Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/0hZk2mTvS3ZcKfsA91iaXruLVXs.roa
File:                     0hZk2mTvS3ZcKfsA91iaXruLVXs.roa (raw, json)
Hash identifier:          H14yHkMFxRqqCIbyWlxjfo4cH92pcWR1drGhKt7KJUo=
Subject key identifier:   D2:16:64:DA:64:EF:4B:76:5C:29:FB:00:F7:58:9A:5E:BB:8B:55:7B
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019D2187299CDD60D0A573D3A7A994B7B099
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/0hZk2mTvS3ZcKfsA91iaXruLVXs.roa
Signing time:             Tue 24 Mar 2026 20:26:39 +0000
ROA not before:           Tue 24 Mar 2026 20:26:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201002
IP address blocks:        94.103.189.0/24 maxlen: 24
                          94.103.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:21:87:29:9c:dd:60:d0:a5:73:d3:a7:a9:94:b7:b0:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar 24 20:26:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d21664da64ef4b765c29fb00f7589a5ebb8b557b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5b:4d:da:e0:f8:55:3b:96:39:03:01:79:ac:
                    47:49:44:82:f7:fc:58:f0:b2:72:74:7c:09:7e:aa:
                    d8:5c:45:f3:d4:95:92:68:c4:b6:ea:3f:68:8a:d1:
                    92:99:18:0d:e2:e9:7b:fb:9d:0a:b1:28:11:74:5c:
                    26:50:f5:6f:82:63:15:3e:dd:09:a4:f0:cf:97:c5:
                    41:4e:7a:a6:9e:57:b1:0b:ac:ab:f4:3f:56:fb:bf:
                    04:f4:11:59:c7:93:bd:4a:c2:6e:74:e5:fe:75:85:
                    c2:fb:27:1a:e7:1b:ec:6b:bf:84:34:15:a1:49:15:
                    54:12:3a:e6:f1:e7:ff:fb:9d:fa:e7:59:62:69:c1:
                    9a:0e:3d:54:f4:2e:87:38:74:fd:43:8c:a3:fc:f5:
                    80:ac:41:e2:3f:59:77:c3:c9:20:21:85:d6:03:a3:
                    50:bf:10:8a:7a:94:90:3d:21:3c:4d:c4:ea:14:35:
                    bc:20:5c:74:61:88:57:4b:ca:5c:ab:44:0f:a2:68:
                    b6:c4:fa:ba:35:1b:c3:96:11:52:6a:75:8b:58:f1:
                    00:ef:6a:24:d9:15:ab:82:1f:89:7a:24:65:5a:ba:
                    ba:4d:2b:8a:0d:6e:55:1a:99:22:8a:e4:d8:f1:60:
                    34:8c:f4:3a:a9:7d:67:0d:16:b1:a6:d2:9d:97:4b:
                    bf:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:16:64:DA:64:EF:4B:76:5C:29:FB:00:F7:58:9A:5E:BB:8B:55:7B
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/0hZk2mTvS3ZcKfsA91iaXruLVXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.189.0/24
                  94.103.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:bd:be:1f:ff:fb:96:f9:85:4e:67:09:53:2f:17:79:c0:75:
         aa:3a:6e:26:d9:30:7b:b3:17:9f:95:33:f7:69:ea:8c:e1:22:
         37:a2:e6:68:59:30:98:09:b9:22:7c:fd:a9:d2:a1:04:bd:b5:
         dd:a7:7d:f4:91:15:38:ba:d3:5b:f1:15:6f:ff:d4:de:97:7b:
         22:de:b5:dc:4a:20:53:b3:28:83:bd:ee:af:b5:79:53:e3:48:
         06:54:39:a5:df:81:49:a5:d0:44:63:87:d3:b0:80:9f:b1:fc:
         3c:2e:24:58:ca:3e:fd:7a:a1:96:36:a7:35:59:e1:76:40:ff:
         f4:ab:e2:74:6d:3d:be:d7:aa:a0:7b:31:0a:d6:b6:0c:39:95:
         f4:26:9f:94:b7:f6:bd:c4:91:7d:68:d8:2d:fe:e8:21:68:e6:
         97:33:72:d6:73:87:7e:d0:90:2c:2b:95:f5:05:a6:70:31:4f:
         eb:e9:5b:b5:40:b2:9c:06:9d:bd:cd:77:e3:c9:4e:df:77:5b:
         5e:f5:35:d9:d4:87:c5:98:30:91:bf:12:ce:f1:5d:87:fd:94:
         1a:75:16:bb:9d:25:d3:1b:08:a3:d6:dc:98:64:c9:f2:c5:03:
         56:85:6a:bf:a9:a4:8f:e6:24:da:de:17:7b:33:5d:f1:1a:b8:
         4f:f0:3f:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0hhymc3WDQpXPTp6mUt7CZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMzI0MjAyNjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjE2NjRkYTY0ZWY0Yjc2NWMyOWZiMDBmNzU4OWE1ZWJiOGI1NTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtltN2uD4VTuWOQMBeaxHSUSC9/xY
8LJydHwJfqrYXEXz1JWSaMS26j9oitGSmRgN4ul7+50KsSgRdFwmUPVvgmMVPt0J
pPDPl8VBTnqmnlexC6yr9D9W+78E9BFZx5O9SsJudOX+dYXC+yca5xvsa7+ENBWh
SRVUEjrm8ef/+53651liacGaDj1U9C6HOHT9Q4yj/PWArEHiP1l3w8kgIYXWA6NQ
vxCKepSQPSE8TcTqFDW8IFx0YYhXS8pcq0QPomi2xPq6NRvDlhFSanWLWPEA72ok
2RWrgh+JeiRlWrq6TSuKDW5VGpkiiuTY8WA0jPQ6qX1nDRaxptKdl0u/vwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNIWZNpk70t2XCn7APdYml67i1V7MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvMGhaazJtVHZTM1pjS2ZzQTkxaWFYcnVMVlhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXme9AwQA
Xme/MA0GCSqGSIb3DQEBCwUAA4IBAQBQvb4f//uW+YVOZwlTLxd5wHWqOm4m2TB7
sxeflTP3aeqM4SI3ouZoWTCYCbkifP2p0qEEvbXdp330kRU4utNb8RVv/9Tel3si
3rXcSiBTsyiDve6vtXlT40gGVDml34FJpdBEY4fTsICfsfw8LiRYyj79eqGWNqc1
WeF2QP/0q+J0bT2+16qgezEK1rYMOZX0Jp+Ut/a9xJF9aNgt/ughaOaXM3LWc4d+
0JAsK5X1BaZwMU/r6Vu1QLKcBp29zXfjyU7fd1te9TXZ1IfFmDCRvxLO8V2H/ZQa
dRa7nSXTGwij1tyYZMnyxQNWhWq/qaSP5iTa3hd7M13xGrhP8D8B
-----END CERTIFICATE-----