Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/DNKVTDfCdlLHW9MrVOz_V6C3F8g.roa
File:                     DNKVTDfCdlLHW9MrVOz_V6C3F8g.roa (raw, json)
Hash identifier:          uasjkvXg+88xW1j9weGfc4+Lwe8xp4HgPIRySLA8dcs=
Subject key identifier:   0C:D2:95:4C:37:C2:76:52:C7:5B:D3:2B:54:EC:FF:57:A0:B7:17:C8
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019D7825DBC226307994F9ECBEBF3B187936
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/DNKVTDfCdlLHW9MrVOz_V6C3F8g.roa
Signing time:             Fri 10 Apr 2026 16:07:20 +0000
ROA not before:           Fri 10 Apr 2026 16:07:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213220
IP address blocks:        45.91.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:25:db:c2:26:30:79:94:f9:ec:be:bf:3b:18:79:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Apr 10 16:07:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0cd2954c37c27652c75bd32b54ecff57a0b717c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:76:7d:7b:0f:82:ae:da:df:2f:75:49:2a:a4:
                    b1:b1:4d:e8:20:77:9c:8c:4d:a3:1a:fc:20:ab:0e:
                    97:85:c0:63:08:41:e4:7a:91:f0:d6:fd:c2:14:b5:
                    6c:53:53:1a:fe:3b:70:65:48:33:a7:b4:1a:91:00:
                    d4:50:76:c3:a6:d0:14:be:89:60:be:0f:69:3d:47:
                    68:0c:4c:a5:48:34:e0:24:73:94:cd:3f:5c:5d:99:
                    99:91:b0:14:c4:f9:0c:0f:39:34:e0:71:ed:e2:48:
                    5a:81:15:93:1e:2f:ef:55:f7:9d:8f:b6:3a:33:68:
                    f8:83:dc:5a:43:b3:e4:69:66:e8:20:3c:9d:9f:f6:
                    95:ed:7f:f9:5e:2e:5f:08:2e:c5:4c:7d:39:69:07:
                    78:e4:ac:b8:77:97:cf:92:56:0c:a2:e5:36:9d:04:
                    53:bc:4c:c6:18:ca:13:bf:77:63:53:90:02:61:d1:
                    9d:4e:f0:1f:08:c1:d0:61:4c:fd:b3:d7:0d:57:ba:
                    0e:dd:f3:2a:70:ac:9b:76:de:d0:35:21:0d:ae:90:
                    50:fa:ae:c3:7d:ae:19:2d:67:f7:0b:a1:98:b0:5f:
                    96:2b:ce:f6:87:a8:17:46:64:73:3c:a8:8b:37:6a:
                    10:04:3e:05:1a:21:1c:10:d1:78:d9:6f:03:b1:0b:
                    56:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D2:95:4C:37:C2:76:52:C7:5B:D3:2B:54:EC:FF:57:A0:B7:17:C8
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/DNKVTDfCdlLHW9MrVOz_V6C3F8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:7a:e8:df:93:ba:a1:99:87:aa:cc:91:35:b8:20:3d:07:0d:
         20:88:37:29:2a:7a:fe:6f:0d:dd:45:74:38:d4:bc:6b:7d:bd:
         0c:87:ef:96:7b:74:e2:73:3f:38:f0:47:e9:f3:14:ee:15:a2:
         db:e7:cd:7a:37:42:61:1d:0f:15:ff:66:26:bd:27:60:7f:30:
         3e:ae:6d:d8:ba:c6:12:e8:92:c4:09:6d:b5:8c:b3:d9:77:84:
         f6:77:4d:a4:0d:00:30:f5:8b:44:28:eb:5d:0a:67:cd:37:61:
         ed:4a:64:ce:11:01:96:13:7c:ca:e6:37:41:cc:26:8d:61:76:
         44:ab:53:18:41:9d:e6:50:6d:cf:60:8f:39:ad:17:9d:44:a9:
         97:49:20:ba:f3:4d:99:d1:b1:06:84:7d:60:24:83:82:c0:c2:
         bd:cb:dc:a1:c5:53:ad:96:d7:22:47:03:1d:d9:d1:77:55:55:
         66:ca:c4:a5:6b:32:89:cb:44:95:42:10:a7:04:5c:c7:c8:ad:
         db:f1:75:c6:66:53:a4:b5:71:61:20:a0:4f:3d:73:df:47:5b:
         f3:81:58:fb:2b:99:36:2f:50:04:49:c4:bd:0f:a3:38:21:9a:
         f4:48:26:98:06:ad:2d:ec:65:a9:a9:4f:49:8a:5a:a3:07:5e:
         87:fb:2b:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ14JdvCJjB5lPnsvr87GHk2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjYwNDEwMTYwNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2QyOTU0YzM3YzI3NjUyYzc1YmQzMmI1NGVjZmY1N2EwYjcxN2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3Z9ew+CrtrfL3VJKqSxsU3oIHec
jE2jGvwgqw6XhcBjCEHkepHw1v3CFLVsU1Ma/jtwZUgzp7QakQDUUHbDptAUvolg
vg9pPUdoDEylSDTgJHOUzT9cXZmZkbAUxPkMDzk04HHt4khagRWTHi/vVfedj7Y6
M2j4g9xaQ7PkaWboIDydn/aV7X/5Xi5fCC7FTH05aQd45Ky4d5fPklYMouU2nQRT
vEzGGMoTv3djU5ACYdGdTvAfCMHQYUz9s9cNV7oO3fMqcKybdt7QNSENrpBQ+q7D
fa4ZLWf3C6GYsF+WK872h6gXRmRzPKiLN2oQBD4FGiEcENF42W8DsQtWEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzSlUw3wnZSx1vTK1Ts/1egtxfIMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvRE5LVlREZkNkbExIVzlNclZPel9WNkMzRjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVs0MA0G
CSqGSIb3DQEBCwUAA4IBAQC4eujfk7qhmYeqzJE1uCA9Bw0giDcpKnr+bw3dRXQ4
1Lxrfb0Mh++We3Ticz848Efp8xTuFaLb5816N0JhHQ8V/2YmvSdgfzA+rm3YusYS
6JLECW21jLPZd4T2d02kDQAw9YtEKOtdCmfNN2HtSmTOEQGWE3zK5jdBzCaNYXZE
q1MYQZ3mUG3PYI85rRedRKmXSSC6802Z0bEGhH1gJIOCwMK9y9yhxVOtltciRwMd
2dF3VVVmysSlazKJy0SVQhCnBFzHyK3b8XXGZlOktXFhIKBPPXPfR1vzgVj7K5k2
L1AEScS9D6M4IZr0SCaYBq0t7GWpqU9JilqjB16H+yvS
-----END CERTIFICATE-----