Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/_ur3uitsviquunFMN83zPAgrnB4.roa
File:                     _ur3uitsviquunFMN83zPAgrnB4.roa (raw, json)
Hash identifier:          z1NcTTDzFLo0n0ez40IQlRum5j37MYRurzzwJ7dxsdw=
Subject key identifier:   FE:EA:F7:BA:2B:6C:BE:2A:AE:BA:71:4C:37:CD:F3:3C:08:2B:9C:1E
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019CBA7EA16F873C272D1D65E5E289C750AB
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/_ur3uitsviquunFMN83zPAgrnB4.roa
Signing time:             Wed 04 Mar 2026 20:16:26 +0000
ROA not before:           Wed 04 Mar 2026 20:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        193.151.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ba:7e:a1:6f:87:3c:27:2d:1d:65:e5:e2:89:c7:50:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Mar  4 20:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=feeaf7ba2b6cbe2aaeba714c37cdf33c082b9c1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:38:25:4e:02:56:c2:a4:a3:d1:4c:9b:4c:a3:
                    4b:cc:3b:45:7c:eb:be:17:5c:44:d7:6b:cb:0e:c5:
                    b5:5a:be:b5:39:22:34:68:1e:b8:74:d0:f9:1e:bb:
                    fe:09:ea:cd:54:07:36:e2:c8:fa:e4:cd:bd:12:ae:
                    43:c5:61:7c:d7:ea:8c:cc:3c:a1:a0:d3:d7:1d:24:
                    fa:77:20:57:23:66:be:5b:5d:76:4c:d0:70:2d:c6:
                    4e:28:a3:0a:05:8e:1c:ce:0b:ac:5b:6f:63:5a:5a:
                    25:12:fc:cb:26:2f:d8:9a:fe:bd:20:e8:04:41:ea:
                    bc:c9:1b:1b:55:ba:ed:72:94:78:11:7f:1e:ba:0f:
                    99:d0:12:d3:10:78:90:ae:c9:e3:6e:23:ef:40:06:
                    7e:7c:2a:d8:e5:fe:d7:1e:b3:95:76:61:f7:d1:66:
                    09:a6:f1:53:24:d7:bf:6a:aa:ef:49:c5:f0:33:24:
                    8e:75:62:17:d9:ee:ce:99:21:e5:6f:b4:33:3b:9f:
                    4b:d5:c7:4a:64:1d:23:3b:6b:59:37:4b:f6:4d:db:
                    ce:84:c9:0e:03:af:ee:37:b9:14:95:1d:35:ef:f9:
                    43:2e:72:24:9f:a4:4c:a1:28:63:04:13:60:35:e7:
                    d0:cc:7e:f6:a7:e5:02:14:fb:19:bf:3c:cf:62:2f:
                    01:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:EA:F7:BA:2B:6C:BE:2A:AE:BA:71:4C:37:CD:F3:3C:08:2B:9C:1E
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/_ur3uitsviquunFMN83zPAgrnB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:d1:15:31:9c:3d:71:f4:12:1e:b5:bf:eb:6c:c8:8a:f5:fe:
         81:57:9a:d9:02:9f:bd:a0:07:70:bf:ae:9e:8a:5e:46:cc:90:
         82:e6:db:76:e4:e0:c9:f4:77:65:3d:76:c6:99:ca:2f:15:99:
         a0:d8:bd:c9:3a:94:bc:45:67:1f:10:66:b3:6d:6a:3d:5d:df:
         40:63:9b:7c:fd:82:b7:8b:fd:df:6d:02:95:7c:9d:5e:ba:39:
         66:44:80:dd:6f:96:f3:0e:7d:95:4f:0d:0c:3e:d2:e9:53:10:
         de:28:30:26:46:e9:52:39:cd:b1:be:ca:0f:82:e9:3d:19:9d:
         65:21:22:b3:cd:fb:f8:f7:92:f6:55:85:01:d0:c8:95:ee:df:
         9a:76:d5:68:14:55:d8:70:2c:a5:a1:3a:fb:bb:20:f9:d1:cb:
         5b:f6:b6:74:90:7e:be:06:2c:40:07:6d:61:4c:b6:5e:be:cc:
         8b:28:3a:93:e5:66:04:6f:15:64:49:75:12:91:44:93:d5:3c:
         2e:f5:a5:fe:87:f8:c6:46:51:32:52:d8:ad:d6:cf:70:24:9f:
         5f:f1:00:d8:58:67:fe:a6:db:e0:75:43:d3:71:e3:98:0f:13:
         74:77:90:b5:a8:5e:56:e5:59:ed:40:2f:34:41:49:61:46:62:
         02:da:28:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy6fqFvhzwnLR1l5eKJx1CrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMzA0MjAxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWVhZjdiYTJiNmNiZTJhYWViYTcxNGMzN2NkZjMzYzA4MmI5YzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDglTgJWwqSj0UybTKNLzDtFfOu+
F1xE12vLDsW1Wr61OSI0aB64dND5Hrv+CerNVAc24sj65M29Eq5DxWF81+qMzDyh
oNPXHST6dyBXI2a+W112TNBwLcZOKKMKBY4czgusW29jWlolEvzLJi/Ymv69IOgE
Qeq8yRsbVbrtcpR4EX8eug+Z0BLTEHiQrsnjbiPvQAZ+fCrY5f7XHrOVdmH30WYJ
pvFTJNe/aqrvScXwMySOdWIX2e7OmSHlb7QzO59L1cdKZB0jO2tZN0v2TdvOhMkO
A6/uN7kUlR017/lDLnIkn6RMoShjBBNgNefQzH72p+UCFPsZvzzPYi8BJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7q97orbL4qrrpxTDfN8zwIK5weMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvX3VyM3VpdHN2aXF1dW5GTU44M3pQQWdybkI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZemMA0G
CSqGSIb3DQEBCwUAA4IBAQBV0RUxnD1x9BIetb/rbMiK9f6BV5rZAp+9oAdwv66e
il5GzJCC5tt25ODJ9HdlPXbGmcovFZmg2L3JOpS8RWcfEGazbWo9Xd9AY5t8/YK3
i/3fbQKVfJ1eujlmRIDdb5bzDn2VTw0MPtLpUxDeKDAmRulSOc2xvsoPguk9GZ1l
ISKzzfv495L2VYUB0MiV7t+adtVoFFXYcCyloTr7uyD50ctb9rZ0kH6+BixAB21h
TLZevsyLKDqT5WYEbxVkSXUSkUST1Twu9aX+h/jGRlEyUtit1s9wJJ9f8QDYWGf+
ptvgdUPTceOYDxN0d5C1qF5W5VntQC80QUlhRmIC2iiM
-----END CERTIFICATE-----