Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/50d88d-b12e-4d47-8a5e-e5bdd4bea4ae/1/RvkZEoK0HyizIOoF3aDu_3nGrKE.roa
File:                     RvkZEoK0HyizIOoF3aDu_3nGrKE.roa (raw, json)
Hash identifier:          BJ0nBnlY8vQ8ef9j08YqNE70rnN85bh90GtAddLxkHI=
Subject key identifier:   46:F9:19:12:82:B4:1F:28:B3:20:EA:05:DD:A0:EE:FF:79:C6:AC:A1
Certificate issuer:       /CN=54fd5d65a82668cc95f7feff55d51b70d1a99dea
Certificate serial:       019D2C0D3ADC377463ECB042D470FA4DC9A8
Authority key identifier: 54:FD:5D:65:A8:26:68:CC:95:F7:FE:FF:55:D5:1B:70:D1:A9:9D:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VP1dZagmaMyV9_7_VdUbcNGpneo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/50d88d-b12e-4d47-8a5e-e5bdd4bea4ae/1/RvkZEoK0HyizIOoF3aDu_3nGrKE.roa
Signing time:             Thu 26 Mar 2026 21:29:17 +0000
ROA not before:           Thu 26 Mar 2026 21:29:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63440
IP address blocks:        185.234.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/50d88d-b12e-4d47-8a5e-e5bdd4bea4ae/1/VP1dZagmaMyV9_7_VdUbcNGpneo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/50d88d-b12e-4d47-8a5e-e5bdd4bea4ae/1/VP1dZagmaMyV9_7_VdUbcNGpneo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VP1dZagmaMyV9_7_VdUbcNGpneo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2c:0d:3a:dc:37:74:63:ec:b0:42:d4:70:fa:4d:c9:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54fd5d65a82668cc95f7feff55d51b70d1a99dea
        Validity
            Not Before: Mar 26 21:29:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46f9191282b41f28b320ea05dda0eeff79c6aca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:1d:ad:6b:42:71:41:31:9b:1a:5a:82:ea:a4:
                    e7:59:3a:13:2f:2b:1a:ab:30:25:62:73:fe:bb:b2:
                    12:41:03:37:c4:a9:a9:16:08:1e:18:f8:43:56:2a:
                    8f:b6:94:3e:54:c5:67:e7:6d:86:5a:b4:71:81:36:
                    ab:a3:55:92:cf:4e:54:60:e3:e0:f3:be:16:a5:0c:
                    cd:20:10:c1:8f:22:13:36:20:23:b4:9b:09:2b:b5:
                    d3:c6:f5:80:f7:f0:6c:f6:9c:5a:68:d6:12:ca:bf:
                    f6:cb:4a:e7:62:c9:99:c1:b3:38:35:c9:97:2c:6d:
                    81:db:63:5c:df:8b:d6:3a:db:dc:58:d1:e5:08:29:
                    b4:a2:a8:2b:b3:df:cb:ca:88:b6:96:ea:61:83:c4:
                    3c:19:c4:7d:5e:10:13:7b:0a:5e:8b:d0:74:8b:c2:
                    17:c4:7c:b0:06:2d:00:11:d3:55:47:7e:3b:16:b7:
                    33:c9:a6:d9:39:08:c2:f4:f7:c4:74:35:dd:37:86:
                    1a:0d:10:fc:93:50:9b:43:da:65:13:cd:0a:3f:6f:
                    3f:f4:37:15:78:36:c5:3d:8e:15:e8:5e:89:11:c7:
                    10:c4:53:9a:e0:02:56:9d:ed:00:0c:5b:1e:a6:db:
                    83:b3:36:6d:bf:74:b2:ed:f2:00:a5:86:ce:e1:a0:
                    79:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F9:19:12:82:B4:1F:28:B3:20:EA:05:DD:A0:EE:FF:79:C6:AC:A1
            X509v3 Authority Key Identifier:
