Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/76706c-124c-4dbf-aef8-73dba1dddca7/1/RMWRbbD_BdAd9CzTxDVfQGAvCWk.roa
File:                     RMWRbbD_BdAd9CzTxDVfQGAvCWk.roa (raw, json)
Hash identifier:          pFbz45/dgrlTncXp4cZG//XsRZw9h90zOSy0E/AZEIY=
Subject key identifier:   44:C5:91:6D:B0:FF:05:D0:1D:F4:2C:D3:C4:35:5F:40:60:2F:09:69
Certificate issuer:       /CN=a4947a653dec53d179d5724f2514c7256db69df8
Certificate serial:       019B7D5B14D24A68C2F4D530EB3C9B8E2FF6
Authority key identifier: A4:94:7A:65:3D:EC:53:D1:79:D5:72:4F:25:14:C7:25:6D:B6:9D:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJR6ZT3sU9F51XJPJRTHJW22nfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/76706c-124c-4dbf-aef8-73dba1dddca7/1/RMWRbbD_BdAd9CzTxDVfQGAvCWk.roa
Signing time:             Fri 02 Jan 2026 06:17:59 +0000
ROA not before:           Fri 02 Jan 2026 06:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52160
IP address blocks:        194.247.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/76706c-124c-4dbf-aef8-73dba1dddca7/1/pJR6ZT3sU9F51XJPJRTHJW22nfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/76706c-124c-4dbf-aef8-73dba1dddca7/1/pJR6ZT3sU9F51XJPJRTHJW22nfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJR6ZT3sU9F51XJPJRTHJW22nfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:14:d2:4a:68:c2:f4:d5:30:eb:3c:9b:8e:2f:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4947a653dec53d179d5724f2514c7256db69df8
        Validity
            Not Before: Jan  2 06:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44c5916db0ff05d01df42cd3c4355f40602f0969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a6:81:c8:4b:18:01:05:87:8b:e4:b4:2a:53:
                    cc:5a:b7:b6:96:4a:1d:80:d9:eb:d0:c1:1f:c7:71:
                    4b:6e:50:72:2b:6d:39:fd:0f:51:bb:c8:ae:e4:ec:
                    cd:f5:7f:27:72:a2:31:99:5b:66:7d:24:57:27:58:
                    e5:5f:0c:c2:8a:80:f0:1a:06:17:a9:83:1b:e2:18:
                    4e:f4:ff:19:ce:0c:f1:37:51:b9:f6:10:cd:cb:a3:
                    98:11:75:02:f5:9a:7e:32:19:4a:48:a8:97:9f:ed:
                    22:a6:09:ab:89:cc:1a:bf:2c:4b:5c:76:06:d7:79:
                    c4:5c:63:68:df:20:e9:ec:8d:28:84:79:1e:85:69:
                    03:ff:0c:b6:21:88:40:a5:6f:3f:7d:2e:77:52:d6:
                    b0:26:d4:91:83:9c:ea:c1:be:cb:30:b2:b0:00:0b:
                    4c:2c:7f:fc:de:c2:03:d0:82:51:b0:8a:01:b4:0d:
                    3b:fe:4d:03:6c:3f:03:e5:12:d6:f4:5c:9f:ad:70:
                    4d:f8:be:5b:5a:b6:1b:b9:bd:2f:ad:59:97:cf:f0:
                    7a:c5:35:29:21:33:ea:88:d8:2c:f9:16:3b:c7:59:
                    0b:9f:33:c4:a5:2a:c9:6f:b9:7d:8a:c6:a9:64:07:
                    32:23:5a:09:13:89:41:c4:27:ba:50:f7:c2:a1:96:
                    b9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C5:91:6D:B0:FF:05:D0:1D:F4:2C:D3:C4:35:5F:40:60:2F:09:69
            X509v3 Authority Key Identifier:
