Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Mb17AOKZNC1KtKmoS5wai5IdIbo.roa
File:                     Mb17AOKZNC1KtKmoS5wai5IdIbo.roa (raw, json)
Hash identifier:          R/E+muLS2RYpCjFJb4AXDVul1IdGidHedeLvMIE70cg=
Subject key identifier:   31:BD:7B:00:E2:99:34:2D:4A:B4:A9:A8:4B:9C:1A:8B:92:1D:21:BA
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       019D0A062B268264A8DEA83F1D290A3ED5D5
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Mb17AOKZNC1KtKmoS5wai5IdIbo.roa
Signing time:             Fri 20 Mar 2026 06:54:29 +0000
ROA not before:           Fri 20 Mar 2026 06:54:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.251.82.0/23 maxlen: 24
                          194.4.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 03:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:06:2b:26:82:64:a8:de:a8:3f:1d:29:0a:3e:d5:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Mar 20 06:54:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31bd7b00e299342d4ab4a9a84b9c1a8b921d21ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:63:b6:57:f6:6e:72:60:ff:6a:53:2e:50:0e:
                    99:a6:f3:36:e5:29:c2:9a:f6:6c:92:dd:a9:82:e1:
                    2e:20:99:50:83:db:64:03:bf:fd:99:87:80:72:fa:
                    00:ec:c6:9c:5d:0f:14:fb:b1:d2:9e:9f:3a:ce:50:
                    50:b3:d2:23:e0:3a:b1:c0:31:73:bc:a0:6f:1e:77:
                    de:f6:0b:89:9f:86:6a:07:4d:21:09:f3:66:00:a8:
                    ac:59:22:c1:92:76:0b:d4:b3:5b:28:b4:e0:1c:96:
                    0f:ec:2c:41:07:95:62:93:b0:9c:bc:76:9f:9a:45:
                    30:91:5d:b6:a7:6f:4f:46:c7:ff:ab:3c:5e:8d:a4:
                    5a:38:cd:b5:50:31:5a:7d:75:02:d7:f3:40:7e:54:
                    ee:20:ca:7d:84:11:77:8d:31:c3:48:f6:67:d9:87:
                    54:30:56:ff:1d:9f:64:cd:08:ca:10:37:6c:87:70:
                    af:bb:90:44:35:51:3f:70:e7:c2:f2:f0:50:e7:34:
                    04:7d:e3:a2:ec:73:a2:36:05:53:51:95:ae:3e:8d:
                    54:64:55:22:d6:e7:8d:4e:37:39:15:bc:1d:8e:ea:
                    2c:f2:a6:bd:ed:06:5e:59:da:fe:8d:20:b2:c4:ab:
                    cc:1c:3c:4c:1b:56:2e:f4:d1:24:e3:d0:b5:3c:95:
                    94:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:BD:7B:00:E2:99:34:2D:4A:B4:A9:A8:4B:9C:1A:8B:92:1D:21:BA
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Mb17AOKZNC1KtKmoS5wai5IdIbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.82.0/23
                  194.4.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:95:11:3c:88:6b:85:92:10:91:c5:30:15:fe:49:d1:de:a5:
         15:99:83:f4:e4:c9:94:48:ef:53:cf:61:e9:c4:a0:b2:10:d5:
         38:ae:72:4d:d0:67:28:94:31:2d:4c:4f:a0:82:a6:ed:3d:0f:
         c2:c7:cc:fa:49:43:f7:72:66:c1:14:08:a1:31:e4:1c:c6:ce:
         c6:c7:ae:da:46:23:d1:4b:89:54:86:e7:7e:21:6e:41:b6:84:
         45:15:16:4c:32:1c:ef:07:23:9b:7b:dd:8f:6d:5e:a8:1b:c3:
         01:76:c0:0a:6d:46:0b:0c:72:5d:09:23:9b:35:3a:b8:69:1c:
         50:c9:a1:bf:92:7d:a8:1c:05:6e:87:95:0b:28:88:00:5e:a8:
         d1:d5:08:5c:c1:22:ae:ce:a8:a9:5e:8f:df:95:24:b9:1c:36:
         15:aa:54:1f:cd:55:d8:26:c8:7b:22:92:75:69:89:ae:58:6d:
         25:26:e1:c8:a5:f0:e0:27:8e:b6:40:32:bd:55:37:79:86:ff:
         ab:60:0a:45:c4:0f:08:12:f0:e0:fb:56:72:7c:25:12:25:84:
         bb:e5:d0:00:ac:80:e7:9f:5f:bf:4f:82:24:fc:9c:89:6a:8a:
         57:c3:c6:9b:db:14:aa:a4:11:be:eb:a5:b9:ae:bd:62:98:6c:
         81:9c:72:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0KBismgmSo3qg/HSkKPtXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjYwMzIwMDY1NDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWJkN2IwMGUyOTkzNDJkNGFiNGE5YTg0YjljMWE4YjkyMWQyMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32O2V/ZucmD/alMuUA6ZpvM25SnC
mvZskt2pguEuIJlQg9tkA7/9mYeAcvoA7MacXQ8U+7HSnp86zlBQs9Ij4DqxwDFz
vKBvHnfe9guJn4ZqB00hCfNmAKisWSLBknYL1LNbKLTgHJYP7CxBB5Vik7CcvHaf
mkUwkV22p29PRsf/qzxejaRaOM21UDFafXUC1/NAflTuIMp9hBF3jTHDSPZn2YdU
MFb/HZ9kzQjKEDdsh3Cvu5BENVE/cOfC8vBQ5zQEfeOi7HOiNgVTUZWuPo1UZFUi
1ueNTjc5Fbwdjuos8qa97QZeWdr+jSCyxKvMHDxMG1Yu9NEk49C1PJWU7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDG9ewDimTQtSrSpqEucGouSHSG6MB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvTWIxN0FPS1pOQzFLdEttb1M1d2FpNUlkSWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuftSAwQA
wgQ3MA0GCSqGSIb3DQEBCwUAA4IBAQCFlRE8iGuFkhCRxTAV/knR3qUVmYP05MmU
SO9Tz2HpxKCyENU4rnJN0GcolDEtTE+ggqbtPQ/Cx8z6SUP3cmbBFAihMeQcxs7G
x67aRiPRS4lUhud+IW5BtoRFFRZMMhzvByObe92PbV6oG8MBdsAKbUYLDHJdCSOb
NTq4aRxQyaG/kn2oHAVuh5ULKIgAXqjR1QhcwSKuzqipXo/flSS5HDYVqlQfzVXY
Jsh7IpJ1aYmuWG0lJuHIpfDgJ462QDK9VTd5hv+rYApFxA8IEvDg+1ZyfCUSJYS7
5dAArIDnn1+/T4Ik/JyJaopXw8ab2xSqpBG+66W5rr1imGyBnHKR
-----END CERTIFICATE-----