Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ONgaf1iMnFOfIRhNrGmRIIZ_rmk.roa
File:                     ONgaf1iMnFOfIRhNrGmRIIZ_rmk.roa (raw, json)
Hash identifier:          TjNfJMQYSuKqoCV9qNgV6a4kCfaytG3h/G25HJDktLo=
Subject key identifier:   38:D8:1A:7F:58:8C:9C:53:9F:21:18:4D:AC:69:91:20:86:7F:AE:69
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019E2B3ECE58AD2C0E0F411A72541591EF6D
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ONgaf1iMnFOfIRhNrGmRIIZ_rmk.roa
Signing time:             Fri 15 May 2026 10:46:36 +0000
ROA not before:           Fri 15 May 2026 10:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        109.111.32.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:3e:ce:58:ad:2c:0e:0f:41:1a:72:54:15:91:ef:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: May 15 10:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38d81a7f588c9c539f21184dac699120867fae69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d7:4e:00:f1:f7:0e:b8:e3:f9:46:aa:19:c7:
                    cc:06:50:df:98:bd:76:40:4c:bc:56:aa:ec:68:d5:
                    66:df:65:8d:4d:c6:fa:27:e6:90:1f:b7:5c:17:dd:
                    9e:1b:a9:26:35:f7:25:b1:39:fd:6a:a1:96:b5:ff:
                    c6:5d:bf:f3:e4:f6:de:ca:d0:3d:c7:4e:76:02:b7:
                    a9:f9:2f:6e:a1:57:b8:1a:dc:47:a2:eb:c2:58:b3:
                    af:cb:55:95:80:7e:8e:ce:f8:7f:5d:14:2f:d4:13:
                    03:c8:1e:f4:fa:e4:f9:90:2b:65:f1:c0:cd:3e:0c:
                    15:cd:0e:78:f9:3d:59:c5:4a:89:28:fc:c0:4b:06:
                    4e:74:7b:34:00:35:60:10:df:ff:79:cf:e4:92:be:
                    d2:e5:aa:ff:09:24:b1:2a:bd:4f:69:b2:ed:55:b3:
                    9d:3b:8b:f9:b3:1f:a6:7d:65:e7:e8:b2:c7:d0:5f:
                    81:9b:6b:8d:43:7f:c0:4a:eb:69:d7:82:f4:dd:d3:
                    69:db:db:f0:a5:a1:0d:67:85:b8:f1:97:a7:48:b6:
                    53:18:50:00:4d:ca:b0:ab:95:af:ad:06:f0:5a:bb:
                    6c:63:ab:81:34:00:50:bf:b0:bc:ee:7e:7f:34:76:
                    d8:11:e9:6e:38:ba:df:4e:8f:e4:9f:2b:f7:b3:fb:
                    dc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D8:1A:7F:58:8C:9C:53:9F:21:18:4D:AC:69:91:20:86:7F:AE:69
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ONgaf1iMnFOfIRhNrGmRIIZ_rmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:04:d5:af:8f:60:af:bc:9b:a7:85:25:c2:a3:08:e7:39:89:
         83:78:49:f0:59:87:bd:d6:46:60:5f:1f:7a:c7:c3:bf:1c:db:
         99:74:b6:50:29:29:a5:76:41:5d:31:27:a6:06:41:52:f4:f2:
         e9:ac:f7:c5:83:d0:67:e0:70:6c:35:1e:79:37:20:54:49:bf:
         e5:cd:e1:45:f0:eb:26:62:06:01:88:03:bb:ba:41:41:03:f9:
         82:11:ae:bd:b5:df:8e:b7:3b:50:bf:83:21:60:80:d5:10:e0:
         5b:65:c8:22:3e:1c:eb:e6:28:14:16:b7:6a:92:53:90:42:6e:
         68:ae:67:b2:53:4f:bb:bf:6d:75:06:82:02:b8:c8:e9:d4:8a:
         4d:13:c9:03:90:d1:36:82:32:04:11:9e:73:48:74:f4:e2:db:
         85:f6:32:15:24:d2:a4:a3:44:f8:5d:dd:c4:ab:9e:74:b1:40:
         77:41:99:77:b5:52:a6:be:e9:76:3f:9e:9a:5c:c4:f0:34:63:
         bf:f6:b9:bf:b5:c8:a6:ac:23:54:66:e5:b9:de:74:ed:d7:f7:
         a5:22:57:b8:fd:2a:7d:dc:b8:05:d2:aa:93:57:04:77:a6:8d:
         26:a0:87:3f:3d:d4:17:41:c3:ad:51:e0:2c:45:2e:7b:62:4e:
         68:33:aa:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rPs5YrSwOD0EaclQVke9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjYwNTE1MTA0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQ4MWE3ZjU4OGM5YzUzOWYyMTE4NGRhYzY5OTEyMDg2N2ZhZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9dOAPH3Drjj+UaqGcfMBlDfmL12
QEy8VqrsaNVm32WNTcb6J+aQH7dcF92eG6kmNfclsTn9aqGWtf/GXb/z5PbeytA9
x052Arep+S9uoVe4GtxHouvCWLOvy1WVgH6Ozvh/XRQv1BMDyB70+uT5kCtl8cDN
PgwVzQ54+T1ZxUqJKPzASwZOdHs0ADVgEN//ec/kkr7S5ar/CSSxKr1PabLtVbOd
O4v5sx+mfWXn6LLH0F+Bm2uNQ3/ASutp14L03dNp29vwpaENZ4W48ZenSLZTGFAA
Tcqwq5WvrQbwWrtsY6uBNABQv7C87n5/NHbYEeluOLrfTo/knyv3s/vciQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjYGn9YjJxTnyEYTaxpkSCGf65pMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvT05nYWYxaU1uRk9mSVJoTnJHbVJJSVpfcm1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbW8gMA0G
CSqGSIb3DQEBCwUAA4IBAQCqBNWvj2CvvJunhSXCowjnOYmDeEnwWYe91kZgXx96
x8O/HNuZdLZQKSmldkFdMSemBkFS9PLprPfFg9Bn4HBsNR55NyBUSb/lzeFF8Osm
YgYBiAO7ukFBA/mCEa69td+OtztQv4MhYIDVEOBbZcgiPhzr5igUFrdqklOQQm5o
rmeyU0+7v211BoICuMjp1IpNE8kDkNE2gjIEEZ5zSHT04tuF9jIVJNKko0T4Xd3E
q550sUB3QZl3tVKmvul2P56aXMTwNGO/9rm/tcimrCNUZuW53nTt1/elIle4/Sp9
3LgF0qqTVwR3po0moIc/PdQXQcOtUeAsRS57Yk5oM6p5
-----END CERTIFICATE-----