Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/MD7WQ4Z0V0LPYC2k73K_wk0pKBs.roa
File:                     MD7WQ4Z0V0LPYC2k73K_wk0pKBs.roa (raw, json)
Hash identifier:          K3evQD0rRd7Ogl4rankuFJFwomsrfA9rkTtVqjVH+XI=
Subject key identifier:   30:3E:D6:43:86:74:57:42:CF:60:2D:A4:EF:72:BF:C2:4D:29:28:1B
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019D9B102A3B3D78D34FFCBA9B32620A31A6
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/MD7WQ4Z0V0LPYC2k73K_wk0pKBs.roa
Signing time:             Fri 17 Apr 2026 10:50:20 +0000
ROA not before:           Fri 17 Apr 2026 10:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198783
IP address blocks:        82.118.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:10:2a:3b:3d:78:d3:4f:fc:ba:9b:32:62:0a:31:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Apr 17 10:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=303ed64386745742cf602da4ef72bfc24d29281b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e2:e5:fe:b8:30:ea:f2:8b:48:b5:82:48:42:
                    cb:dd:e4:ed:31:38:3f:09:76:23:39:89:07:b7:6d:
                    b4:34:c7:42:4f:e2:e2:3b:f7:91:1d:55:b3:63:b3:
                    9e:46:9c:62:4f:fa:37:5e:a3:32:2d:ef:1a:1a:19:
                    da:9e:69:87:dd:4d:8c:33:4c:76:c4:87:6b:05:99:
                    cf:05:b6:0c:d2:c5:4b:5b:17:c9:65:20:b7:d0:15:
                    f7:cb:a4:ed:ed:b3:71:38:d3:4b:9e:a1:56:d1:49:
                    d1:77:e8:03:79:6e:a6:db:ca:a9:6b:05:8e:2c:ed:
                    85:b3:e7:d7:e1:82:f6:5b:ff:b5:78:94:ef:0e:a0:
                    13:3e:e5:c4:cb:f6:18:5f:54:c5:1d:12:98:e6:a6:
                    b4:8d:61:f7:4e:33:ec:32:fc:37:3c:53:5c:aa:65:
                    7d:2a:0f:6c:64:ab:34:35:f3:6c:79:10:00:fa:7f:
                    00:7f:ec:a2:86:0b:e9:1c:5e:37:8e:ee:3d:7a:8f:
                    fd:bd:d4:1c:f0:5e:db:b6:26:8a:2b:28:86:bb:a8:
                    eb:59:32:03:38:b8:aa:a9:38:0b:63:53:21:88:54:
                    dd:9a:5d:e9:03:26:42:41:45:e4:a6:c0:39:c9:b2:
                    b6:28:d2:21:8f:fa:23:01:e1:55:38:39:fc:91:05:
                    8d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3E:D6:43:86:74:57:42:CF:60:2D:A4:EF:72:BF:C2:4D:29:28:1B
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/MD7WQ4Z0V0LPYC2k73K_wk0pKBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:e3:6b:18:c2:80:71:a5:2d:29:a0:0f:cb:e8:a6:5d:3d:28:
         4f:7c:d7:88:48:37:51:cf:cd:8f:7b:c3:cd:17:29:ed:34:40:
         fd:1b:b7:c8:f9:aa:62:7d:40:95:97:53:1e:b0:42:11:7a:a3:
         74:d8:d1:1e:39:20:d0:77:80:54:01:9b:45:54:57:9f:cc:c0:
         82:d5:ae:f9:61:48:a8:3b:50:8f:9b:5a:d9:31:f6:c6:a6:48:
         52:37:f1:88:16:52:56:02:b6:b4:e3:06:19:24:85:60:d5:b2:
         85:87:92:a9:59:44:69:d9:6d:00:d5:25:6b:30:c9:bc:85:e8:
         d9:48:03:9e:50:60:3e:f8:80:07:51:e6:5a:9c:5d:48:aa:94:
         3f:7b:6b:b9:9c:f7:27:51:50:1a:68:c9:d5:04:df:61:a5:99:
         64:d5:9e:75:fb:6d:4d:11:e3:b3:98:db:35:6f:ff:6f:02:f5:
         ac:25:ae:a2:54:1b:d3:a8:79:2f:a4:e2:05:c4:9a:ca:9d:c8:
         ee:20:01:5d:bd:c6:ff:ba:86:5a:e8:6e:c2:3b:7b:d1:a2:20:
         dd:32:46:34:c6:77:37:83:b6:af:a9:07:55:af:a1:20:d2:bc:
         63:a0:cf:03:64:ef:98:a1:40:67:7b:f9:3d:c5:98:23:f7:86:
         15:cf:21:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2bECo7PXjTT/y6mzJiCjGmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwNDE3MTA1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDNlZDY0Mzg2NzQ1NzQyY2Y2MDJkYTRlZjcyYmZjMjRkMjkyODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOLl/rgw6vKLSLWCSELL3eTtMTg/
CXYjOYkHt220NMdCT+LiO/eRHVWzY7OeRpxiT/o3XqMyLe8aGhnanmmH3U2MM0x2
xIdrBZnPBbYM0sVLWxfJZSC30BX3y6Tt7bNxONNLnqFW0UnRd+gDeW6m28qpawWO
LO2Fs+fX4YL2W/+1eJTvDqATPuXEy/YYX1TFHRKY5qa0jWH3TjPsMvw3PFNcqmV9
Kg9sZKs0NfNseRAA+n8Af+yihgvpHF43ju49eo/9vdQc8F7btiaKKyiGu6jrWTID
OLiqqTgLY1MhiFTdml3pAyZCQUXkpsA5ybK2KNIhj/ojAeFVODn8kQWNcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDA+1kOGdFdCz2AtpO9yv8JNKSgbMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvTUQ3V1E0WjBWMExQWUMyazczS193azBwS0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnbyMA0G
CSqGSIb3DQEBCwUAA4IBAQAa42sYwoBxpS0poA/L6KZdPShPfNeISDdRz82Pe8PN
FyntNED9G7fI+apifUCVl1MesEIReqN02NEeOSDQd4BUAZtFVFefzMCC1a75YUio
O1CPm1rZMfbGpkhSN/GIFlJWAra04wYZJIVg1bKFh5KpWURp2W0A1SVrMMm8hejZ
SAOeUGA++IAHUeZanF1IqpQ/e2u5nPcnUVAaaMnVBN9hpZlk1Z51+21NEeOzmNs1
b/9vAvWsJa6iVBvTqHkvpOIFxJrKncjuIAFdvcb/uoZa6G7CO3vRoiDdMkY0xnc3
g7avqQdVr6Eg0rxjoM8DZO+YoUBne/k9xZgj94YVzyHI
-----END CERTIFICATE-----