                keyid:A4:94:7A:65:3D:EC:53:D1:79:D5:72:4F:25:14:C7:25:6D:B6:9D:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJR6ZT3sU9F51XJPJRTHJW22nfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/76706c-124c-4dbf-aef8-73dba1dddca7/1/RMWRbbD_BdAd9CzTxDVfQGAvCWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/76706c-124c-4dbf-aef8-73dba1dddca7/1/pJR6ZT3sU9F51XJPJRTHJW22nfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.247.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:9d:f2:00:c2:55:01:78:3b:e3:df:54:f2:a5:f5:9c:6a:4a:
         54:db:02:03:99:cf:ed:96:8a:b9:67:a1:ec:f3:31:65:46:94:
         e3:37:b3:88:44:35:36:34:69:ff:13:d4:44:48:14:b2:5c:f0:
         b8:35:c7:a3:01:f2:fc:bf:b1:68:6a:12:04:e7:ba:2a:6b:e6:
         64:df:85:04:7a:88:a4:c7:1e:a2:45:bf:9e:da:39:00:52:d1:
         18:5e:a0:50:f6:27:be:a5:c6:e9:cb:29:17:85:b6:d9:4c:32:
         f2:47:10:1b:97:2a:db:e0:a8:0f:98:42:80:b0:3a:86:f6:99:
         ae:a5:b5:06:d6:0b:7d:a9:a8:e7:4f:3e:6a:6d:a3:82:ec:21:
         60:61:b4:50:68:cb:b6:c4:db:71:26:b1:49:58:01:58:44:5f:
         e8:22:a1:4c:09:91:23:97:83:9b:9b:23:84:59:75:0d:82:50:
         c3:ea:2c:4a:db:ed:3b:d8:b6:76:0d:a0:f6:65:97:a9:0e:f4:
         27:ad:ef:eb:d7:18:03:38:58:4a:a8:41:cd:a8:2f:14:ea:8e:
         c8:36:16:cc:57:24:a9:63:dc:99:df:a8:64:c0:10:d6:b8:60:
         5b:81:88:6a:09:88:36:4c:94:27:c0:14:ec:fd:74:1a:1a:7a:
         8c:c5:26:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WxTSSmjC9NUw6zybji/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTQ3YTY1M2RlYzUzZDE3OWQ1NzI0ZjI1MTRjNzI1NmRi
NjlkZjgwHhcNMjYwMTAyMDYxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGM1OTE2ZGIwZmYwNWQwMWRmNDJjZDNjNDM1NWY0MDYwMmYwOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aaByEsYAQWHi+S0KlPMWre2lkod
gNnr0MEfx3FLblByK205/Q9Ru8iu5OzN9X8ncqIxmVtmfSRXJ1jlXwzCioDwGgYX
qYMb4hhO9P8ZzgzxN1G59hDNy6OYEXUC9Zp+MhlKSKiXn+0ipgmricwavyxLXHYG
13nEXGNo3yDp7I0ohHkehWkD/wy2IYhApW8/fS53UtawJtSRg5zqwb7LMLKwAAtM
LH/83sID0IJRsIoBtA07/k0DbD8D5RLW9FyfrXBN+L5bWrYbub0vrVmXz/B6xTUp
ITPqiNgs+RY7x1kLnzPEpSrJb7l9isapZAcyI1oJE4lBxCe6UPfCoZa5iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETFkW2w/wXQHfQs08Q1X0BgLwlpMB8GA1UdIwQY
MBaAFKSUemU97FPRedVyTyUUxyVttp34MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEpSNlpUM3NVOUY1MVhKUEpSVEhKVzIybmZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS83NjcwNmMtMTI0Yy00ZGJmLWFlZjgt
NzNkYmExZGRkY2E3LzEvUk1XUmJiRF9CZEFkOUN6VHhEVmZRR0F2Q1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS83NjcwNmMtMTI0Yy00ZGJmLWFlZjgtNzNkYmExZGRkY2E3
LzEvcEpSNlpUM3NVOUY1MVhKUEpSVEhKVzIybmZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvcyMA0G
CSqGSIb3DQEBCwUAA4IBAQCEnfIAwlUBeDvj31TypfWcakpU2wIDmc/tloq5Z6Hs
8zFlRpTjN7OIRDU2NGn/E9RESBSyXPC4NcejAfL8v7FoahIE57oqa+Zk34UEeoik
xx6iRb+e2jkAUtEYXqBQ9ie+pcbpyykXhbbZTDLyRxAblyrb4KgPmEKAsDqG9pmu
pbUG1gt9qajnTz5qbaOC7CFgYbRQaMu2xNtxJrFJWAFYRF/oIqFMCZEjl4ObmyOE
WXUNglDD6ixK2+072LZ2DaD2ZZepDvQnre/r1xgDOFhKqEHNqC8U6o7INhbMVySp
Y9yZ36hkwBDWuGBbgYhqCYg2TJQnwBTs/XQaGnqMxSYO
-----END CERTIFICATE-----