                keyid:54:FD:5D:65:A8:26:68:CC:95:F7:FE:FF:55:D5:1B:70:D1:A9:9D:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VP1dZagmaMyV9_7_VdUbcNGpneo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/50d88d-b12e-4d47-8a5e-e5bdd4bea4ae/1/RvkZEoK0HyizIOoF3aDu_3nGrKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/50d88d-b12e-4d47-8a5e-e5bdd4bea4ae/1/VP1dZagmaMyV9_7_VdUbcNGpneo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:29:da:26:1c:df:f4:6a:97:e8:9c:95:8c:6c:d1:ba:58:ac:
         19:37:68:0c:69:71:ba:bc:74:01:02:8d:e9:52:fa:91:f3:af:
         e2:fa:66:f0:db:64:12:73:f6:da:7b:3a:d3:5a:8d:a3:c4:5e:
         36:af:42:66:26:ce:a9:96:a5:70:ac:75:9b:06:94:2d:db:ec:
         f5:1f:12:b4:4c:0f:4b:52:5c:8a:e0:d6:2c:c7:4c:77:f8:be:
         41:0e:72:82:d6:83:74:5b:6b:3d:2c:d2:b3:b9:a0:8b:47:f2:
         57:b2:fd:0e:a1:91:6c:92:d1:e0:9c:b5:ca:75:f8:d8:7a:0b:
         45:10:43:f8:a6:32:30:68:36:c8:bb:25:7e:0d:41:c2:34:ba:
         17:85:8b:e9:be:f1:ca:e2:4a:e5:c9:ff:ad:1c:a1:50:0d:07:
         bf:ae:16:79:67:6a:f7:de:6d:f9:a3:48:e2:11:14:08:7a:40:
         42:38:69:b0:e5:8f:eb:00:da:ce:96:50:03:ce:b2:a7:9f:6e:
         46:4d:d4:cd:88:7a:e9:5d:ef:93:28:bb:28:5e:ea:b3:56:8b:
         c6:8b:03:e1:76:4b:7a:56:20:7e:ec:dd:37:83:8a:64:ee:8b:
         fe:bb:32:8f:37:86:15:74:ea:42:aa:3d:c9:8a:47:52:9a:ef:
         af:52:bb:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0sDTrcN3Rj7LBC1HD6TcmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ZmQ1ZDY1YTgyNjY4Y2M5NWY3ZmVmZjU1ZDUxYjcwZDFh
OTlkZWEwHhcNMjYwMzI2MjEyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmY5MTkxMjgyYjQxZjI4YjMyMGVhMDVkZGEwZWVmZjc5YzZhY2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1h2ta0JxQTGbGlqC6qTnWToTLysa
qzAlYnP+u7ISQQM3xKmpFggeGPhDViqPtpQ+VMVn522GWrRxgTaro1WSz05UYOPg
874WpQzNIBDBjyITNiAjtJsJK7XTxvWA9/Bs9pxaaNYSyr/2y0rnYsmZwbM4NcmX
LG2B22Nc34vWOtvcWNHlCCm0oqgrs9/Lyoi2luphg8Q8GcR9XhATewpei9B0i8IX
xHywBi0AEdNVR347FrczyabZOQjC9PfEdDXdN4YaDRD8k1CbQ9plE80KP28/9DcV
eDbFPY4V6F6JEccQxFOa4AJWne0ADFseptuDszZtv3Sy7fIApYbO4aB5hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEb5GRKCtB8osyDqBd2g7v95xqyhMB8GA1UdIwQY
MBaAFFT9XWWoJmjMlff+/1XVG3DRqZ3qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlAxZFphZ21hTXlWOV83X1ZkVWJjTkdwbmVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC81MGQ4OGQtYjEyZS00ZDQ3LThhNWUt
ZTViZGQ0YmVhNGFlLzEvUnZrWkVvSzBIeWl6SU9vRjNhRHVfM25HcktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC81MGQ4OGQtYjEyZS00ZDQ3LThhNWUtZTViZGQ0YmVhNGFl
LzEvVlAxZFphZ21hTXlWOV83X1ZkVWJjTkdwbmVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueqoMA0G
CSqGSIb3DQEBCwUAA4IBAQBVKdomHN/0apfonJWMbNG6WKwZN2gMaXG6vHQBAo3p
UvqR86/i+mbw22QSc/baezrTWo2jxF42r0JmJs6plqVwrHWbBpQt2+z1HxK0TA9L
UlyK4NYsx0x3+L5BDnKC1oN0W2s9LNKzuaCLR/JXsv0OoZFsktHgnLXKdfjYegtF
EEP4pjIwaDbIuyV+DUHCNLoXhYvpvvHK4krlyf+tHKFQDQe/rhZ5Z2r33m35o0ji
ERQIekBCOGmw5Y/rANrOllADzrKnn25GTdTNiHrpXe+TKLsoXuqzVovGiwPhdkt6
ViB+7N03g4pk7ov+uzKPN4YVdOpCqj3JikdSmu+vUrud
-----END CERTIFICATE-----