Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/0NGRt_-wL10As6fN0JAECMAnU3g.roa
File:                     0NGRt_-wL10As6fN0JAECMAnU3g.roa (raw, json)
Hash identifier:          iB4Xb4M81ZTKtCNbxAwtrwauvs56/rZBk2N6iikapKI=
Subject key identifier:   D0:D1:91:B7:FF:B0:2F:5D:00:B3:A7:CD:D0:90:04:08:C0:27:53:78
Certificate issuer:       /CN=b1cdc26d44eaf85654481e9581043e14887765b4
Certificate serial:       019E25A08312B0207D03C3F029983C1E6A4B
Authority key identifier: B1:CD:C2:6D:44:EA:F8:56:54:48:1E:95:81:04:3E:14:88:77:65:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/0NGRt_-wL10As6fN0JAECMAnU3g.roa
Signing time:             Thu 14 May 2026 08:35:36 +0000
ROA not before:           Thu 14 May 2026 08:35:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215185
IP address blocks:        45.140.181.0/24 maxlen: 24
                          151.216.192.0/18 maxlen: 18
                          2a0e:c5c1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:25:a0:83:12:b0:20:7d:03:c3:f0:29:98:3c:1e:6a:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1cdc26d44eaf85654481e9581043e14887765b4
        Validity
            Not Before: May 14 08:35:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0d191b7ffb02f5d00b3a7cdd0900408c0275378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:14:1e:78:82:d1:3c:f6:0f:3a:64:a8:b8:3a:
                    d5:c2:5e:fa:a3:22:6e:b3:22:1b:f9:5c:19:89:d2:
                    87:6e:11:bc:e3:2e:43:33:a7:ec:93:77:2c:ae:99:
                    84:1c:57:7b:55:ce:44:3b:28:eb:6e:62:33:bf:5a:
                    90:15:1d:79:6a:d6:17:cd:f6:98:d0:02:26:41:2f:
                    2d:7c:3e:91:4f:06:a9:16:73:10:8d:ec:ab:0f:88:
                    50:65:ca:9a:4f:1e:3c:49:24:33:bd:8e:2e:9c:da:
                    16:52:95:a5:76:c1:84:a3:90:f0:89:52:fb:60:05:
                    f1:8c:19:67:a7:aa:61:81:af:8b:cf:33:19:94:5d:
                    7f:8a:6c:b5:fd:59:a4:cb:07:5d:c4:a0:f2:77:55:
                    82:20:91:1d:3d:31:cc:4c:e4:31:2c:1b:bf:d1:74:
                    9a:ec:5e:9d:fa:e8:27:e2:30:15:fd:fa:34:b2:73:
                    ed:47:d7:c9:a0:21:aa:83:0b:8b:f1:2e:1d:ca:cd:
                    6e:df:33:0e:32:78:e6:e6:b5:79:04:86:29:a3:48:
                    9e:36:ee:2e:ab:6e:a7:14:0a:18:dd:79:3e:25:4f:
                    ee:94:ba:e4:6b:1a:ad:57:d2:9b:f4:1f:45:12:c0:
                    4f:9f:8f:aa:c8:2c:89:8f:f5:47:40:ce:04:98:d2:
                    f9:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D1:91:B7:FF:B0:2F:5D:00:B3:A7:CD:D0:90:04:08:C0:27:53:78
            X509v3 Authority Key Identifier:
                keyid:B1:CD:C2:6D:44:EA:F8:56:54:48:1E:95:81:04:3E:14:88:77:65:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/0NGRt_-wL10As6fN0JAECMAnU3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.181.0/24
