Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/wRE9U-STcq388gs--_aR0rhDAmE.roa
File:                     wRE9U-STcq388gs--_aR0rhDAmE.roa (raw, json)
Hash identifier:          PeDJ2qi9G/BGwM64tes30qEst81Dt7OlqBewf1kK90o=
Subject key identifier:   C1:11:3D:53:E4:93:72:AD:FC:F2:0B:3E:FB:F6:91:D2:B8:43:02:61
Certificate issuer:       /CN=cd4065967dec092b5fc90152e4a95339ba1d2289
Certificate serial:       019DA7B5768C5E5C9D03A83D4D751BDC2505
Authority key identifier: CD:40:65:96:7D:EC:09:2B:5F:C9:01:52:E4:A9:53:39:BA:1D:22:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/wRE9U-STcq388gs--_aR0rhDAmE.roa
Signing time:             Sun 19 Apr 2026 21:46:20 +0000
ROA not before:           Sun 19 Apr 2026 21:46:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214143
IP address blocks:        185.144.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a7:b5:76:8c:5e:5c:9d:03:a8:3d:4d:75:1b:dc:25:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd4065967dec092b5fc90152e4a95339ba1d2289
        Validity
            Not Before: Apr 19 21:46:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1113d53e49372adfcf20b3efbf691d2b8430261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ca:20:53:d7:af:ab:61:ec:c5:93:81:90:7a:
                    52:ff:2d:42:4e:5e:29:3f:c3:bb:94:13:07:6f:48:
                    d4:ff:11:d3:1a:34:59:37:89:5d:23:c0:48:35:93:
                    29:70:ff:88:4f:25:89:0c:83:0f:03:56:1f:a3:79:
                    0d:eb:7c:9b:03:69:4d:b1:f8:30:be:69:53:16:84:
                    3b:d0:04:b1:c7:d3:a1:53:31:58:68:96:ad:1b:c1:
                    17:2d:66:fc:1a:01:74:85:c5:1e:b3:94:bc:1a:90:
                    f2:af:ab:41:4d:aa:0d:2c:0f:2a:79:30:aa:78:2b:
                    45:b1:25:3b:c0:3f:a7:11:40:63:e4:cc:c8:93:08:
                    48:97:c8:23:16:2c:46:e8:0e:08:19:b7:4d:68:a7:
                    04:38:12:4e:78:e3:7c:98:3d:4c:db:f2:1f:96:a0:
                    1f:a4:14:41:4e:a8:bb:0b:21:27:7c:00:50:9c:35:
                    71:87:03:13:21:17:14:76:46:00:5f:c7:5c:f4:1f:
                    4f:80:a0:61:ef:b1:5c:71:1a:f1:8c:0f:8e:f3:c9:
                    5f:68:2d:c0:8f:67:46:f0:2a:ac:51:28:f4:c7:d7:
                    e9:86:79:f3:86:f3:03:a2:95:fe:a0:3d:3f:83:60:
                    bd:1d:b9:b2:9c:98:80:f9:99:75:3a:3c:b7:93:26:
                    f0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:11:3D:53:E4:93:72:AD:FC:F2:0B:3E:FB:F6:91:D2:B8:43:02:61
            X509v3 Authority Key Identifier:
                keyid:CD:40:65:96:7D:EC:09:2B:5F:C9:01:52:E4:A9:53:39:BA:1D:22:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/wRE9U-STcq388gs--_aR0rhDAmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:ec:38:9f:4d:63:c8:86:06:ae:44:e7:b3:81:d7:a9:77:d4:
