Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/617e9a-0d3a-47f8-9856-1da055e8b4f3/1/67omSHCgJ7E6ODNlsF6qaRqTPEA.roa
File:                     67omSHCgJ7E6ODNlsF6qaRqTPEA.roa (raw, json)
Hash identifier:          dOFOtK+G0q4faDtqEdXQ7Mev65YvmGNEPtq6H3hEE94=
Subject key identifier:   EB:BA:26:48:70:A0:27:B1:3A:38:33:65:B0:5E:AA:69:1A:93:3C:40
Certificate issuer:       /CN=1394ee52c365ad1d3abc0e30e40d110599261790
Certificate serial:       019DD3E8E7252F84AFBEA5B6A9DA51DC5A20
Authority key identifier: 13:94:EE:52:C3:65:AD:1D:3A:BC:0E:30:E4:0D:11:05:99:26:17:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E5TuUsNlrR06vA4w5A0RBZkmF5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/617e9a-0d3a-47f8-9856-1da055e8b4f3/1/67omSHCgJ7E6ODNlsF6qaRqTPEA.roa
Signing time:             Tue 28 Apr 2026 11:45:49 +0000
ROA not before:           Tue 28 Apr 2026 11:45:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49151
IP address blocks:        185.53.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/617e9a-0d3a-47f8-9856-1da055e8b4f3/1/E5TuUsNlrR06vA4w5A0RBZkmF5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/617e9a-0d3a-47f8-9856-1da055e8b4f3/1/E5TuUsNlrR06vA4w5A0RBZkmF5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E5TuUsNlrR06vA4w5A0RBZkmF5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 11:45:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:e8:e7:25:2f:84:af:be:a5:b6:a9:da:51:dc:5a:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1394ee52c365ad1d3abc0e30e40d110599261790
        Validity
            Not Before: Apr 28 11:45:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ebba264870a027b13a383365b05eaa691a933c40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9b:3f:7a:dc:e5:02:3b:6c:d7:45:06:e7:18:
                    43:f0:f4:2a:6e:9c:1d:6d:43:bd:17:65:ca:38:c0:
                    d3:ca:19:57:69:12:26:97:5b:0f:48:dd:02:a1:74:
                    7b:de:e5:f7:b0:60:49:67:7e:2b:7a:81:61:a0:3e:
                    37:f5:04:1d:19:36:5a:46:f5:10:3f:b7:4f:b5:9c:
                    25:d7:8d:43:8f:02:3c:5c:cb:ca:ed:ef:00:d7:e9:
                    d5:85:03:36:a2:9e:86:12:5e:45:b9:b3:95:01:6a:
                    b4:4f:50:19:5d:d1:f8:f0:50:8b:8f:87:0f:07:c8:
                    c5:40:7a:fd:0e:72:ef:81:6f:a0:bf:61:fa:20:92:
                    59:a2:17:0a:9f:2e:24:46:47:7a:e8:88:ea:cb:e5:
                    68:77:48:59:5c:67:4f:b3:d7:fa:fb:62:e6:39:b3:
                    40:58:c8:51:79:62:ef:86:68:07:eb:cb:69:43:47:
                    f5:bd:ad:ed:7b:35:0e:d6:a8:85:07:d6:3e:99:27:
                    38:24:71:b9:02:94:4a:7b:06:f6:65:27:36:a7:c3:
                    04:1e:c9:61:e0:ad:44:62:b4:6b:9b:27:e2:4d:c9:
                    84:2c:2f:d8:ca:fb:e3:92:f5:a1:14:8f:a0:9c:f4:
                    91:a2:fc:fb:0f:4a:79:a2:fa:35:14:09:7b:70:11:
                    8d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:BA:26:48:70:A0:27:B1:3A:38:33:65:B0:5E:AA:69:1A:93:3C:40
            X509v3 Authority Key Identifier:
