Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/I2kYVGgTXf3beeheYP4NYqvlsqo.roa
File:                     I2kYVGgTXf3beeheYP4NYqvlsqo.roa (raw, json)
Hash identifier:          +1MdfvNf88UVk1eBDOjY75bUfmqtSM1iSrahOzZLtS8=
Subject key identifier:   23:69:18:54:68:13:5D:FD:DB:79:E8:5E:60:FE:0D:62:AB:E5:B2:AA
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       019CB649F8E57B4B817F9B6ED845F4C4924E
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/I2kYVGgTXf3beeheYP4NYqvlsqo.roa
Signing time:             Wed 04 Mar 2026 00:40:27 +0000
ROA not before:           Wed 04 Mar 2026 00:40:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        185.138.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 01:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b6:49:f8:e5:7b:4b:81:7f:9b:6e:d8:45:f4:c4:92:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Mar  4 00:40:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2369185468135dfddb79e85e60fe0d62abe5b2aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ca:0a:ab:95:3d:5e:82:64:0d:7c:a7:38:0d:
                    61:f2:60:27:30:6c:b3:06:be:76:52:a0:aa:af:51:
                    53:3b:b2:57:2e:10:b6:53:ca:f0:6e:db:30:94:60:
                    56:45:32:bf:d5:1f:71:d3:55:21:d4:d9:55:59:0e:
                    b0:30:19:43:3f:d0:04:3e:58:27:d8:fd:25:59:56:
                    62:82:98:e6:e8:38:13:70:81:08:60:67:55:85:75:
                    97:67:6f:a9:be:87:c9:90:60:fa:4a:15:fa:9a:f5:
                    7c:fe:4f:4d:65:9f:52:ae:f8:13:ff:8e:ce:63:41:
                    4e:39:f0:07:62:53:8d:7f:b9:ba:a5:3e:ec:41:91:
                    ce:d7:cf:7f:11:1b:4a:a3:30:e5:77:af:7c:46:17:
                    59:22:50:eb:53:e0:e3:8c:4a:76:eb:41:b3:d4:6b:
                    4a:36:6a:b8:30:88:69:94:a7:25:3f:1f:44:ff:32:
                    5c:37:5a:fd:59:c7:4e:e9:5f:91:e6:16:18:80:ae:
                    4c:b0:1b:c6:3e:46:ed:76:ac:50:7e:dc:69:83:97:
                    e3:d0:53:3b:61:f4:96:f1:50:9f:64:56:7b:88:10:
                    6a:ce:16:05:45:3c:a6:f9:61:66:34:3f:2b:96:d7:
                    f0:d8:ab:27:8a:16:6f:bc:88:9b:91:52:1a:a2:ef:
                    d5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:69:18:54:68:13:5D:FD:DB:79:E8:5E:60:FE:0D:62:AB:E5:B2:AA
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/I2kYVGgTXf3beeheYP4NYqvlsqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:6c:07:5a:5c:fa:1f:58:29:9d:7f:60:f8:85:1b:06:4e:a4:
         d8:e1:fe:a0:e9:e0:53:6f:ea:9a:c3:e7:1b:7e:ba:29:af:e1:
         3a:f7:bd:09:30:bd:99:98:d6:64:41:08:42:14:6b:ae:61:dd:
         a2:f7:f7:ec:13:9f:06:9b:16:c4:85:c3:c5:d5:7c:4d:b6:93:
         f4:a7:64:d9:91:ef:5c:47:ed:ed:fa:1d:fb:1c:2f:84:12:ed:
         df:d7:3c:fd:33:08:a5:28:73:13:85:bc:00:7f:e8:a0:9e:be:
         04:65:0a:5b:47:20:ce:96:a6:52:89:f2:1d:21:eb:40:49:82:
         77:6c:22:70:1f:b0:83:db:0c:89:b1:b5:ae:6e:a0:bf:98:af:
         b8:fc:47:83:37:fe:01:be:de:52:76:53:f5:6f:ff:6a:de:d1:
         0f:40:e6:83:00:8f:da:0c:66:3d:61:63:cd:27:af:e3:0e:60:
         a3:cc:22:28:b5:d4:61:40:00:61:09:72:3b:5b:e0:35:73:92:
         43:d4:5d:aa:53:08:c4:ed:3b:b6:89:fe:72:a7:d4:4b:5f:e6:
         90:2f:cc:e3:43:4b:61:dc:ea:56:f2:a7:4c:5d:97:99:53:cb:
         66:0a:3b:ed:0e:0c:3f:6e:e5:38:1e:aa:e0:ef:ac:aa:7b:03:
         59:0b:d9:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy2Sfjle0uBf5tu2EX0xJJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjYwMzA0MDA0MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzY5MTg1NDY4MTM1ZGZkZGI3OWU4NWU2MGZlMGQ2MmFiZTViMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsoKq5U9XoJkDXynOA1h8mAnMGyz
Br52UqCqr1FTO7JXLhC2U8rwbtswlGBWRTK/1R9x01Uh1NlVWQ6wMBlDP9AEPlgn
2P0lWVZigpjm6DgTcIEIYGdVhXWXZ2+pvofJkGD6ShX6mvV8/k9NZZ9SrvgT/47O
Y0FOOfAHYlONf7m6pT7sQZHO189/ERtKozDld698RhdZIlDrU+DjjEp260Gz1GtK
Nmq4MIhplKclPx9E/zJcN1r9WcdO6V+R5hYYgK5MsBvGPkbtdqxQftxpg5fj0FM7
YfSW8VCfZFZ7iBBqzhYFRTym+WFmND8rltfw2KsnihZvvIibkVIaou/VlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNpGFRoE13923noXmD+DWKr5bKqMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvSTJrWVZHZ1RYZjNiZWVoZVlQNE5ZcXZsc3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYrpMA0G
CSqGSIb3DQEBCwUAA4IBAQAubAdaXPofWCmdf2D4hRsGTqTY4f6g6eBTb+qaw+cb
fropr+E6970JML2ZmNZkQQhCFGuuYd2i9/fsE58GmxbEhcPF1XxNtpP0p2TZke9c
R+3t+h37HC+EEu3f1zz9MwilKHMThbwAf+ignr4EZQpbRyDOlqZSifIdIetASYJ3
bCJwH7CD2wyJsbWubqC/mK+4/EeDN/4Bvt5SdlP1b/9q3tEPQOaDAI/aDGY9YWPN
J6/jDmCjzCIotdRhQABhCXI7W+A1c5JD1F2qUwjE7Tu2if5yp9RLX+aQL8zjQ0th
3OpW8qdMXZeZU8tmCjvtDgw/buU4Hqrg76yqewNZC9nT
-----END CERTIFICATE-----