Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/d47T8ORHHk4caoplxkWo9jdbvBo.roa
File:                     d47T8ORHHk4caoplxkWo9jdbvBo.roa (raw, json)
Hash identifier:          O+AW/XVQJP2vo9oGn03UxDaB3BH61OdIhMeMe+ELWp4=
Subject key identifier:   77:8E:D3:F0:E4:47:1E:4E:1C:6A:8A:65:C6:45:A8:F6:37:5B:BC:1A
Certificate issuer:       /CN=d0f14b8a08cb5f8057d48b03e53f458b8e1feed6
Certificate serial:       019E215ED0594288D9E040BA0FD5390DED70
Authority key identifier: D0:F1:4B:8A:08:CB:5F:80:57:D4:8B:03:E5:3F:45:8B:8E:1F:EE:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0PFLigjLX4BX1IsD5T9Fi44f7tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/d47T8ORHHk4caoplxkWo9jdbvBo.roa
Signing time:             Wed 13 May 2026 12:45:22 +0000
ROA not before:           Wed 13 May 2026 12:45:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39067
IP address blocks:        94.232.224.0/21 maxlen: 21
                          94.232.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/0PFLigjLX4BX1IsD5T9Fi44f7tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/0PFLigjLX4BX1IsD5T9Fi44f7tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0PFLigjLX4BX1IsD5T9Fi44f7tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 17 May 2026 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:21:5e:d0:59:42:88:d9:e0:40:ba:0f:d5:39:0d:ed:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0f14b8a08cb5f8057d48b03e53f458b8e1feed6
        Validity
            Not Before: May 13 12:45:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=778ed3f0e4471e4e1c6a8a65c645a8f6375bbc1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3d:1a:e6:c7:30:f6:d2:f9:c8:f4:30:c3:23:
                    ba:71:30:4f:d7:80:f6:7a:ec:02:95:e4:c8:8a:07:
                    c8:fa:2f:40:96:ed:b7:be:be:ce:26:7f:2e:05:36:
                    70:e3:9e:77:fc:91:ed:e1:0a:41:57:19:36:b9:bb:
                    33:fc:52:1d:9e:19:e0:5f:e5:7d:c0:22:1a:2c:8b:
                    e8:f9:12:59:3f:df:5d:b8:fb:f6:55:ac:70:81:9e:
                    cc:cf:d3:ed:c2:3e:42:24:30:33:83:33:67:6e:ac:
                    8d:59:cb:2e:a9:59:05:36:d3:72:ab:c4:a0:28:1a:
                    81:22:82:c4:55:3b:d1:6b:da:73:6c:5c:84:6d:f1:
                    98:05:c9:8f:57:e2:0a:f9:42:06:c0:37:5a:51:c4:
                    ad:75:d5:74:e7:0e:ff:11:f5:82:82:51:09:70:ba:
                    b8:ef:e8:f4:df:30:60:94:8f:1a:46:94:38:62:b8:
                    0d:50:c3:c3:fe:d1:29:bf:3b:4e:ee:de:af:30:7c:
                    52:c0:34:55:d5:db:51:f8:c2:a9:47:f8:f4:1c:51:
                    32:d6:dd:77:ca:e1:8a:f8:5f:ef:07:e5:36:bf:62:
                    d3:f0:17:89:b2:06:93:0e:7c:f2:81:f0:67:ff:03:
                    11:7a:de:c9:43:34:82:54:b5:8d:0e:29:69:c1:dd:
                    bc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:8E:D3:F0:E4:47:1E:4E:1C:6A:8A:65:C6:45:A8:F6:37:5B:BC:1A
            X509v3 Authority Key Identifier:
