Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/dOZ-UZAilPuTxMdA91BX6bqpZdo.roa
File:                     dOZ-UZAilPuTxMdA91BX6bqpZdo.roa (raw, json)
Hash identifier:          EnTNe2Fu+ylf9yT4Bos+C9yigYIvj4IsKWPgtuOze0Y=
Subject key identifier:   74:E6:7E:51:90:22:94:FB:93:C4:C7:40:F7:50:57:E9:BA:A9:65:DA
Certificate issuer:       /CN=6832c32d2259013991260d530d9120031aaefcd0
Certificate serial:       019DB3DE59305E95131BF1198427B7E62E14
Authority key identifier: 68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/dOZ-UZAilPuTxMdA91BX6bqpZdo.roa
Signing time:             Wed 22 Apr 2026 06:26:26 +0000
ROA not before:           Wed 22 Apr 2026 06:26:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33915
IP address blocks:        145.46.191.0/24 maxlen: 24
                          145.46.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:de:59:30:5e:95:13:1b:f1:19:84:27:b7:e6:2e:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6832c32d2259013991260d530d9120031aaefcd0
        Validity
            Not Before: Apr 22 06:26:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74e67e51902294fb93c4c740f75057e9baa965da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:33:82:f1:05:86:59:49:14:cf:b8:be:ba:66:
                    af:8c:38:75:fb:49:fc:c5:49:18:56:e2:5b:bb:7b:
                    ed:eb:ff:5f:bc:70:ae:f5:38:8a:84:55:3b:07:3e:
                    0c:55:c0:0c:01:40:40:bf:3b:aa:41:68:75:24:c2:
                    69:96:cc:44:99:1b:7d:45:11:2b:f6:d2:6d:b4:cb:
                    65:ca:88:2b:75:b3:a0:78:85:66:5b:a7:23:e9:a8:
                    86:b8:78:39:d3:f6:5f:1c:10:bf:e6:0b:c0:0f:a6:
                    f8:03:43:23:91:8a:d4:2d:8e:9c:82:39:ca:c3:42:
                    2c:83:f2:11:90:17:67:74:94:82:ab:dc:29:0c:88:
                    a6:f8:82:ca:16:a7:e7:b1:76:f6:40:cd:72:e1:b1:
                    82:77:82:6b:32:25:37:ec:2b:e5:04:0f:c7:fc:35:
                    87:90:a7:fd:04:64:7a:12:9f:43:49:0c:86:59:d7:
                    0b:05:0c:cc:3f:7d:bf:93:a5:63:4c:e1:ca:79:f9:
                    57:11:bc:8e:57:34:15:c9:7a:ac:78:5d:2b:7b:c4:
                    c5:39:5e:00:b3:c8:d3:df:64:2f:bf:3e:8e:78:b0:
                    84:2d:fc:20:7f:89:df:fe:1a:7f:ac:39:bc:e3:5b:
                    b6:5f:0e:d6:8c:a0:bf:b9:d7:44:bf:a9:f3:5e:c6:
                    0c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E6:7E:51:90:22:94:FB:93:C4:C7:40:F7:50:57:E9:BA:A9:65:DA
            X509v3 Authority Key Identifier:
                keyid:68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/dOZ-UZAilPuTxMdA91BX6bqpZdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.46.191.0/24
                  145.46.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:07:d0:5e:d6:e4:52:3d:9d:e0:10:bc:08:93:84:fc:89:17:
         e1:e4:4b:92:c1:0f:c1:9c:fd:ea:a5:8c:54:90:a1:42:07:47:
         fd:30:0f:d0:69:61:ae:4b:70:88:0a:6f:18:8f:dd:09:ca:af:
         33:fc:a5:5a:77:e2:e9:54:eb:49:a3:c7:8a:11:02:00:6c:cb:
         4f:71:19:d1:fa:49:56:a8:f7:f5:3c:b2:8e:18:0a:23:b9:bb:
         64:17:17:bd:26:a4:80:ab:3b:2b:6f:97:9d:8d:36:96:5d:08:
         b1:26:ec:1d:e9:eb:12:93:bb:5b:90:f6:d3:7e:46:15:a5:b3:
         50:df:4c:7d:29:7a:b5:2e:df:5c:90:ff:36:c7:7a:fd:d8:48:
         33:bc:4b:24:b8:ea:18:be:ea:d1:73:47:fe:f7:5d:49:96:59:
         f0:17:13:12:bb:3d:d3:51:be:9e:27:d5:8c:3b:68:be:08:7c:
         1d:a7:b1:e9:26:1c:14:d8:e5:0a:6c:8b:22:f3:17:9f:8e:e0:
         05:1d:73:60:c7:a2:0b:01:f9:c5:b1:50:a2:83:4d:d5:4e:e6:
         fc:18:a5:0a:28:f5:25:28:f7:4f:22:68:6c:61:d1:4b:05:22:
         5b:7f:0f:49:bb:d3:88:c0:a7:d8:e4:07:7f:75:6c:c2:9c:1e:
         d9:69:37:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2z3lkwXpUTG/EZhCe35i4UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MzJjMzJkMjI1OTAxMzk5MTI2MGQ1MzBkOTEyMDAzMWFh
ZWZjZDAwHhcNMjYwNDIyMDYyNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGU2N2U1MTkwMjI5NGZiOTNjNGM3NDBmNzUwNTdlOWJhYTk2NWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjOC8QWGWUkUz7i+umavjDh1+0n8
xUkYVuJbu3vt6/9fvHCu9TiKhFU7Bz4MVcAMAUBAvzuqQWh1JMJplsxEmRt9RREr
9tJttMtlyogrdbOgeIVmW6cj6aiGuHg50/ZfHBC/5gvAD6b4A0MjkYrULY6cgjnK
w0Isg/IRkBdndJSCq9wpDIim+ILKFqfnsXb2QM1y4bGCd4JrMiU37CvlBA/H/DWH
kKf9BGR6Ep9DSQyGWdcLBQzMP32/k6VjTOHKeflXEbyOVzQVyXqseF0re8TFOV4A
s8jT32Qvvz6OeLCELfwgf4nf/hp/rDm841u2Xw7WjKC/uddEv6nzXsYMkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHTmflGQIpT7k8THQPdQV+m6qWXaMB8GA1UdIwQY
MBaAFGgywy0iWQE5kSYNUw2RIAMarvzQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYt
NzcwZjhlYWIyYWU3LzEvZE9aLVVaQWlsUHVUeE1kQTkxQlg2YnFwWmRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYtNzcwZjhlYWIyYWU3
LzEvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkS6/AwQA
kS7/MA0GCSqGSIb3DQEBCwUAA4IBAQB0B9Be1uRSPZ3gELwIk4T8iRfh5EuSwQ/B
nP3qpYxUkKFCB0f9MA/QaWGuS3CICm8Yj90Jyq8z/KVad+LpVOtJo8eKEQIAbMtP
cRnR+klWqPf1PLKOGAojubtkFxe9JqSAqzsrb5edjTaWXQixJuwd6esSk7tbkPbT
fkYVpbNQ30x9KXq1Lt9ckP82x3r92EgzvEskuOoYvurRc0f+911JllnwFxMSuz3T
Ub6eJ9WMO2i+CHwdp7HpJhwU2OUKbIsi8xefjuAFHXNgx6ILAfnFsVCig03VTub8
GKUKKPUlKPdPImhsYdFLBSJbfw9Ju9OIwKfY5Ad/dWzCnB7ZaTeo
-----END CERTIFICATE-----