Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/M47RLklTWoiaz5LdB-5M5t1gKaY.roa
File:                     M47RLklTWoiaz5LdB-5M5t1gKaY.roa (raw, json)
Hash identifier:          25KJVzwCwngs0tYI3cpOotv7hpRnhMTU3mQPWaCA0lw=
Subject key identifier:   33:8E:D1:2E:49:53:5A:88:9A:CF:92:DD:07:EE:4C:E6:DD:60:29:A6
Certificate issuer:       /CN=1dc5d3bcc91e4a31a208361af0a93a62f62d8270
Certificate serial:       019E1DF1F6538A862F3C70E64CBE7F6D3156
Authority key identifier: 1D:C5:D3:BC:C9:1E:4A:31:A2:08:36:1A:F0:A9:3A:62:F6:2D:82:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/M47RLklTWoiaz5LdB-5M5t1gKaY.roa
Signing time:             Tue 12 May 2026 20:47:36 +0000
ROA not before:           Tue 12 May 2026 20:47:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.28.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 05:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1d:f1:f6:53:8a:86:2f:3c:70:e6:4c:be:7f:6d:31:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dc5d3bcc91e4a31a208361af0a93a62f62d8270
        Validity
            Not Before: May 12 20:47:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=338ed12e49535a889acf92dd07ee4ce6dd6029a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0c:94:f7:0e:92:ba:0d:88:3a:47:6d:a6:18:
                    c4:50:d4:44:87:f6:69:00:fa:63:bb:df:9e:1c:74:
                    d6:5f:b0:04:b8:ac:ad:d0:77:33:b7:d1:0a:29:2d:
                    98:ad:af:49:c3:8c:b8:34:bb:d0:b0:6f:90:75:ac:
                    84:56:92:43:9c:14:ec:47:a8:b1:a7:ee:2e:c0:ad:
                    c1:2e:d6:c2:76:46:2e:a4:68:ba:6d:5f:5c:0c:51:
                    6c:2e:71:e1:d3:24:d2:14:9f:5c:b2:ee:15:30:62:
                    97:1c:f6:51:0a:d7:78:55:34:f3:69:ac:b0:fb:be:
                    b4:99:74:28:ab:06:ec:02:ec:2d:a1:ed:a9:85:99:
                    1c:f3:90:85:58:71:9e:00:3f:18:58:ff:1c:79:85:
                    bb:ce:1e:e5:58:d3:08:25:4e:51:ca:31:a2:3e:98:
                    b2:87:cf:3d:59:db:22:0b:d3:42:dd:77:b5:ca:1f:
                    34:5f:cb:2e:5d:69:c9:e9:45:bd:e9:3b:64:c5:3a:
                    4d:9d:5b:bc:a0:f6:a6:c6:b4:db:2e:ee:36:5e:87:
                    84:59:c5:9e:4f:17:e2:28:23:12:bb:a3:84:e4:e5:
                    16:56:c9:03:e8:79:68:f7:c9:f3:e2:36:6b:0f:ff:
                    32:ce:f3:e4:67:e7:20:d6:f5:f2:8d:48:51:d1:06:
                    9e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:8E:D1:2E:49:53:5A:88:9A:CF:92:DD:07:EE:4C:E6:DD:60:29:A6
            X509v3 Authority Key Identifier:
