:9D:9D:DF:BA:78:38:F9:5F:DC:8D:3B:8C:FD:3D:22:12:4A:54
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       019E837E36A6C826A80E069F372EAE59D722
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/sPWdnd-6eDj5X9yNO4z9PSISSlQ.roa
Signing time:             Mon 01 Jun 2026 14:02:27 +0000
ROA not before:           Mon 01 Jun 2026 14:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202036
IP address blocks:        209.131.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:7e:36:a6:c8:26:a8:0e:06:9f:37:2e:ae:59:d7:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Jun  1 14:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0f59d9ddfba7838f95fdc8d3b8cfd3d22124a54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c8:d0:22:13:68:3e:c2:e4:02:60:66:40:be:
                    9d:54:7b:d8:43:ab:c6:82:ca:72:c1:3e:af:69:83:
                    81:6b:b0:14:79:23:4f:e5:b5:33:86:ea:0b:08:ba:
                    57:0f:86:ec:66:13:97:e8:62:39:49:99:9c:10:b0:
                    eb:26:49:98:13:51:7a:1e:d7:34:61:61:2a:6e:17:
                    2f:56:fe:b3:e6:99:60:29:5b:de:7f:ad:c7:e3:80:
                    9c:71:84:61:85:2e:90:0f:12:bf:72:ef:81:f9:42:
                    3c:69:1d:d5:7f:77:28:43:cf:85:97:1a:bd:a4:77:
                    4e:07:a2:d2:c8:ea:07:65:8e:c5:32:59:2c:99:46:
                    0a:b5:b4:81:38:3f:ad:65:5d:1f:f3:e4:db:d5:a5:
                    9e:ad:a2:01:d9:fb:1b:fa:b6:30:1a:45:dc:56:f4:
                    5b:3f:37:eb:b0:4b:c6:10:2c:25:e3:c8:40:31:08:
                    5e:09:14:bd:29:93:f5:b3:51:16:94:4b:78:83:aa:
                    c2:d1:02:90:c1:61:b6:e4:dd:e2:24:25:6d:a0:ed:
                    75:2f:f2:fa:87:58:fe:16:bc:28:2c:5e:70:52:61:
                    5a:00:d7:17:f0:54:97:0f:5f:5b:14:a7:92:49:0d:
                    ec:f6:e0:e6:e5:22:a2:c7:c5:6c:67:02:ee:c8:8c:
                    f3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F5:9D:9D:DF:BA:78:38:F9:5F:DC:8D:3B:8C:FD:3D:22:12:4A:54
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/sPWdnd-6eDj5X9yNO4z9PSISSlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c3:ee:d0:f8:4a:c4:dc:28:ad:c3:71:b1:c7:12:eb:a3:a6:
         79:0d:89:32:0b:77:80:64:37:54:68:44:32:20:c4:af:bd:6e:
         77:67:52:f1:7c:26:15:9c:da:af:83:c5:0c:2a:c3:fd:16:82:
         d5:dc:f3:ad:68:f0:d8:ca:bc:1c:0d:99:37:fd:c7:de:09:fd:
         86:94:a3:6d:04:3a:b0:a0:65:08:a2:e1:13:3f:7b:40:6e:15:
         8f:43:71:40:05:06:6c:af:8b:3f:4d:48:2a:f0:e4:ac:58:b1:
         b3:38:71:6e:9a:33:82:21:f5:48:77:93:7f:b2:69:96:67:92:
         20:cc:dc:3b:8d:3d:86:6d:5a:cb:dc:4a:34:ce:0d:e0:1e:26:
         bf:c2:08:68:63:9d:e0:2b:f8:ea:61:7b:e8:43:d5:87:64:ff:
         ea:67:e0:a7:71:e0:f4:d9:dd:77:53:ee:31:0b:45:09:f4:4d:
         41:f5:77:f4:29:88:2e:89:3b:18:25:e1:80:7e:4d:9a:90:d2:
         ef:65:a2:e0:c0:45:6e:92:2d:a6:9a:13:9e:5a:57:04:65:be:
         91:bd:b4:0b:a5:89:c6:9f:42:3a:3e:b2:ad:ec:2d:9d:33:a8:
         97:aa:2c:4e:b3:28:6c:89:da:ac:e3:4f:a9:5c:ff:98:4a:cd:
         0c:5f:3c:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DfjamyCaoDgafNy6uWdciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjYwNjAxMTQwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGY1OWQ5ZGRmYmE3ODM4Zjk1ZmRjOGQzYjhjZmQzZDIyMTI0YTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58jQIhNoPsLkAmBmQL6dVHvYQ6vG
gspywT6vaYOBa7AUeSNP5bUzhuoLCLpXD4bsZhOX6GI5SZmcELDrJkmYE1F6Htc0
YWEqbhcvVv6z5plgKVvef63H44CccYRhhS6QDxK/cu+B+UI8aR3Vf3coQ8+Flxq9
pHdOB6LSyOoHZY7FMlksmUYKtbSBOD+tZV0f8+Tb1aWeraIB2fsb+rYwGkXcVvRb
PzfrsEvGECwl48hAMQheCRS9KZP1s1EWlEt4g6rC0QKQwWG25N3iJCVtoO11L/L6
h1j+FrwoLF5wUmFaANcX8FSXD19bFKeSSQ3s9uDm5SKix8VsZwLuyIzzFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLD1nZ3fung4+V/cjTuM/T0iEkpUMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvc1BXZG5kLTZlRGo1WDl5Tk80ejlQU0lTU2xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0YNAMA0G
CSqGSIb3DQEBCwUAA4IBAQAuw+7Q+ErE3Citw3GxxxLro6Z5DYkyC3eAZDdUaEQy
IMSvvW53Z1LxfCYVnNqvg8UMKsP9FoLV3POtaPDYyrwcDZk3/cfeCf2GlKNtBDqw
oGUIouETP3tAbhWPQ3FABQZsr4s/TUgq8OSsWLGzOHFumjOCIfVId5N/smmWZ5Ig
zNw7jT2GbVrL3Eo0zg3gHia/wghoY53gK/jqYXvoQ9WHZP/qZ+CnceD02d13U+4x
C0UJ9E1B9Xf0KYguiTsYJeGAfk2akNLvZaLgwEVuki2mmhOeWlcEZb6RvbQLpYnG
n0I6PrKt7C2dM6iXqixOsyhsidqs40+pXP+YSs0MXzwi
-----END CERTIFICATE-----