                  151.216.192.0/18
                IPv6:
                  2a0e:c5c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:41:50:88:77:34:28:c2:23:1a:3a:6e:51:3d:92:af:7f:f8:
         e4:5e:e2:a5:85:af:c4:f0:0c:1b:05:18:eb:ee:68:1c:88:bd:
         49:f5:60:8d:f7:ea:ba:8e:de:f4:21:36:74:b4:6d:a2:09:ae:
         d8:80:3c:99:d0:80:2f:63:d9:04:bc:73:d9:8f:d9:d4:92:16:
         39:af:c5:97:92:b3:99:de:bf:00:17:97:4a:fd:93:51:a6:a2:
         18:8d:6f:3e:1a:13:27:81:65:b2:86:c7:1a:31:cd:5c:5c:45:
         d6:19:da:c3:2b:30:2c:41:0f:41:b9:b6:81:a1:c5:bf:73:bc:
         a9:91:94:f0:81:3d:d3:fe:eb:37:70:f6:68:db:ce:3c:19:c3:
         ea:9a:61:b2:19:95:04:69:76:f6:62:1a:f0:db:9b:f1:16:96:
         32:a7:bc:86:92:47:db:ed:fc:dd:d1:58:47:e1:84:5d:61:fd:
         10:81:fb:1b:0b:b7:fb:8a:4d:de:13:42:a1:ed:27:6e:db:12:
         62:f9:e6:31:e3:e6:57:bc:24:d5:d6:1d:ea:bc:70:79:3d:37:
         84:5b:75:17:61:78:2d:e6:80:6f:b5:ff:de:91:45:4d:2e:d5:
         9f:d1:cb:c1:8c:86:34:db:b2:09:e4:92:48:79:9f:76:f1:18:
         e3:3a:88:9e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ4loIMSsCB9A8PwKZg8HmpLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxY2RjMjZkNDRlYWY4NTY1NDQ4MWU5NTgxMDQzZTE0ODg3
NzY1YjQwHhcNMjYwNTE0MDgzNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQxOTFiN2ZmYjAyZjVkMDBiM2E3Y2RkMDkwMDQwOGMwMjc1Mzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRQeeILRPPYPOmSouDrVwl76oyJu
syIb+VwZidKHbhG84y5DM6fsk3csrpmEHFd7Vc5EOyjrbmIzv1qQFR15atYXzfaY
0AImQS8tfD6RTwapFnMQjeyrD4hQZcqaTx48SSQzvY4unNoWUpWldsGEo5DwiVL7
YAXxjBlnp6phga+LzzMZlF1/imy1/VmkywddxKDyd1WCIJEdPTHMTOQxLBu/0XSa
7F6d+ugn4jAV/fo0snPtR9fJoCGqgwuL8S4dys1u3zMOMnjm5rV5BIYpo0ieNu4u
q26nFAoY3Xk+JU/ulLrkaxqtV9Kb9B9FEsBPn4+qyCyJj/VHQM4EmNL5rQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFNDRkbf/sC9dALOnzdCQBAjAJ1N4MB8GA1UdIwQY
MBaAFLHNwm1E6vhWVEgelYEEPhSId2W0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2MzQ2JVVHEtRlpVU0I2VmdRUS1GSWgzWmJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9hYWFkYWMtNDgwOS00OTU1LWFjNjIt
OGY5Y2EwZWJjY2FiLzEvME5HUnRfLXdMMTBBczZmTjBKQUVDTUFuVTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9hYWFkYWMtNDgwOS00OTU1LWFjNjItOGY5Y2EwZWJjY2Fi
LzEvc2MzQ2JVVHEtRlpVU0I2VmdRUS1GSWgzWmJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALYy1AwQG
l9jAMA8EAgACMAkDBwAqDsXBAAAwDQYJKoZIhvcNAQELBQADggEBAFBBUIh3NCjC
Ixo6blE9kq9/+ORe4qWFr8TwDBsFGOvuaByIvUn1YI336rqO3vQhNnS0baIJrtiA
PJnQgC9j2QS8c9mP2dSSFjmvxZeSs5nevwAXl0r9k1GmohiNbz4aEyeBZbKGxxox
zVxcRdYZ2sMrMCxBD0G5toGhxb9zvKmRlPCBPdP+6zdw9mjbzjwZw+qaYbIZlQRp
dvZiGvDbm/EWljKnvIaSR9vt/N3RWEfhhF1h/RCB+xsLt/uKTd4TQqHtJ27bEmL5
5jHj5le8JNXWHeq8cHk9N4RbdRdheC3mgG+1/96RRU0u1Z/Ry8GMhjTbsgnkkkh5
n3bxGOM6iJ4=
-----END CERTIFICATE-----