Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/LV0V0NNyPxtE4vETFcvY45gcr6s.roa
File:                     LV0V0NNyPxtE4vETFcvY45gcr6s.roa (raw, json)
Hash identifier:          5VTc45UaaPFNqhaYRkLyvLy0Lfj/i1VTU/bhpzsFgYw=
Subject key identifier:   2D:5D:15:D0:D3:72:3F:1B:44:E2:F1:13:15:CB:D8:E3:98:1C:AF:AB
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019D8C9C812C19C97046B8CAE25952733DAA
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/LV0V0NNyPxtE4vETFcvY45gcr6s.roa
Signing time:             Tue 14 Apr 2026 15:29:20 +0000
ROA not before:           Tue 14 Apr 2026 15:29:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209104
IP address blocks:        91.186.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8c:9c:81:2c:19:c9:70:46:b8:ca:e2:59:52:73:3d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr 14 15:29:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d5d15d0d3723f1b44e2f11315cbd8e3981cafab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e0:b7:53:0e:eb:4e:1c:b1:a5:f4:90:23:60:
                    38:e5:ab:dd:1e:94:f8:74:ed:91:43:1b:e3:e2:ad:
                    f6:4d:a4:8f:bb:73:62:9d:fd:ca:06:58:45:1f:c3:
                    64:7b:da:5a:48:9b:c4:21:dc:89:08:46:62:22:e7:
                    8c:d4:7f:b1:d0:15:8b:dd:fd:ff:65:68:33:63:03:
                    67:85:6e:59:03:f8:f8:f6:da:28:03:5d:ae:49:97:
                    9b:2d:85:56:93:a5:5e:20:55:cb:5e:de:5a:27:d7:
                    fc:7e:0c:69:88:42:66:50:ce:50:d1:74:43:c0:67:
                    a1:ec:c6:3f:fc:ed:49:fb:95:ab:dc:c2:fd:94:11:
                    7e:5b:a2:67:bc:5f:63:5b:91:a3:0d:d6:2d:dc:a8:
                    ee:15:78:b2:85:9f:b4:f9:b6:01:2d:85:1b:90:de:
                    8c:bd:c6:80:e7:b3:89:74:34:88:6d:77:1a:9f:72:
                    a9:43:f0:d8:1c:82:e4:fc:3d:9a:e9:8d:64:8c:9f:
                    6f:b8:ba:d1:02:cf:32:e7:a5:f1:71:02:0a:27:09:
                    4b:58:2b:da:11:45:0b:8c:ec:ce:ec:25:6e:7b:74:
                    a3:cd:5d:22:d4:16:da:c6:4d:f1:75:7c:97:38:ac:
                    31:75:6c:f0:1a:af:16:d0:4c:13:cf:a7:40:bc:5e:
                    d3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:5D:15:D0:D3:72:3F:1B:44:E2:F1:13:15:CB:D8:E3:98:1C:AF:AB
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/LV0V0NNyPxtE4vETFcvY45gcr6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:b9:2e:fa:32:1c:99:c5:2c:ee:7f:42:50:59:46:10:78:e3:
         4c:58:93:0a:51:4f:80:ca:ff:e9:f9:8a:c1:6c:79:f4:e1:fa:
         55:26:b7:71:d4:25:30:59:a5:cc:d4:40:16:3e:8b:8a:09:bd:
         f7:0d:f1:84:4f:a5:ec:26:a3:d9:2e:1f:3d:09:35:eb:71:73:
         82:f5:ab:25:61:5e:b1:23:d1:06:8c:80:13:e6:c0:8f:f7:c6:
         86:89:5d:d5:b3:1a:95:a3:3a:02:b1:0b:42:73:0b:0c:ac:14:
         fa:9b:2c:c3:ac:c2:bd:b2:45:43:61:52:ae:02:58:d1:b2:f3:
         84:bd:aa:ab:98:e4:55:02:85:12:f1:a8:f9:9f:d0:e6:76:59:
         dd:68:2d:17:9c:ee:0f:d7:20:27:e4:a3:eb:68:33:7f:b9:6f:
         fb:c4:03:51:88:d2:32:c8:c5:50:c6:35:97:20:dc:5d:23:58:
         16:8c:e0:52:49:11:ab:e5:aa:50:4f:13:11:64:c4:b4:46:79:
         ae:e1:54:51:cc:04:c7:69:a9:79:d7:65:7e:aa:a8:9d:76:5b:
         5e:83:be:40:f7:8d:e7:79:6d:dc:c5:5a:2f:01:68:b8:82:90:
         bb:c5:5f:02:1f:5e:14:21:c4:ea:5d:68:41:b1:89:0d:b5:a3:
         e8:6a:58:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2MnIEsGclwRrjK4llScz2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDE0MTUyOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDVkMTVkMGQzNzIzZjFiNDRlMmYxMTMxNWNiZDhlMzk4MWNhZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eC3Uw7rThyxpfSQI2A45avdHpT4
dO2RQxvj4q32TaSPu3Ninf3KBlhFH8Nke9paSJvEIdyJCEZiIueM1H+x0BWL3f3/
ZWgzYwNnhW5ZA/j49tooA12uSZebLYVWk6VeIFXLXt5aJ9f8fgxpiEJmUM5Q0XRD
wGeh7MY//O1J+5Wr3ML9lBF+W6JnvF9jW5GjDdYt3KjuFXiyhZ+0+bYBLYUbkN6M
vcaA57OJdDSIbXcan3KpQ/DYHILk/D2a6Y1kjJ9vuLrRAs8y56XxcQIKJwlLWCva
EUULjOzO7CVue3SjzV0i1Bbaxk3xdXyXOKwxdWzwGq8W0EwTz6dAvF7TbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1dFdDTcj8bROLxExXL2OOYHK+rMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvTFYwVjBOTnlQeHRFNHZFVEZjdlk0NWdjcjZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7rCMA0G
CSqGSIb3DQEBCwUAA4IBAQCmuS76MhyZxSzuf0JQWUYQeONMWJMKUU+Ayv/p+YrB
bHn04fpVJrdx1CUwWaXM1EAWPouKCb33DfGET6XsJqPZLh89CTXrcXOC9aslYV6x
I9EGjIAT5sCP98aGiV3VsxqVozoCsQtCcwsMrBT6myzDrMK9skVDYVKuAljRsvOE
vaqrmORVAoUS8aj5n9DmdlndaC0XnO4P1yAn5KPraDN/uW/7xANRiNIyyMVQxjWX
INxdI1gWjOBSSRGr5apQTxMRZMS0Rnmu4VRRzATHaal512V+qqiddlteg75A943n
eW3cxVovAWi4gpC7xV8CH14UIcTqXWhBsYkNtaPoalij
-----END CERTIFICATE-----