Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/kADVg105h_GWzfxThtyA_fhTqC0.roa
File:                     kADVg105h_GWzfxThtyA_fhTqC0.roa (raw, json)
Hash identifier:          LC09wEDqsrJf0AUeaUkaZqlAVX+H70zFJW/aF5Y55P4=
Subject key identifier:   90:00:D5:83:5D:39:87:F1:96:CD:FC:53:86:DC:80:FD:F8:53:A8:2D
Certificate issuer:       /CN=55d5dc9e220112a27c152bc32389038974ae4572
Certificate serial:       019CB400FDACF16F258D21858A626677F40E
Authority key identifier: 55:D5:DC:9E:22:01:12:A2:7C:15:2B:C3:23:89:03:89:74:AE:45:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/kADVg105h_GWzfxThtyA_fhTqC0.roa
Signing time:             Tue 03 Mar 2026 14:01:29 +0000
ROA not before:           Tue 03 Mar 2026 14:01:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25091
IP address blocks:        94.100.138.0/23 maxlen: 23
                          94.100.143.0/24 maxlen: 24
                          2a01:6780:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 17:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b4:00:fd:ac:f1:6f:25:8d:21:85:8a:62:66:77:f4:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55d5dc9e220112a27c152bc32389038974ae4572
        Validity
            Not Before: Mar  3 14:01:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9000d5835d3987f196cdfc5386dc80fdf853a82d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:69:88:8e:de:6a:a7:d8:40:89:55:bf:a1:d1:
                    ab:82:22:38:7c:3f:89:3f:d5:94:27:48:04:c8:71:
                    43:8e:0d:f9:86:cf:17:bf:23:93:eb:57:94:88:87:
                    96:73:bc:9b:1b:67:e2:2b:0f:3c:8a:15:69:37:da:
                    ff:59:77:19:84:dc:26:ec:98:dc:0a:de:b9:71:c4:
                    fe:3a:05:5f:f8:a0:e5:52:91:a6:a7:1e:1d:24:ae:
                    3d:7e:9b:51:40:21:f3:97:af:0e:5f:91:9e:e5:a1:
                    dd:2b:a5:a7:8e:6a:78:13:8b:61:be:db:b1:85:b2:
                    6c:bb:92:8a:4f:e1:e1:35:8a:43:c0:c4:dd:33:54:
                    2f:cb:1b:36:63:5b:a6:cd:ca:cf:e4:15:d8:e3:19:
                    d6:e9:01:71:a6:b9:57:c6:a2:73:4b:22:a5:8e:61:
                    b5:53:6f:d7:e4:a6:fc:16:0f:47:81:75:a2:82:f6:
                    cd:4d:d9:df:1e:30:35:27:15:18:bd:d7:c6:96:ab:
                    7d:3a:44:d1:05:fa:b7:2b:2f:cc:ef:a4:3e:0c:66:
                    13:39:9f:4c:c8:26:61:02:d4:71:27:8d:e2:53:95:
                    4a:a1:24:ed:70:79:df:14:5f:89:91:6a:6f:ba:aa:
                    93:6c:81:61:c0:0d:51:07:d8:46:1c:d1:64:51:10:
                    3d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:00:D5:83:5D:39:87:F1:96:CD:FC:53:86:DC:80:FD:F8:53:A8:2D
            X509v3 Authority Key Identifier:
                keyid:55:D5:DC:9E:22:01:12:A2:7C:15:2B:C3:23:89:03:89:74:AE:45:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/kADVg105h_GWzfxThtyA_fhTqC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.100.138.0/23