                keyid:D0:F1:4B:8A:08:CB:5F:80:57:D4:8B:03:E5:3F:45:8B:8E:1F:EE:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0PFLigjLX4BX1IsD5T9Fi44f7tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/d47T8ORHHk4caoplxkWo9jdbvBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/0PFLigjLX4BX1IsD5T9Fi44f7tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         10:50:34:a4:cb:94:d2:85:9e:e5:00:5e:b2:34:4f:5d:85:a1:
         97:a1:c9:f2:c4:8d:ea:cb:d2:fe:f2:f7:7b:41:f1:9b:8f:8f:
         96:c8:05:c3:24:3b:b1:3e:66:3c:b5:ee:46:22:29:7a:a4:b2:
         e1:b6:01:a4:c6:d5:2f:d7:ea:bc:10:8c:9d:ee:48:47:df:b6:
         e4:c4:a5:ac:0a:7f:ff:16:21:39:92:1e:43:9f:2c:f1:ce:87:
         d2:01:42:87:23:14:ee:f9:0f:d1:6f:ce:49:d4:53:75:e7:50:
         8a:2f:58:30:6f:ae:1d:db:cf:c1:cd:74:cb:11:11:b6:57:ed:
         65:de:d0:0f:91:f0:36:08:c8:a1:12:38:29:f6:1d:f7:46:9c:
         84:81:71:51:58:9c:3e:66:cf:09:6a:4f:11:53:d9:39:0b:a0:
         b3:96:e6:c3:59:43:31:f8:66:43:13:0b:58:e5:7f:ec:9e:d6:
         66:96:4b:f8:ea:b2:5f:0f:a1:a7:78:ad:2e:34:91:ec:ab:d5:
         8b:70:d2:fe:33:bd:b9:09:7a:f3:26:56:9d:0b:ba:ba:fe:9e:
         0a:22:b1:1e:c3:27:c5:2f:50:69:d3:72:95:0f:74:af:ed:72:
         4b:bb:73:8c:2a:2c:63:d6:7e:63:98:56:58:09:cb:a9:58:bf:
         02:8c:31:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4hXtBZQojZ4EC6D9U5De1wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZjE0YjhhMDhjYjVmODA1N2Q0OGIwM2U1M2Y0NThiOGUx
ZmVlZDYwHhcNMjYwNTEzMTI0NTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzhlZDNmMGU0NDcxZTRlMWM2YThhNjVjNjQ1YThmNjM3NWJiYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT0a5scw9tL5yPQwwyO6cTBP14D2
euwCleTIigfI+i9Alu23vr7OJn8uBTZw4553/JHt4QpBVxk2ubsz/FIdnhngX+V9
wCIaLIvo+RJZP99duPv2VaxwgZ7Mz9Ptwj5CJDAzgzNnbqyNWcsuqVkFNtNyq8Sg
KBqBIoLEVTvRa9pzbFyEbfGYBcmPV+IK+UIGwDdaUcStddV05w7/EfWCglEJcLq4
7+j03zBglI8aRpQ4YrgNUMPD/tEpvztO7t6vMHxSwDRV1dtR+MKpR/j0HFEy1t13
yuGK+F/vB+U2v2LT8BeJsgaTDnzygfBn/wMRet7JQzSCVLWNDilpwd280QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHeO0/DkRx5OHGqKZcZFqPY3W7waMB8GA1UdIwQY
MBaAFNDxS4oIy1+AV9SLA+U/RYuOH+7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFBGTGlnakxYNEJYMUlzRDVUOUZpNDRmN3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yMWJkYmItODU2Zi00MWRkLWFhZDkt
MDY2ZGRmMzJiZmNjLzEvZDQ3VDhPUkhIazRjYW9wbHhrV285amRidkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yMWJkYmItODU2Zi00MWRkLWFhZDktMDY2ZGRmMzJiZmNj
LzEvMFBGTGlnakxYNEJYMUlzRDVUOUZpNDRmN3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXujgMA0G
CSqGSIb3DQEBCwUAA4IBAQAQUDSky5TShZ7lAF6yNE9dhaGXocnyxI3qy9L+8vd7
QfGbj4+WyAXDJDuxPmY8te5GIil6pLLhtgGkxtUv1+q8EIyd7khH37bkxKWsCn//
FiE5kh5DnyzxzofSAUKHIxTu+Q/Rb85J1FN151CKL1gwb64d28/BzXTLERG2V+1l
3tAPkfA2CMihEjgp9h33RpyEgXFRWJw+Zs8Jak8RU9k5C6CzlubDWUMx+GZDEwtY
5X/sntZmlkv46rJfD6GneK0uNJHsq9WLcNL+M725CXrzJladC7q6/p4KIrEewyfF
L1Bp03KVD3Sv7XJLu3OMKixj1n5jmFZYCcupWL8CjDF+
-----END CERTIFICATE-----