Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/35cf7b-0144-4507-bf39-cc68dc854e88/1/bJdam9pp9M4KoAXNEJaB74-xkH0.roa
File:                     bJdam9pp9M4KoAXNEJaB74-xkH0.roa (raw, json)
Hash identifier:          uYdGAOnYTnxesXkdC+SoZNMuyPsRhlrSV+UF+OBopIs=
Subject key identifier:   6C:97:5A:9B:DA:69:F4:CE:0A:A0:05:CD:10:96:81:EF:8F:B1:90:7D
Certificate issuer:       /CN=2ee525163dc01dcd3089bb1dcfb0912e77edaf98
Certificate serial:       019E218DB9DE735D23D1CFCB04A6E6910439
Authority key identifier: 2E:E5:25:16:3D:C0:1D:CD:30:89:BB:1D:CF:B0:91:2E:77:ED:AF:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LuUlFj3AHc0wibsdz7CRLnftr5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/35cf7b-0144-4507-bf39-cc68dc854e88/1/bJdam9pp9M4KoAXNEJaB74-xkH0.roa
Signing time:             Wed 13 May 2026 13:36:36 +0000
ROA not before:           Wed 13 May 2026 13:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49346
IP address blocks:        193.169.32.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/35cf7b-0144-4507-bf39-cc68dc854e88/1/LuUlFj3AHc0wibsdz7CRLnftr5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/35cf7b-0144-4507-bf39-cc68dc854e88/1/LuUlFj3AHc0wibsdz7CRLnftr5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LuUlFj3AHc0wibsdz7CRLnftr5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 May 2026 01:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:21:8d:b9:de:73:5d:23:d1:cf:cb:04:a6:e6:91:04:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ee525163dc01dcd3089bb1dcfb0912e77edaf98
        Validity
            Not Before: May 13 13:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c975a9bda69f4ce0aa005cd109681ef8fb1907d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:00:4c:ff:4e:2d:7f:61:c9:60:3f:d7:d5:8b:
                    f2:37:df:bb:98:c5:8d:49:19:22:ca:e7:15:a7:01:
                    48:64:b2:8c:69:ce:14:47:82:ba:e0:af:35:81:65:
                    c9:15:1f:8b:80:b0:f5:d5:2f:3c:31:ad:b8:13:21:
                    aa:e1:c4:84:e4:c7:01:4e:4a:f7:57:97:a1:61:35:
                    40:a0:fd:f5:a2:57:36:85:13:3e:ec:39:7b:e5:0c:
                    5c:9f:e8:d2:55:f7:03:a7:5b:ea:9c:63:5f:20:a4:
                    ad:31:a1:45:a6:ea:c1:37:40:35:7d:f9:ea:50:ee:
                    63:bb:17:9b:be:ee:c6:7f:53:69:c7:aa:03:c3:b2:
                    44:82:77:91:85:c4:93:fa:76:bc:23:14:72:8a:e2:
                    f9:23:bc:77:d4:b4:af:27:f8:d8:ef:6d:8d:b6:39:
                    81:ee:95:68:7c:5a:05:ae:c8:ec:7a:79:02:15:2b:
                    fe:fc:dc:75:ea:7a:09:c1:e8:82:1c:c3:74:95:11:
                    85:e5:51:39:37:81:d6:28:82:2a:b6:3b:cf:c8:ed:
                    c1:98:0b:6c:c3:34:9c:7e:3f:bd:22:59:b5:6c:b8:
                    be:f4:1a:e7:63:81:a7:d1:18:86:c5:6e:76:82:26:
                    a9:12:ce:a3:f3:2b:71:d3:98:ef:e8:fb:41:ac:c2:
                    91:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:97:5A:9B:DA:69:F4:CE:0A:A0:05:CD:10:96:81:EF:8F:B1:90:7D
            X509v3 Authority Key Identifier:
