Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/0_t2wQIokLKY2kmf_7_jfNZXtiY.roa
File:                     0_t2wQIokLKY2kmf_7_jfNZXtiY.roa (raw, json)
Hash identifier:          TGSr63wO3aGHJ7YGz4t10QGo266PAEIyzVMQYeVtap4=
Subject key identifier:   D3:FB:76:C1:02:28:90:B2:98:DA:49:9F:FF:BF:E3:7C:D6:57:B6:26
Certificate issuer:       /CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
Certificate serial:       019F11EA507D08845A44B0A7210818D7EF28
Authority key identifier: FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/0_t2wQIokLKY2kmf_7_jfNZXtiY.roa
Signing time:             Mon 29 Jun 2026 05:46:36 +0000
ROA not before:           Mon 29 Jun 2026 05:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43541
IP address blocks:        185.231.223.0/24 maxlen: 24
                          185.252.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:11:ea:50:7d:08:84:5a:44:b0:a7:21:08:18:d7:ef:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
        Validity
            Not Before: Jun 29 05:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3fb76c1022890b298da499fffbfe37cd657b626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f2:da:96:e0:8a:5c:5c:78:b9:17:c8:91:af:
                    a6:aa:83:2e:d7:76:9d:6d:7f:0d:e6:a2:b8:ce:10:
                    7f:74:0a:9f:ee:57:3c:54:0e:a6:ee:e2:74:5a:93:
                    29:bf:89:d1:98:5f:24:82:55:58:ec:bd:01:b9:59:
                    73:bf:ab:4f:4d:d6:92:2e:b2:ff:f2:a4:47:1c:2e:
                    56:88:59:d3:c2:c3:3e:33:69:50:1e:34:2b:f4:2c:
                    08:0d:47:a2:b3:f9:b4:67:5e:69:f8:52:40:b9:c4:
                    ef:b9:ac:5d:f0:22:d5:0f:2a:ec:83:3e:4a:8e:a5:
                    4b:a7:eb:10:74:44:98:b5:16:17:a5:c0:b9:98:9c:
                    2d:2e:9c:b3:b4:de:1e:ae:a8:cc:54:38:f9:cc:b0:
                    68:54:35:aa:20:de:68:f6:e3:68:e5:6c:35:e0:1d:
                    89:73:fc:8d:f7:ce:c7:31:71:94:75:d5:ec:ef:f5:
                    14:45:92:79:ed:96:e9:a9:49:e9:41:64:91:05:c4:
                    87:37:58:f7:ba:16:46:bd:9e:5b:39:6f:1f:a0:e0:
                    2a:01:73:9d:59:07:cf:46:f7:8a:8a:a6:1b:d6:e5:
                    66:81:29:44:ed:47:41:3b:ef:1a:c3:70:11:1e:12:
                    6b:91:4b:90:66:f9:32:4a:58:76:76:30:e6:ac:4d:
                    35:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FB:76:C1:02:28:90:B2:98:DA:49:9F:FF:BF:E3:7C:D6:57:B6:26
            X509v3 Authority Key Identifier:
                keyid:FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/0_t2wQIokLKY2kmf_7_jfNZXtiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.223.0/24
                  185.252.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:42:b8:3f:f3:72:a9:92:84:d7:a7:24:3c:11:24:0b:e4:86:
         c5:b5:e8:2f:f5:a0:10:23:20:34:7d:32:a9:04:e3:aa:91:4b:
         c0:4f:09:80:6d:97:a5:56:7f:14:8f:9a:ac:a5:97:a5:b0:73:
         ee:5a:a0:54:16:bb:83:a2:67:5b:23:18:88:d9:a3:b7:e5:17:
         bd:e7:1b:ef:93:42:6a:ab:1b:67:de:b8:d4:3e:82:36:28:cc:
         30:be:5b:eb:e7:44:22:72:f1:02:1c:6f:fa:54:1e:4e:f8:09:
         0f:23:5f:da:5f:4d:56:be:71:71:b5:31:3a:95:42:fb:49:1f:
         7c:cd:33:3f:60:62:ed:69:94:3a:b6:c0:70:6f:45:f2:12:e9:
         c7:9e:a4:ed:08:b4:41:18:ce:16:26:82:a6:33:0d:3d:eb:dd:
         2e:07:cf:db:88:3b:2b:44:cd:8b:d2:ad:b9:e4:31:93:2f:83:
         2a:e1:f1:cb:00:ec:64:07:1d:58:9e:e6:5f:88:93:29:b4:5e:
         06:c6:6c:1b:46:a0:e5:12:48:23:97:94:8a:8f:03:df:aa:7f:
         97:96:2e:96:b6:ca:9d:f9:2b:6f:a7:80:97:a3:67:7c:02:2e:
         dd:4e:b9:49:7c:29:4a:58:cb:6b:85:5b:74:c1:17:79:f6:b5:
         9f:22:ca:3a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ8R6lB9CIRaRLCnIQgY1+8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMmU3MmFiZjdiMTcyOGZkYTZhYTBiMDQxM2Q4ODU0ODEy
ZWEzNjEwHhcNMjYwNjI5MDU0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZiNzZjMTAyMjg5MGIyOThkYTQ5OWZmZmJmZTM3Y2Q2NTdiNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfLaluCKXFx4uRfIka+mqoMu13ad
bX8N5qK4zhB/dAqf7lc8VA6m7uJ0WpMpv4nRmF8kglVY7L0BuVlzv6tPTdaSLrL/
8qRHHC5WiFnTwsM+M2lQHjQr9CwIDUeis/m0Z15p+FJAucTvuaxd8CLVDyrsgz5K
jqVLp+sQdESYtRYXpcC5mJwtLpyztN4erqjMVDj5zLBoVDWqIN5o9uNo5Ww14B2J
c/yN987HMXGUddXs7/UURZJ57ZbpqUnpQWSRBcSHN1j3uhZGvZ5bOW8foOAqAXOd
WQfPRveKiqYb1uVmgSlE7UdBO+8aw3ARHhJrkUuQZvkySlh2djDmrE01KwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNP7dsECKJCymNpJn/+/43zWV7YmMB8GA1UdIwQY
MBaAFPoucqv3sXKP2mqgsEE9iFSBLqNhMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1pNXlxX2V4Y29fYWFxQ3dRVDJJVklFdW8yRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlm
LWEzNjZkYTI1MWE4My8xLzBfdDJ3UUlva0xLWTJrbWZfN19qZk5aWHRpWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlmLWEzNjZkYTI1MWE4
My8xLzEtaTV5cV9leGNvX2FhcUN3UVQySVZJRXVvMkUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC5598D
BAC5/IYwDQYJKoZIhvcNAQELBQADggEBACxCuD/zcqmShNenJDwRJAvkhsW16C/1
oBAjIDR9MqkE46qRS8BPCYBtl6VWfxSPmqyll6Wwc+5aoFQWu4OiZ1sjGIjZo7fl
F73nG++TQmqrG2feuNQ+gjYozDC+W+vnRCJy8QIcb/pUHk74CQ8jX9pfTVa+cXG1
MTqVQvtJH3zNMz9gYu1plDq2wHBvRfIS6ceepO0ItEEYzhYmgqYzDT3r3S4Hz9uI
OytEzYvSrbnkMZMvgyrh8csA7GQHHVie5l+Ikym0XgbGbBtGoOUSSCOXlIqPA9+q
f5eWLpa2yp35K2+ngJejZ3wCLt1OuUl8KUpYy2uFW3TBF3n2tZ8iyjo=
-----END CERTIFICATE-----