Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/dU479nGMbVZbovNxjeqQVw4Hgyg.roa
File:                     dU479nGMbVZbovNxjeqQVw4Hgyg.roa (raw, json)
Hash identifier:          ZpEfkPpf6GrkCmDHoI7Fyt9PNcWOPFf4PkDMVIjkH2w=
Subject key identifier:   75:4E:3B:F6:71:8C:6D:56:5B:A2:F3:71:8D:EA:90:57:0E:07:83:28
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       019DED6B5BD1A2B8D117593A7AD584A90A42
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/dU479nGMbVZbovNxjeqQVw4Hgyg.roa
Signing time:             Sun 03 May 2026 10:38:49 +0000
ROA not before:           Sun 03 May 2026 10:38:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        94.154.43.0/24 maxlen: 24
                          94.154.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 16:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ed:6b:5b:d1:a2:b8:d1:17:59:3a:7a:d5:84:a9:0a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: May  3 10:38:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=754e3bf6718c6d565ba2f3718dea90570e078328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ec:3c:af:3c:3b:cf:b3:1d:82:08:57:25:a7:
                    a2:77:c3:53:02:8f:e8:ee:81:75:35:a3:26:fd:91:
                    d9:53:05:05:ce:94:d0:05:71:91:67:32:7a:7d:4e:
                    b6:a8:42:dd:f3:dc:63:b9:2e:71:38:33:40:6b:53:
                    59:21:3c:09:43:5e:8e:c5:c1:41:2b:4d:42:51:d4:
                    d4:99:af:92:70:af:30:11:45:be:8f:ba:15:1d:7f:
                    8c:c7:df:c3:a0:9f:02:5c:19:f2:f6:ea:89:ce:fd:
                    7d:1c:3f:d4:bd:75:22:13:4b:d4:9d:1d:68:40:d0:
                    b7:69:18:f7:c2:7f:d8:ac:4e:41:75:79:ec:20:20:
                    09:4d:bb:de:b9:4c:5e:67:ce:e2:16:d2:df:bd:40:
                    3c:c1:da:ea:87:5a:c9:4b:89:cf:6f:fd:9f:3e:a8:
                    0c:66:3a:1f:57:93:3d:61:3c:a4:10:54:93:4f:a6:
                    83:50:eb:91:5f:c5:cd:83:6e:01:03:c8:17:c2:a0:
                    3e:4b:ab:9b:d6:2d:a7:5b:29:c2:23:d2:a8:24:75:
                    97:93:7a:9a:6e:56:55:f6:e1:10:45:a5:4a:0f:83:
                    e3:68:d8:e6:48:3f:0b:63:eb:56:e3:d9:a8:cd:b3:
                    55:9c:77:50:8a:55:c7:1d:cf:a9:f0:3a:21:f2:ba:
                    db:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:4E:3B:F6:71:8C:6D:56:5B:A2:F3:71:8D:EA:90:57:0E:07:83:28
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/dU479nGMbVZbovNxjeqQVw4Hgyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.43.0/24
                  94.154.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:83:6a:7f:6f:00:a6:79:43:e9:48:83:24:7e:b4:71:9c:87:
         56:cd:77:ab:04:7a:e2:3c:bf:ff:af:d2:cb:2f:b2:21:76:1b:
         99:b9:77:20:8a:ee:05:6c:2f:63:93:f4:4d:68:05:71:60:83:
         53:a5:3b:2a:07:5d:63:ce:49:e9:ad:8a:8b:12:a6:7f:04:4b:
         f4:ed:2c:a8:a7:02:41:b7:09:d1:28:ec:e4:e5:c3:be:03:c8:
         68:b1:43:6f:9e:7b:34:45:d5:dd:6c:f3:dd:bd:ef:b3:1e:cf:
         3e:e1:71:6a:89:a5:88:66:5a:e7:9a:72:b4:29:f6:a1:77:87:
         4d:bb:c5:4f:36:5c:f6:41:13:39:c8:2c:33:9f:5d:06:50:a1:
         63:e3:ab:5d:14:ba:ef:15:ac:bf:b8:ff:9c:7e:1d:1b:53:5c:
         ee:8c:ca:6e:ab:6e:65:ec:d3:d7:96:90:b2:4c:2a:82:c8:e5:
         19:9c:5f:71:c4:f5:62:97:75:44:ea:5e:f6:0d:d5:23:11:43:
         82:e4:2c:ed:78:53:0c:ac:24:d2:fb:10:a1:99:68:10:f2:cb:
         43:42:55:ae:aa:d6:07:a3:a2:86:9b:82:ec:e2:9e:ca:5f:29:
         79:c7:82:93:0a:a5:60:ff:74:5b:62:8c:e4:b1:3d:ae:69:d6:
         c5:18:86:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3ta1vRorjRF1k6etWEqQpCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjYwNTAzMTAzODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTRlM2JmNjcxOGM2ZDU2NWJhMmYzNzE4ZGVhOTA1NzBlMDc4MzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuw8rzw7z7MdgghXJaeid8NTAo/o
7oF1NaMm/ZHZUwUFzpTQBXGRZzJ6fU62qELd89xjuS5xODNAa1NZITwJQ16OxcFB
K01CUdTUma+ScK8wEUW+j7oVHX+Mx9/DoJ8CXBny9uqJzv19HD/UvXUiE0vUnR1o
QNC3aRj3wn/YrE5BdXnsICAJTbveuUxeZ87iFtLfvUA8wdrqh1rJS4nPb/2fPqgM
ZjofV5M9YTykEFSTT6aDUOuRX8XNg24BA8gXwqA+S6ub1i2nWynCI9KoJHWXk3qa
blZV9uEQRaVKD4PjaNjmSD8LY+tW49mozbNVnHdQilXHHc+p8Doh8rrbpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHVOO/ZxjG1WW6LzcY3qkFcOB4MoMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvZFU0NzluR01iVlpib3ZOeGplcVFWdzRIZ3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXporAwQA
XpotMA0GCSqGSIb3DQEBCwUAA4IBAQA/g2p/bwCmeUPpSIMkfrRxnIdWzXerBHri
PL//r9LLL7IhdhuZuXcgiu4FbC9jk/RNaAVxYINTpTsqB11jzknprYqLEqZ/BEv0
7SyopwJBtwnRKOzk5cO+A8hosUNvnns0RdXdbPPdve+zHs8+4XFqiaWIZlrnmnK0
Kfahd4dNu8VPNlz2QRM5yCwzn10GUKFj46tdFLrvFay/uP+cfh0bU1zujMpuq25l
7NPXlpCyTCqCyOUZnF9xxPVil3VE6l72DdUjEUOC5CzteFMMrCTS+xChmWgQ8stD
QlWuqtYHo6KGm4Ls4p7KXyl5x4KTCqVg/3RbYozksT2uadbFGIbf
-----END CERTIFICATE-----