Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/0PDWE0nMAiZTt99GCoWTLfpUdds.roa
File:                     0PDWE0nMAiZTt99GCoWTLfpUdds.roa (raw, json)
Hash identifier:          10Qjb6N84Go0JfMlcwy2hguZG6CNNMPMXT+0qVZv6NQ=
Subject key identifier:   D0:F0:D6:13:49:CC:02:26:53:B7:DF:46:0A:85:93:2D:FA:54:75:DB
Certificate issuer:       /CN=95d108f0e85868c2bbe7db6d7377034c131eb224
Certificate serial:       019E83109A9CFD16D97BFB0BF5D34C52DE5D
Authority key identifier: 95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/0PDWE0nMAiZTt99GCoWTLfpUdds.roa
Signing time:             Mon 01 Jun 2026 12:02:43 +0000
ROA not before:           Mon 01 Jun 2026 12:02:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43278
IP address blocks:        189.74.109.0/24 maxlen: 24
                          189.74.110.0/24 maxlen: 24
                          189.74.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:10:9a:9c:fd:16:d9:7b:fb:0b:f5:d3:4c:52:de:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d108f0e85868c2bbe7db6d7377034c131eb224
        Validity
            Not Before: Jun  1 12:02:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0f0d61349cc022653b7df460a85932dfa5475db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:97:dd:9b:cf:7f:b5:17:15:5a:57:ef:1c:75:
                    86:1f:50:19:01:43:d0:f3:ba:c5:ea:a9:c1:5f:dd:
                    ba:85:70:0e:3f:15:6c:31:22:a7:ee:6a:49:30:a8:
                    b3:14:52:76:d6:17:46:0d:91:92:c1:bb:d9:b0:1f:
                    92:f4:26:65:a9:88:0f:78:96:93:1f:08:e1:70:39:
                    12:cd:63:70:1e:9f:dd:17:8c:78:ab:09:71:69:6c:
                    bf:47:da:d9:05:9f:b8:0b:45:6a:7e:e3:1d:0d:13:
                    94:1b:ea:fb:b3:41:93:2c:68:99:dc:76:2e:05:0a:
                    72:c6:fa:6e:15:74:30:78:fa:54:76:80:5c:08:86:
                    a4:02:de:3c:e0:24:8d:31:2c:2e:49:c4:3e:6f:fc:
                    c2:8f:19:f8:0d:1b:9d:ad:5c:72:9b:d1:b5:38:19:
                    dc:54:76:03:ae:c7:a2:81:da:5f:63:f4:65:d7:c8:
                    f4:10:2a:ec:cb:a8:e1:6d:7d:7c:17:42:18:cb:16:
                    5b:45:31:28:9d:bd:44:d3:d9:55:dc:a0:46:fd:c5:
                    a4:44:41:ae:d9:b1:c9:f4:fe:8b:61:f1:55:16:3d:
                    71:c1:75:e3:28:be:6c:eb:d4:53:90:02:f9:75:5a:
                    52:50:23:5f:88:6d:41:42:c8:2e:d2:a4:cd:99:43:
                    60:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F0:D6:13:49:CC:02:26:53:B7:DF:46:0A:85:93:2D:FA:54:75:DB
            X509v3 Authority Key Identifier:
                keyid:95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/0PDWE0nMAiZTt99GCoWTLfpUdds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.74.109.0-189.74.111.255

    Signature Algorithm: sha256WithRSAEncryption
         2c:c0:f0:e4:7d:3a:28:78:46:d3:51:81:15:d6:dd:78:f6:94:
         83:02:c8:0f:b1:0a:06:db:cc:72:cb:1d:95:e4:45:a2:8a:c1:
         c0:d1:40:42:bf:57:bc:30:2d:3a:0e:76:d5:c7:49:4a:02:09:
         e0:bb:61:8c:cc:89:31:26:43:e6:6a:b6:2f:2f:46:5d:c3:d3:
         cf:70:53:80:fb:cc:e6:c0:cf:18:fe:8d:4c:65:07:ee:bd:4d:
         0d:a1:cb:50:eb:5e:7a:4b:64:cd:40:7d:ad:e8:3c:91:fb:3d:
         56:0c:4b:c1:65:b3:c7:6b:87:b2:47:2c:65:98:91:6f:16:ae:
         75:f0:88:40:af:3f:14:6b:56:87:48:da:03:61:d0:f4:d3:03:
         60:f0:83:2b:ae:04:83:a4:24:eb:96:0b:a7:72:70:42:b5:ae:
         80:3d:d9:d3:ee:ca:4e:b0:80:f5:10:bc:d3:b5:19:89:02:8d:
         77:1e:49:f9:18:e6:65:90:fc:67:e3:63:06:f6:4e:46:e2:c2:
         9c:2d:f0:5a:0a:3b:f5:79:bf:1f:9e:92:46:cb:4e:47:e0:2d:
         0c:8a:d8:a7:05:b1:b4:58:81:72:27:52:43:20:5f:e6:23:cc:
         07:69:57:f1:28:09:87:e0:a2:dd:f8:cb:af:ac:ff:8e:81:83:
         5b:a5:6d:8c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6DEJqc/RbZe/sL9dNMUt5dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDEwOGYwZTg1ODY4YzJiYmU3ZGI2ZDczNzcwMzRjMTMx
ZWIyMjQwHhcNMjYwNjAxMTIwMjQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGYwZDYxMzQ5Y2MwMjI2NTNiN2RmNDYwYTg1OTMyZGZhNTQ3NWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5fdm89/tRcVWlfvHHWGH1AZAUPQ
87rF6qnBX926hXAOPxVsMSKn7mpJMKizFFJ21hdGDZGSwbvZsB+S9CZlqYgPeJaT
HwjhcDkSzWNwHp/dF4x4qwlxaWy/R9rZBZ+4C0VqfuMdDROUG+r7s0GTLGiZ3HYu
BQpyxvpuFXQwePpUdoBcCIakAt484CSNMSwuScQ+b/zCjxn4DRudrVxym9G1OBnc
VHYDrseigdpfY/Rl18j0ECrsy6jhbX18F0IYyxZbRTEonb1E09lV3KBG/cWkREGu
2bHJ9P6LYfFVFj1xwXXjKL5s69RTkAL5dVpSUCNfiG1BQsgu0qTNmUNgLwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNDw1hNJzAImU7ffRgqFky36VHXbMB8GA1UdIwQY
MBaAFJXRCPDoWGjCu+fbbXN3A0wTHrIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYt
NzJmYjk3ZDU5Y2U0LzEvMFBEV0Uwbk1BaVpUdDk5R0NvV1RMZnBVZGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYtNzJmYjk3ZDU5Y2U0
LzEvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC9Sm0D
BAS9SmAwDQYJKoZIhvcNAQELBQADggEBACzA8OR9Oih4RtNRgRXW3Xj2lIMCyA+x
CgbbzHLLHZXkRaKKwcDRQEK/V7wwLToOdtXHSUoCCeC7YYzMiTEmQ+Zqti8vRl3D
089wU4D7zObAzxj+jUxlB+69TQ2hy1DrXnpLZM1Afa3oPJH7PVYMS8Fls8drh7JH
LGWYkW8WrnXwiECvPxRrVodI2gNh0PTTA2DwgyuuBIOkJOuWC6dycEK1roA92dPu
yk6wgPUQvNO1GYkCjXceSfkY5mWQ/GfjYwb2Tkbiwpwt8FoKO/V5vx+ekkbLTkfg
LQyK2KcFsbRYgXInUkMgX+YjzAdpV/EoCYfgot34y6+s/46Bg1ulbYw=
-----END CERTIFICATE-----