                  94.100.143.0/24
                IPv6:
                  2a01:6780:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:6d:6e:3d:76:10:fb:4f:b1:ab:55:49:c9:3e:d4:26:00:a4:
         95:85:b0:91:7d:13:47:85:1b:72:5d:1b:9e:81:a4:f9:c5:50:
         15:f8:8d:c2:c7:85:a9:55:03:7e:ba:06:4f:02:1d:21:12:5b:
         f8:dc:91:d0:76:fd:d7:a7:6c:93:19:6b:a8:8c:a2:5e:b8:71:
         38:99:39:ef:7e:f6:c2:1d:64:05:10:5a:92:16:89:d8:3a:eb:
         6d:ad:63:08:61:33:3b:3a:7d:01:38:41:e6:a3:3d:8d:fa:d0:
         0c:cd:a9:f6:e5:96:e0:be:7a:4e:ff:f7:44:b9:fb:a8:65:d4:
         f6:e5:33:3e:c7:10:10:03:81:ca:00:e3:4b:b7:9a:d6:46:32:
         c9:b5:92:b8:13:ad:62:a9:23:47:39:e7:87:0e:27:d1:14:5f:
         95:7b:74:2e:fe:b4:1c:fc:d5:1f:92:43:58:79:b3:98:bd:d9:
         19:c6:fa:90:ca:70:ae:48:7a:0e:b2:73:7f:43:8f:c2:49:b8:
         5f:ea:06:45:af:64:b4:46:0b:ce:1c:97:65:14:ed:9f:5b:b0:
         13:a0:ad:97:73:95:2e:ea:7f:c4:7e:87:65:dc:eb:d4:28:79:
         39:e2:23:c5:ec:5a:6a:8e:48:76:d5:e7:aa:4f:e0:41:ec:47:
         40:35:76:9f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZy0AP2s8W8ljSGFimJmd/QOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZDVkYzllMjIwMTEyYTI3YzE1MmJjMzIzODkwMzg5NzRh
ZTQ1NzIwHhcNMjYwMzAzMTQwMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDAwZDU4MzVkMzk4N2YxOTZjZGZjNTM4NmRjODBmZGY4NTNhODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32mIjt5qp9hAiVW/odGrgiI4fD+J
P9WUJ0gEyHFDjg35hs8XvyOT61eUiIeWc7ybG2fiKw88ihVpN9r/WXcZhNwm7Jjc
Ct65ccT+OgVf+KDlUpGmpx4dJK49fptRQCHzl68OX5Ge5aHdK6Wnjmp4E4thvtux
hbJsu5KKT+HhNYpDwMTdM1Qvyxs2Y1umzcrP5BXY4xnW6QFxprlXxqJzSyKljmG1
U2/X5Kb8Fg9HgXWigvbNTdnfHjA1JxUYvdfGlqt9OkTRBfq3Ky/M76Q+DGYTOZ9M
yCZhAtRxJ43iU5VKoSTtcHnfFF+JkWpvuqqTbIFhwA1RB9hGHNFkURA9qQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJAA1YNdOYfxls38U4bcgP34U6gtMB8GA1UdIwQY
MBaAFFXV3J4iARKifBUrwyOJA4l0rkVyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmRYY25pSUJFcUo4RlN2REk0a0RpWFN1UlhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kOGVkNDEtNzFmNi00YmI3LWEzZWUt
YTBiYjE0MGE1OTZlLzEva0FEVmcxMDVoX0dXemZ4VGh0eUFfZmhUcUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kOGVkNDEtNzFmNi00YmI3LWEzZWUtYTBiYjE0MGE1OTZl
LzEvVmRYY25pSUJFcUo4RlN2REk0a0RpWFN1UlhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBXmSKAwQA
XmSPMA8EAgACMAkDBwAqAWeAABIwDQYJKoZIhvcNAQELBQADggEBACptbj12EPtP
satVSck+1CYApJWFsJF9E0eFG3JdG56BpPnFUBX4jcLHhalVA366Bk8CHSESW/jc
kdB2/denbJMZa6iMol64cTiZOe9+9sIdZAUQWpIWidg6622tYwhhMzs6fQE4Qeaj
PY360AzNqfblluC+ek7/90S5+6hl1PblMz7HEBADgcoA40u3mtZGMsm1krgTrWKp
I0c554cOJ9EUX5V7dC7+tBz81R+SQ1h5s5i92RnG+pDKcK5Ieg6yc39Dj8JJuF/q
BkWvZLRGC84cl2UU7Z9bsBOgrZdzlS7qf8R+h2Xc69QoeTniI8XsWmqOSHbV56pP
4EHsR0A1dp8=
-----END CERTIFICATE-----