Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/7UD9mSTFV8lFN4ROehlHuZ5VKzk.roa
File:                     7UD9mSTFV8lFN4ROehlHuZ5VKzk.roa (raw, json)
Hash identifier:          7/SDaPbxGJSgvje7ZyVfzpaTxUzpeca2cxXLtLcUMNc=
Subject key identifier:   ED:40:FD:99:24:C5:57:C9:45:37:84:4E:7A:19:47:B9:9E:55:2B:39
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       019E21DDB551E2F6A5E4E358907BD580B434
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/7UD9mSTFV8lFN4ROehlHuZ5VKzk.roa
Signing time:             Wed 13 May 2026 15:03:58 +0000
ROA not before:           Wed 13 May 2026 15:03:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        94.154.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:21:dd:b5:51:e2:f6:a5:e4:e3:58:90:7b:d5:80:b4:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: May 13 15:03:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed40fd9924c557c94537844e7a1947b99e552b39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:77:06:20:04:52:f8:21:1f:60:6e:04:ae:5a:
                    9d:43:c2:bb:af:f4:bb:6a:e3:d5:b3:18:c6:28:8d:
                    8b:2c:ea:06:17:f7:a3:c9:c6:87:a1:bc:2b:ae:d4:
                    2b:67:f8:93:0e:95:6c:85:d3:d1:fc:d6:8e:da:cb:
                    29:70:28:12:6b:5e:fe:92:9e:d7:96:cd:f2:0b:24:
                    c9:ca:48:c1:63:31:3b:3b:8d:e9:54:ce:40:94:37:
                    7b:6d:46:e8:f1:51:30:d0:c3:72:fb:11:9d:30:c9:
                    9f:7e:d1:86:71:b9:86:b9:b4:4a:96:75:d4:cd:e3:
                    b5:38:44:9d:92:49:fe:6b:10:a6:e1:26:ed:b5:03:
                    7b:4a:df:c0:ca:01:32:6a:be:fe:24:66:72:5c:66:
                    65:49:45:7a:10:16:c9:c8:a6:d6:27:28:ef:ad:6d:
                    95:09:a9:be:49:8a:4d:db:fc:31:fc:d1:15:ce:9d:
                    3b:7e:05:13:1c:52:5b:0c:18:e8:da:2f:62:06:9f:
                    fc:1b:eb:2d:bd:56:b6:e1:59:ca:cc:f3:bb:97:70:
                    9d:ea:32:1e:98:dd:dc:da:47:41:02:17:fd:68:de:
                    15:f7:0f:fe:d0:af:93:32:5b:1c:88:03:43:de:24:
                    c8:13:ae:d7:93:57:e7:3a:b9:a7:80:c6:9c:e6:d1:
                    4c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:40:FD:99:24:C5:57:C9:45:37:84:4E:7A:19:47:B9:9E:55:2B:39
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/7UD9mSTFV8lFN4ROehlHuZ5VKzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:6e:61:85:b2:d1:6b:94:1a:d5:3c:05:a6:8b:0a:56:31:f6:
         25:30:2b:5d:00:6e:ad:9e:84:c5:ee:86:72:08:58:24:0f:16:
         cc:e5:88:27:1c:64:fd:cc:a2:e7:6e:52:c0:ea:31:45:98:56:
         0f:85:1f:3e:bb:7b:42:7a:c2:34:10:79:89:c2:6b:5b:50:23:
         0d:95:10:15:ee:cb:bb:c7:3c:84:35:41:10:b8:39:ee:45:81:
         5b:47:14:cd:a4:87:ce:a9:5e:12:29:3a:19:8b:8b:40:59:77:
         fb:1d:61:da:7d:e5:d6:04:01:63:cf:3f:c7:c4:2a:ba:3c:81:
         72:72:f6:0d:a3:70:42:91:c8:29:0e:89:60:2e:39:cc:ed:69:
         43:e1:7b:5e:01:2d:83:69:ac:e5:d1:7c:e6:47:cf:a2:c8:4f:
         ed:39:46:fc:20:c9:e6:ce:bc:46:d8:4c:0c:2c:5e:69:8e:db:
         74:91:35:27:5c:38:ed:c3:82:31:97:fc:77:c0:2d:24:49:1e:
         da:70:a8:06:cf:64:ce:6e:f4:0e:38:8d:eb:08:53:5a:09:64:
         6d:5d:67:c1:0d:5e:ef:fd:f0:59:f5:40:8e:a1:e5:4b:41:e7:
         de:1b:1c:db:c5:3f:de:e7:55:65:cc:92:a9:f9:7d:44:49:5a:
         2d:dc:ba:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4h3bVR4val5ONYkHvVgLQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjYwNTEzMTUwMzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQwZmQ5OTI0YzU1N2M5NDUzNzg0NGU3YTE5NDdiOTllNTUyYjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XcGIARS+CEfYG4ErlqdQ8K7r/S7
auPVsxjGKI2LLOoGF/ejycaHobwrrtQrZ/iTDpVshdPR/NaO2sspcCgSa17+kp7X
ls3yCyTJykjBYzE7O43pVM5AlDd7bUbo8VEw0MNy+xGdMMmfftGGcbmGubRKlnXU
zeO1OESdkkn+axCm4SbttQN7St/AygEyar7+JGZyXGZlSUV6EBbJyKbWJyjvrW2V
Cam+SYpN2/wx/NEVzp07fgUTHFJbDBjo2i9iBp/8G+stvVa24VnKzPO7l3Cd6jIe
mN3c2kdBAhf9aN4V9w/+0K+TMlsciAND3iTIE67Xk1fnOrmngMac5tFMrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1A/ZkkxVfJRTeETnoZR7meVSs5MB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvN1VEOW1TVEZWOGxGTjRST2VobEh1WjVWS3prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpotMA0G
CSqGSIb3DQEBCwUAA4IBAQBJbmGFstFrlBrVPAWmiwpWMfYlMCtdAG6tnoTF7oZy
CFgkDxbM5YgnHGT9zKLnblLA6jFFmFYPhR8+u3tCesI0EHmJwmtbUCMNlRAV7su7
xzyENUEQuDnuRYFbRxTNpIfOqV4SKToZi4tAWXf7HWHafeXWBAFjzz/HxCq6PIFy
cvYNo3BCkcgpDolgLjnM7WlD4XteAS2Daazl0XzmR8+iyE/tOUb8IMnmzrxG2EwM
LF5pjtt0kTUnXDjtw4Ixl/x3wC0kSR7acKgGz2TObvQOOI3rCFNaCWRtXWfBDV7v
/fBZ9UCOoeVLQefeGxzbxT/e51VlzJKp+X1ESVot3Lq5
-----END CERTIFICATE-----