Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/Mf4shsIcdDvfGnZMAdD_3JbYLHI.roa
File:                     Mf4shsIcdDvfGnZMAdD_3JbYLHI.roa (raw, json)
Hash identifier:          fIqVNZkx0+PBJYyotNhU3sXFOq7EoMjw3ychtStfIfA=
Subject key identifier:   31:FE:2C:86:C2:1C:74:3B:DF:1A:76:4C:01:D0:FF:DC:96:D8:2C:72
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       019DD0599C02335F7867C06BA000802E451A
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/Mf4shsIcdDvfGnZMAdD_3JbYLHI.roa
Signing time:             Mon 27 Apr 2026 19:10:26 +0000
ROA not before:           Mon 27 Apr 2026 19:10:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198383
IP address blocks:        185.226.56.0/23 maxlen: 23
                          185.226.58.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 Apr 2026 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d0:59:9c:02:33:5f:78:67:c0:6b:a0:00:80:2e:45:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Apr 27 19:10:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31fe2c86c21c743bdf1a764c01d0ffdc96d82c72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0e:ad:02:6c:39:e8:8e:dc:22:44:fa:82:32:
                    e6:48:6d:21:bf:a6:4c:c0:c3:91:13:b3:69:1e:82:
                    65:d2:c8:8a:5a:c7:eb:cc:40:82:d7:33:ee:03:13:
                    ed:b2:2d:14:96:73:d3:d8:94:4a:0b:04:cd:ee:bb:
                    27:c4:a4:5b:ba:29:59:c8:24:86:43:0f:6e:a9:f0:
                    f1:99:b2:75:37:b4:db:5d:0b:ca:d1:85:f7:47:a4:
                    f9:44:bf:80:60:5f:a1:98:0f:2f:ed:a9:e1:51:52:
                    81:5b:dd:f7:79:c3:7b:62:92:6e:70:b3:1f:60:50:
                    aa:be:7c:c5:3f:04:c5:43:c1:d3:2c:d0:0b:e5:0e:
                    bb:9a:ac:85:4a:dc:35:ed:7c:0b:8b:b4:84:1c:0c:
                    93:77:f4:2a:dd:f6:56:51:e1:61:fc:3e:11:5b:8e:
                    90:d2:e1:11:96:d2:0b:73:b2:b7:26:a4:a8:9a:fc:
                    6e:8b:4a:cf:b7:ff:f8:e4:40:d2:0b:6f:cd:d9:5a:
                    b0:ff:5a:db:b2:f0:f4:7d:1d:aa:81:54:5f:16:b9:
                    ae:04:75:ca:c3:94:8b:49:94:e6:c7:77:f7:95:6f:
                    6e:ef:8d:bd:9a:37:07:af:30:4c:40:2e:73:cb:01:
                    a4:10:0e:15:c5:98:00:5a:ba:6d:e2:b3:9a:fb:f7:
                    f9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:FE:2C:86:C2:1C:74:3B:DF:1A:76:4C:01:D0:FF:DC:96:D8:2C:72
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/Mf4shsIcdDvfGnZMAdD_3JbYLHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:ae:21:69:ba:1c:62:21:d5:1c:a2:c4:28:c2:38:07:9f:23:
         11:cf:b7:19:a1:e3:88:5e:96:ab:77:4d:c8:e8:98:9e:f8:65:
         4d:32:dd:a8:4e:f3:cb:ee:de:10:0c:83:fa:65:cd:3e:5f:fa:
         35:6e:6d:93:c9:7f:3c:4b:f1:9a:63:4e:d7:5d:30:ce:76:74:
         42:e1:b7:ec:46:e9:94:20:3c:9c:ea:38:9c:99:06:e5:3f:de:
         99:65:3e:b7:ed:73:f5:02:b8:a5:9b:1a:0e:95:42:e5:8c:ef:
         08:55:05:73:eb:3f:97:b9:7a:c7:72:3d:13:c3:1c:c7:76:c1:
         28:50:36:a1:15:5b:78:70:ee:6f:f9:22:f0:ed:8a:e2:03:2e:
         f2:87:a9:16:31:71:1a:f4:1f:53:54:6a:96:d1:58:f3:8c:29:
         e8:f4:e2:61:93:0b:54:be:b2:98:92:8f:22:d3:e8:65:cb:f6:
         2f:9b:d8:f1:b4:ee:00:35:eb:88:b1:61:7a:10:58:8d:a1:2b:
         aa:be:95:58:2f:4c:8a:c2:73:94:44:f1:16:6f:9e:6f:35:86:
         73:fb:b9:9a:b7:8b:61:af:ab:d6:ec:4b:42:59:21:5d:b0:f4:
         09:2d:57:fa:0a:a8:fd:cd:df:da:b3:fe:90:1e:8d:14:da:e6:
         cd:db:3c:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3QWZwCM194Z8BroACALkUaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjYwNDI3MTkxMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWZlMmM4NmMyMWM3NDNiZGYxYTc2NGMwMWQwZmZkYzk2ZDgyYzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtA6tAmw56I7cIkT6gjLmSG0hv6ZM
wMORE7NpHoJl0siKWsfrzECC1zPuAxPtsi0UlnPT2JRKCwTN7rsnxKRbuilZyCSG
Qw9uqfDxmbJ1N7TbXQvK0YX3R6T5RL+AYF+hmA8v7anhUVKBW933ecN7YpJucLMf
YFCqvnzFPwTFQ8HTLNAL5Q67mqyFStw17XwLi7SEHAyTd/Qq3fZWUeFh/D4RW46Q
0uERltILc7K3JqSomvxui0rPt//45EDSC2/N2Vqw/1rbsvD0fR2qgVRfFrmuBHXK
w5SLSZTmx3f3lW9u7429mjcHrzBMQC5zywGkEA4VxZgAWrpt4rOa+/f5MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDH+LIbCHHQ73xp2TAHQ/9yW2CxyMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvTWY0c2hzSWNkRHZmR25aTUFkRF8zSmJZTEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueI4MA0G
CSqGSIb3DQEBCwUAA4IBAQBeriFpuhxiIdUcosQowjgHnyMRz7cZoeOIXpard03I
6Jie+GVNMt2oTvPL7t4QDIP6Zc0+X/o1bm2TyX88S/GaY07XXTDOdnRC4bfsRumU
IDyc6jicmQblP96ZZT637XP1ArilmxoOlULljO8IVQVz6z+XuXrHcj0TwxzHdsEo
UDahFVt4cO5v+SLw7YriAy7yh6kWMXEa9B9TVGqW0VjzjCno9OJhkwtUvrKYko8i
0+hly/Yvm9jxtO4ANeuIsWF6EFiNoSuqvpVYL0yKwnOURPEWb55vNYZz+7mat4th
r6vW7EtCWSFdsPQJLVf6Cqj9zd/as/6QHo0U2ubN2zx8
-----END CERTIFICATE-----