Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/M4jgPZ-bQfm27ad0PSbYVT7hlGs.roa
File:                     M4jgPZ-bQfm27ad0PSbYVT7hlGs.roa (raw, json)
Hash identifier:          iwNBV+vpEbRSbqBny+pSg2+DuLOeDC0Bsr5os43H+zs=
Subject key identifier:   33:88:E0:3D:9F:9B:41:F9:B6:ED:A7:74:3D:26:D8:55:3E:E1:94:6B
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       019EB6543318560971E00BFEDDA7C6E1E032
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/M4jgPZ-bQfm27ad0PSbYVT7hlGs.roa
Signing time:             Thu 11 Jun 2026 10:57:11 +0000
ROA not before:           Thu 11 Jun 2026 10:57:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        45.143.96.0/24 maxlen: 24
                          185.169.183.0/24 maxlen: 24
                          185.174.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:54:33:18:56:09:71:e0:0b:fe:dd:a7:c6:e1:e0:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jun 11 10:57:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3388e03d9f9b41f9b6eda7743d26d8553ee1946b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:16:dc:d5:9c:16:dc:5a:91:e3:3f:10:b7:e6:
                    34:9c:bf:6c:7d:1c:ff:5c:96:85:5f:fb:b2:75:e8:
                    ef:f2:6f:cf:57:17:e4:b4:51:4d:57:b2:60:b8:42:
                    9e:ef:95:4e:25:9c:1b:9d:b0:44:01:64:b9:64:ca:
                    89:e5:cc:25:53:ff:66:83:10:c5:d7:19:ab:af:da:
                    17:7e:3b:fa:20:e8:56:bb:fd:9a:16:1d:a8:17:82:
                    73:e7:ff:e1:4e:5f:c1:10:aa:bc:b0:8c:79:c0:24:
                    80:e2:10:fa:75:36:fa:61:48:6c:b6:b0:24:53:93:
                    84:1d:a6:2f:30:93:f4:b6:89:2e:cd:0a:5a:aa:73:
                    c7:86:d3:a9:80:4d:c0:68:b5:b6:ff:b9:13:de:a1:
                    9e:57:00:34:03:2d:53:b0:aa:3b:3b:55:5e:d6:4a:
                    8c:11:d3:a7:56:d0:a2:9e:ea:9c:db:e9:de:70:61:
                    1f:f5:bf:e4:fd:fa:41:a6:56:74:07:a0:f8:64:42:
                    f4:89:80:55:79:61:6f:d8:96:f4:67:22:a5:ff:92:
                    db:d8:72:73:ba:de:ed:c0:44:84:11:fc:3d:cd:d2:
                    3e:e9:a3:c8:d4:13:09:de:d8:8c:b3:b9:53:b2:87:
                    13:62:f1:94:4e:02:3e:90:e7:1e:07:2c:77:81:08:
                    e5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:88:E0:3D:9F:9B:41:F9:B6:ED:A7:74:3D:26:D8:55:3E:E1:94:6B
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/M4jgPZ-bQfm27ad0PSbYVT7hlGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.96.0/24
                  185.169.183.0/24
                  185.174.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:59:bc:e3:56:aa:34:28:48:7e:a9:90:79:f7:d2:45:a1:ea:
         9b:26:91:42:df:49:29:44:a0:c2:fe:d7:7a:ac:1c:38:66:b3:
         36:66:50:1c:97:80:b8:08:e0:c1:d6:d9:35:9c:5d:2b:b6:59:
         f1:4a:a1:21:82:13:3e:90:ef:e7:0d:d3:4b:10:af:35:64:bb:
         4c:a2:85:57:ed:e0:1f:24:ff:d5:a2:86:b1:d9:2e:2f:c6:85:
         20:7d:bf:89:f4:b5:51:54:2b:ed:44:8d:04:fa:ba:18:b9:f1:
         d5:7f:31:92:7f:5f:31:93:03:b5:5b:fe:30:f9:44:ce:4e:ed:
         6c:c0:b9:4c:e1:c0:91:cc:7f:d1:0f:45:b0:b6:77:5b:7e:90:
         70:6a:74:0d:4b:2c:10:3a:24:16:3e:71:50:f2:60:ab:4c:6b:
         d8:cb:81:4e:9e:42:0b:21:2d:2b:35:f4:78:71:c5:bc:56:5d:
         62:40:8b:d5:9d:6f:c0:ea:5a:d7:12:85:d7:23:b3:32:bf:ec:
         2d:2c:16:71:3d:77:2a:69:03:81:9b:73:60:c4:6a:00:8c:81:
         2b:85:75:36:ae:d5:7e:07:91:ff:b2:c6:80:e2:82:a1:44:49:
         54:89:d2:6d:63:9d:c5:95:bf:b7:0a:9b:73:0f:5f:dd:2a:bf:
         a0:03:f1:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ62VDMYVglx4Av+3afG4eAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjYwNjExMTA1NzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzg4ZTAzZDlmOWI0MWY5YjZlZGE3NzQzZDI2ZDg1NTNlZTE5NDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxbc1ZwW3FqR4z8Qt+Y0nL9sfRz/
XJaFX/uydejv8m/PVxfktFFNV7JguEKe75VOJZwbnbBEAWS5ZMqJ5cwlU/9mgxDF
1xmrr9oXfjv6IOhWu/2aFh2oF4Jz5//hTl/BEKq8sIx5wCSA4hD6dTb6YUhstrAk
U5OEHaYvMJP0tokuzQpaqnPHhtOpgE3AaLW2/7kT3qGeVwA0Ay1TsKo7O1Ve1kqM
EdOnVtCinuqc2+necGEf9b/k/fpBplZ0B6D4ZEL0iYBVeWFv2Jb0ZyKl/5Lb2HJz
ut7twESEEfw9zdI+6aPI1BMJ3tiMs7lTsocTYvGUTgI+kOceByx3gQjlXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDOI4D2fm0H5tu2ndD0m2FU+4ZRrMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvTTRqZ1BaLWJRZm0yN2FkMFBTYllWVDdobEdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALY9gAwQA
uam3AwQAua4XMA0GCSqGSIb3DQEBCwUAA4IBAQCAWbzjVqo0KEh+qZB599JFoeqb
JpFC30kpRKDC/td6rBw4ZrM2ZlAcl4C4CODB1tk1nF0rtlnxSqEhghM+kO/nDdNL
EK81ZLtMooVX7eAfJP/Vooax2S4vxoUgfb+J9LVRVCvtRI0E+roYufHVfzGSf18x
kwO1W/4w+UTOTu1swLlM4cCRzH/RD0WwtndbfpBwanQNSywQOiQWPnFQ8mCrTGvY
y4FOnkILIS0rNfR4ccW8Vl1iQIvVnW/A6lrXEoXXI7Myv+wtLBZxPXcqaQOBm3Ng
xGoAjIErhXU2rtV+B5H/ssaA4oKhRElUidJtY53Flb+3CptzD1/dKr+gA/F9
-----END CERTIFICATE-----