Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/GaliuPIZanwNNTmC2l2PRqNaNHU.roa
File:                     GaliuPIZanwNNTmC2l2PRqNaNHU.roa (raw, json)
Hash identifier:          YuUytkg/afnUQ+5sEqzkuPU4hcl7BMXhycN/8oN5ZIY=
Subject key identifier:   19:A9:62:B8:F2:19:6A:7C:0D:35:39:82:DA:5D:8F:46:A3:5A:34:75
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       019CAE647C185BCA323032878C7E979DDF85
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/GaliuPIZanwNNTmC2l2PRqNaNHU.roa
Signing time:             Mon 02 Mar 2026 11:52:26 +0000
ROA not before:           Mon 02 Mar 2026 11:52:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        94.154.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:64:7c:18:5b:ca:32:30:32:87:8c:7e:97:9d:df:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Mar  2 11:52:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19a962b8f2196a7c0d353982da5d8f46a35a3475
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:05:1a:88:a0:ad:c3:20:25:09:d4:31:bb:9d:
                    15:c8:a7:3d:37:21:17:3a:ba:3f:02:9f:4c:e8:05:
                    bc:53:f3:50:6a:52:1c:ff:27:b9:fd:7c:25:7d:f8:
                    c7:d5:86:f3:b2:66:82:48:e0:52:ff:9f:38:a1:8e:
                    8a:af:17:f9:ce:22:7a:01:a5:bc:77:9e:19:2d:74:
                    10:ae:a4:55:a9:93:0e:02:67:d6:90:cd:12:41:4e:
                    b7:23:a3:76:47:86:19:22:75:24:f0:49:45:79:db:
                    c2:00:00:b2:86:ef:2a:da:85:21:3f:3f:94:9f:88:
                    5c:fd:a9:ee:4a:36:1c:12:d1:75:a2:ef:92:fd:3d:
                    06:ad:aa:96:1c:47:70:52:19:72:80:ab:2d:aa:94:
                    78:5c:6b:e2:0b:64:7c:cc:8d:01:cf:48:98:50:6f:
                    25:51:57:85:29:5b:48:3d:71:1e:14:db:78:1e:c0:
                    17:88:1f:c3:79:bb:93:2d:32:e1:bb:35:45:17:c7:
                    ea:4f:17:71:4d:af:bb:f9:aa:9f:fa:76:de:28:2a:
                    92:27:89:7b:0d:1f:77:df:c4:41:f1:c8:2d:72:df:
                    a9:ea:ec:60:e8:b9:88:52:56:66:b3:78:4e:0d:97:
                    96:7e:49:aa:84:60:71:45:a0:9b:d9:05:90:97:d5:
                    cc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:A9:62:B8:F2:19:6A:7C:0D:35:39:82:DA:5D:8F:46:A3:5A:34:75
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/GaliuPIZanwNNTmC2l2PRqNaNHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:86:51:d0:bf:be:82:9c:95:4d:e6:96:41:0b:74:0b:6b:f2:
         fe:a2:25:75:fe:47:90:eb:ec:80:a9:24:2b:f9:3b:a7:1e:86:
         92:fe:8c:5b:6b:6e:a3:38:49:23:a8:4c:ac:9a:e9:1a:ad:d7:
         5e:98:1f:56:88:92:8e:ba:c7:70:43:5a:b2:5d:07:bf:4e:aa:
         73:10:68:76:a5:1c:6a:14:99:df:a8:dc:3b:c6:83:a6:8d:33:
         7f:2c:80:8c:fa:90:db:ed:9e:a7:17:2b:14:58:36:6d:06:3f:
         a6:89:ac:99:d6:5e:8b:49:b8:bd:ce:89:dd:44:47:90:83:d0:
         e1:10:f6:ab:06:dd:03:6c:bb:68:c8:5b:27:0d:32:31:4c:77:
         ab:98:ad:db:5e:db:6b:6f:c4:8a:99:94:59:7a:cc:f7:23:e1:
         16:19:d2:7d:68:68:8b:5f:9a:5f:88:92:ab:77:32:f2:19:f1:
         38:88:85:ea:9c:fe:b3:c8:92:1d:a8:6a:2b:c4:1a:91:92:8c:
         ab:c2:cc:42:91:4c:fd:ab:ef:f4:fc:f1:91:c7:41:e3:ae:d6:
         e9:de:50:ce:e3:cd:8f:a7:02:38:0c:22:2b:bd:13:f7:d9:49:
         79:08:9e:de:b3:ce:84:dd:7d:29:63:1c:75:e0:74:2e:48:4a:
         11:af:1f:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyuZHwYW8oyMDKHjH6Xnd+FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjYwMzAyMTE1MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWE5NjJiOGYyMTk2YTdjMGQzNTM5ODJkYTVkOGY0NmEzNWEzNDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQUaiKCtwyAlCdQxu50VyKc9NyEX
Oro/Ap9M6AW8U/NQalIc/ye5/XwlffjH1YbzsmaCSOBS/584oY6Krxf5ziJ6AaW8
d54ZLXQQrqRVqZMOAmfWkM0SQU63I6N2R4YZInUk8ElFedvCAACyhu8q2oUhPz+U
n4hc/anuSjYcEtF1ou+S/T0GraqWHEdwUhlygKstqpR4XGviC2R8zI0Bz0iYUG8l
UVeFKVtIPXEeFNt4HsAXiB/DebuTLTLhuzVFF8fqTxdxTa+7+aqf+nbeKCqSJ4l7
DR9338RB8cgtct+p6uxg6LmIUlZms3hODZeWfkmqhGBxRaCb2QWQl9XMbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmpYrjyGWp8DTU5gtpdj0ajWjR1MB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvR2FsaXVQSVphbndOTlRtQzJsMlBScU5hTkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpouMA0G
CSqGSIb3DQEBCwUAA4IBAQAFhlHQv76CnJVN5pZBC3QLa/L+oiV1/keQ6+yAqSQr
+TunHoaS/oxba26jOEkjqEysmukarddemB9WiJKOusdwQ1qyXQe/TqpzEGh2pRxq
FJnfqNw7xoOmjTN/LICM+pDb7Z6nFysUWDZtBj+miayZ1l6LSbi9zondREeQg9Dh
EParBt0DbLtoyFsnDTIxTHermK3bXttrb8SKmZRZesz3I+EWGdJ9aGiLX5pfiJKr
dzLyGfE4iIXqnP6zyJIdqGorxBqRkoyrwsxCkUz9q+/0/PGRx0Hjrtbp3lDO482P
pwI4DCIrvRP32Ul5CJ7es86E3X0pYxx14HQuSEoRrx94
-----END CERTIFICATE-----