Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/MnkZ2uGRZrTSdTCIfeiOua7a3c8.roa
File:                     MnkZ2uGRZrTSdTCIfeiOua7a3c8.roa (raw, json)
Hash identifier:          W5Zv1swY/sHVBwrPHptQ5GwEAhCn12V7MA2pp2AtLQs=
Subject key identifier:   32:79:19:DA:E1:91:66:B4:D2:75:30:88:7D:E8:8E:B9:AE:DA:DD:CF
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       019CADB85E17E6673CB1894B41DC707174D7
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/MnkZ2uGRZrTSdTCIfeiOua7a3c8.roa
Signing time:             Mon 02 Mar 2026 08:44:26 +0000
ROA not before:           Mon 02 Mar 2026 08:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215305
IP address blocks:        185.245.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:b8:5e:17:e6:67:3c:b1:89:4b:41:dc:70:71:74:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: Mar  2 08:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=327919dae19166b4d27530887de88eb9aedaddcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:08:a8:b0:94:0a:f2:77:d3:9d:6d:b4:07:4e:
                    b6:d3:49:93:8e:0b:b0:ca:3c:9c:de:69:ea:cb:ad:
                    34:f6:47:13:71:3e:ba:56:34:f5:d3:5b:78:22:90:
                    29:d9:88:38:0f:26:bc:c0:77:24:17:41:1b:d2:21:
                    ff:5c:78:d3:f4:de:a8:10:44:fc:cc:2e:2f:e4:b7:
                    79:b5:1e:b7:c6:09:a2:76:09:d0:c9:12:75:57:05:
                    55:95:4e:ff:8c:0f:04:4c:f2:12:04:b9:5a:7e:97:
                    ca:82:fa:c0:c5:89:c7:79:d4:c2:91:e1:b2:cf:c0:
                    63:cb:65:a1:a0:10:b2:31:90:3e:f1:e7:99:95:f0:
                    56:6b:02:5a:7d:c0:cb:0e:cd:57:c4:ab:6a:b2:14:
                    1e:19:90:12:97:7f:36:b0:48:d5:b9:fb:ad:f6:f3:
                    a4:39:c9:8b:45:fa:8c:ed:c2:c0:68:7c:c4:11:b1:
                    f9:0a:32:48:b1:67:7a:9a:83:b2:48:92:1a:e2:98:
                    e4:a9:4c:57:d7:6f:2d:fc:54:82:f2:10:f1:01:f1:
                    76:ed:70:7a:2f:59:05:bf:c9:c5:e7:2d:b7:d7:86:
                    d9:65:50:c3:2e:62:f2:ab:48:3b:c3:89:5c:ab:2f:
                    05:f0:ee:fa:f8:ff:e3:e2:6e:ca:8b:72:d0:26:ad:
                    db:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:79:19:DA:E1:91:66:B4:D2:75:30:88:7D:E8:8E:B9:AE:DA:DD:CF
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/MnkZ2uGRZrTSdTCIfeiOua7a3c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:a7:85:22:84:b5:a1:98:8c:55:e4:e6:96:3b:c0:3f:a1:f4:
         fa:19:0d:6c:7e:f6:4c:d0:0e:8c:9b:c2:6c:fa:09:c0:30:fd:
         b8:06:4f:58:eb:e3:17:23:b2:07:8f:21:7d:af:a2:81:02:9e:
         71:43:42:da:b7:25:c0:24:09:d8:21:49:e7:ee:fd:40:42:63:
         1e:3e:0a:df:dc:c7:f1:94:70:a1:b4:7d:af:52:ee:aa:32:76:
         17:50:ea:56:7f:2c:2a:db:89:1a:dc:fb:ea:08:dc:38:c2:55:
         e6:b0:2f:b6:62:cc:dc:a5:d9:85:08:81:97:78:2c:45:f0:87:
         da:2f:fe:fa:d8:bb:43:00:85:81:00:c7:75:21:07:c4:00:2e:
         f0:d2:29:1d:e9:e7:5b:6a:6f:be:94:bc:56:db:49:eb:4e:b2:
         5b:9d:be:b1:14:2d:0b:68:33:08:99:9e:10:09:ae:43:a4:b2:
         23:1b:30:39:b9:54:42:25:b8:43:74:7d:4b:40:d5:26:12:b6:
         d9:f3:c7:54:94:8f:73:a4:c4:fb:2a:ea:04:c5:cc:94:48:42:
         83:63:3b:8d:20:15:7f:f9:62:c7:b2:39:63:64:7c:2b:8f:e4:
         fb:d2:48:85:bb:3c:9c:8a:c4:c7:cc:d3:47:74:75:d4:a3:e5:
         6f:b1:7f:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZytuF4X5mc8sYlLQdxwcXTXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjYwMzAyMDg0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjc5MTlkYWUxOTE2NmI0ZDI3NTMwODg3ZGU4OGViOWFlZGFkZGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQiosJQK8nfTnW20B06200mTjguw
yjyc3mnqy6009kcTcT66VjT101t4IpAp2Yg4Dya8wHckF0Eb0iH/XHjT9N6oEET8
zC4v5Ld5tR63xgmidgnQyRJ1VwVVlU7/jA8ETPISBLlafpfKgvrAxYnHedTCkeGy
z8Bjy2WhoBCyMZA+8eeZlfBWawJafcDLDs1XxKtqshQeGZASl382sEjVufut9vOk
OcmLRfqM7cLAaHzEEbH5CjJIsWd6moOySJIa4pjkqUxX128t/FSC8hDxAfF27XB6
L1kFv8nF5y2314bZZVDDLmLyq0g7w4lcqy8F8O76+P/j4m7Ki3LQJq3b4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJ5GdrhkWa00nUwiH3ojrmu2t3PMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvTW5rWjJ1R1JaclRTZFRDSWZlaU91YTdhM2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufUoMA0G
CSqGSIb3DQEBCwUAA4IBAQAPp4UihLWhmIxV5OaWO8A/ofT6GQ1sfvZM0A6Mm8Js
+gnAMP24Bk9Y6+MXI7IHjyF9r6KBAp5xQ0LatyXAJAnYIUnn7v1AQmMePgrf3Mfx
lHChtH2vUu6qMnYXUOpWfywq24ka3PvqCNw4wlXmsC+2YszcpdmFCIGXeCxF8Ifa
L/762LtDAIWBAMd1IQfEAC7w0ikd6edbam++lLxW20nrTrJbnb6xFC0LaDMImZ4Q
Ca5DpLIjGzA5uVRCJbhDdH1LQNUmErbZ88dUlI9zpMT7KuoExcyUSEKDYzuNIBV/
+WLHsjljZHwrj+T70kiFuzycisTHzNNHdHXUo+VvsX+Z
-----END CERTIFICATE-----