Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/l1qkD1UHfYzvtKuyKTFqrAuBuJk.roa
File:                     l1qkD1UHfYzvtKuyKTFqrAuBuJk.roa (raw, json)
Hash identifier:          wqochz5uJYEA3/x5B74StT9Oudun8ct7ysc34E1IoCU=
Subject key identifier:   97:5A:A4:0F:55:07:7D:8C:EF:B4:AB:B2:29:31:6A:AC:0B:81:B8:99
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019D0076F7189B6EC273A1392CB959157FF1
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/l1qkD1UHfYzvtKuyKTFqrAuBuJk.roa
Signing time:             Wed 18 Mar 2026 10:21:29 +0000
ROA not before:           Wed 18 Mar 2026 10:21:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209378
IP address blocks:        150.251.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:76:f7:18:9b:6e:c2:73:a1:39:2c:b9:59:15:7f:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Mar 18 10:21:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=975aa40f55077d8cefb4abb229316aac0b81b899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3e:d5:0d:6a:d5:d5:26:ad:7e:db:71:b4:57:
                    ac:8f:ce:14:79:ed:c9:7e:4d:e1:f3:13:a3:18:7c:
                    01:2d:9d:9d:21:91:ed:d7:ec:db:1c:06:a6:78:c4:
                    7b:98:b4:c1:53:9a:ed:d1:86:08:38:b1:56:4e:b9:
                    f5:fe:32:f2:6f:ba:e3:eb:a0:50:33:15:cc:00:dd:
                    aa:2b:66:15:1a:76:53:67:47:46:7c:44:5b:88:5f:
                    f9:30:a0:14:48:a2:d2:c8:73:6c:f1:29:ef:8f:6e:
                    df:a9:5f:f6:cd:d5:52:08:54:fd:b3:21:6e:ee:1d:
                    69:d9:d7:14:c6:6d:71:41:9e:61:1d:33:ef:6f:56:
                    bf:4b:48:4d:cf:c9:94:86:09:0f:06:9a:20:0e:23:
                    b5:ae:1b:60:ee:b5:b3:2c:36:8c:d7:06:b7:0f:55:
                    fe:dc:81:e7:f5:09:f0:6d:be:61:1b:98:32:9d:04:
                    92:78:93:b8:5b:32:14:81:ae:de:f4:fb:cd:e0:8f:
                    2b:82:08:b8:1a:7a:12:e5:7c:db:53:e4:24:22:e6:
                    f8:d5:27:57:8f:48:f9:f6:33:7c:54:4f:7c:a9:28:
                    0a:36:4f:bc:f2:42:85:f6:7d:d2:31:88:05:19:6d:
                    c3:5a:11:d5:95:f9:d9:80:e7:75:65:5a:2e:1a:c0:
                    46:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:5A:A4:0F:55:07:7D:8C:EF:B4:AB:B2:29:31:6A:AC:0B:81:B8:99
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/l1qkD1UHfYzvtKuyKTFqrAuBuJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.251.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:31:a7:ad:ff:f8:b4:e3:f6:52:47:40:01:23:45:31:d1:9a:
         5b:f3:03:a5:50:9b:27:e2:f6:21:82:a5:e7:23:e6:ba:89:a0:
         a4:03:e9:b9:a9:ed:71:32:1a:95:45:2a:23:6d:61:58:94:4c:
         9e:6a:eb:d9:5c:75:99:0b:d2:43:6b:8a:1c:30:bc:ff:15:82:
         e6:95:e1:e7:e4:49:84:85:3d:e1:46:15:3e:7f:fc:25:ed:4d:
         69:52:4f:eb:48:93:5e:66:14:58:5d:2d:41:29:1d:2a:74:a8:
         b5:22:4d:4e:a6:b1:c6:a9:59:6f:75:14:4a:c4:4f:5a:89:73:
         51:fb:b8:3e:ef:da:3f:b2:f7:81:d3:4c:f3:28:e0:f0:8a:b5:
         66:2e:1e:0e:49:cf:b1:2b:f3:a7:b0:17:1a:07:5f:88:43:b1:
         de:de:bc:dd:d6:0f:71:9e:b9:5b:4c:d0:68:c4:05:8d:b0:fd:
         b2:14:83:c2:cb:c2:0b:71:f0:78:8d:27:46:ff:12:96:fd:89:
         44:c4:85:eb:e8:bd:39:38:bc:0c:b1:19:26:cb:a4:49:9f:66:
         cd:a4:c8:78:9b:86:4f:d2:88:96:b4:46:98:04:11:60:de:cb:
         9b:76:25:63:f9:df:fa:d4:65:6c:8c:fb:8a:5b:22:fb:81:50:
         1c:aa:2c:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AdvcYm27Cc6E5LLlZFX/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMzE4MTAyMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzVhYTQwZjU1MDc3ZDhjZWZiNGFiYjIyOTMxNmFhYzBiODFiODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD7VDWrV1SatfttxtFesj84Uee3J
fk3h8xOjGHwBLZ2dIZHt1+zbHAameMR7mLTBU5rt0YYIOLFWTrn1/jLyb7rj66BQ
MxXMAN2qK2YVGnZTZ0dGfERbiF/5MKAUSKLSyHNs8Snvj27fqV/2zdVSCFT9syFu
7h1p2dcUxm1xQZ5hHTPvb1a/S0hNz8mUhgkPBpogDiO1rhtg7rWzLDaM1wa3D1X+
3IHn9Qnwbb5hG5gynQSSeJO4WzIUga7e9PvN4I8rggi4GnoS5XzbU+QkIub41SdX
j0j59jN8VE98qSgKNk+88kKF9n3SMYgFGW3DWhHVlfnZgOd1ZVouGsBGvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdapA9VB32M77SrsikxaqwLgbiZMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvbDFxa0QxVUhmWXp2dEt1eUtURnFyQXVCdUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvuYMA0G
CSqGSIb3DQEBCwUAA4IBAQALMaet//i04/ZSR0ABI0Ux0Zpb8wOlUJsn4vYhgqXn
I+a6iaCkA+m5qe1xMhqVRSojbWFYlEyeauvZXHWZC9JDa4ocMLz/FYLmleHn5EmE
hT3hRhU+f/wl7U1pUk/rSJNeZhRYXS1BKR0qdKi1Ik1OprHGqVlvdRRKxE9aiXNR
+7g+79o/sveB00zzKODwirVmLh4OSc+xK/OnsBcaB1+IQ7He3rzd1g9xnrlbTNBo
xAWNsP2yFIPCy8ILcfB4jSdG/xKW/YlExIXr6L05OLwMsRkmy6RJn2bNpMh4m4ZP
0oiWtEaYBBFg3subdiVj+d/61GVsjPuKWyL7gVAcqizt
-----END CERTIFICATE-----