Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/H5Lw4z72o4JukubyJogRFNVhJ6w.roa
File:                     H5Lw4z72o4JukubyJogRFNVhJ6w.roa (raw, json)
Hash identifier:          x90xOVzv+WXaNWRhikp9C29Pc0et2AxQpDCFcAlXP5U=
Subject key identifier:   1F:92:F0:E3:3E:F6:A3:82:6E:92:E6:F2:26:88:11:14:D5:61:27:AC
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       019EB2584C3371AD4E5E36E947FC60F757C6
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/H5Lw4z72o4JukubyJogRFNVhJ6w.roa
Signing time:             Wed 10 Jun 2026 16:23:11 +0000
ROA not before:           Wed 10 Jun 2026 16:23:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200010
IP address blocks:        185.148.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b2:58:4c:33:71:ad:4e:5e:36:e9:47:fc:60:f7:57:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jun 10 16:23:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f92f0e33ef6a3826e92e6f226881114d56127ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:90:bc:2b:04:47:fa:e9:83:45:bd:9b:b2:1c:
                    50:ba:9e:d5:34:8f:e3:ef:54:9c:e7:1b:01:e2:3e:
                    d3:ca:3c:d8:76:e3:f0:f3:b0:2c:99:ab:9a:4c:1d:
                    c7:94:0c:88:eb:a5:89:81:70:08:49:f8:aa:e6:ca:
                    99:fd:22:62:80:19:1c:ef:88:9d:2a:7e:72:a0:7b:
                    ee:f1:4e:0b:a5:f1:e5:25:69:7f:2e:60:4a:62:e0:
                    7a:34:2e:4b:00:ee:53:91:e9:d1:ab:c2:37:7d:6b:
                    94:5d:09:1b:0a:da:9b:15:77:56:25:9e:7c:25:35:
                    67:3c:2b:83:76:19:20:f0:d4:bf:e8:7c:db:d5:c7:
                    a7:38:2d:09:51:a2:db:83:35:bf:6e:fb:b7:1d:f0:
                    fe:f6:0e:a3:7d:b2:c9:7c:f0:9f:63:61:02:cc:bd:
                    1b:db:38:17:a6:03:c1:7f:84:00:7d:6b:0c:d7:9c:
                    15:93:8b:9d:cd:e4:03:40:09:a9:9b:51:cd:d5:82:
                    70:0d:ab:e5:3f:6e:b7:06:ff:59:e1:07:b7:27:c2:
                    7b:9c:75:20:31:7c:2d:99:12:f8:d9:ed:be:1c:53:
                    3f:0c:cc:aa:fd:6e:b8:2e:9f:28:d6:70:7c:db:f0:
                    d3:ae:45:7c:7d:55:06:d6:3a:90:8c:c1:4f:c1:3a:
                    1e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:92:F0:E3:3E:F6:A3:82:6E:92:E6:F2:26:88:11:14:D5:61:27:AC
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/H5Lw4z72o4JukubyJogRFNVhJ6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:0b:fb:2e:72:2d:1c:c1:66:c8:61:8b:2a:b4:cc:54:5b:4f:
         0d:71:ec:7b:91:5b:dd:f3:ed:01:53:f6:8d:5a:16:7a:1f:c0:
         b0:d0:34:ab:4c:06:12:d6:87:d5:1a:2f:26:ee:51:fb:ee:4d:
         ba:4c:c5:4e:cd:71:80:d1:e5:d2:0e:c4:a4:7b:62:19:73:c5:
         a7:a4:ea:d7:20:d2:0c:f8:fd:a5:16:f3:b2:7f:3e:d0:a3:90:
         bd:03:cb:5e:3d:98:67:94:ea:65:d7:be:be:86:3f:9f:d6:15:
         f5:2f:f5:96:cf:59:59:ac:48:a1:69:c2:44:96:cf:a0:2e:6b:
         ae:7f:71:f6:49:8d:08:c2:97:70:c5:a6:a3:65:df:f1:e8:51:
         bd:0c:08:71:bd:15:e9:fe:05:13:a6:54:88:27:e8:5f:f4:10:
         37:20:47:36:1c:e1:00:0b:b3:b2:98:21:61:e6:38:fe:cf:83:
         8f:b3:54:cb:7b:27:74:02:90:2b:3c:ce:56:c8:7c:b9:0a:29:
         bc:8e:6f:28:06:1e:26:cf:38:c1:7a:81:59:e8:95:3c:d6:c0:
         47:0b:f9:7c:b0:53:e4:bd:74:a8:92:0e:18:fc:76:56:9d:65:
         36:71:a5:20:76:30:90:11:2f:d8:53:81:9d:a5:4a:17:e2:b6:
         71:d7:2b:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6yWEwzca1OXjbpR/xg91fGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjYwNjEwMTYyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjkyZjBlMzNlZjZhMzgyNmU5MmU2ZjIyNjg4MTExNGQ1NjEyN2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7JC8KwRH+umDRb2bshxQup7VNI/j
71Sc5xsB4j7TyjzYduPw87AsmauaTB3HlAyI66WJgXAISfiq5sqZ/SJigBkc74id
Kn5yoHvu8U4LpfHlJWl/LmBKYuB6NC5LAO5TkenRq8I3fWuUXQkbCtqbFXdWJZ58
JTVnPCuDdhkg8NS/6Hzb1cenOC0JUaLbgzW/bvu3HfD+9g6jfbLJfPCfY2ECzL0b
2zgXpgPBf4QAfWsM15wVk4udzeQDQAmpm1HN1YJwDavlP263Bv9Z4Qe3J8J7nHUg
MXwtmRL42e2+HFM/DMyq/W64Lp8o1nB82/DTrkV8fVUG1jqQjMFPwToeGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+S8OM+9qOCbpLm8iaIERTVYSesMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvSDVMdzR6NzJvNEp1a3VieUpvZ1JGTlZoSjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZTxMA0G
CSqGSIb3DQEBCwUAA4IBAQAxC/suci0cwWbIYYsqtMxUW08Ncex7kVvd8+0BU/aN
WhZ6H8Cw0DSrTAYS1ofVGi8m7lH77k26TMVOzXGA0eXSDsSke2IZc8WnpOrXINIM
+P2lFvOyfz7Qo5C9A8tePZhnlOpl176+hj+f1hX1L/WWz1lZrEihacJEls+gLmuu
f3H2SY0IwpdwxaajZd/x6FG9DAhxvRXp/gUTplSIJ+hf9BA3IEc2HOEAC7OymCFh
5jj+z4OPs1TLeyd0ApArPM5WyHy5Cim8jm8oBh4mzzjBeoFZ6JU81sBHC/l8sFPk
vXSokg4Y/HZWnWU2caUgdjCQES/YU4GdpUoX4rZx1yvX
-----END CERTIFICATE-----