                keyid:2E:E5:25:16:3D:C0:1D:CD:30:89:BB:1D:CF:B0:91:2E:77:ED:AF:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LuUlFj3AHc0wibsdz7CRLnftr5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/35cf7b-0144-4507-bf39-cc68dc854e88/1/bJdam9pp9M4KoAXNEJaB74-xkH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/35cf7b-0144-4507-bf39-cc68dc854e88/1/LuUlFj3AHc0wibsdz7CRLnftr5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:82:bd:d0:1a:bb:02:b4:6c:94:37:fa:96:5c:77:e0:66:48:
         9e:23:86:5a:a9:88:45:57:e6:27:30:10:2c:62:e7:18:16:53:
         29:53:66:6c:6b:42:d3:ee:72:96:c1:67:90:3e:99:60:d6:c8:
         1a:56:fb:d2:7a:22:5b:18:65:49:75:f7:07:fd:d7:c0:8c:f1:
         2e:29:29:82:59:9b:a3:50:a7:78:49:39:70:da:93:61:cc:6e:
         de:db:6c:c6:77:94:77:40:e4:7a:8c:95:87:57:bc:03:99:63:
         00:d5:e4:3f:31:18:b1:9e:d5:26:85:10:7e:ab:61:cc:93:76:
         7c:dc:7e:c9:c4:80:64:f7:fa:0c:65:4f:74:6f:2d:7b:4e:e9:
         92:3f:dc:f2:e4:dd:2e:9f:b9:7a:c7:04:12:5b:21:21:ab:6e:
         f8:58:e7:22:14:6d:7d:3c:fb:52:46:c3:5c:ff:50:a0:38:da:
         6f:53:49:80:f4:98:57:3d:4f:72:98:a6:b1:97:31:e5:e4:07:
         17:e9:51:48:4e:68:93:ea:f2:8d:4c:bf:fe:65:fe:1f:b1:60:
         d9:73:a1:f0:0c:4b:7c:87:67:d6:fd:16:c3:23:20:e9:c5:6c:
         92:50:8e:93:da:e5:62:59:a4:78:45:68:b3:23:fb:55:ad:fb:
         94:20:dd:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4hjbnec10j0c/LBKbmkQQ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZTUyNTE2M2RjMDFkY2QzMDg5YmIxZGNmYjA5MTJlNzdl
ZGFmOTgwHhcNMjYwNTEzMTMzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzk3NWE5YmRhNjlmNGNlMGFhMDA1Y2QxMDk2ODFlZjhmYjE5MDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowBM/04tf2HJYD/X1YvyN9+7mMWN
SRkiyucVpwFIZLKMac4UR4K64K81gWXJFR+LgLD11S88Ma24EyGq4cSE5McBTkr3
V5ehYTVAoP31olc2hRM+7Dl75Qxcn+jSVfcDp1vqnGNfIKStMaFFpurBN0A1ffnq
UO5juxebvu7Gf1Npx6oDw7JEgneRhcST+na8IxRyiuL5I7x31LSvJ/jY722NtjmB
7pVofFoFrsjsenkCFSv+/Nx16noJweiCHMN0lRGF5VE5N4HWKIIqtjvPyO3BmAts
wzScfj+9Ilm1bLi+9BrnY4Gn0RiGxW52giapEs6j8ytx05jv6PtBrMKRuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyXWpvaafTOCqAFzRCWge+PsZB9MB8GA1UdIwQY
MBaAFC7lJRY9wB3NMIm7Hc+wkS537a+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHVVbEZqM0FIYzB3aWJzZHo3Q1JMbmZ0cjVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8zNWNmN2ItMDE0NC00NTA3LWJmMzkt
Y2M2OGRjODU0ZTg4LzEvYkpkYW05cHA5TTRLb0FYTkVKYUI3NC14a0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8zNWNmN2ItMDE0NC00NTA3LWJmMzktY2M2OGRjODU0ZTg4
LzEvTHVVbEZqM0FIYzB3aWJzZHo3Q1JMbmZ0cjVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwakgMA0G
CSqGSIb3DQEBCwUAA4IBAQAlgr3QGrsCtGyUN/qWXHfgZkieI4ZaqYhFV+YnMBAs
YucYFlMpU2Zsa0LT7nKWwWeQPplg1sgaVvvSeiJbGGVJdfcH/dfAjPEuKSmCWZuj
UKd4STlw2pNhzG7e22zGd5R3QOR6jJWHV7wDmWMA1eQ/MRixntUmhRB+q2HMk3Z8
3H7JxIBk9/oMZU90by17TumSP9zy5N0un7l6xwQSWyEhq274WOciFG19PPtSRsNc
/1CgONpvU0mA9JhXPU9ymKaxlzHl5AcX6VFITmiT6vKNTL/+Zf4fsWDZc6HwDEt8
h2fW/RbDIyDpxWySUI6T2uViWaR4RWizI/tVrfuUIN34
-----END CERTIFICATE-----