Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/vRpn5QOd-d0RVG2bwdPVjMC_Eq0.roa
File:                     vRpn5QOd-d0RVG2bwdPVjMC_Eq0.roa (raw, json)
Hash identifier:          Jk/e9Y8CnxRj/DTYYCH6euq93lPLWUg+CGFDbw48V3A=
Subject key identifier:   BD:1A:67:E5:03:9D:F9:DD:11:54:6D:9B:C1:D3:D5:8C:C0:BF:12:AD
Certificate issuer:       /CN=7373c1ff55403d4792346493f769f8d033bef02c
Certificate serial:       019D8C5E3FB637A5A5D99F87A63EE7AF4C3F
Authority key identifier: 73:73:C1:FF:55:40:3D:47:92:34:64:93:F7:69:F8:D0:33:BE:F0:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3PB_1VAPUeSNGST92n40DO-8Cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/vRpn5QOd-d0RVG2bwdPVjMC_Eq0.roa
Signing time:             Tue 14 Apr 2026 14:21:20 +0000
ROA not before:           Tue 14 Apr 2026 14:21:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9002
IP address blocks:        213.108.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/c3PB_1VAPUeSNGST92n40DO-8Cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/c3PB_1VAPUeSNGST92n40DO-8Cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3PB_1VAPUeSNGST92n40DO-8Cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8c:5e:3f:b6:37:a5:a5:d9:9f:87:a6:3e:e7:af:4c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7373c1ff55403d4792346493f769f8d033bef02c
        Validity
            Not Before: Apr 14 14:21:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd1a67e5039df9dd11546d9bc1d3d58cc0bf12ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4e:f9:10:3f:fe:86:a9:32:15:b7:93:c2:97:
                    41:85:ae:fc:0e:16:72:f3:f1:48:1f:3f:fc:74:d2:
                    01:9f:3d:0e:14:aa:4b:a3:19:1a:3c:40:b0:e3:70:
                    e5:63:bb:4d:41:f9:00:da:45:23:c3:3b:7b:57:10:
                    bd:82:28:29:98:87:fd:36:12:23:53:0d:7d:79:bb:
                    8f:da:73:4a:6b:93:ac:71:ae:2a:96:f4:ea:04:86:
                    8c:01:fd:74:f5:45:f7:32:3d:f0:5b:3f:ea:62:8a:
                    d9:f3:be:70:a1:cc:1b:a5:94:2a:f1:0d:d0:53:40:
                    19:56:94:23:a6:72:fa:f2:9f:85:88:cc:a6:4d:35:
                    18:7e:ae:54:d1:3a:a3:08:d2:ec:f0:e1:01:84:e6:
                    89:78:64:ee:a8:9c:28:9e:24:50:50:55:7c:93:c5:
                    02:bc:8a:e7:e7:c0:79:e8:e6:0b:aa:f7:9c:d7:f5:
                    2e:b3:d7:4a:19:a9:c2:db:16:0f:a8:21:13:3a:a8:
                    f8:01:4c:1d:e4:df:25:bb:e1:2c:04:a0:79:e7:96:
                    3e:0f:8b:f9:cb:7e:56:0f:54:fe:a8:f6:77:c4:f4:
                    8f:1e:e5:dd:33:d3:9b:fa:98:37:dd:6d:74:09:c7:
                    cb:a7:46:48:04:a3:e7:18:83:b8:8c:ff:99:d2:44:
                    da:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:1A:67:E5:03:9D:F9:DD:11:54:6D:9B:C1:D3:D5:8C:C0:BF:12:AD
            X509v3 Authority Key Identifier:
