Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/dmlQS2Sd9qDd919b9z3NpsKBzf4.roa
File:                     dmlQS2Sd9qDd919b9z3NpsKBzf4.roa (raw, json)
Hash identifier:          cTIEAwkFVrrLFFu6MkzuxguAlzRRpHYYKaiTprN0Urw=
Subject key identifier:   76:69:50:4B:64:9D:F6:A0:DD:F7:5F:5B:F7:3D:CD:A6:C2:81:CD:FE
Certificate issuer:       /CN=153f24183d6c95185919349e6e92533736437b94
Certificate serial:       019CB5F6A7F9E5C3548ADC606A8E3C1A81D8
Authority key identifier: 15:3F:24:18:3D:6C:95:18:59:19:34:9E:6E:92:53:37:36:43:7B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/dmlQS2Sd9qDd919b9z3NpsKBzf4.roa
Signing time:             Tue 03 Mar 2026 23:09:26 +0000
ROA not before:           Tue 03 Mar 2026 23:09:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216146
IP address blocks:        194.187.253.0/24 maxlen: 24
                          2a13:e940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 17:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b5:f6:a7:f9:e5:c3:54:8a:dc:60:6a:8e:3c:1a:81:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=153f24183d6c95185919349e6e92533736437b94
        Validity
            Not Before: Mar  3 23:09:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7669504b649df6a0ddf75f5bf73dcda6c281cdfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:d1:5c:03:fb:37:22:74:99:1a:86:68:08:33:
                    ff:29:17:b1:30:1b:c4:e3:2c:d3:db:2b:65:43:ee:
                    df:b0:dc:48:d9:ad:ee:0e:c9:86:a7:a4:a0:4c:de:
                    28:4c:bc:d0:e3:70:ce:d1:c2:6a:90:49:d6:d9:6d:
                    1e:e2:ff:ee:6d:74:a0:56:a0:6e:e2:36:a0:ef:df:
                    9f:05:ff:8c:ee:8e:7e:e2:65:66:39:0c:26:d5:35:
                    be:66:b1:e3:85:81:3d:e0:68:22:27:6e:04:13:a1:
                    81:ae:a7:05:5c:f6:d1:61:da:9e:c2:be:5c:b6:db:
                    91:23:b6:09:73:49:2f:f1:7d:ed:94:6a:d8:c9:c1:
                    72:63:7c:d2:0c:c1:a3:7d:07:bb:1b:9d:d7:0f:33:
                    3d:ee:79:f8:fa:bf:69:c9:26:01:53:e8:f6:d8:09:
                    1b:0f:f6:e7:0b:34:0e:3b:55:b4:bb:83:4f:e4:f1:
                    6e:ed:55:8d:9e:c3:43:2b:b2:db:24:17:ac:1a:73:
                    6b:36:1b:b9:b1:f0:3b:c3:1d:b5:ce:33:96:82:c9:
                    89:6d:99:0b:7c:c9:4c:16:1c:e1:bf:b8:fa:1b:17:
                    2f:28:d1:16:f5:05:5f:2e:7d:9a:44:a3:fc:aa:f8:
                    f1:45:28:00:25:8d:82:62:00:c2:10:d8:24:e0:eb:
                    9e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:69:50:4B:64:9D:F6:A0:DD:F7:5F:5B:F7:3D:CD:A6:C2:81:CD:FE
            X509v3 Authority Key Identifier:
                keyid:15:3F:24:18:3D:6C:95:18:59:19:34:9E:6E:92:53:37:36:43:7B:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/dmlQS2Sd9qDd919b9z3NpsKBzf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.253.0/24
