Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/48T8vYE2PIuF-JUHACGRSktJ5kI.roa
File:                     48T8vYE2PIuF-JUHACGRSktJ5kI.roa (raw, json)
Hash identifier:          gSU/+8oQIH7vKHyOi++4cnwLf3TJw4y7dFrpKBaFihg=
Subject key identifier:   E3:C4:FC:BD:81:36:3C:8B:85:F8:95:07:00:21:91:4A:4B:49:E6:42
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019D4DF69C23143B5443326AEB1C3B0D0628
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/48T8vYE2PIuF-JUHACGRSktJ5kI.roa
Signing time:             Thu 02 Apr 2026 11:31:40 +0000
ROA not before:           Thu 02 Apr 2026 11:31:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199685
IP address blocks:        83.147.242.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4d:f6:9c:23:14:3b:54:43:32:6a:eb:1c:3b:0d:06:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr  2 11:31:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3c4fcbd81363c8b85f895070021914a4b49e642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d8:22:26:01:7d:04:9e:24:23:6d:3d:16:7f:
                    da:4b:d7:bf:4f:c6:e8:2d:cc:05:87:a5:b3:40:31:
                    61:4f:28:66:35:73:42:40:a3:68:55:35:c0:fe:52:
                    e5:a0:a4:eb:a5:f6:ee:2b:89:19:7b:c3:93:ca:fe:
                    f1:a9:38:c1:f9:74:dc:13:ad:34:a6:5d:06:75:ff:
                    1a:86:1f:58:71:f9:a2:53:88:b0:21:bf:3c:db:4c:
                    31:58:53:f8:ce:0a:66:6a:8b:52:1c:35:cc:fe:be:
                    96:64:26:1c:81:4e:cc:a4:96:d4:63:f5:57:e3:92:
                    84:76:c4:14:68:1c:16:34:7d:82:2c:85:8c:1d:53:
                    5e:1c:92:ea:bc:d0:90:eb:b9:16:c1:8d:81:d8:28:
                    51:9a:1c:ba:2b:7d:b7:94:6f:ab:53:b8:aa:c2:30:
                    1e:0e:79:58:32:a1:9e:77:62:eb:35:fb:b1:0e:56:
                    a2:fd:dc:96:39:14:42:dd:10:83:45:56:93:75:da:
                    fc:94:ab:2b:d9:d9:a2:9f:ad:74:de:09:03:87:02:
                    25:e0:60:a3:2b:62:fe:a2:2b:e5:a0:81:f4:e4:fb:
                    03:ea:ff:1e:55:73:f2:a0:56:57:bc:85:f2:b5:2b:
                    2d:60:1d:19:9d:24:71:d0:bc:5b:f7:c2:74:91:6f:
                    23:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C4:FC:BD:81:36:3C:8B:85:F8:95:07:00:21:91:4A:4B:49:E6:42
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/48T8vYE2PIuF-JUHACGRSktJ5kI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:79:25:01:b3:87:fa:d6:11:c1:4b:a1:83:bb:2b:a8:66:38:
         16:c1:18:04:db:1f:00:79:99:86:68:a4:bc:a0:d7:2e:15:6c:
         9c:dd:30:35:32:69:a4:56:b4:77:00:ba:fe:b8:ae:67:a3:03:
         99:9b:92:89:53:97:57:f1:17:36:24:90:29:81:ff:de:c4:0d:
         3c:62:e8:ff:89:1b:f9:b5:bd:42:b5:de:1c:c4:05:7f:82:65:
         de:d4:d6:ca:db:a3:e1:64:d7:56:d5:6a:58:f2:2b:26:fa:3a:
         18:9b:fa:0b:27:d8:aa:a9:7e:eb:e7:59:18:0f:60:a6:ae:d3:
         bd:64:85:5a:97:25:8a:9d:0c:31:cc:03:d4:83:be:38:9e:7d:
         7c:f6:16:9c:a5:5b:2a:68:86:39:dc:bb:5e:96:be:78:ff:a9:
         11:3b:14:35:6c:79:88:c8:89:f0:37:4c:e9:00:c2:86:1a:66:
         8a:98:ba:83:3e:5f:51:cc:09:04:54:bf:fd:0c:8f:9d:91:5f:
         3e:19:75:50:c2:59:ce:46:52:54:48:ca:bd:23:36:c5:59:68:
         3f:77:5a:cd:6b:33:b0:50:18:4d:8b:50:d8:d2:0b:9a:be:28:
         89:e7:eb:85:0f:b6:b3:f7:ce:71:64:04:22:bd:99:d4:28:7b:
         f2:1c:32:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1N9pwjFDtUQzJq6xw7DQYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDAyMTEzMTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2M0ZmNiZDgxMzYzYzhiODVmODk1MDcwMDIxOTE0YTRiNDllNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdgiJgF9BJ4kI209Fn/aS9e/T8bo
LcwFh6WzQDFhTyhmNXNCQKNoVTXA/lLloKTrpfbuK4kZe8OTyv7xqTjB+XTcE600
pl0Gdf8ahh9YcfmiU4iwIb8820wxWFP4zgpmaotSHDXM/r6WZCYcgU7MpJbUY/VX
45KEdsQUaBwWNH2CLIWMHVNeHJLqvNCQ67kWwY2B2ChRmhy6K323lG+rU7iqwjAe
DnlYMqGed2LrNfuxDlai/dyWORRC3RCDRVaTddr8lKsr2dmin6103gkDhwIl4GCj
K2L+oivloIH05PsD6v8eVXPyoFZXvIXytSstYB0ZnSRx0Lxb98J0kW8jdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPE/L2BNjyLhfiVBwAhkUpLSeZCMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvNDhUOHZZRTJQSXVGLUpVSEFDR1JTa3RKNWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU5PyMA0G
CSqGSIb3DQEBCwUAA4IBAQBCeSUBs4f61hHBS6GDuyuoZjgWwRgE2x8AeZmGaKS8
oNcuFWyc3TA1MmmkVrR3ALr+uK5nowOZm5KJU5dX8Rc2JJApgf/exA08Yuj/iRv5
tb1Ctd4cxAV/gmXe1NbK26PhZNdW1WpY8ism+joYm/oLJ9iqqX7r51kYD2CmrtO9
ZIValyWKnQwxzAPUg744nn189hacpVsqaIY53Ltelr54/6kROxQ1bHmIyInwN0zp
AMKGGmaKmLqDPl9RzAkEVL/9DI+dkV8+GXVQwlnORlJUSMq9IzbFWWg/d1rNazOw
UBhNi1DY0guaviiJ5+uFD7az985xZAQivZnUKHvyHDLG
-----END CERTIFICATE-----