Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/0k5rm2Iz0BeAvz19lvLpxPfw33A.roa
File:                     0k5rm2Iz0BeAvz19lvLpxPfw33A.roa (raw, json)
Hash identifier:          lXgHVP+amjdt9/+4VCZRPfNYTxajOvoe3XRa3mRnGyk=
Subject key identifier:   D2:4E:6B:9B:62:33:D0:17:80:BF:3D:7D:96:F2:E9:C4:F7:F0:DF:70
Certificate issuer:       /CN=46d94477c8b54d12ec8b3f7b6d9ae78e510b23d8
Certificate serial:       019D92546F81D7AF40F8EA8EA8B61EE3E0D1
Authority key identifier: 46:D9:44:77:C8:B5:4D:12:EC:8B:3F:7B:6D:9A:E7:8E:51:0B:23:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RtlEd8i1TRLsiz97bZrnjlELI9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/0k5rm2Iz0BeAvz19lvLpxPfw33A.roa
Signing time:             Wed 15 Apr 2026 18:08:19 +0000
ROA not before:           Wed 15 Apr 2026 18:08:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.205.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/RtlEd8i1TRLsiz97bZrnjlELI9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/RtlEd8i1TRLsiz97bZrnjlELI9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RtlEd8i1TRLsiz97bZrnjlELI9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 21:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:92:54:6f:81:d7:af:40:f8:ea:8e:a8:b6:1e:e3:e0:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46d94477c8b54d12ec8b3f7b6d9ae78e510b23d8
        Validity
            Not Before: Apr 15 18:08:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d24e6b9b6233d01780bf3d7d96f2e9c4f7f0df70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:69:8c:3e:f0:35:54:6e:b0:3b:dd:49:31:7e:
                    47:6b:71:1c:7d:55:74:9b:a8:4d:39:26:3d:77:6b:
                    a6:c8:6c:d5:6d:32:36:89:df:97:e9:72:22:ae:d6:
                    82:a8:5b:28:44:93:82:c3:37:b1:1a:d3:85:4d:ed:
                    32:a7:04:0a:8d:d8:11:b4:ca:3e:a1:b8:7e:a2:75:
                    8e:b4:88:ba:93:b4:59:21:30:dd:ad:0f:28:31:f7:
                    9c:7d:83:f3:d2:a0:cd:35:ce:db:cb:41:8f:5f:95:
                    b2:9a:d6:70:04:5b:6e:6c:7a:ce:0c:fb:b5:56:92:
                    d2:90:51:88:a3:7e:0c:fc:57:51:ab:ce:cd:92:1d:
                    5e:3e:20:64:b9:3e:4b:dd:c8:b3:4f:c6:df:e7:55:
                    7b:9d:a2:29:bf:e2:ee:84:ca:32:f5:24:31:e5:74:
                    d6:7a:d8:3d:a0:61:2b:2d:37:c4:96:10:6f:5f:89:
                    1f:56:b2:0f:26:d2:e5:6c:76:a1:30:e2:8c:94:99:
                    f1:d3:19:a7:45:a9:b6:5f:26:eb:6e:cb:79:7c:66:
                    41:4c:1d:27:f9:b1:06:47:19:2d:ca:a9:0f:a0:fd:
                    69:af:02:28:5b:68:14:24:c7:53:db:84:f1:0e:c8:
                    36:a0:a0:26:a6:eb:22:c6:71:4a:6b:fb:af:d8:8a:
                    9b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:4E:6B:9B:62:33:D0:17:80:BF:3D:7D:96:F2:E9:C4:F7:F0:DF:70
            X509v3 Authority Key Identifier:
