Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/D_lqPGCAfQIxwRUFIu7C7XpVC68.roa
File:                     D_lqPGCAfQIxwRUFIu7C7XpVC68.roa (raw, json)
Hash identifier:          JS7E6PPyvkuX5c0+AiIP7hEyiGWPXEMRuUHh0FX9Bso=
Subject key identifier:   0F:F9:6A:3C:60:80:7D:02:31:C1:15:05:22:EE:C2:ED:7A:55:0B:AF
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019E5E7CD6A858967FB4F33B5ACD36428EA5
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/D_lqPGCAfQIxwRUFIu7C7XpVC68.roa
Signing time:             Mon 25 May 2026 09:34:59 +0000
ROA not before:           Mon 25 May 2026 09:34:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402548
IP address blocks:        89.28.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 14:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:7c:d6:a8:58:96:7f:b4:f3:3b:5a:cd:36:42:8e:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: May 25 09:34:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ff96a3c60807d0231c1150522eec2ed7a550baf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:43:94:31:89:e0:c2:6a:bf:a1:eb:3b:d4:1f:
                    f4:78:19:f7:85:d4:87:ac:28:6e:f4:cd:a4:1c:c5:
                    82:b0:31:8a:86:12:25:b5:4f:48:9c:57:fb:bb:ed:
                    46:c5:7d:cf:78:7d:e9:7e:09:13:bc:24:ed:85:0d:
                    08:70:72:8d:3c:be:7a:1f:e0:97:e5:80:2a:bf:88:
                    64:41:b0:14:b6:e0:8d:7b:3e:a6:90:16:27:cb:d2:
                    4c:02:3a:c9:6f:5e:02:7e:c8:08:37:62:8c:80:30:
                    3e:43:a8:04:72:b3:36:8d:3f:6b:23:6d:ee:bd:ab:
                    77:21:f4:64:c3:6f:9f:a6:1a:de:07:f9:bf:1f:af:
                    89:05:9a:e3:0a:69:e6:3f:5b:11:4b:c2:01:9a:36:
                    51:b9:a1:b6:70:04:40:3d:a8:8b:b9:ad:f4:93:af:
                    ed:b8:33:3f:a9:da:fe:08:ae:62:dc:d9:43:2e:42:
                    7d:e1:02:e9:a6:57:88:e7:a6:ca:8c:b2:6e:ca:3e:
                    52:43:05:82:7e:e4:b6:d9:70:22:e1:17:c8:1b:8d:
                    ec:52:68:bb:0a:de:38:c6:0a:63:d5:e1:33:06:63:
                    43:a9:27:d0:85:99:36:5f:90:57:ca:50:d0:e4:3c:
                    e1:55:e9:b8:b3:0e:f0:24:08:8d:34:a3:3b:cd:a4:
                    61:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F9:6A:3C:60:80:7D:02:31:C1:15:05:22:EE:C2:ED:7A:55:0B:AF
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/D_lqPGCAfQIxwRUFIu7C7XpVC68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:c2:54:b6:cc:4a:cc:e5:f3:99:58:c0:d0:0c:03:e5:72:15:
         5e:07:70:da:4c:b1:32:94:fc:c5:33:9b:30:19:79:d3:e3:ea:
         99:ed:b2:ce:87:b9:7b:27:45:99:5f:c1:8f:a3:26:a3:96:ef:
         83:38:be:ed:2a:5d:e8:0b:72:9c:4d:74:1d:b5:d0:a7:f0:f5:
         3c:cd:2b:15:7c:0c:ba:a4:d3:67:00:4d:c5:0f:ef:2b:39:a8:
         d7:36:65:5a:49:8d:24:2b:12:11:6d:46:5a:23:7f:38:ab:d2:
         62:67:20:bf:21:fc:3d:65:80:a0:2d:03:ee:fb:9b:ec:51:21:
         dc:67:3e:54:34:62:3a:fa:8b:5f:0b:aa:5b:3a:66:2d:10:6b:
         a8:82:d2:65:9c:a9:dd:26:c6:d3:59:13:dc:40:01:24:9c:75:
         2c:3e:d1:32:c3:44:d5:e3:ce:00:56:f1:51:81:5b:c1:8f:49:
         c7:18:02:78:2b:ab:d7:37:42:84:bf:e2:6d:4b:aa:3d:de:a2:
         d9:3f:14:b0:21:a6:6d:7a:44:25:bd:1d:91:b0:48:47:c5:02:
         d6:80:d5:45:84:81:7d:39:f9:fd:87:37:16:c6:92:99:3b:80:
         c2:1c:a4:7d:84:1f:b9:6a:2c:ac:18:9e:dd:86:99:12:dd:87:
         64:73:b6:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5efNaoWJZ/tPM7Ws02Qo6lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwNTI1MDkzNDU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmY5NmEzYzYwODA3ZDAyMzFjMTE1MDUyMmVlYzJlZDdhNTUwYmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kOUMYngwmq/oes71B/0eBn3hdSH
rChu9M2kHMWCsDGKhhIltU9InFf7u+1GxX3PeH3pfgkTvCTthQ0IcHKNPL56H+CX
5YAqv4hkQbAUtuCNez6mkBYny9JMAjrJb14CfsgIN2KMgDA+Q6gEcrM2jT9rI23u
vat3IfRkw2+fphreB/m/H6+JBZrjCmnmP1sRS8IBmjZRuaG2cARAPaiLua30k6/t
uDM/qdr+CK5i3NlDLkJ94QLppleI56bKjLJuyj5SQwWCfuS22XAi4RfIG43sUmi7
Ct44xgpj1eEzBmNDqSfQhZk2X5BXylDQ5DzhVem4sw7wJAiNNKM7zaRh7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/5ajxggH0CMcEVBSLuwu16VQuvMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvRF9scVBHQ0FmUUl4d1JVRkl1N0M3WHBWQzY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzNMA0G
CSqGSIb3DQEBCwUAA4IBAQBkwlS2zErM5fOZWMDQDAPlchVeB3DaTLEylPzFM5sw
GXnT4+qZ7bLOh7l7J0WZX8GPoyajlu+DOL7tKl3oC3KcTXQdtdCn8PU8zSsVfAy6
pNNnAE3FD+8rOajXNmVaSY0kKxIRbUZaI384q9JiZyC/Ifw9ZYCgLQPu+5vsUSHc
Zz5UNGI6+otfC6pbOmYtEGuogtJlnKndJsbTWRPcQAEknHUsPtEyw0TV484AVvFR
gVvBj0nHGAJ4K6vXN0KEv+JtS6o93qLZPxSwIaZtekQlvR2RsEhHxQLWgNVFhIF9
Ofn9hzcWxpKZO4DCHKR9hB+5aiysGJ7dhpkS3Ydkc7ZO
-----END CERTIFICATE-----