                keyid:73:73:C1:FF:55:40:3D:47:92:34:64:93:F7:69:F8:D0:33:BE:F0:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3PB_1VAPUeSNGST92n40DO-8Cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/vRpn5QOd-d0RVG2bwdPVjMC_Eq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/c3PB_1VAPUeSNGST92n40DO-8Cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:31:6d:f8:82:7f:67:b6:a7:67:4d:cb:f2:ff:16:12:58:cf:
         de:28:c1:d5:4c:af:b1:5f:e8:11:74:40:f5:5a:43:fc:91:de:
         53:91:ef:bf:d1:1d:88:48:b2:1f:47:e2:02:e2:2c:89:3a:ac:
         b1:6e:fa:b5:54:e4:0c:e8:a9:f2:b0:ba:03:40:71:19:5f:cd:
         8e:00:1f:93:09:55:8d:92:44:f8:06:58:aa:e0:00:63:57:b0:
         50:0e:dd:1e:98:f4:a5:6e:c9:95:54:bd:80:75:20:fd:16:f0:
         ca:cc:4e:bd:5b:27:a3:fb:65:68:a6:a4:aa:25:4a:c6:b4:c9:
         d0:38:dc:e4:15:60:41:41:88:ed:d8:bc:45:b6:e6:f8:7c:de:
         70:e1:76:52:d8:2e:9a:c6:d7:9e:a0:24:88:2a:9c:82:c4:80:
         9b:e6:a7:3c:d3:1e:99:21:b9:96:5a:65:ac:02:f9:80:dc:93:
         27:db:c0:3e:41:fa:2b:f0:c0:f9:58:2f:9d:6c:ea:96:3b:ac:
         e9:a5:6d:38:71:64:a0:ba:14:e9:54:47:c1:62:01:c9:2d:f1:
         9e:24:3b:6e:75:be:68:c1:f8:93:fb:74:f9:cf:93:6c:4b:19:
         44:15:1d:3e:34:53:c5:cc:f8:cc:6f:bc:67:c7:50:2f:bf:84:
         e4:7b:ce:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2MXj+2N6Wl2Z+Hpj7nr0w/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNzNjMWZmNTU0MDNkNDc5MjM0NjQ5M2Y3NjlmOGQwMzNi
ZWYwMmMwHhcNMjYwNDE0MTQyMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDFhNjdlNTAzOWRmOWRkMTE1NDZkOWJjMWQzZDU4Y2MwYmYxMmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzk75ED/+hqkyFbeTwpdBha78DhZy
8/FIHz/8dNIBnz0OFKpLoxkaPECw43DlY7tNQfkA2kUjwzt7VxC9gigpmIf9NhIj
Uw19ebuP2nNKa5Osca4qlvTqBIaMAf109UX3Mj3wWz/qYorZ875wocwbpZQq8Q3Q
U0AZVpQjpnL68p+FiMymTTUYfq5U0TqjCNLs8OEBhOaJeGTuqJwoniRQUFV8k8UC
vIrn58B56OYLqvec1/Uus9dKGanC2xYPqCETOqj4AUwd5N8lu+EsBKB555Y+D4v5
y35WD1T+qPZ3xPSPHuXdM9Ob+pg33W10CcfLp0ZIBKPnGIO4jP+Z0kTaVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0aZ+UDnfndEVRtm8HT1YzAvxKtMB8GA1UdIwQY
MBaAFHNzwf9VQD1HkjRkk/dp+NAzvvAsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzNQQl8xVkFQVWVTTkdTVDkybjQwRE8tOEN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8xYWZmMTAtZGQyOS00MzlmLThkMjMt
YmM5YTVmNjYwNWZjLzEvdlJwbjVRT2QtZDBSVkcyYndkUFZqTUNfRXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8xYWZmMTAtZGQyOS00MzlmLThkMjMtYmM5YTVmNjYwNWZj
LzEvYzNQQl8xVkFQVWVTTkdTVDkybjQwRE8tOEN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Wz1MA0G
CSqGSIb3DQEBCwUAA4IBAQB7MW34gn9ntqdnTcvy/xYSWM/eKMHVTK+xX+gRdED1
WkP8kd5Tke+/0R2ISLIfR+IC4iyJOqyxbvq1VOQM6KnysLoDQHEZX82OAB+TCVWN
kkT4Bliq4ABjV7BQDt0emPSlbsmVVL2AdSD9FvDKzE69Wyej+2VopqSqJUrGtMnQ
ONzkFWBBQYjt2LxFtub4fN5w4XZS2C6axteeoCSIKpyCxICb5qc80x6ZIbmWWmWs
AvmA3JMn28A+Qfor8MD5WC+dbOqWO6zppW04cWSguhTpVEfBYgHJLfGeJDtudb5o
wfiT+3T5z5NsSxlEFR0+NFPFzPjMb7xnx1Avv4Tke86t
-----END CERTIFICATE-----