Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/RW1Mn5jGY_fNwEa4nhfDdOF4euY.roa
File:                     RW1Mn5jGY_fNwEa4nhfDdOF4euY.roa (raw, json)
Hash identifier:          rormOO+Scyvc6/IMwyduU2PX9d097afAopSHjpl3a98=
Subject key identifier:   45:6D:4C:9F:98:C6:63:F7:CD:C0:46:B8:9E:17:C3:74:E1:78:7A:E6
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019DA93C64C98FCBC78944DA8455EFC9353F
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/RW1Mn5jGY_fNwEa4nhfDdOF4euY.roa
Signing time:             Mon 20 Apr 2026 04:53:20 +0000
ROA not before:           Mon 20 Apr 2026 04:53:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58232
IP address blocks:        185.113.10.0/24 maxlen: 24
                          2a05:9080:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:3c:64:c9:8f:cb:c7:89:44:da:84:55:ef:c9:35:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Apr 20 04:53:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=456d4c9f98c663f7cdc046b89e17c374e1787ae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:08:55:23:96:a2:a4:75:17:05:61:0b:90:bb:
                    34:c2:09:2e:ec:a0:c3:b4:3d:0d:1a:22:3f:64:84:
                    9d:a8:bd:70:d9:6f:d0:a4:b3:28:57:8c:ec:05:8b:
                    19:6d:b6:70:57:74:9d:a7:0b:33:db:9c:b6:f0:f4:
                    d0:f9:0b:76:a8:7b:fc:d0:8d:95:7b:60:41:e0:c2:
                    9b:59:9c:1b:40:2b:fb:2c:f1:42:5e:70:bd:c7:d3:
                    df:be:8f:62:75:85:4a:73:fa:ed:96:81:fa:c9:9f:
                    8c:1f:ac:79:37:ae:d2:31:36:bb:a2:cb:a6:94:77:
                    f0:20:ce:ba:0a:6d:a4:1b:af:bd:d9:a7:df:84:1b:
                    d3:9b:0b:75:cd:e1:a8:11:05:d2:ec:42:0a:94:d0:
                    b9:1f:3a:d6:62:4a:e0:b6:59:30:8a:61:f0:b7:ba:
                    8a:9f:ac:2a:d6:d7:0f:e7:23:c7:2b:69:67:56:56:
                    0f:a3:e8:5d:3a:61:64:eb:87:6d:c6:51:d4:0f:4b:
                    11:5b:80:1a:6a:c1:71:17:64:35:39:5d:4e:40:67:
                    94:b3:32:a9:5d:f3:43:29:5e:07:7a:fb:47:bc:db:
                    09:b6:5f:66:a6:79:64:0e:45:ad:e4:f2:89:a6:ff:
                    8f:f2:de:7d:ef:d4:81:7d:5d:de:2e:d7:e3:34:ed:
                    2c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:6D:4C:9F:98:C6:63:F7:CD:C0:46:B8:9E:17:C3:74:E1:78:7A:E6
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/RW1Mn5jGY_fNwEa4nhfDdOF4euY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.10.0/24
                IPv6:
                  2a05:9080:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:1a:74:24:69:20:90:84:b2:66:39:24:e0:43:28:9c:d7:27:
         ae:94:5e:81:0f:14:3a:24:cc:91:ed:70:2c:16:85:f2:d6:a8:
         d2:58:79:85:a9:7f:83:b7:7f:3d:c9:29:9b:c5:33:20:6f:30:
         11:01:28:da:17:a8:f3:10:70:52:02:ed:42:3f:40:5d:b3:7b:
         4e:b4:14:25:fb:7f:57:e1:22:36:82:ac:6d:38:e3:be:2f:4f:
         00:e3:85:ae:e9:e3:7e:c5:67:c4:92:40:28:79:5b:3b:1f:9c:
         07:f9:9d:77:3c:6d:b9:41:b1:9a:a1:8e:e8:db:4a:06:f7:ed:
         91:86:1f:d5:25:98:9a:e0:0d:cb:c3:5e:64:ea:3f:2a:07:27:
         bd:c7:54:86:c4:9b:2f:34:83:f3:38:f6:3f:75:d9:2e:5c:fa:
         25:a0:f3:60:d4:f3:d7:8e:e3:6c:7b:2b:4b:66:2f:cf:11:de:
         67:a3:fe:d5:e0:7d:fb:d1:43:11:2a:5c:45:05:e0:28:fe:e5:
         48:15:60:97:ad:89:3c:d7:90:c1:b4:49:de:15:b5:22:90:bf:
         ff:61:e7:00:89:69:5b:31:6b:bd:83:11:9d:b0:9d:b3:42:68:
         bb:57:76:4c:b1:2c:57:77:7e:5b:d6:81:e1:26:36:f5:24:5f:
         43:97:01:47
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ2pPGTJj8vHiUTahFXvyTU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNDIwMDQ1MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTZkNGM5Zjk4YzY2M2Y3Y2RjMDQ2Yjg5ZTE3YzM3NGUxNzg3YWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAhVI5aipHUXBWELkLs0wgku7KDD
tD0NGiI/ZISdqL1w2W/QpLMoV4zsBYsZbbZwV3Sdpwsz25y28PTQ+Qt2qHv80I2V
e2BB4MKbWZwbQCv7LPFCXnC9x9Pfvo9idYVKc/rtloH6yZ+MH6x5N67SMTa7osum
lHfwIM66Cm2kG6+92affhBvTmwt1zeGoEQXS7EIKlNC5HzrWYkrgtlkwimHwt7qK
n6wq1tcP5yPHK2lnVlYPo+hdOmFk64dtxlHUD0sRW4AaasFxF2Q1OV1OQGeUszKp
XfNDKV4HevtHvNsJtl9mpnlkDkWt5PKJpv+P8t5979SBfV3eLtfjNO0s3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEVtTJ+YxmP3zcBGuJ4Xw3TheHrmMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvUlcxTW41akdZX2ZOd0VhNG5oZkRkT0Y0ZXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuXEKMA8E
AgACMAkDBwAqBZCAAAUwDQYJKoZIhvcNAQELBQADggEBAIkadCRpIJCEsmY5JOBD
KJzXJ66UXoEPFDokzJHtcCwWhfLWqNJYeYWpf4O3fz3JKZvFMyBvMBEBKNoXqPMQ
cFIC7UI/QF2ze060FCX7f1fhIjaCrG04474vTwDjha7p437FZ8SSQCh5WzsfnAf5
nXc8bblBsZqhjujbSgb37ZGGH9UlmJrgDcvDXmTqPyoHJ73HVIbEmy80g/M49j91
2S5c+iWg82DU89eO42x7K0tmL88R3mej/tXgffvRQxEqXEUF4Cj+5UgVYJetiTzX
kMG0Sd4VtSKQv/9h5wCJaVsxa72DEZ2wnbNCaLtXdkyxLFd3flvWgeEmNvUkX0OX
AUc=
-----END CERTIFICATE-----