Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/4ddaec-8b6b-4127-a951-4406679329b0/1/RVnMU5m2oFIkKnMiJVgkrlYB4GU.roa
File:                     RVnMU5m2oFIkKnMiJVgkrlYB4GU.roa (raw, json)
Hash identifier:          es4ZKZpOuiFuvFze9C2AINJukfvzpjuf2MSdmtD/880=
Subject key identifier:   45:59:CC:53:99:B6:A0:52:24:2A:73:22:25:58:24:AE:56:01:E0:65
Certificate issuer:       /CN=1e7513cb39fbcffea41ed2cd69f7f40e811a2a8d
Certificate serial:       019CADE9CE38DE6F35D6EA71AE9134DA5A2F
Authority key identifier: 1E:75:13:CB:39:FB:CF:FE:A4:1E:D2:CD:69:F7:F4:0E:81:1A:2A:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HnUTyzn7z_6kHtLNaff0DoEaKo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/4ddaec-8b6b-4127-a951-4406679329b0/1/RVnMU5m2oFIkKnMiJVgkrlYB4GU.roa
Signing time:             Mon 02 Mar 2026 09:38:26 +0000
ROA not before:           Mon 02 Mar 2026 09:38:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202979
IP address blocks:        185.148.172.0/22 maxlen: 22
                          2a07:6100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/4ddaec-8b6b-4127-a951-4406679329b0/1/HnUTyzn7z_6kHtLNaff0DoEaKo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/4ddaec-8b6b-4127-a951-4406679329b0/1/HnUTyzn7z_6kHtLNaff0DoEaKo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HnUTyzn7z_6kHtLNaff0DoEaKo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:e9:ce:38:de:6f:35:d6:ea:71:ae:91:34:da:5a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e7513cb39fbcffea41ed2cd69f7f40e811a2a8d
        Validity
            Not Before: Mar  2 09:38:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4559cc5399b6a052242a7322255824ae5601e065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2c:90:a4:c8:df:b6:86:0e:1e:65:62:65:de:
                    43:1e:8d:52:27:49:4d:0c:aa:5b:03:cb:cd:9c:49:
                    05:8f:c5:ee:08:0d:8d:64:ad:2b:6f:5c:06:97:5f:
                    8a:b0:1a:6e:85:6a:d9:41:b9:d2:66:43:82:42:4e:
                    32:88:dc:49:1b:d6:93:02:e8:97:36:09:c8:bd:41:
                    e8:89:7e:9f:16:f0:d9:bd:49:1e:2e:1f:b2:37:9d:
                    2f:65:f5:d7:7a:3b:19:ba:1f:aa:fc:20:12:ba:97:
                    91:65:22:e2:40:f5:26:c7:1e:a9:4c:39:62:3a:6c:
                    73:d3:20:34:39:ec:ec:25:36:dd:08:d3:19:69:94:
                    a9:08:b8:ba:ea:da:d5:6e:6b:00:54:51:af:c9:ba:
                    a9:bd:af:56:c9:d8:28:9d:d4:ad:87:a1:48:29:1d:
                    bf:04:08:96:4c:77:38:ba:b2:a7:59:35:72:2d:1d:
                    a7:49:06:22:1c:62:15:d5:44:30:56:b2:5a:fd:ef:
                    05:d5:32:b0:31:06:f0:5a:0e:75:55:9e:98:e4:cb:
                    54:1f:a9:b5:9f:ad:fd:28:7c:a2:67:b2:77:b0:91:
                    e2:f1:80:17:32:a5:96:70:a1:a2:80:1f:67:a8:1a:
                    ad:4f:c7:7a:c2:90:0e:78:21:db:9a:91:d1:1b:24:
                    ad:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:59:CC:53:99:B6:A0:52:24:2A:73:22:25:58:24:AE:56:01:E0:65
            X509v3 Authority Key Identifier:
                keyid:1E:75:13:CB:39:FB:CF:FE:A4:1E:D2:CD:69:F7:F4:0E:81:1A:2A:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HnUTyzn7z_6kHtLNaff0DoEaKo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/4ddaec-8b6b-4127-a951-4406679329b0/1/RVnMU5m2oFIkKnMiJVgkrlYB4GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/4ddaec-8b6b-4127-a951-4406679329b0/1/HnUTyzn7z_6kHtLNaff0DoEaKo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.172.0/22
                IPv6:
                  2a07:6100::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:21:d6:2f:98:6e:75:dc:07:06:88:f6:ad:db:9a:3a:15:5b:
         a3:77:34:90:5a:8e:58:3d:52:87:1c:52:7e:54:76:2c:29:87:
         cf:38:da:4f:2f:de:84:b7:9d:28:e0:0e:e1:fa:3f:d9:4f:56:
         9f:d1:cd:87:c4:bf:7f:31:1a:7e:f6:25:b4:d0:95:c6:96:05:
         f0:fa:38:b3:22:73:e6:8f:e6:21:fc:7b:8b:37:5c:20:28:a2:
         c4:94:ed:24:df:0e:48:21:9c:1c:46:d9:07:6b:99:27:dc:4b:
         2e:7f:7c:33:ab:4c:63:37:f9:24:75:6c:2c:68:9e:e1:e3:a2:
         2e:4d:5b:3e:59:d8:17:1d:2c:0b:89:26:66:f7:ad:3e:21:4e:
         18:17:3c:c9:50:28:ef:a7:6f:43:78:2c:7d:47:a6:d0:47:0b:
         97:16:56:b0:fc:96:c6:8e:ff:4d:f1:71:52:86:e0:46:75:33:
         d6:24:2b:ba:08:18:ab:8a:f6:ad:f5:2a:ec:f8:45:4a:85:c9:
         f3:4b:cf:83:ef:ef:d8:3f:23:e7:bd:45:e4:fc:14:78:ae:e8:
         22:5e:70:a6:ee:38:d6:f3:37:a5:43:2b:ca:f0:05:fb:be:db:
         3a:16:3b:0b:b7:9f:10:05:ad:fe:6d:3b:b9:a1:2f:3d:22:69:
         e9:c9:55:a7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyt6c443m811upxrpE02lovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNzUxM2NiMzlmYmNmZmVhNDFlZDJjZDY5ZjdmNDBlODEx
YTJhOGQwHhcNMjYwMzAyMDkzODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTU5Y2M1Mzk5YjZhMDUyMjQyYTczMjIyNTU4MjRhZTU2MDFlMDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCyQpMjftoYOHmViZd5DHo1SJ0lN
DKpbA8vNnEkFj8XuCA2NZK0rb1wGl1+KsBpuhWrZQbnSZkOCQk4yiNxJG9aTAuiX
NgnIvUHoiX6fFvDZvUkeLh+yN50vZfXXejsZuh+q/CASupeRZSLiQPUmxx6pTDli
Omxz0yA0OezsJTbdCNMZaZSpCLi66trVbmsAVFGvybqpva9WydgondSth6FIKR2/
BAiWTHc4urKnWTVyLR2nSQYiHGIV1UQwVrJa/e8F1TKwMQbwWg51VZ6Y5MtUH6m1
n639KHyiZ7J3sJHi8YAXMqWWcKGigB9nqBqtT8d6wpAOeCHbmpHRGySt9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEVZzFOZtqBSJCpzIiVYJK5WAeBlMB8GA1UdIwQY
MBaAFB51E8s5+8/+pB7SzWn39A6BGiqNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG5VVHl6bjd6XzZrSHRMTmFmZjBEb0VhS28wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC80ZGRhZWMtOGI2Yi00MTI3LWE5NTEt
NDQwNjY3OTMyOWIwLzEvUlZuTVU1bTJvRklrS25NaUpWZ2tybFlCNEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC80ZGRhZWMtOGI2Yi00MTI3LWE5NTEtNDQwNjY3OTMyOWIw
LzEvSG5VVHl6bjd6XzZrSHRMTmFmZjBEb0VhS28wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZSsMA0E
AgACMAcDBQMqB2EAMA0GCSqGSIb3DQEBCwUAA4IBAQAMIdYvmG513AcGiPat25o6
FVujdzSQWo5YPVKHHFJ+VHYsKYfPONpPL96Et50o4A7h+j/ZT1af0c2HxL9/MRp+
9iW00JXGlgXw+jizInPmj+Yh/HuLN1wgKKLElO0k3w5IIZwcRtkHa5kn3Esuf3wz
q0xjN/kkdWwsaJ7h46IuTVs+WdgXHSwLiSZm960+IU4YFzzJUCjvp29DeCx9R6bQ
RwuXFlaw/JbGjv9N8XFShuBGdTPWJCu6CBirivat9Srs+EVKhcnzS8+D7+/YPyPn
vUXk/BR4rugiXnCm7jjW8zelQyvK8AX7vts6FjsLt58QBa3+bTu5oS89ImnpyVWn
-----END CERTIFICATE-----