Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/es-rsIWp_qe3l6rCoQsuOW1qL-s.roa
File:                     es-rsIWp_qe3l6rCoQsuOW1qL-s.roa (raw, json)
Hash identifier:          ibMhb1SPCbUpk7ara96Cnvtk8axLxlk0pFCDEMmisCM=
Subject key identifier:   7A:CF:AB:B0:85:A9:FE:A7:B7:97:AA:C2:A1:0B:2E:39:6D:6A:2F:EB
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019DDA561C719D51B992EE67FD7BFD457BBB
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/es-rsIWp_qe3l6rCoQsuOW1qL-s.roa
Signing time:             Wed 29 Apr 2026 17:42:49 +0000
ROA not before:           Wed 29 Apr 2026 17:42:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214623
IP address blocks:        185.218.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 14:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:56:1c:71:9d:51:b9:92:ee:67:fd:7b:fd:45:7b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 29 17:42:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7acfabb085a9fea7b797aac2a10b2e396d6a2feb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:38:3b:73:01:ac:6b:25:1e:50:d2:1a:b5:de:
                    92:5f:6f:a0:d1:f7:1c:b8:b1:a9:f7:f3:f8:c3:31:
                    62:fe:67:a5:ee:17:f3:d9:61:83:a0:9d:59:bb:e5:
                    8a:bf:03:30:3c:24:06:50:47:61:e9:85:22:08:b3:
                    ff:dc:79:fd:f3:74:95:fe:83:16:cc:63:88:b8:4a:
                    d4:e4:b3:89:bd:2c:97:16:a5:1a:7e:62:56:2a:8c:
                    4b:af:87:57:fa:be:37:73:a3:62:77:7e:f3:6c:1e:
                    80:84:19:22:b2:87:a2:e5:59:8e:75:ce:09:17:5e:
                    e2:98:df:59:58:9f:cd:42:8b:c0:83:73:6b:12:8d:
                    c3:b1:1f:99:12:d2:ab:5d:64:01:c4:32:13:38:69:
                    c4:39:a6:6f:ba:38:4b:90:94:30:c8:cb:15:bb:e2:
                    db:72:4c:ca:c3:33:97:01:c2:4a:f1:20:66:de:9f:
                    d3:c6:bd:42:55:dd:d5:81:df:31:3f:77:67:b0:ad:
                    93:66:9a:26:d4:2d:18:77:66:11:2d:40:2f:06:6f:
                    9d:90:4a:74:47:b3:3a:7f:6d:10:37:22:85:80:31:
                    66:2f:5d:25:ca:74:db:30:f9:54:bc:8c:26:88:f9:
                    22:b0:89:4f:97:f0:3d:1c:2f:1e:ac:0c:eb:c8:8b:
                    57:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:CF:AB:B0:85:A9:FE:A7:B7:97:AA:C2:A1:0B:2E:39:6D:6A:2F:EB
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/es-rsIWp_qe3l6rCoQsuOW1qL-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:e7:9c:d4:ed:50:f8:df:b6:53:e2:47:ed:7e:d1:76:55:64:
         9a:72:59:ec:11:e0:09:91:d2:eb:39:90:cd:b6:24:39:63:02:
         f0:50:34:9e:f1:2c:9f:7c:15:80:85:f6:2f:6b:90:66:a3:cb:
         5f:c8:35:24:fe:19:f0:a5:4f:01:45:b7:55:1f:01:89:9a:7d:
         57:cb:91:f0:a6:43:88:b6:3c:dc:09:7d:3e:b6:e4:90:eb:b5:
         c1:1f:8b:09:ab:b7:41:4c:a4:87:f7:85:52:e8:38:68:72:ac:
         bb:5d:6c:33:9b:5c:60:dd:f3:ba:f2:91:7e:9b:c7:d5:5d:c5:
         c1:c7:79:52:7f:b8:77:10:e7:48:23:18:5a:a3:19:68:08:ed:
         df:68:b6:6d:96:b0:5f:48:a8:46:4a:f6:1b:a1:5a:9e:5a:91:
         cf:b4:8c:e3:ed:6d:3c:bf:76:5d:48:da:e0:e1:7a:0e:a0:d1:
         94:79:2a:9d:b9:cd:bd:48:df:f4:22:79:64:8e:54:a4:6a:fb:
         e5:14:ed:2b:11:13:89:49:b1:af:a9:17:92:ba:54:26:c1:87:
         1b:54:bf:81:62:e8:70:01:a0:d0:58:b8:2a:3e:ea:89:a5:88:
         94:f1:f6:c5:1a:50:50:06:e4:e9:fe:22:61:39:79:6e:5c:88:
         89:5b:2e:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3aVhxxnVG5ku5n/Xv9RXu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNDI5MTc0MjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWNmYWJiMDg1YTlmZWE3Yjc5N2FhYzJhMTBiMmUzOTZkNmEyZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjg7cwGsayUeUNIatd6SX2+g0fcc
uLGp9/P4wzFi/mel7hfz2WGDoJ1Zu+WKvwMwPCQGUEdh6YUiCLP/3Hn983SV/oMW
zGOIuErU5LOJvSyXFqUafmJWKoxLr4dX+r43c6Nid37zbB6AhBkisoei5VmOdc4J
F17imN9ZWJ/NQovAg3NrEo3DsR+ZEtKrXWQBxDITOGnEOaZvujhLkJQwyMsVu+Lb
ckzKwzOXAcJK8SBm3p/Txr1CVd3Vgd8xP3dnsK2TZpom1C0Yd2YRLUAvBm+dkEp0
R7M6f20QNyKFgDFmL10lynTbMPlUvIwmiPkisIlPl/A9HC8erAzryItXbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrPq7CFqf6nt5eqwqELLjltai/rMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZXMtcnNJV3BfcWUzbDZyQ29Rc3VPVzFxTC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudoXMA0G
CSqGSIb3DQEBCwUAA4IBAQCz55zU7VD437ZT4kftftF2VWSaclnsEeAJkdLrOZDN
tiQ5YwLwUDSe8SyffBWAhfYva5Bmo8tfyDUk/hnwpU8BRbdVHwGJmn1Xy5HwpkOI
tjzcCX0+tuSQ67XBH4sJq7dBTKSH94VS6Dhocqy7XWwzm1xg3fO68pF+m8fVXcXB
x3lSf7h3EOdIIxhaoxloCO3faLZtlrBfSKhGSvYboVqeWpHPtIzj7W08v3ZdSNrg
4XoOoNGUeSqduc29SN/0InlkjlSkavvlFO0rEROJSbGvqReSulQmwYcbVL+BYuhw
AaDQWLgqPuqJpYiU8fbFGlBQBuTp/iJhOXluXIiJWy7B
-----END CERTIFICATE-----