                keyid:1D:C5:D3:BC:C9:1E:4A:31:A2:08:36:1A:F0:A9:3A:62:F6:2D:82:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/M47RLklTWoiaz5LdB-5M5t1gKaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:4a:76:63:ef:db:fd:1d:fa:ce:de:c3:99:77:21:75:ca:75:
         e9:c5:e5:02:ba:1b:3a:ee:ae:89:30:d2:3a:59:de:42:0a:35:
         16:13:b1:42:3b:43:b1:2c:a4:e0:9a:66:a4:79:1c:ff:08:30:
         c9:a1:82:48:e8:ee:f9:75:37:54:b5:33:21:dc:86:d3:1b:39:
         47:22:b6:bc:b0:4a:d4:b1:fd:ab:11:45:66:56:02:7e:c6:96:
         d1:a6:10:42:92:8f:08:b6:df:42:fc:2b:c6:64:0a:f9:4a:93:
         da:4f:23:dc:d3:72:94:8b:1d:a8:5a:80:ab:e6:f5:07:e4:58:
         e9:bb:c1:e4:4e:3e:44:86:09:3e:94:b3:b6:e7:de:1c:4f:b9:
         9d:b9:aa:e0:b3:5e:67:3d:8e:bc:bb:02:46:0c:14:31:14:f7:
         bb:e9:28:59:c8:0b:01:f8:53:dc:ee:47:7a:6e:13:09:e4:c4:
         af:bc:a4:41:2d:d4:b1:ed:4b:fd:88:2d:6f:49:e3:2d:e4:38:
         f6:65:cc:a7:3f:b5:c6:dd:ba:5c:42:2a:93:87:fc:51:7a:64:
         55:74:d8:bf:88:d5:2b:59:2f:fe:e1:cc:a0:7d:57:50:db:30:
         7a:92:79:47:76:ca:01:ae:72:fd:8d:32:f5:3d:de:f3:5a:17:
         e8:78:71:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4d8fZTioYvPHDmTL5/bTFWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYzVkM2JjYzkxZTRhMzFhMjA4MzYxYWYwYTkzYTYyZjYy
ZDgyNzAwHhcNMjYwNTEyMjA0NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzhlZDEyZTQ5NTM1YTg4OWFjZjkyZGQwN2VlNGNlNmRkNjAyOWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwyU9w6Sug2IOkdtphjEUNREh/Zp
APpju9+eHHTWX7AEuKyt0Hczt9EKKS2Yra9Jw4y4NLvQsG+QdayEVpJDnBTsR6ix
p+4uwK3BLtbCdkYupGi6bV9cDFFsLnHh0yTSFJ9csu4VMGKXHPZRCtd4VTTzaayw
+760mXQoqwbsAuwtoe2phZkc85CFWHGeAD8YWP8ceYW7zh7lWNMIJU5RyjGiPpiy
h889WdsiC9NC3Xe1yh80X8suXWnJ6UW96TtkxTpNnVu8oPamxrTbLu42XoeEWcWe
TxfiKCMSu6OE5OUWVskD6Hlo98nz4jZrD/8yzvPkZ+cg1vXyjUhR0QaeTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOO0S5JU1qIms+S3QfuTObdYCmmMB8GA1UdIwQY
MBaAFB3F07zJHkoxogg2GvCpOmL2LYJwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGNYVHZNa2VTakdpQ0RZYThLazZZdll0Z25BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy80OTRiYzUtMWFlYi00NTY1LWFhZDct
ZjY5YjdlMjY2MjMzLzEvTTQ3UkxrbFRXb2lhejVMZEItNU01dDFnS2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy80OTRiYzUtMWFlYi00NTY1LWFhZDctZjY5YjdlMjY2MjMz
LzEvSGNYVHZNa2VTakdpQ0RZYThLazZZdll0Z25BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRzEMA0G
CSqGSIb3DQEBCwUAA4IBAQCUSnZj79v9HfrO3sOZdyF1ynXpxeUCuhs67q6JMNI6
Wd5CCjUWE7FCO0OxLKTgmmakeRz/CDDJoYJI6O75dTdUtTMh3IbTGzlHIra8sErU
sf2rEUVmVgJ+xpbRphBCko8Itt9C/CvGZAr5SpPaTyPc03KUix2oWoCr5vUH5Fjp
u8HkTj5Ehgk+lLO2594cT7mduargs15nPY68uwJGDBQxFPe76ShZyAsB+FPc7kd6
bhMJ5MSvvKRBLdSx7Uv9iC1vSeMt5Dj2ZcynP7XG3bpcQiqTh/xRemRVdNi/iNUr
WS/+4cygfVdQ2zB6knlHdsoBrnL9jTL1Pd7zWhfoeHHF
-----END CERTIFICATE-----