                IPv6:
                  2a13:e940::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:cc:78:f4:c7:4e:b6:ac:5a:84:58:44:74:88:c1:9e:75:98:
         92:05:64:c7:f1:44:0a:ed:b5:03:89:83:7c:db:72:ba:8a:13:
         ef:e4:db:b2:11:59:16:64:9b:d4:9a:36:d7:89:d3:6c:fb:d9:
         7e:51:8d:66:f0:0d:09:27:f9:13:a9:fb:af:10:eb:05:67:a1:
         05:9a:90:e1:7b:f2:10:e5:e9:21:fa:ff:56:d2:e2:11:43:84:
         d0:3d:18:ed:d6:32:72:e0:d8:f0:df:86:88:c6:bb:3d:db:46:
         fe:32:e3:3d:6b:f1:6a:43:76:7e:4e:9e:6e:67:51:57:68:66:
         98:20:aa:fc:27:b1:d0:17:3c:95:99:30:ce:3a:15:d7:b3:95:
         da:e0:85:e6:b6:85:ba:a1:e3:7b:41:27:a6:a0:54:3e:ed:25:
         44:56:9e:88:30:41:92:69:b9:d7:7a:26:70:b2:91:48:a3:58:
         b0:30:00:44:ac:b0:11:4e:4d:90:f2:df:ce:0c:41:26:68:dd:
         4e:da:ac:b9:d9:05:1d:21:43:8e:87:0a:ae:e8:4c:89:f6:73:
         7c:15:f8:6c:1b:07:f0:35:20:df:07:45:00:5a:a9:f3:0c:53:
         a1:09:09:2f:f4:05:25:75:4d:fa:03:3a:07:e1:09:2e:7d:12:
         9f:1c:9c:d0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZy19qf55cNUitxgao48GoHYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1M2YyNDE4M2Q2Yzk1MTg1OTE5MzQ5ZTZlOTI1MzM3MzY0
MzdiOTQwHhcNMjYwMzAzMjMwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjY5NTA0YjY0OWRmNmEwZGRmNzVmNWJmNzNkY2RhNmMyODFjZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NFcA/s3InSZGoZoCDP/KRexMBvE
4yzT2ytlQ+7fsNxI2a3uDsmGp6SgTN4oTLzQ43DO0cJqkEnW2W0e4v/ubXSgVqBu
4jag79+fBf+M7o5+4mVmOQwm1TW+ZrHjhYE94GgiJ24EE6GBrqcFXPbRYdqewr5c
ttuRI7YJc0kv8X3tlGrYycFyY3zSDMGjfQe7G53XDzM97nn4+r9pySYBU+j22Akb
D/bnCzQOO1W0u4NP5PFu7VWNnsNDK7LbJBesGnNrNhu5sfA7wx21zjOWgsmJbZkL
fMlMFhzhv7j6GxcvKNEW9QVfLn2aRKP8qvjxRSgAJY2CYgDCENgk4OueVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHZpUEtknfag3fdfW/c9zabCgc3+MB8GA1UdIwQY
MBaAFBU/JBg9bJUYWRk0nm6SUzc2Q3uUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlQ4a0dEMXNsUmhaR1RTZWJwSlROelpEZTVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9iMDVlMDgtMDc2Mi00ZGM3LWE0YjAt
NTgwNWQzZjNkYmIyLzEvZG1sUVMyU2Q5cURkOTE5Yjl6M05wc0tCemY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9iMDVlMDgtMDc2Mi00ZGM3LWE0YjAtNTgwNWQzZjNkYmIy
LzEvRlQ4a0dEMXNsUmhaR1RTZWJwSlROelpEZTVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwrv9MA0E
AgACMAcDBQMqE+lAMA0GCSqGSIb3DQEBCwUAA4IBAQBKzHj0x062rFqEWER0iMGe
dZiSBWTH8UQK7bUDiYN823K6ihPv5NuyEVkWZJvUmjbXidNs+9l+UY1m8A0JJ/kT
qfuvEOsFZ6EFmpDhe/IQ5ekh+v9W0uIRQ4TQPRjt1jJy4Njw34aIxrs920b+MuM9
a/FqQ3Z+Tp5uZ1FXaGaYIKr8J7HQFzyVmTDOOhXXs5Xa4IXmtoW6oeN7QSemoFQ+
7SVEVp6IMEGSabnXeiZwspFIo1iwMABErLARTk2Q8t/ODEEmaN1O2qy52QUdIUOO
hwqu6EyJ9nN8FfhsGwfwNSDfB0UAWqnzDFOhCQkv9AUldU36AzoH4QkufRKfHJzQ
-----END CERTIFICATE-----