Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/FWgd2JCKMTZw7_VQGs-qHzlqFbU.roa
File:                     FWgd2JCKMTZw7_VQGs-qHzlqFbU.roa (raw, json)
Hash identifier:          sRiK+E5Lan4yJvQbTQd98nBYuyMD15D5DvZnyQZBwA8=
Subject key identifier:   15:68:1D:D8:90:8A:31:36:70:EF:F5:50:1A:CF:AA:1F:39:6A:15:B5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019DC040D369C40BECD1E77BCF404F5B94C1
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/FWgd2JCKMTZw7_VQGs-qHzlqFbU.roa
Signing time:             Fri 24 Apr 2026 16:09:27 +0000
ROA not before:           Fri 24 Apr 2026 16:09:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273195
IP address blocks:        185.181.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 22:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c0:40:d3:69:c4:0b:ec:d1:e7:7b:cf:40:4f:5b:94:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Apr 24 16:09:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15681dd8908a313670eff5501acfaa1f396a15b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5c:e6:27:08:5b:61:34:51:c3:3e:1f:bb:93:
                    b6:42:be:33:4f:2a:ca:e5:69:b1:ed:4e:63:a1:3b:
                    94:c3:a6:9e:97:13:a7:ac:3b:67:95:af:3a:a2:ed:
                    d0:28:b9:ce:3b:19:ce:28:af:bd:9e:31:76:a1:ae:
                    3f:03:73:46:94:97:cf:b1:ce:fb:cc:58:2d:73:39:
                    0f:a8:e6:43:c0:31:4f:e5:83:e6:b2:40:de:d3:94:
                    58:cd:f9:42:db:df:c1:e2:78:37:b2:55:a8:f9:33:
                    66:e0:08:f1:09:68:f8:fe:10:a6:36:52:37:78:66:
                    25:2b:4c:78:a5:fa:8a:c0:76:d1:10:0e:58:13:7e:
                    29:37:6d:5c:88:67:cc:bd:15:7c:10:8b:1c:b1:d4:
                    17:bc:1f:8a:6e:c7:9a:25:84:0e:db:54:e9:fc:a9:
                    f2:b7:25:de:64:76:12:02:6e:9e:35:36:57:ca:fd:
                    33:96:f8:b5:44:15:09:24:b7:e7:5f:91:ae:25:27:
                    7c:76:f0:e5:55:0d:2c:7e:47:c3:37:80:d6:12:28:
                    8e:bb:b5:de:b5:5a:63:ad:f0:de:1b:69:bc:13:4b:
                    fc:04:16:e0:a4:04:8c:82:aa:67:94:a7:4e:59:5c:
                    31:52:29:76:d8:d6:c9:3e:3b:4e:cf:3b:95:c5:6b:
                    22:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:68:1D:D8:90:8A:31:36:70:EF:F5:50:1A:CF:AA:1F:39:6A:15:B5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/FWgd2JCKMTZw7_VQGs-qHzlqFbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:b5:79:47:2e:2b:33:3a:d8:57:d5:0d:02:76:3c:27:43:2d:
         77:03:6c:72:2d:5b:7b:ce:f7:b5:fa:c4:be:b4:b7:91:72:b2:
         0c:1d:f0:dd:50:eb:36:e2:45:25:cd:4f:17:28:91:fb:81:60:
         ce:79:46:57:23:99:b2:9a:63:f4:4f:de:34:c2:15:9a:c8:e4:
         29:52:55:5c:1b:89:d2:0c:d6:d1:c8:dc:33:7d:a7:30:e0:03:
         d5:fe:09:b2:b5:df:84:1b:41:e4:27:56:f2:d9:7d:08:d0:f2:
         de:c6:53:f1:50:14:58:be:cc:ad:f0:93:c6:a2:5f:bc:3f:71:
         a9:c8:8c:3b:c9:cc:f9:30:30:49:fb:56:7a:2b:d3:4f:17:d2:
         95:ee:4a:26:4d:8c:6b:65:dd:41:8a:7e:84:50:a4:8c:c4:b6:
         0a:e7:24:89:40:cf:85:e3:cf:6c:17:ac:33:cc:4f:07:45:28:
         4d:f3:1f:96:c6:4b:18:cb:d0:cc:1c:ad:c1:be:39:36:08:4e:
         d1:35:5e:35:36:fa:0d:75:f8:32:aa:3d:52:ff:9e:e9:c5:12:
         e2:fe:76:77:6a:c2:74:45:e3:23:73:3b:6c:77:e7:ab:b5:bb:
         3d:2c:69:c6:f4:fa:47:96:56:93:ed:2a:da:a0:a8:e4:2a:9a:
         bb:f9:e3:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3AQNNpxAvs0ed7z0BPW5TBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNDI0MTYwOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTY4MWRkODkwOGEzMTM2NzBlZmY1NTAxYWNmYWExZjM5NmExNWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFzmJwhbYTRRwz4fu5O2Qr4zTyrK
5Wmx7U5joTuUw6aelxOnrDtnla86ou3QKLnOOxnOKK+9njF2oa4/A3NGlJfPsc77
zFgtczkPqOZDwDFP5YPmskDe05RYzflC29/B4ng3slWo+TNm4AjxCWj4/hCmNlI3
eGYlK0x4pfqKwHbREA5YE34pN21ciGfMvRV8EIscsdQXvB+KbseaJYQO21Tp/Kny
tyXeZHYSAm6eNTZXyv0zlvi1RBUJJLfnX5GuJSd8dvDlVQ0sfkfDN4DWEiiOu7Xe
tVpjrfDeG2m8E0v8BBbgpASMgqpnlKdOWVwxUil22NbJPjtOzzuVxWsi1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVoHdiQijE2cO/1UBrPqh85ahW1MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvRldnZDJKQ0tNVFp3N19WUUdzLXFIemxxRmJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubUiMA0G
CSqGSIb3DQEBCwUAA4IBAQBStXlHLiszOthX1Q0CdjwnQy13A2xyLVt7zve1+sS+
tLeRcrIMHfDdUOs24kUlzU8XKJH7gWDOeUZXI5mymmP0T940whWayOQpUlVcG4nS
DNbRyNwzfacw4APV/gmytd+EG0HkJ1by2X0I0PLexlPxUBRYvsyt8JPGol+8P3Gp
yIw7ycz5MDBJ+1Z6K9NPF9KV7komTYxrZd1Bin6EUKSMxLYK5ySJQM+F489sF6wz
zE8HRShN8x+WxksYy9DMHK3Bvjk2CE7RNV41NvoNdfgyqj1S/57pxRLi/nZ3asJ0
ReMjcztsd+ertbs9LGnG9PpHllaT7SraoKjkKpq7+eNW
-----END CERTIFICATE-----