Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/7caf72-f042-4ef8-8339-eb360c418e53/1/mtFg9dPPtnwsI_EE-_kCeNmzQj4.roa
File:                     mtFg9dPPtnwsI_EE-_kCeNmzQj4.roa (raw, json)
Hash identifier:          f4LSSvZ6n6eIi+W5zEhdojG9D8Eyn4TFAykK5EjC2a0=
Subject key identifier:   9A:D1:60:F5:D3:CF:B6:7C:2C:23:F1:04:FB:F9:02:78:D9:B3:42:3E
Certificate issuer:       /CN=2b388cd8125687c296c005e3fc7582f0d2d5f430
Certificate serial:       019E3F03D79AA58CAA2B62A4DB7016012806
Authority key identifier: 2B:38:8C:D8:12:56:87:C2:96:C0:05:E3:FC:75:82:F0:D2:D5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KziM2BJWh8KWwAXj_HWC8NLV9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/7caf72-f042-4ef8-8339-eb360c418e53/1/mtFg9dPPtnwsI_EE-_kCeNmzQj4.roa
Signing time:             Tue 19 May 2026 06:54:36 +0000
ROA not before:           Tue 19 May 2026 06:54:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33965
IP address blocks:        195.225.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/7caf72-f042-4ef8-8339-eb360c418e53/1/KziM2BJWh8KWwAXj_HWC8NLV9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/7caf72-f042-4ef8-8339-eb360c418e53/1/KziM2BJWh8KWwAXj_HWC8NLV9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KziM2BJWh8KWwAXj_HWC8NLV9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:03:d7:9a:a5:8c:aa:2b:62:a4:db:70:16:01:28:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b388cd8125687c296c005e3fc7582f0d2d5f430
        Validity
            Not Before: May 19 06:54:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ad160f5d3cfb67c2c23f104fbf90278d9b3423e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3d:59:ab:99:15:11:ec:33:23:7c:2f:51:c6:
                    b4:71:fb:39:9f:1d:e9:dc:5e:f5:45:e6:48:00:7e:
                    ea:24:35:73:d6:2a:8c:71:0e:f9:3b:0c:fe:56:35:
                    59:3a:3e:5a:a0:90:db:f8:45:4e:6d:36:6d:40:c1:
                    1e:57:4d:aa:a0:d2:f1:92:cd:58:41:2c:4e:e5:72:
                    65:89:64:3a:99:29:c4:ac:f1:c5:b2:79:43:01:71:
                    36:8a:b1:bf:c5:69:0c:60:35:8f:82:35:e0:79:50:
                    37:6a:9a:03:93:df:46:de:77:84:81:fa:2e:45:94:
                    8d:a3:87:69:21:5c:a5:f1:bd:8d:61:65:12:ac:e6:
                    14:2f:36:63:ce:ea:86:8f:8a:d4:29:c8:c0:8d:b0:
                    b7:99:44:d4:55:e1:d1:8e:0d:d6:c0:34:3f:c6:32:
                    d7:92:86:0a:6b:4f:20:ee:b5:1d:ca:90:e0:33:3c:
                    3d:7b:8d:47:66:97:b9:df:c5:2f:4a:9d:68:3e:20:
                    f1:fa:60:62:45:d7:8e:55:70:6b:dd:bc:5d:65:31:
                    00:1d:53:85:86:da:65:65:a5:16:d7:bc:82:e7:2c:
                    d6:5e:0f:47:8e:d8:dc:44:e7:7b:6b:a9:46:c1:56:
                    fb:35:97:88:d7:b0:a9:fa:90:46:30:c2:af:2c:40:
                    fb:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D1:60:F5:D3:CF:B6:7C:2C:23:F1:04:FB:F9:02:78:D9:B3:42:3E
            X509v3 Authority Key Identifier:
                keyid:2B:38:8C:D8:12:56:87:C2:96:C0:05:E3:FC:75:82:F0:D2:D5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KziM2BJWh8KWwAXj_HWC8NLV9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/7caf72-f042-4ef8-8339-eb360c418e53/1/mtFg9dPPtnwsI_EE-_kCeNmzQj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/7caf72-f042-4ef8-8339-eb360c418e53/1/KziM2BJWh8KWwAXj_HWC8NLV9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:2b:ad:d7:95:81:35:45:fb:b3:7f:e7:ba:d4:49:94:fc:65:
         dc:d4:2e:82:da:28:ac:2a:83:db:09:06:5d:ee:9a:a9:1f:1c:
         a5:4e:b2:6a:3d:ec:d0:f1:14:f4:d1:90:ad:94:5f:b3:6f:75:
         8e:51:cf:6b:96:db:68:54:de:da:4c:19:fb:68:d1:fa:0a:dc:
         30:9f:00:74:91:c2:62:1d:68:38:d6:88:25:19:c9:6b:e1:45:
         ac:88:5c:08:3d:c9:b3:96:ef:14:70:8a:87:de:11:0b:36:cd:
         82:0a:77:ff:ab:31:5e:d2:eb:97:31:83:a1:b5:a1:3c:e8:a3:
         bc:10:a5:91:83:b3:32:5a:72:2b:d8:c2:6c:6b:b1:7f:77:d6:
         ae:35:51:a0:4a:d0:84:15:c8:e4:81:77:61:b7:94:9f:a8:4b:
         de:5b:bd:21:e8:37:c4:1e:53:b1:26:43:4b:77:2c:61:dd:45:
         24:c6:2c:29:5e:98:15:f6:7d:a5:b1:31:30:ea:e4:78:8c:e2:
         87:04:de:dc:2d:c0:b5:d1:cc:b5:06:85:a6:27:d8:07:97:3c:
         d0:7b:c3:f5:ad:4b:d5:a6:96:86:bf:f5:98:85:96:8f:92:03:
         3b:9b:cd:7d:6e:d9:4f:a4:48:ef:7a:88:0c:9d:be:6e:ba:8f:
         cb:4b:7b:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4/A9eapYyqK2Kk23AWASgGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMzg4Y2Q4MTI1Njg3YzI5NmMwMDVlM2ZjNzU4MmYwZDJk
NWY0MzAwHhcNMjYwNTE5MDY1NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWQxNjBmNWQzY2ZiNjdjMmMyM2YxMDRmYmY5MDI3OGQ5YjM0MjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD1Zq5kVEewzI3wvUca0cfs5nx3p
3F71ReZIAH7qJDVz1iqMcQ75Owz+VjVZOj5aoJDb+EVObTZtQMEeV02qoNLxks1Y
QSxO5XJliWQ6mSnErPHFsnlDAXE2irG/xWkMYDWPgjXgeVA3apoDk99G3neEgfou
RZSNo4dpIVyl8b2NYWUSrOYULzZjzuqGj4rUKcjAjbC3mUTUVeHRjg3WwDQ/xjLX
koYKa08g7rUdypDgMzw9e41HZpe538UvSp1oPiDx+mBiRdeOVXBr3bxdZTEAHVOF
htplZaUW17yC5yzWXg9HjtjcROd7a6lGwVb7NZeI17Cp+pBGMMKvLED7cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrRYPXTz7Z8LCPxBPv5AnjZs0I+MB8GA1UdIwQY
MBaAFCs4jNgSVofClsAF4/x1gvDS1fQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3ppTTJCSldoOEtXd0FYal9IV0M4TkxWOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS83Y2FmNzItZjA0Mi00ZWY4LTgzMzkt
ZWIzNjBjNDE4ZTUzLzEvbXRGZzlkUFB0bndzSV9FRS1fa0NlTm16UWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS83Y2FmNzItZjA0Mi00ZWY4LTgzMzktZWIzNjBjNDE4ZTUz
LzEvS3ppTTJCSldoOEtXd0FYal9IV0M4TkxWOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+E9MA0G
CSqGSIb3DQEBCwUAA4IBAQCCK63XlYE1Rfuzf+e61EmU/GXc1C6C2iisKoPbCQZd
7pqpHxylTrJqPezQ8RT00ZCtlF+zb3WOUc9rlttoVN7aTBn7aNH6CtwwnwB0kcJi
HWg41oglGclr4UWsiFwIPcmzlu8UcIqH3hELNs2CCnf/qzFe0uuXMYOhtaE86KO8
EKWRg7MyWnIr2MJsa7F/d9auNVGgStCEFcjkgXdht5SfqEveW70h6DfEHlOxJkNL
dyxh3UUkxiwpXpgV9n2lsTEw6uR4jOKHBN7cLcC10cy1BoWmJ9gHlzzQe8P1rUvV
ppaGv/WYhZaPkgM7m819btlPpEjveogMnb5uuo/LS3sw
-----END CERTIFICATE-----