Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/BiYRVVML9NNTA_8LHQsEIyn-udM.roa
File:                     BiYRVVML9NNTA_8LHQsEIyn-udM.roa (raw, json)
Hash identifier:          MQi6PP1rzRM1KN1VV4mGhoaMI5G3SPq1bp7SEkx+KmA=
Subject key identifier:   06:26:11:55:53:0B:F4:D3:53:03:FF:0B:1D:0B:04:23:29:FE:B9:D3
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       019D52A3E4BC9BCEBC3C1DB419998855941B
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/BiYRVVML9NNTA_8LHQsEIyn-udM.roa
Signing time:             Fri 03 Apr 2026 09:19:25 +0000
ROA not before:           Fri 03 Apr 2026 09:19:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199453
IP address blocks:        185.148.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:a3:e4:bc:9b:ce:bc:3c:1d:b4:19:99:88:55:94:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Apr  3 09:19:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06261155530bf4d35303ff0b1d0b042329feb9d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ac:51:d4:ad:10:bc:c4:f8:25:91:30:7c:9a:
                    cd:34:fc:da:47:a8:8b:5f:5b:8b:bd:c5:cd:59:c5:
                    92:6f:bd:92:f7:3e:83:83:af:85:7c:d3:cc:de:2e:
                    9c:1c:7f:f8:09:c2:0d:0f:35:25:b3:bf:2b:ab:5b:
                    80:a4:d0:83:b4:c5:69:3c:94:37:55:34:cd:8e:c9:
                    85:6e:b8:82:0e:94:e6:99:e1:6e:1d:fb:52:49:4a:
                    9b:ba:57:a2:0e:19:d6:2a:19:0e:e4:eb:16:c6:02:
                    38:be:87:21:65:51:f8:6e:b2:30:ef:2b:76:26:31:
                    7f:a5:5e:8a:b0:58:8b:92:5e:6d:d3:fb:e3:dd:67:
                    56:0e:24:d3:df:dd:54:e4:75:82:15:c2:49:a6:8d:
                    f3:10:a9:c6:e2:5f:61:e5:93:75:69:6d:e0:eb:72:
                    bd:d6:f0:75:27:5d:4c:7e:95:b4:48:15:23:f6:72:
                    7b:f5:84:66:2a:31:34:b5:5c:5d:0c:e2:80:02:80:
                    1b:b2:8a:89:40:19:f1:3a:d2:5a:ec:4c:71:5e:60:
                    07:dd:aa:9b:68:79:49:97:b8:ba:ab:3e:7b:68:47:
                    95:15:73:6e:df:ab:67:98:f9:fa:31:03:a0:3c:e4:
                    ee:8e:95:70:5d:46:f7:57:75:30:1b:28:24:e6:c6:
                    ee:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:26:11:55:53:0B:F4:D3:53:03:FF:0B:1D:0B:04:23:29:FE:B9:D3
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/BiYRVVML9NNTA_8LHQsEIyn-udM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:e3:c4:ae:42:fe:f1:2b:fa:cb:ae:79:3e:4d:b2:50:a1:8e:
         d2:0f:5d:0c:d7:14:f9:29:29:f2:19:cb:04:bb:08:d6:e7:ed:
         79:b7:17:b3:5b:e5:ff:d6:ed:c0:08:41:cb:38:3c:2b:6f:b0:
         2d:50:62:1a:b7:de:62:64:ab:ea:b7:fb:ae:f6:0d:c8:82:65:
         47:13:a9:76:97:07:73:8c:33:22:4b:d3:68:1f:31:f5:d9:0d:
         f0:71:55:9e:14:00:1a:94:41:24:37:d0:94:1d:c2:04:a0:2e:
         aa:75:f1:ed:1e:60:e2:75:8d:1c:96:fd:31:45:a9:4b:d5:ba:
         d5:a7:16:4a:13:b0:c2:13:e4:97:bd:62:25:ec:21:4b:91:9c:
         39:4e:42:df:c0:ba:4c:a2:63:56:f8:f0:3e:d8:66:5b:1f:24:
         d9:fe:0d:4f:db:52:dd:ad:83:eb:e8:5b:e2:b6:37:c2:fd:35:
         53:13:02:59:44:a9:7b:b7:1d:a3:e4:66:fb:9e:b2:2a:69:ee:
         f0:ab:79:2c:35:a5:9e:73:46:fc:c3:3c:49:c5:8a:79:58:a1:
         bf:df:e6:68:cc:be:bb:5b:18:fd:14:f6:3f:95:93:ff:e6:c2:
         b0:c8:dc:43:76:e2:c9:88:07:e7:62:28:8d:59:53:31:32:61:
         dd:2c:01:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1So+S8m868PB20GZmIVZQbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjYwNDAzMDkxOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjI2MTE1NTUzMGJmNGQzNTMwM2ZmMGIxZDBiMDQyMzI5ZmViOWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaxR1K0QvMT4JZEwfJrNNPzaR6iL
X1uLvcXNWcWSb72S9z6Dg6+FfNPM3i6cHH/4CcINDzUls78rq1uApNCDtMVpPJQ3
VTTNjsmFbriCDpTmmeFuHftSSUqbuleiDhnWKhkO5OsWxgI4vochZVH4brIw7yt2
JjF/pV6KsFiLkl5t0/vj3WdWDiTT391U5HWCFcJJpo3zEKnG4l9h5ZN1aW3g63K9
1vB1J11MfpW0SBUj9nJ79YRmKjE0tVxdDOKAAoAbsoqJQBnxOtJa7ExxXmAH3aqb
aHlJl7i6qz57aEeVFXNu36tnmPn6MQOgPOTujpVwXUb3V3UwGygk5sbu7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYmEVVTC/TTUwP/Cx0LBCMp/rnTMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvQmlZUlZWTUw5Tk5UQV84TEhRc0VJeW4tdWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZTyMA0G
CSqGSIb3DQEBCwUAA4IBAQDH48SuQv7xK/rLrnk+TbJQoY7SD10M1xT5KSnyGcsE
uwjW5+15txezW+X/1u3ACEHLODwrb7AtUGIat95iZKvqt/uu9g3IgmVHE6l2lwdz
jDMiS9NoHzH12Q3wcVWeFAAalEEkN9CUHcIEoC6qdfHtHmDidY0clv0xRalL1brV
pxZKE7DCE+SXvWIl7CFLkZw5TkLfwLpMomNW+PA+2GZbHyTZ/g1P21LdrYPr6Fvi
tjfC/TVTEwJZRKl7tx2j5Gb7nrIqae7wq3ksNaWec0b8wzxJxYp5WKG/3+ZozL67
Wxj9FPY/lZP/5sKwyNxDduLJiAfnYiiNWVMxMmHdLAGT
-----END CERTIFICATE-----