                keyid:46:D9:44:77:C8:B5:4D:12:EC:8B:3F:7B:6D:9A:E7:8E:51:0B:23:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RtlEd8i1TRLsiz97bZrnjlELI9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/0k5rm2Iz0BeAvz19lvLpxPfw33A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54a457-3c48-4e01-90b0-5eb75c2318aa/1/RtlEd8i1TRLsiz97bZrnjlELI9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:7e:6d:38:aa:c5:77:38:cf:67:ff:62:12:b4:7d:05:d7:53:
         6b:5a:ba:98:46:39:45:6d:49:50:b9:c3:b6:b2:9b:ae:80:e0:
         c3:b5:3d:c3:a7:11:95:ea:0a:68:e4:d5:04:3d:35:df:f7:6d:
         8c:bc:7a:f1:aa:f1:9c:25:c2:50:11:8a:64:ac:a2:d1:18:ca:
         f9:c0:4c:5e:08:8d:18:bb:78:f9:02:0b:ac:86:26:65:15:6b:
         16:5e:67:cf:55:c9:e2:49:e1:6f:08:1e:f7:b5:7f:98:eb:2f:
         39:e7:ce:d0:b6:77:68:ac:11:0a:9e:82:dd:4e:68:11:18:77:
         06:8e:38:0a:de:38:e3:13:7b:8f:b5:e4:b3:71:dc:ea:8b:19:
         38:bd:13:0e:f6:74:a1:d0:84:e5:8a:0b:de:d6:1a:bd:83:48:
         64:b8:81:f4:b2:86:42:4f:c0:70:61:13:f2:89:66:67:d2:4d:
         02:92:4f:3d:f9:c0:08:1b:68:cb:77:97:e6:65:7b:ef:0a:38:
         eb:f9:b8:07:c0:5d:0b:2a:cb:dc:38:f0:fc:0d:3a:3e:17:54:
         ea:ed:d0:0f:06:67:f3:2c:50:34:aa:b4:33:f0:41:dd:c2:9a:
         9c:20:7b:cb:87:73:34:c9:24:15:d9:af:12:54:4a:6d:70:33:
         7e:aa:e3:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2SVG+B169A+OqOqLYe4+DRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZDk0NDc3YzhiNTRkMTJlYzhiM2Y3YjZkOWFlNzhlNTEw
YjIzZDgwHhcNMjYwNDE1MTgwODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjRlNmI5YjYyMzNkMDE3ODBiZjNkN2Q5NmYyZTljNGY3ZjBkZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2mMPvA1VG6wO91JMX5Ha3EcfVV0
m6hNOSY9d2umyGzVbTI2id+X6XIirtaCqFsoRJOCwzexGtOFTe0ypwQKjdgRtMo+
obh+onWOtIi6k7RZITDdrQ8oMfecfYPz0qDNNc7by0GPX5WymtZwBFtubHrODPu1
VpLSkFGIo34M/FdRq87Nkh1ePiBkuT5L3cizT8bf51V7naIpv+LuhMoy9SQx5XTW
etg9oGErLTfElhBvX4kfVrIPJtLlbHahMOKMlJnx0xmnRam2Xybrbst5fGZBTB0n
+bEGRxktyqkPoP1prwIoW2gUJMdT24TxDsg2oKAmpusixnFKa/uv2IqbyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJOa5tiM9AXgL89fZby6cT38N9wMB8GA1UdIwQY
MBaAFEbZRHfItU0S7Is/e22a545RCyPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnRsRWQ4aTFUUkxzaXo5N2Jacm5qbEVMSTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81NGE0NTctM2M0OC00ZTAxLTkwYjAt
NWViNzVjMjMxOGFhLzEvMGs1cm0ySXowQmVBdnoxOWx2THB4UGZ3MzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81NGE0NTctM2M0OC00ZTAxLTkwYjAtNWViNzVjMjMxOGFh
LzEvUnRsRWQ4aTFUUkxzaXo5N2Jacm5qbEVMSTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc0jMA0G
CSqGSIb3DQEBCwUAA4IBAQDUfm04qsV3OM9n/2IStH0F11NrWrqYRjlFbUlQucO2
spuugODDtT3DpxGV6gpo5NUEPTXf922MvHrxqvGcJcJQEYpkrKLRGMr5wExeCI0Y
u3j5AgushiZlFWsWXmfPVcniSeFvCB73tX+Y6y85587QtndorBEKnoLdTmgRGHcG
jjgK3jjjE3uPteSzcdzqixk4vRMO9nSh0ITligve1hq9g0hkuIH0soZCT8BwYRPy
iWZn0k0Ckk89+cAIG2jLd5fmZXvvCjjr+bgHwF0LKsvcOPD8DTo+F1Tq7dAPBmfz
LFA0qrQz8EHdwpqcIHvLh3M0ySQV2a8SVEptcDN+quO8
-----END CERTIFICATE-----