Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/Rs3qfiABD3n8ihJ67rDti-3W-14.roa
File:                     Rs3qfiABD3n8ihJ67rDti-3W-14.roa (raw, json)
Hash identifier:          Kb+AzNchIHT91wb4l0H59a2hCeSEYzJjC/H5txcOb2g=
Subject key identifier:   46:CD:EA:7E:20:01:0F:79:FC:8A:12:7A:EE:B0:ED:8B:ED:D6:FB:5E
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019D97A1407F5A43BA32F8604C37A8EBDCB0
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/Rs3qfiABD3n8ihJ67rDti-3W-14.roa
Signing time:             Thu 16 Apr 2026 18:50:20 +0000
ROA not before:           Thu 16 Apr 2026 18:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        83.147.217.0/24 maxlen: 24
                          91.186.210.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:97:a1:40:7f:5a:43:ba:32:f8:60:4c:37:a8:eb:dc:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr 16 18:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46cdea7e20010f79fc8a127aeeb0ed8bedd6fb5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5f:04:03:4c:07:2e:e5:7e:01:4c:24:33:77:
                    e5:8b:72:55:c1:35:f0:94:7a:63:5c:9b:1e:35:69:
                    47:2b:4b:3a:96:29:20:93:d9:da:76:d6:d1:a4:59:
                    5b:08:5e:ce:d6:4e:83:1a:07:93:3d:7e:a6:6b:6f:
                    79:b0:da:85:a1:23:b1:5f:46:64:1a:ad:50:ed:ba:
                    26:81:f1:dc:eb:34:ac:24:a1:de:0b:a8:0c:81:44:
                    0a:c6:3c:3f:53:51:27:76:fb:fc:78:67:9a:aa:1a:
                    e4:cb:86:1f:97:72:1d:8d:7a:a3:3a:fd:94:84:09:
                    6b:50:c7:3b:7b:7c:9c:f4:3f:f1:2d:40:ba:aa:61:
                    d9:54:06:f3:a4:93:c5:86:ba:9a:d0:8c:c8:d5:26:
                    c7:c2:0a:9f:66:0b:49:1e:9d:dd:99:e3:1c:37:ac:
                    28:fa:94:cc:62:31:ed:ce:bd:e3:ae:03:03:73:85:
                    7e:89:e3:b9:68:fa:4f:bd:aa:f5:03:b4:5b:66:00:
                    07:f1:04:15:af:57:99:a3:b2:75:5e:5a:1f:41:ce:
                    ba:0d:48:40:5b:27:93:ac:0a:ef:28:31:ed:8b:9a:
                    0f:ad:68:f3:54:d9:a2:17:fb:8c:0a:da:07:9a:99:
                    c7:6e:ae:54:d1:bc:36:6b:86:ae:81:cb:fa:4d:09:
                    b8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:CD:EA:7E:20:01:0F:79:FC:8A:12:7A:EE:B0:ED:8B:ED:D6:FB:5E
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/Rs3qfiABD3n8ihJ67rDti-3W-14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.217.0/24
                  91.186.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:50:bb:dd:57:a0:b6:13:91:03:71:39:ac:53:61:6e:3f:80:
         8c:a8:07:84:10:fb:0f:df:ed:6f:ba:60:ce:58:67:1a:3b:47:
         53:44:10:13:9d:88:36:2a:1d:74:04:42:db:69:7a:73:24:a0:
         aa:d0:64:b9:ee:1f:5a:00:7e:63:1a:69:bf:21:48:b6:bf:94:
         0e:ab:80:a7:4d:31:30:1f:55:8d:3c:16:5f:1b:b7:c9:ff:14:
         6f:5c:46:2b:06:73:be:93:fd:6a:86:d6:68:28:c9:2e:1c:2a:
         e0:1c:c7:de:d7:3b:35:88:1a:89:c1:4b:42:a0:f6:f2:da:a4:
         dc:1d:5c:1b:ec:7f:91:1d:85:36:43:09:13:80:4d:e7:cf:bd:
         18:a6:0a:83:24:8f:15:13:a0:57:b1:fc:21:3e:81:04:a5:db:
         b4:38:f7:59:45:dd:e3:35:b8:af:20:bb:a0:94:ed:48:e1:f5:
         bc:d3:19:7a:91:3a:d5:f0:e2:e8:88:7f:e3:13:fa:95:90:80:
         e2:db:14:d5:d3:f1:6e:d8:c7:3c:cd:75:a9:9b:62:91:b8:10:
         a8:33:b2:08:79:e3:8a:67:c0:16:05:e5:b4:a5:af:9b:ac:78:
         68:24:1a:2c:93:8f:b4:cd:27:c8:cf:45:9a:79:76:3e:fa:e7:
         ec:93:f5:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2XoUB/WkO6MvhgTDeo69ywMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDE2MTg1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmNkZWE3ZTIwMDEwZjc5ZmM4YTEyN2FlZWIwZWQ4YmVkZDZmYjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw18EA0wHLuV+AUwkM3fli3JVwTXw
lHpjXJseNWlHK0s6likgk9nadtbRpFlbCF7O1k6DGgeTPX6ma295sNqFoSOxX0Zk
Gq1Q7bomgfHc6zSsJKHeC6gMgUQKxjw/U1Endvv8eGeaqhrky4Yfl3IdjXqjOv2U
hAlrUMc7e3yc9D/xLUC6qmHZVAbzpJPFhrqa0IzI1SbHwgqfZgtJHp3dmeMcN6wo
+pTMYjHtzr3jrgMDc4V+ieO5aPpPvar1A7RbZgAH8QQVr1eZo7J1XlofQc66DUhA
WyeTrArvKDHti5oPrWjzVNmiF/uMCtoHmpnHbq5U0bw2a4augcv6TQm4qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEbN6n4gAQ95/IoSeu6w7Yvt1vteMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvUnMzcWZpQUJEM244aWhKNjdyRHRpLTNXLTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU5PZAwQB
W7rSMA0GCSqGSIb3DQEBCwUAA4IBAQCrULvdV6C2E5EDcTmsU2FuP4CMqAeEEPsP
3+1vumDOWGcaO0dTRBATnYg2Kh10BELbaXpzJKCq0GS57h9aAH5jGmm/IUi2v5QO
q4CnTTEwH1WNPBZfG7fJ/xRvXEYrBnO+k/1qhtZoKMkuHCrgHMfe1zs1iBqJwUtC
oPby2qTcHVwb7H+RHYU2QwkTgE3nz70YpgqDJI8VE6BXsfwhPoEEpdu0OPdZRd3j
NbivILuglO1I4fW80xl6kTrV8OLoiH/jE/qVkIDi2xTV0/Fu2Mc8zXWpm2KRuBCo
M7IIeeOKZ8AWBeW0pa+brHhoJBosk4+0zSfIz0WaeXY++ufsk/Vt
-----END CERTIFICATE-----