Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/Mkh5aQjh3GPs5zV6ewUEffwhz6Y.roa
File:                     Mkh5aQjh3GPs5zV6ewUEffwhz6Y.roa (raw, json)
Hash identifier:          ZhgNbadvWzbwSGWjxYadekjwT/j2dOnk9v/v77ZXLC8=
Subject key identifier:   32:48:79:69:08:E1:DC:63:EC:E7:35:7A:7B:05:04:7D:FC:21:CF:A6
Certificate issuer:       /CN=8cd802512ccb745b2a1b8f315714ebe39395403e
Certificate serial:       019EBA7B1F3077AD0A3C8CE333A6AA515E62
Authority key identifier: 8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/Mkh5aQjh3GPs5zV6ewUEffwhz6Y.roa
Signing time:             Fri 12 Jun 2026 06:18:11 +0000
ROA not before:           Fri 12 Jun 2026 06:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135754
IP address blocks:        195.238.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:7b:1f:30:77:ad:0a:3c:8c:e3:33:a6:aa:51:5e:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd802512ccb745b2a1b8f315714ebe39395403e
        Validity
            Not Before: Jun 12 06:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3248796908e1dc63ece7357a7b05047dfc21cfa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:2d:fe:3d:7c:cc:f3:af:49:d2:90:95:3d:0a:
                    a9:9c:f1:18:a4:ee:fd:76:4b:6d:97:b2:1a:33:91:
                    97:f2:ef:d0:1c:31:6a:fb:01:18:df:55:81:fc:10:
                    5e:e5:ee:0a:6f:b0:2c:6f:43:2e:7c:77:2f:4a:52:
                    9a:fd:44:04:1a:49:f4:d3:40:f8:8f:68:9a:f5:c7:
                    fc:62:e0:81:c4:10:58:75:b8:d9:89:0e:ea:24:8d:
                    ba:dd:3e:af:a4:5a:a3:8d:02:40:fe:5f:43:89:35:
                    38:79:80:b7:82:40:39:8a:5e:bc:c9:a9:a7:f6:07:
                    ba:72:d7:62:de:7b:c2:3c:ad:95:31:a3:ed:62:5c:
                    3b:4a:18:c5:bb:93:9f:42:b4:b4:26:64:75:66:6a:
                    c1:90:01:2b:e2:3e:57:49:11:2f:c2:0e:e2:b4:ee:
                    ac:82:5e:69:62:a8:9c:2e:3e:9f:04:e6:65:98:ff:
                    c3:9f:16:6a:6f:81:84:49:5c:e6:77:6d:73:e3:af:
                    56:37:00:66:c3:1a:15:bd:13:2d:e8:13:a7:83:7c:
                    92:f4:7f:83:74:d1:99:10:4d:14:23:4f:d4:af:02:
                    96:92:7b:33:4f:1c:c5:e5:2e:01:31:f2:6c:eb:f2:
                    8d:74:8c:4f:7d:65:7c:69:de:81:bc:6c:54:d3:3e:
                    0c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:48:79:69:08:E1:DC:63:EC:E7:35:7A:7B:05:04:7D:FC:21:CF:A6
            X509v3 Authority Key Identifier:
                keyid:8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/Mkh5aQjh3GPs5zV6ewUEffwhz6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:9c:39:55:e6:39:94:1f:e2:3c:91:49:63:98:aa:2f:33:9e:
         68:87:37:6b:1b:ca:94:26:e1:52:df:6b:b7:01:c7:18:bb:91:
         68:a2:95:ef:e8:f6:61:f9:2d:c1:2b:db:d6:e4:dc:c4:de:91:
         3d:ee:13:2e:be:d6:9a:c0:d7:84:f4:2e:ce:c3:1e:c7:31:e5:
         72:64:80:e9:7e:fa:73:9c:84:5c:2a:33:00:70:84:1c:c7:63:
         21:cf:1a:c4:6e:81:3f:e6:1a:6f:49:03:1c:d7:0f:fc:19:1c:
         e9:48:18:23:1b:a5:a4:93:7c:c9:9b:4c:dc:f2:3c:54:80:49:
         11:65:6c:2c:04:72:03:79:79:c9:75:e9:05:f1:c7:02:4b:8d:
         5e:20:e0:a6:d4:6e:02:f3:f6:8d:b3:ea:13:43:cb:c1:b0:c1:
         7d:cc:81:4f:e4:ee:33:68:5b:a4:04:24:e9:b3:1c:55:a8:e6:
         87:fc:70:c0:03:19:01:c0:cf:ce:01:62:78:dd:f9:0b:8b:ee:
         fe:00:85:1d:c5:53:d6:d3:b3:c8:9a:9e:26:a9:8a:91:3f:56:
         19:6f:eb:a6:af:48:4d:30:04:e8:02:3e:0c:59:43:63:f5:a2:
         32:f3:70:26:2d:18:02:75:11:47:51:ff:c8:17:eb:2f:af:f4:
         32:c5:e8:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ66ex8wd60KPIzjM6aqUV5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDgwMjUxMmNjYjc0NWIyYTFiOGYzMTU3MTRlYmUzOTM5
NTQwM2UwHhcNMjYwNjEyMDYxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQ4Nzk2OTA4ZTFkYzYzZWNlNzM1N2E3YjA1MDQ3ZGZjMjFjZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhS3+PXzM869J0pCVPQqpnPEYpO79
dkttl7IaM5GX8u/QHDFq+wEY31WB/BBe5e4Kb7Asb0MufHcvSlKa/UQEGkn000D4
j2ia9cf8YuCBxBBYdbjZiQ7qJI263T6vpFqjjQJA/l9DiTU4eYC3gkA5il68yamn
9ge6ctdi3nvCPK2VMaPtYlw7ShjFu5OfQrS0JmR1ZmrBkAEr4j5XSREvwg7itO6s
gl5pYqicLj6fBOZlmP/DnxZqb4GESVzmd21z469WNwBmwxoVvRMt6BOng3yS9H+D
dNGZEE0UI0/UrwKWknszTxzF5S4BMfJs6/KNdIxPfWV8ad6BvGxU0z4MfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJIeWkI4dxj7Oc1ensFBH38Ic+mMB8GA1UdIwQY
MBaAFIzYAlEsy3RbKhuPMVcU6+OTlUA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmIt
MzhlMDY4NTM2ZTZiLzEvTWtoNWFRamgzR1BzNXpWNmV3VUVmZndoejZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmItMzhlMDY4NTM2ZTZi
LzEvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+5hMA0G
CSqGSIb3DQEBCwUAA4IBAQBinDlV5jmUH+I8kUljmKovM55ohzdrG8qUJuFS32u3
AccYu5FoopXv6PZh+S3BK9vW5NzE3pE97hMuvtaawNeE9C7Owx7HMeVyZIDpfvpz
nIRcKjMAcIQcx2MhzxrEboE/5hpvSQMc1w/8GRzpSBgjG6Wkk3zJm0zc8jxUgEkR
ZWwsBHIDeXnJdekF8ccCS41eIOCm1G4C8/aNs+oTQ8vBsMF9zIFP5O4zaFukBCTp
sxxVqOaH/HDAAxkBwM/OAWJ43fkLi+7+AIUdxVPW07PImp4mqYqRP1YZb+umr0hN
MAToAj4MWUNj9aIy83AmLRgCdRFHUf/IF+svr/QyxehP
-----END CERTIFICATE-----