Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/c3qNueiGWk4Qn-ykN_QlCOGM37o.roa
File:                     c3qNueiGWk4Qn-ykN_QlCOGM37o.roa (raw, json)
Hash identifier:          wnA6SEQc4U9MNJjFtGtJmJio/YAYcn579hZtE+0vJ/k=
Subject key identifier:   73:7A:8D:B9:E8:86:5A:4E:10:9F:EC:A4:37:F4:25:08:E1:8C:DF:BA
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019E3F8A6CF09B01BCB6A29FF09CC42A8441
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/c3qNueiGWk4Qn-ykN_QlCOGM37o.roa
Signing time:             Tue 19 May 2026 09:21:36 +0000
ROA not before:           Tue 19 May 2026 09:21:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198105
IP address blocks:        89.28.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:8a:6c:f0:9b:01:bc:b6:a2:9f:f0:9c:c4:2a:84:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: May 19 09:21:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=737a8db9e8865a4e109feca437f42508e18cdfba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3a:fb:f6:57:63:ee:10:e7:d2:8b:00:d4:27:
                    53:31:b7:b0:4f:24:39:fe:69:f0:53:71:46:48:51:
                    cf:0c:ef:59:0f:95:cd:16:4a:29:53:cb:84:84:be:
                    aa:0f:72:45:6b:92:ee:ab:f2:4e:c4:ae:71:5f:3b:
                    92:c0:20:8a:26:38:6e:3f:e9:16:1a:ca:49:92:c5:
                    8d:03:14:5b:36:e6:4c:c5:14:7f:4f:e8:4d:92:2d:
                    61:f4:0a:2b:7a:73:69:34:2b:e7:3f:20:8a:44:05:
                    40:81:41:be:01:65:90:e6:01:b3:b5:30:58:5c:32:
                    dc:02:ff:a1:52:b5:89:72:1d:ab:6d:7d:3a:3d:51:
                    58:3b:36:b2:09:da:df:31:72:d1:bb:3a:da:f6:e2:
                    f7:10:33:94:eb:e1:5b:cf:6e:c3:47:22:91:52:39:
                    e0:9c:14:75:9f:38:b3:49:7f:87:c0:03:f0:d2:68:
                    1a:70:fc:2e:1f:10:a4:55:8d:bf:8d:a0:b8:70:b7:
                    c5:ec:ea:e9:f0:fe:3e:59:33:6c:af:ea:ed:db:02:
                    17:38:b4:7a:84:fa:bd:eb:7d:44:8f:3d:a5:41:cc:
                    be:e4:40:fb:db:fb:9f:d2:c1:7a:f8:3e:53:96:6a:
                    72:45:e0:6c:3a:39:dd:6e:c4:5e:ae:5b:16:d6:13:
                    c1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:7A:8D:B9:E8:86:5A:4E:10:9F:EC:A4:37:F4:25:08:E1:8C:DF:BA
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/c3qNueiGWk4Qn-ykN_QlCOGM37o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:4c:3e:2e:ea:e9:ba:4c:c2:f5:cc:7f:b5:19:96:e5:be:89:
         78:73:1b:73:e9:09:ea:2d:cf:8f:8a:02:0a:eb:73:e6:49:6f:
         3a:28:02:21:ac:a2:94:20:28:07:6c:74:25:89:1a:ff:66:4b:
         e6:cd:4c:30:65:3a:ce:1d:f1:fd:ae:64:ca:e2:2a:fe:03:23:
         18:6d:d1:a6:71:d9:90:99:1e:b3:21:cf:ef:d5:cb:ca:7e:5f:
         05:8e:96:5e:29:0a:1e:ba:b6:1b:18:2d:c5:85:69:33:f2:13:
         96:2a:d4:c8:96:77:46:54:b8:1a:05:85:a6:2c:72:95:d0:b7:
         bd:79:ca:73:21:f0:f4:dd:92:35:44:17:fc:b0:b6:ab:5f:48:
         01:a8:f6:50:da:17:19:f8:12:8a:3f:b6:ac:89:1f:a1:c7:99:
         38:b7:de:4f:40:f9:e7:25:95:2c:47:0b:c0:5b:5c:84:1e:c6:
         aa:a3:fb:87:86:4d:74:81:f9:e4:59:72:09:aa:1b:68:bc:66:
         21:ed:ba:8c:db:6f:30:2b:22:71:38:34:61:03:57:c4:94:ca:
         e2:11:ca:c3:12:33:19:c7:22:99:ad:75:be:b9:f3:7f:ca:3d:
         6d:e7:8a:c1:47:5b:b4:de:f3:0c:6a:36:5f:97:f9:1e:5b:45:
         62:d0:17:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4/imzwmwG8tqKf8JzEKoRBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwNTE5MDkyMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzdhOGRiOWU4ODY1YTRlMTA5ZmVjYTQzN2Y0MjUwOGUxOGNkZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzr79ldj7hDn0osA1CdTMbewTyQ5
/mnwU3FGSFHPDO9ZD5XNFkopU8uEhL6qD3JFa5Luq/JOxK5xXzuSwCCKJjhuP+kW
GspJksWNAxRbNuZMxRR/T+hNki1h9AorenNpNCvnPyCKRAVAgUG+AWWQ5gGztTBY
XDLcAv+hUrWJch2rbX06PVFYOzayCdrfMXLRuzra9uL3EDOU6+Fbz27DRyKRUjng
nBR1nzizSX+HwAPw0mgacPwuHxCkVY2/jaC4cLfF7Orp8P4+WTNsr+rt2wIXOLR6
hPq9631Ejz2lQcy+5ED72/uf0sF6+D5TlmpyReBsOjndbsRerlsW1hPB7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHN6jbnohlpOEJ/spDf0JQjhjN+6MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvYzNxTnVlaUdXazRRbi15a05fUWxDT0dNMzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzIMA0G
CSqGSIb3DQEBCwUAA4IBAQCoTD4u6um6TML1zH+1GZblvol4cxtz6QnqLc+PigIK
63PmSW86KAIhrKKUICgHbHQliRr/ZkvmzUwwZTrOHfH9rmTK4ir+AyMYbdGmcdmQ
mR6zIc/v1cvKfl8FjpZeKQoeurYbGC3FhWkz8hOWKtTIlndGVLgaBYWmLHKV0Le9
ecpzIfD03ZI1RBf8sLarX0gBqPZQ2hcZ+BKKP7asiR+hx5k4t95PQPnnJZUsRwvA
W1yEHsaqo/uHhk10gfnkWXIJqhtovGYh7bqM228wKyJxODRhA1fElMriEcrDEjMZ
xyKZrXW+ufN/yj1t54rBR1u03vMMajZfl/keW0Vi0Bdc
-----END CERTIFICATE-----