         36:2f:3f:66:c4:76:31:8a:be:99:c8:ab:1f:9c:17:6d:99:43:
         02:08:5f:59:d9:d7:ca:65:8d:7e:f0:30:b8:74:8f:8f:02:a4:
         c9:90:1d:44:7c:11:0b:fd:0f:d5:3c:02:c3:f1:b2:cc:9a:f8:
         32:aa:65:29:e8:8e:5e:cc:ce:1d:68:4f:74:25:cf:ea:ed:c4:
         ed:03:9e:da:2e:19:52:56:97:12:ff:77:94:14:53:0c:94:76:
         b1:91:53:e1:38:5d:09:2e:04:23:5e:56:e6:e2:96:94:62:e0:
         2e:c3:8b:08:f5:99:ed:4a:21:62:14:ee:46:6c:32:28:62:b9:
         bd:d1:05:06:c9:4a:86:71:25:c1:26:85:f2:81:00:eb:ee:f2:
         39:2c:71:8f:23:59:d3:eb:95:5d:10:06:ef:f2:6b:42:31:fd:
         10:a6:a4:bc:f8:28:c0:a4:e2:b9:9e:40:8c:2b:0a:3a:31:f1:
         31:86:5d:92:de:16:e2:f1:bd:6f:6c:89:e7:de:0f:9e:18:fc:
         3f:08:18:bd:b0:1f:78:15:39:c7:c6:73:48:1d:7d:ab:fa:9b:
         52:07:a9:2c:e8:65:db:60:b7:53:61:09:83:37:a1:ce:59:4c:
         fc:74:f2:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2ntXaMXlydA6g9TXUb3CUFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNDA2NTk2N2RlYzA5MmI1ZmM5MDE1MmU0YTk1MzM5YmEx
ZDIyODkwHhcNMjYwNDE5MjE0NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTExM2Q1M2U0OTM3MmFkZmNmMjBiM2VmYmY2OTFkMmI4NDMwMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsogU9evq2HsxZOBkHpS/y1CTl4p
P8O7lBMHb0jU/xHTGjRZN4ldI8BINZMpcP+ITyWJDIMPA1Yfo3kN63ybA2lNsfgw
vmlTFoQ70ASxx9OhUzFYaJatG8EXLWb8GgF0hcUes5S8GpDyr6tBTaoNLA8qeTCq
eCtFsSU7wD+nEUBj5MzIkwhIl8gjFixG6A4IGbdNaKcEOBJOeON8mD1M2/IflqAf
pBRBTqi7CyEnfABQnDVxhwMTIRcUdkYAX8dc9B9PgKBh77FccRrxjA+O88lfaC3A
j2dG8CqsUSj0x9fphnnzhvMDopX+oD0/g2C9HbmynJiA+Zl1Ojy3kybwXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMERPVPkk3Kt/PILPvv2kdK4QwJhMB8GA1UdIwQY
MBaAFM1AZZZ97AkrX8kBUuSpUzm6HSKJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelVCbGxuM3NDU3RmeVFGUzVLbFRPYm9kSW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85NDRmMmEtZjY3My00MmJmLTllM2Qt
ZWRjZWY3NDUxZWY0LzEvd1JFOVUtU1RjcTM4OGdzLS1fYVIwcmhEQW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85NDRmMmEtZjY3My00MmJmLTllM2QtZWRjZWY3NDUxZWY0
LzEvelVCbGxuM3NDU3RmeVFGUzVLbFRPYm9kSW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZAMMA0G
CSqGSIb3DQEBCwUAA4IBAQAA7DifTWPIhgauROezgdepd9Q2Lz9mxHYxir6ZyKsf
nBdtmUMCCF9Z2dfKZY1+8DC4dI+PAqTJkB1EfBEL/Q/VPALD8bLMmvgyqmUp6I5e
zM4daE90Jc/q7cTtA57aLhlSVpcS/3eUFFMMlHaxkVPhOF0JLgQjXlbm4paUYuAu
w4sI9ZntSiFiFO5GbDIoYrm90QUGyUqGcSXBJoXygQDr7vI5LHGPI1nT65VdEAbv
8mtCMf0QpqS8+CjApOK5nkCMKwo6MfExhl2S3hbi8b1vbInn3g+eGPw/CBi9sB94
FTnHxnNIHX2r+ptSB6ks6GXbYLdTYQmDN6HOWUz8dPJC
-----END CERTIFICATE-----