Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/VdXJvRFaOAWsqwu3SSQHcUU_EK8.roa
File:                     VdXJvRFaOAWsqwu3SSQHcUU_EK8.roa (raw, json)
Hash identifier:          SVyfrKoEfaEeOfk+BpWiCLeq57vQxet7PFmHE7Zz2Vs=
Subject key identifier:   55:D5:C9:BD:11:5A:38:05:AC:AB:0B:B7:49:24:07:71:45:3F:10:AF
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       019E8CDFA3AC6612086B6700AA4152835682
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/VdXJvRFaOAWsqwu3SSQHcUU_EK8.roa
Signing time:             Wed 03 Jun 2026 09:45:27 +0000
ROA not before:           Wed 03 Jun 2026 09:45:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        212.116.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Jun 2026 09:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8c:df:a3:ac:66:12:08:6b:67:00:aa:41:52:83:56:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Jun  3 09:45:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55d5c9bd115a3805acab0bb749240771453f10af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:34:32:51:a5:77:11:68:2b:19:1b:4a:20:b9:
                    91:c4:7b:19:bb:11:9e:c0:0a:29:02:20:a0:d2:09:
                    49:2b:c1:a4:04:1e:30:8c:ed:e9:cf:a5:6c:f3:07:
                    a8:d9:ef:33:6c:17:29:2d:ba:df:9e:8d:e2:4e:94:
                    cf:2f:c9:08:3d:95:89:0f:cc:30:fc:51:bb:9a:9a:
                    bf:8b:28:ec:1a:bf:07:e9:e5:d6:1d:0a:04:15:2c:
                    ca:4d:54:d8:d8:51:10:9e:1a:04:63:76:7e:70:d8:
                    18:3a:f8:df:44:ac:d7:ea:16:9a:f4:13:5e:b2:5a:
                    c0:20:8d:56:e7:bb:a0:7e:b8:ed:11:b6:f4:93:15:
                    ba:95:29:ea:07:96:27:ce:40:02:0d:b7:3b:d4:4b:
                    c0:da:fa:32:78:19:3e:d4:ca:e0:2a:0c:55:82:03:
                    22:22:03:77:1e:7c:c5:bd:81:9d:a0:6f:25:5b:44:
                    b3:1f:25:70:6e:ed:a0:25:c9:4c:13:b2:02:8d:ba:
                    1e:75:4b:3b:86:f2:28:7a:e9:e9:9f:cc:4f:06:b4:
                    fc:76:63:4d:b0:0c:bc:bc:fb:2d:0f:b1:22:81:3e:
                    d7:3b:2a:5e:a2:7a:76:91:5a:17:a2:bc:d0:69:f1:
                    5b:be:04:18:d2:c5:0f:77:16:e0:e3:72:ae:5a:aa:
                    0e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:D5:C9:BD:11:5A:38:05:AC:AB:0B:B7:49:24:07:71:45:3F:10:AF
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/VdXJvRFaOAWsqwu3SSQHcUU_EK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:40:6e:1f:62:86:18:a7:35:0f:fc:4e:c4:6d:05:6b:0e:1f:
         70:72:af:5b:67:8c:6d:d2:8c:3e:0e:15:ff:84:3e:f3:42:53:
         f5:e2:95:a3:b0:c8:29:b8:de:a3:fb:9c:2b:f8:5b:70:da:64:
         89:2b:33:f5:71:2e:72:d2:02:5a:45:f1:5f:a8:ba:d0:e9:c5:
         35:8d:d8:47:68:0b:08:3f:06:86:46:51:14:a4:a4:06:12:dc:
         fe:34:ff:d0:15:af:56:39:8f:e5:25:ae:5a:0d:38:12:97:67:
         e5:e6:16:36:89:9b:87:19:9b:c5:6d:5d:ae:57:ba:7c:c3:63:
         8d:27:60:7b:70:87:96:00:b0:81:ed:09:92:8d:5c:2b:80:73:
         39:94:8f:d8:21:b2:b3:18:ff:96:df:df:0f:21:05:ec:b4:d9:
         da:72:d3:c0:4f:2d:e3:d2:62:9a:10:e8:d2:c5:ad:8b:ef:b4:
         69:71:41:dd:9a:06:e8:0f:d0:90:9a:a6:f0:91:d7:8d:21:5b:
         50:66:1c:97:2d:b0:d8:0a:85:ad:ff:f5:50:29:88:e4:d0:1d:
         d2:57:0a:4c:e9:7a:76:b1:9d:57:8e:a8:df:57:96:61:1b:48:
         aa:34:3d:91:52:df:46:31:0c:f6:57:39:6e:7e:39:f6:8f:af:
         97:9e:b5:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6M36OsZhIIa2cAqkFSg1aCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjYwNjAzMDk0NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWQ1YzliZDExNWEzODA1YWNhYjBiYjc0OTI0MDc3MTQ1M2YxMGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTQyUaV3EWgrGRtKILmRxHsZuxGe
wAopAiCg0glJK8GkBB4wjO3pz6Vs8weo2e8zbBcpLbrfno3iTpTPL8kIPZWJD8ww
/FG7mpq/iyjsGr8H6eXWHQoEFSzKTVTY2FEQnhoEY3Z+cNgYOvjfRKzX6haa9BNe
slrAII1W57ugfrjtEbb0kxW6lSnqB5YnzkACDbc71EvA2voyeBk+1MrgKgxVggMi
IgN3HnzFvYGdoG8lW0SzHyVwbu2gJclME7ICjboedUs7hvIoeunpn8xPBrT8dmNN
sAy8vPstD7EigT7XOypeonp2kVoXorzQafFbvgQY0sUPdxbg43KuWqoO7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXVyb0RWjgFrKsLt0kkB3FFPxCvMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvVmRYSnZSRmFPQVdzcXd1M1NTUUhjVVVfRUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HTkMA0G
CSqGSIb3DQEBCwUAA4IBAQBpQG4fYoYYpzUP/E7EbQVrDh9wcq9bZ4xt0ow+DhX/
hD7zQlP14pWjsMgpuN6j+5wr+Ftw2mSJKzP1cS5y0gJaRfFfqLrQ6cU1jdhHaAsI
PwaGRlEUpKQGEtz+NP/QFa9WOY/lJa5aDTgSl2fl5hY2iZuHGZvFbV2uV7p8w2ON
J2B7cIeWALCB7QmSjVwrgHM5lI/YIbKzGP+W398PIQXstNnactPATy3j0mKaEOjS
xa2L77RpcUHdmgboD9CQmqbwkdeNIVtQZhyXLbDYCoWt//VQKYjk0B3SVwpM6Xp2
sZ1XjqjfV5ZhG0iqND2RUt9GMQz2Vzlufjn2j6+XnrVW
-----END CERTIFICATE-----