Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/cd86fuGEpcvGitdJ6j4qmONtrs4.roa
File:                     cd86fuGEpcvGitdJ6j4qmONtrs4.roa (raw, json)
Hash identifier:          OyWo2jddiuk9oXVabZhwBWcG9HobQGDOXj6VfpvDkjo=
Subject key identifier:   71:DF:3A:7E:E1:84:A5:CB:C6:8A:D7:49:EA:3E:2A:98:E3:6D:AE:CE
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       019D454846CE7207216525E837D3994E6DE7
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/cd86fuGEpcvGitdJ6j4qmONtrs4.roa
Signing time:             Tue 31 Mar 2026 19:04:17 +0000
ROA not before:           Tue 31 Mar 2026 19:04:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210714
IP address blocks:        45.133.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:45:48:46:ce:72:07:21:65:25:e8:37:d3:99:4e:6d:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Mar 31 19:04:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71df3a7ee184a5cbc68ad749ea3e2a98e36daece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:84:00:d2:5d:50:b8:3f:97:a6:34:b3:54:a0:
                    3c:35:89:7e:44:fe:2e:1a:bd:93:10:8c:0b:00:6b:
                    76:f2:dc:76:70:0d:99:80:95:ba:f0:e4:65:85:71:
                    96:79:47:e1:4c:cf:9e:5a:d8:12:07:db:5f:15:a7:
                    3e:48:ed:96:80:69:7c:83:80:b3:b6:00:77:d5:4e:
                    cc:a8:41:1c:0f:1c:cd:9b:2c:7e:c8:a9:fc:03:79:
                    a0:2b:5b:9a:ae:0c:5a:50:35:1f:4e:f5:1c:4e:18:
                    6d:64:4b:76:0e:1d:ac:2d:19:8a:68:b2:b1:4e:2e:
                    ab:ec:da:d3:8c:04:59:1d:55:a5:fc:99:63:d9:02:
                    6e:95:f3:c1:4d:96:27:7e:8a:f9:62:f2:8f:7a:5c:
                    af:49:2f:16:be:cf:45:f3:1d:18:c4:21:22:a8:70:
                    32:f7:e6:06:72:21:1b:3a:9c:4c:33:00:d9:82:87:
                    06:be:63:46:57:40:76:97:02:ad:cc:af:ea:17:a2:
                    f6:2e:6d:d3:3c:99:1b:9d:32:af:66:4b:f2:5f:ac:
                    f5:71:3f:62:41:1c:f9:a7:4f:76:85:6b:3a:6c:5f:
                    1e:59:f2:82:62:16:5e:35:3c:9e:35:92:b6:7b:b2:
                    06:96:d1:cd:d3:f4:2a:5f:a9:42:46:ef:af:50:f1:
                    f5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:DF:3A:7E:E1:84:A5:CB:C6:8A:D7:49:EA:3E:2A:98:E3:6D:AE:CE
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/cd86fuGEpcvGitdJ6j4qmONtrs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:e2:1d:14:16:cb:43:e0:ea:cb:98:48:43:33:71:ef:a4:12:
         11:97:3e:41:eb:53:6f:96:07:1d:05:99:97:64:27:d7:19:43:
         05:bd:37:43:ae:ba:fd:c7:61:a4:e3:4b:e8:d4:25:76:59:23:
         71:2b:14:b5:d1:6c:ae:c1:ab:81:db:0b:8a:9b:b2:4f:aa:a5:
         57:25:5e:8f:f4:7f:68:f7:ca:d2:47:e4:12:00:97:7e:47:5c:
         80:fc:d7:df:f4:ec:2d:c5:80:20:d3:63:7d:87:72:3b:5d:cb:
         43:b3:ab:59:56:e5:1a:0a:f8:7d:d4:42:0a:ec:eb:31:20:21:
         dc:2d:19:27:b7:57:e6:10:5d:93:2d:09:ec:a2:1d:6d:d6:d6:
         b3:33:d5:ec:e0:c1:18:33:86:c2:c7:1d:2a:de:36:01:4d:66:
         f9:1e:06:8d:25:e5:c5:15:92:6d:2c:cc:b6:4c:02:05:f9:fc:
         63:70:7e:f3:e1:53:4d:9e:ca:13:2a:ee:fd:89:24:d1:4f:dd:
         62:b1:c0:93:43:78:4b:24:dc:72:58:d5:c8:8b:27:3f:a4:5c:
         de:8b:aa:bc:8d:52:87:24:b8:10:d0:55:c9:1d:4e:13:cd:6f:
         95:6e:77:7c:0e:79:c5:ac:65:95:e9:7b:3f:de:8c:8d:2e:b2:
         8c:9f:cb:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1FSEbOcgchZSXoN9OZTm3nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjYwMzMxMTkwNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWRmM2E3ZWUxODRhNWNiYzY4YWQ3NDllYTNlMmE5OGUzNmRhZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIQA0l1QuD+XpjSzVKA8NYl+RP4u
Gr2TEIwLAGt28tx2cA2ZgJW68ORlhXGWeUfhTM+eWtgSB9tfFac+SO2WgGl8g4Cz
tgB31U7MqEEcDxzNmyx+yKn8A3mgK1uargxaUDUfTvUcThhtZEt2Dh2sLRmKaLKx
Ti6r7NrTjARZHVWl/Jlj2QJulfPBTZYnfor5YvKPelyvSS8Wvs9F8x0YxCEiqHAy
9+YGciEbOpxMMwDZgocGvmNGV0B2lwKtzK/qF6L2Lm3TPJkbnTKvZkvyX6z1cT9i
QRz5p092hWs6bF8eWfKCYhZeNTyeNZK2e7IGltHN0/QqX6lCRu+vUPH1jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHfOn7hhKXLxorXSeo+Kpjjba7OMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvY2Q4NmZ1R0VwY3ZHaXRkSjZqNHFtT050cnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYUmMA0G
CSqGSIb3DQEBCwUAA4IBAQCK4h0UFstD4OrLmEhDM3HvpBIRlz5B61NvlgcdBZmX
ZCfXGUMFvTdDrrr9x2Gk40vo1CV2WSNxKxS10WyuwauB2wuKm7JPqqVXJV6P9H9o
98rSR+QSAJd+R1yA/Nff9OwtxYAg02N9h3I7XctDs6tZVuUaCvh91EIK7OsxICHc
LRknt1fmEF2TLQnsoh1t1tazM9Xs4MEYM4bCxx0q3jYBTWb5HgaNJeXFFZJtLMy2
TAIF+fxjcH7z4VNNnsoTKu79iSTRT91iscCTQ3hLJNxyWNXIiyc/pFzei6q8jVKH
JLgQ0FXJHU4TzW+Vbnd8DnnFrGWV6Xs/3oyNLrKMn8tQ
-----END CERTIFICATE-----