                keyid:13:94:EE:52:C3:65:AD:1D:3A:BC:0E:30:E4:0D:11:05:99:26:17:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E5TuUsNlrR06vA4w5A0RBZkmF5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/617e9a-0d3a-47f8-9856-1da055e8b4f3/1/67omSHCgJ7E6ODNlsF6qaRqTPEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/617e9a-0d3a-47f8-9856-1da055e8b4f3/1/E5TuUsNlrR06vA4w5A0RBZkmF5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:e6:2c:94:48:07:72:d9:eb:87:9d:40:5b:9b:c8:ce:b7:7e:
         3a:12:ec:b8:ca:b3:d3:3e:70:ca:a2:26:13:1e:b4:2b:b5:bf:
         5f:cc:5b:12:75:91:ac:93:3e:41:dd:d9:74:07:eb:9a:bf:9e:
         66:67:5a:a5:b6:29:63:4d:a8:e7:56:08:2f:6b:06:34:8c:14:
         80:ec:65:d9:f5:f6:82:5c:84:df:00:7c:d1:cd:c0:b7:74:bc:
         5a:70:40:c2:df:55:e1:11:44:11:dd:f5:44:80:9a:21:69:88:
         94:14:4d:0a:42:dc:71:56:57:e5:da:d7:2f:17:07:1c:1c:54:
         9e:d3:86:95:46:a7:45:f0:aa:11:1d:3b:81:e6:59:55:c2:3d:
         2f:bb:f8:86:c4:50:6c:4a:89:08:a4:ff:ac:a6:53:a6:00:1b:
         db:63:1e:13:11:96:36:62:fb:8c:68:69:50:5e:80:c5:a4:9c:
         5e:fd:d9:d9:14:6d:1f:de:ee:87:f4:13:98:4b:bb:1f:f4:fa:
         22:9e:91:3b:cc:00:e8:4f:56:64:3c:05:a0:a6:15:4d:81:a3:
         7b:b6:9b:d9:3c:b2:c8:6c:c4:a2:b8:b6:0a:05:2b:7d:7a:76:
         86:ba:18:1f:3b:54:ed:27:2d:13:19:47:bc:23:b5:51:09:22:
         da:41:1c:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3T6OclL4SvvqW2qdpR3FogMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzOTRlZTUyYzM2NWFkMWQzYWJjMGUzMGU0MGQxMTA1OTky
NjE3OTAwHhcNMjYwNDI4MTE0NTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmJhMjY0ODcwYTAyN2IxM2EzODMzNjViMDVlYWE2OTFhOTMzYzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ps/etzlAjts10UG5xhD8PQqbpwd
bUO9F2XKOMDTyhlXaRIml1sPSN0CoXR73uX3sGBJZ34reoFhoD439QQdGTZaRvUQ
P7dPtZwl141DjwI8XMvK7e8A1+nVhQM2op6GEl5FubOVAWq0T1AZXdH48FCLj4cP
B8jFQHr9DnLvgW+gv2H6IJJZohcKny4kRkd66Ijqy+Vod0hZXGdPs9f6+2LmObNA
WMhReWLvhmgH68tpQ0f1va3tezUO1qiFB9Y+mSc4JHG5ApRKewb2ZSc2p8MEHslh
4K1EYrRrmyfiTcmELC/YyvvjkvWhFI+gnPSRovz7D0p5ovo1FAl7cBGNPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOu6JkhwoCexOjgzZbBeqmkakzxAMB8GA1UdIwQY
MBaAFBOU7lLDZa0dOrwOMOQNEQWZJheQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTVUdVVzTmxyUjA2dkE0dzVBMFJCWmttRjVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82MTdlOWEtMGQzYS00N2Y4LTk4NTYt
MWRhMDU1ZThiNGYzLzEvNjdvbVNIQ2dKN0U2T0RObHNGNnFhUnFUUEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82MTdlOWEtMGQzYS00N2Y4LTk4NTYtMWRhMDU1ZThiNGYz
LzEvRTVUdVVzTmxyUjA2dkE0dzVBMFJCWmttRjVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTWTMA0G
CSqGSIb3DQEBCwUAA4IBAQBp5iyUSAdy2euHnUBbm8jOt346Euy4yrPTPnDKoiYT
HrQrtb9fzFsSdZGskz5B3dl0B+uav55mZ1qltiljTajnVggvawY0jBSA7GXZ9faC
XITfAHzRzcC3dLxacEDC31XhEUQR3fVEgJohaYiUFE0KQtxxVlfl2tcvFwccHFSe
04aVRqdF8KoRHTuB5llVwj0vu/iGxFBsSokIpP+splOmABvbYx4TEZY2YvuMaGlQ
XoDFpJxe/dnZFG0f3u6H9BOYS7sf9PoinpE7zADoT1ZkPAWgphVNgaN7tpvZPLLI
bMSiuLYKBSt9enaGuhgfO1TtJy0TGUe8I7VRCSLaQRzw
-----END CERTIFICATE-----