Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/cpNYdUNR0qVX_yJDLOulGuucF4w.roa
File:                     cpNYdUNR0qVX_yJDLOulGuucF4w.roa (raw, json)
Hash identifier:          bcKFmyBamxX/ja1miOQmH2gNmDaABRTlmdDj6Yrj/nU=
Subject key identifier:   72:93:58:75:43:51:D2:A5:57:FF:22:43:2C:EB:A5:1A:EB:9C:17:8C
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019D6F0BD6734A73D50B6EEE1FCB8234EFF4
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/cpNYdUNR0qVX_yJDLOulGuucF4w.roa
Signing time:             Wed 08 Apr 2026 21:42:19 +0000
ROA not before:           Wed 08 Apr 2026 21:42:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        185.56.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:17:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6f:0b:d6:73:4a:73:d5:0b:6e:ee:1f:cb:82:34:ef:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: Apr  8 21:42:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=729358754351d2a557ff22432ceba51aeb9c178c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4e:83:95:d2:08:3e:cd:c0:4c:65:d0:0c:fb:
                    57:ea:f6:a5:ba:da:14:01:ca:c7:0d:8b:3e:eb:09:
                    69:9d:44:4b:71:cb:4e:87:e3:53:00:2a:e5:25:93:
                    93:70:74:41:97:a4:ed:9d:80:a7:30:ce:11:9f:9d:
                    49:4c:6a:b9:29:cc:2e:4c:1e:c2:53:1f:e9:78:4a:
                    cb:ed:bc:ad:73:1d:20:82:64:ea:6c:da:71:2a:c8:
                    ec:6d:bb:62:a8:2d:65:ab:d6:73:c7:56:9e:9b:67:
                    e4:a3:97:00:1b:d7:6b:50:26:ed:91:58:e7:fb:ed:
                    58:4a:56:91:a0:c2:0e:91:75:b4:5b:3c:39:f5:58:
                    24:83:70:07:e0:19:8b:d6:90:12:79:22:c7:33:50:
                    c5:04:a4:a5:41:97:06:f9:74:ce:07:94:8d:c6:8b:
                    a6:bc:c9:42:5f:92:35:d4:fc:1d:20:72:a9:65:90:
                    d5:79:1b:c2:37:ff:be:cd:1b:fc:7d:fa:5f:40:c2:
                    e6:38:4e:70:1e:50:be:61:65:c5:47:91:9f:50:2b:
                    87:16:76:04:6b:f1:e2:2e:af:ab:e4:9d:e6:34:78:
                    d9:1d:3f:75:c7:3f:0d:8c:2f:54:28:3b:2b:7c:ba:
                    4a:40:d0:51:8a:8d:d5:3f:1b:40:6e:47:bd:b6:6c:
                    4c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:93:58:75:43:51:D2:A5:57:FF:22:43:2C:EB:A5:1A:EB:9C:17:8C
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/cpNYdUNR0qVX_yJDLOulGuucF4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:85:67:54:5c:ff:99:6d:01:d2:6b:ba:f0:30:50:f6:af:6b:
         2e:5b:be:e6:d8:8f:5f:38:96:b6:08:f2:eb:4c:e1:b1:02:32:
         cc:4d:0b:25:4c:19:e3:6f:30:32:1e:e9:6c:66:dd:ad:42:78:
         46:72:91:30:2d:b6:45:c8:21:94:5f:a9:93:f9:37:06:76:2d:
         92:17:a3:c0:7f:62:e7:5b:b5:bb:2c:92:d4:ae:85:89:36:c3:
         d9:34:d8:7f:63:7a:5e:73:57:6a:0b:d5:e6:4d:bd:7f:fe:ae:
         f9:3e:94:16:5c:39:af:e7:dd:b7:1b:28:7e:c9:ed:36:32:f7:
         96:37:13:51:2b:fa:1d:18:d6:83:e8:9e:3c:55:02:65:23:ae:
         6f:5c:59:dc:50:9d:32:0a:ac:47:71:71:6d:48:e3:66:17:c2:
         c5:5c:de:ac:5c:ec:c1:14:bb:3a:cd:ee:61:ab:ae:ef:aa:da:
         4d:19:92:66:9b:af:4e:35:bd:66:e6:3f:bd:5e:f3:0f:99:a2:
         ee:bd:89:d7:b8:8c:c9:6e:d2:e0:4b:58:c1:14:9a:70:e4:82:
         05:b7:dc:d9:57:c3:22:89:0a:98:fd:b0:6a:80:46:6f:3c:a2:
         f6:77:e3:d5:48:42:bb:e1:15:df:ed:47:e4:ac:28:82:50:a8:
         e7:18:21:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1vC9ZzSnPVC27uH8uCNO/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwNDA4MjE0MjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjkzNTg3NTQzNTFkMmE1NTdmZjIyNDMyY2ViYTUxYWViOWMxNzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1E6DldIIPs3ATGXQDPtX6valutoU
AcrHDYs+6wlpnURLcctOh+NTACrlJZOTcHRBl6TtnYCnMM4Rn51JTGq5KcwuTB7C
Ux/peErL7bytcx0ggmTqbNpxKsjsbbtiqC1lq9Zzx1aem2fko5cAG9drUCbtkVjn
++1YSlaRoMIOkXW0Wzw59Vgkg3AH4BmL1pASeSLHM1DFBKSlQZcG+XTOB5SNxoum
vMlCX5I11PwdIHKpZZDVeRvCN/++zRv8ffpfQMLmOE5wHlC+YWXFR5GfUCuHFnYE
a/HiLq+r5J3mNHjZHT91xz8NjC9UKDsrfLpKQNBRio3VPxtAbke9tmxMzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKTWHVDUdKlV/8iQyzrpRrrnBeMMB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvY3BOWWRVTlIwcVZYX3lKRExPdWxHdXVjRjR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTguMA0G
CSqGSIb3DQEBCwUAA4IBAQDehWdUXP+ZbQHSa7rwMFD2r2suW77m2I9fOJa2CPLr
TOGxAjLMTQslTBnjbzAyHulsZt2tQnhGcpEwLbZFyCGUX6mT+TcGdi2SF6PAf2Ln
W7W7LJLUroWJNsPZNNh/Y3pec1dqC9XmTb1//q75PpQWXDmv5923Gyh+ye02MveW
NxNRK/odGNaD6J48VQJlI65vXFncUJ0yCqxHcXFtSONmF8LFXN6sXOzBFLs6ze5h
q67vqtpNGZJmm69ONb1m5j+9XvMPmaLuvYnXuIzJbtLgS1jBFJpw5IIFt9zZV8Mi
iQqY/bBqgEZvPKL2d+PVSEK74RXf7UfkrCiCUKjnGCHg
-----END CERTIFICATE-----