Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/bDvb5V_NvXzVB717pdCTD20bb00.roa
File:                     bDvb5V_NvXzVB717pdCTD20bb00.roa (raw, json)
Hash identifier:          ChhXp3O83O9ZmRYnZaMtI6G7Chl71zYrgMZ6bXKJJnU=
Subject key identifier:   6C:3B:DB:E5:5F:CD:BD:7C:D5:07:BD:7B:A5:D0:93:0F:6D:1B:6F:4D
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019DA2B1E507A88B0384E300689084FB7D82
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/bDvb5V_NvXzVB717pdCTD20bb00.roa
Signing time:             Sat 18 Apr 2026 22:24:20 +0000
ROA not before:           Sat 18 Apr 2026 22:24:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214861
IP address blocks:        83.147.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a2:b1:e5:07:a8:8b:03:84:e3:00:68:90:84:fb:7d:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr 18 22:24:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c3bdbe55fcdbd7cd507bd7ba5d0930f6d1b6f4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:41:d8:1e:6d:0b:6f:55:07:3e:fc:c2:14:45:
                    32:76:82:ac:11:67:cd:68:65:ee:c0:b2:f0:f4:4d:
                    6c:1d:4a:1a:ce:e2:83:e8:ab:2f:89:a0:64:48:2f:
                    d3:84:f3:6b:d9:ac:57:90:24:ec:cf:86:97:cd:9c:
                    72:dd:1c:f6:0c:fc:d6:dc:e1:6a:d0:52:47:22:4b:
                    e2:40:df:95:24:35:d8:1d:14:54:bf:c5:a4:53:07:
                    c5:5c:f7:90:88:41:cf:28:c5:b8:a7:31:9c:a8:fe:
                    d3:de:e3:a2:de:f1:2c:1a:e2:17:fe:29:f3:c1:6b:
                    9d:d5:4d:40:37:dc:6e:b4:9a:b4:f2:2e:ba:cf:97:
                    ff:ef:d9:84:5b:11:d4:cc:11:bf:19:07:d1:c3:a3:
                    04:47:cc:4b:ce:f3:26:66:79:d0:46:9d:ef:87:fb:
                    8e:9a:c2:c3:6b:c8:65:2e:3b:44:b9:89:34:1d:62:
                    eb:7a:9b:c3:f5:eb:a1:62:ac:73:ad:8d:86:de:6b:
                    84:d1:47:ad:d7:4b:98:79:53:b1:d2:ec:b4:9a:01:
                    72:33:46:78:04:68:50:14:fc:55:35:a0:d0:f9:9d:
                    87:0b:e5:87:c2:2d:3b:4b:7b:48:3f:47:bb:0f:64:
                    3a:3c:8c:3e:72:0c:de:d5:39:45:d5:95:f1:79:44:
                    74:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:3B:DB:E5:5F:CD:BD:7C:D5:07:BD:7B:A5:D0:93:0F:6D:1B:6F:4D
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/bDvb5V_NvXzVB717pdCTD20bb00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:a6:b3:0b:0c:65:7b:e0:33:db:14:ae:c8:f1:40:9d:4d:12:
         e8:2d:d3:a5:0e:8a:20:a0:0f:ad:2c:f5:29:75:51:11:d7:91:
         7e:b2:72:3f:96:47:48:bb:d2:2d:6e:42:d5:3e:37:05:f2:4f:
         e0:70:c1:f5:c9:84:2c:b2:50:37:c8:4d:41:e3:5c:3b:e2:83:
         aa:e2:5e:b4:28:ad:6b:a1:32:e1:63:cb:3d:06:17:3c:a9:e8:
         22:de:e5:28:ef:e4:19:18:94:05:bd:73:83:fc:8d:18:80:58:
         e8:8f:97:e1:c8:c9:41:bf:e6:8b:47:83:ee:8f:96:90:b0:bc:
         7d:b9:dd:26:a5:5a:ad:17:f7:14:e7:1f:40:a3:ff:15:07:f9:
         4b:b2:0e:ae:27:8f:fc:03:60:57:6d:b3:50:6e:ff:50:20:94:
         8a:b6:e8:46:4d:cd:d6:4e:18:50:4b:2a:33:fe:5c:88:a4:c0:
         92:fe:c2:55:ad:eb:9d:27:28:a7:06:06:4f:08:15:35:56:ca:
         94:94:06:c0:1e:0e:82:68:6c:a3:39:a3:7c:cc:3c:11:78:72:
         3b:62:37:91:48:21:09:a8:33:1e:fb:0f:cc:65:c3:63:79:b3:
         63:7a:3a:60:3a:e3:bb:07:56:c5:f5:84:b0:4f:cb:8d:98:f9:
         40:b6:ea:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2iseUHqIsDhOMAaJCE+32CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDE4MjIyNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzNiZGJlNTVmY2RiZDdjZDUwN2JkN2JhNWQwOTMwZjZkMWI2ZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kHYHm0Lb1UHPvzCFEUydoKsEWfN
aGXuwLLw9E1sHUoazuKD6KsviaBkSC/ThPNr2axXkCTsz4aXzZxy3Rz2DPzW3OFq
0FJHIkviQN+VJDXYHRRUv8WkUwfFXPeQiEHPKMW4pzGcqP7T3uOi3vEsGuIX/inz
wWud1U1AN9xutJq08i66z5f/79mEWxHUzBG/GQfRw6MER8xLzvMmZnnQRp3vh/uO
msLDa8hlLjtEuYk0HWLrepvD9euhYqxzrY2G3muE0Uet10uYeVOx0uy0mgFyM0Z4
BGhQFPxVNaDQ+Z2HC+WHwi07S3tIP0e7D2Q6PIw+cgze1TlF1ZXxeUR0gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGw72+Vfzb181Qe9e6XQkw9tG29NMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvYkR2YjVWX052WHpWQjcxN3BkQ1REMjBiYjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5PZMA0G
CSqGSIb3DQEBCwUAA4IBAQAiprMLDGV74DPbFK7I8UCdTRLoLdOlDoogoA+tLPUp
dVER15F+snI/lkdIu9ItbkLVPjcF8k/gcMH1yYQsslA3yE1B41w74oOq4l60KK1r
oTLhY8s9Bhc8qegi3uUo7+QZGJQFvXOD/I0YgFjoj5fhyMlBv+aLR4Puj5aQsLx9
ud0mpVqtF/cU5x9Ao/8VB/lLsg6uJ4/8A2BXbbNQbv9QIJSKtuhGTc3WThhQSyoz
/lyIpMCS/sJVreudJyinBgZPCBU1VsqUlAbAHg6CaGyjOaN8zDwReHI7YjeRSCEJ
qDMe+w/MZcNjebNjejpgOuO7B1bF9YSwT8uNmPlAtupa
-----END CERTIFICATE-----