Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/30_2SrrQt3xLpXgztAf1BYLj6dc.roa
File:                     30_2SrrQt3xLpXgztAf1BYLj6dc.roa (raw, json)
Hash identifier:          NTrKpnKBqVn0bitR0Jwanme0JvSKtMI3Yu9OWoAC8F0=
Subject key identifier:   DF:4F:F6:4A:BA:D0:B7:7C:4B:A5:78:33:B4:07:F5:05:82:E3:E9:D7
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       019E45785DD1CF960EB483CF4B8292C30EF0
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/30_2SrrQt3xLpXgztAf1BYLj6dc.roa
Signing time:             Wed 20 May 2026 12:59:36 +0000
ROA not before:           Wed 20 May 2026 12:59:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12741
IP address blocks:        193.200.96.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 May 2026 12:59:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:45:78:5d:d1:cf:96:0e:b4:83:cf:4b:82:92:c3:0e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: May 20 12:59:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df4ff64abad0b77c4ba57833b407f50582e3e9d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b4:35:c8:de:c5:65:34:4f:f1:4c:ba:26:aa:
                    50:3a:34:6c:f1:2a:19:0a:a6:94:6e:77:1e:38:6c:
                    53:d0:30:5d:85:c5:ff:d3:e1:88:6c:63:3c:7c:6a:
                    0a:5d:41:a2:0c:8c:e7:20:96:58:ed:ae:f6:ce:19:
                    1a:e4:96:20:b8:a6:d3:35:e5:da:dd:c6:86:1b:09:
                    a9:22:5c:5f:89:d7:7d:18:45:1a:05:77:ea:79:44:
                    71:bd:06:d4:8a:35:3e:2e:6d:31:49:5e:d1:ce:14:
                    85:0e:12:d0:68:c1:41:bf:5f:33:cf:86:77:f6:de:
                    23:9f:7b:e8:88:2b:0d:18:2e:ba:86:1a:3b:a9:cb:
                    29:90:51:96:08:f0:8a:72:90:68:7d:90:39:b5:ce:
                    dc:6a:df:95:f2:c7:aa:29:d5:6a:4a:b1:ea:b8:84:
                    d5:8c:22:aa:dc:d7:78:00:3e:ba:01:b8:a6:51:19:
                    8c:6d:22:7c:88:df:b5:27:b5:7f:32:97:df:ba:7e:
                    85:00:16:63:07:d9:70:fc:42:c7:8a:ee:49:49:01:
                    bd:d2:cf:b7:67:6d:12:b5:fb:8b:8e:1a:53:02:ff:
                    d0:07:2e:fa:9b:eb:d5:be:17:c0:99:4b:6f:80:f3:
                    c1:f7:9a:c0:07:c1:87:18:7d:a9:16:de:31:4a:86:
                    f3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:4F:F6:4A:BA:D0:B7:7C:4B:A5:78:33:B4:07:F5:05:82:E3:E9:D7
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/30_2SrrQt3xLpXgztAf1BYLj6dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:90:98:db:44:1c:a0:6d:84:83:a2:58:82:5e:e4:ac:0e:79:
         d9:8f:5c:74:91:e1:bb:e2:2e:3e:db:be:62:85:e6:0a:ac:bf:
         ab:57:4a:5f:e5:88:9f:88:43:8d:8e:ab:aa:f4:0f:a4:dc:cf:
         4e:dd:39:ad:45:ef:b7:45:d7:56:98:87:83:66:63:6e:56:2e:
         af:8e:97:8a:3c:49:2e:e6:66:b0:71:18:7d:aa:f1:db:d4:14:
         12:2c:b2:13:78:43:e7:de:09:7d:43:48:e8:ad:f6:e8:d6:e2:
         ee:7e:bf:71:50:b6:ef:75:a9:37:b3:04:1d:0e:01:59:5a:ca:
         ab:6a:f4:0b:a5:aa:14:2a:87:56:d2:d9:d9:8b:22:bb:b4:d7:
         16:2f:75:f0:8e:dd:4b:f2:4d:a7:a2:2d:70:55:71:09:99:7e:
         df:e6:6e:84:88:7b:bb:61:5c:72:c4:45:93:a4:50:a7:bc:10:
         cf:57:3b:62:37:25:da:9b:8a:1a:7c:60:25:94:7e:ad:97:f2:
         16:52:a9:9e:7b:67:5d:a0:ef:5f:6a:0c:27:2f:38:9e:84:73:
         85:89:4c:ce:0b:69:bf:bd:d1:9c:b7:80:18:66:c2:90:58:86:
         38:74:1a:36:b0:e0:1d:61:d0:51:8f:f4:1c:6b:df:a6:2a:72:
         44:59:51:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5FeF3Rz5YOtIPPS4KSww7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjYwNTIwMTI1OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjRmZjY0YWJhZDBiNzdjNGJhNTc4MzNiNDA3ZjUwNTgyZTNlOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrQ1yN7FZTRP8Uy6JqpQOjRs8SoZ
CqaUbnceOGxT0DBdhcX/0+GIbGM8fGoKXUGiDIznIJZY7a72zhka5JYguKbTNeXa
3caGGwmpIlxfidd9GEUaBXfqeURxvQbUijU+Lm0xSV7RzhSFDhLQaMFBv18zz4Z3
9t4jn3voiCsNGC66hho7qcspkFGWCPCKcpBofZA5tc7cat+V8seqKdVqSrHquITV
jCKq3Nd4AD66AbimURmMbSJ8iN+1J7V/Mpffun6FABZjB9lw/ELHiu5JSQG90s+3
Z20StfuLjhpTAv/QBy76m+vVvhfAmUtvgPPB95rAB8GHGH2pFt4xSobzHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9P9kq60Ld8S6V4M7QH9QWC4+nXMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvMzBfMlNyclF0M3hMcFhnenRBZjFCWUxqNmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwchgMA0G
CSqGSIb3DQEBCwUAA4IBAQCekJjbRBygbYSDoliCXuSsDnnZj1x0keG74i4+275i
heYKrL+rV0pf5YifiEONjquq9A+k3M9O3TmtRe+3RddWmIeDZmNuVi6vjpeKPEku
5mawcRh9qvHb1BQSLLITeEPn3gl9Q0jorfbo1uLufr9xULbvdak3swQdDgFZWsqr
avQLpaoUKodW0tnZiyK7tNcWL3Xwjt1L8k2noi1wVXEJmX7f5m6EiHu7YVxyxEWT
pFCnvBDPVztiNyXam4oafGAllH6tl/IWUqmee2ddoO9fagwnLziehHOFiUzOC2m/
vdGct4AYZsKQWIY4dBo2sOAdYdBRj/Qca9+mKnJEWVFd
-----END CERTIFICATE-----