Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/DUFOdI0MJLd16wevd6DgPdxwIzU.roa
File:                     DUFOdI0MJLd16wevd6DgPdxwIzU.roa (raw, json)
Hash identifier:          nXtSWS+urCvGLUbnwlJ8n4pMdDI/4+YgmNdoFlD/saY=
Subject key identifier:   0D:41:4E:74:8D:0C:24:B7:75:EB:07:AF:77:A0:E0:3D:DC:70:23:35
Certificate issuer:       /CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
Certificate serial:       019D74A764C9168D96D1DC39520FEED59AA7
Authority key identifier: E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/DUFOdI0MJLd16wevd6DgPdxwIzU.roa
Signing time:             Thu 09 Apr 2026 23:50:20 +0000
ROA not before:           Thu 09 Apr 2026 23:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        185.237.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:74:a7:64:c9:16:8d:96:d1:dc:39:52:0f:ee:d5:9a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
        Validity
            Not Before: Apr  9 23:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d414e748d0c24b775eb07af77a0e03ddc702335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d2:27:56:30:3c:36:0f:ae:af:2c:e5:04:75:
                    36:93:e7:71:1d:1a:3d:aa:50:a2:81:64:7e:c4:04:
                    be:50:5c:dd:94:80:0f:b0:ce:6e:f1:ed:d5:dd:e3:
                    11:ac:1a:04:9d:19:79:bc:0f:e1:49:25:c8:f1:a8:
                    6c:4b:39:4b:8f:2a:92:45:1e:43:d1:8f:76:87:bb:
                    df:ef:74:f2:02:b8:c1:ba:5e:eb:93:ab:65:0b:88:
                    a5:21:9b:7c:db:20:b8:ba:a0:40:a7:d6:76:2c:b3:
                    53:44:c5:5c:29:2a:84:f0:a1:93:7c:9e:eb:32:f5:
                    6c:e0:63:b8:c4:17:87:6b:c0:db:20:09:b2:56:09:
                    5f:1f:d6:8b:3c:9f:e3:6b:fa:08:c7:3e:2b:d1:48:
                    e1:7a:2d:85:bf:54:ec:0a:01:e1:91:81:16:3b:96:
                    77:aa:58:ff:a7:8b:a8:59:fa:d5:6d:f5:69:d9:e5:
                    77:3e:b4:54:7a:4b:30:a5:8f:fc:ad:92:2c:92:ac:
                    43:c2:b2:00:3b:49:e7:72:ba:bc:3b:3f:0d:f5:84:
                    18:05:43:de:20:3d:0f:39:5a:d9:cc:36:31:a3:97:
                    b7:e7:2f:63:b2:bc:1b:28:14:44:db:ce:3e:a2:3e:
                    26:5c:f0:de:cd:ef:2f:90:ae:c2:65:1f:31:5e:5e:
                    93:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:41:4E:74:8D:0C:24:B7:75:EB:07:AF:77:A0:E0:3D:DC:70:23:35
            X509v3 Authority Key Identifier:
                keyid:E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/DUFOdI0MJLd16wevd6DgPdxwIzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:be:5e:ae:5a:f5:ea:b3:15:6a:4d:dd:11:44:53:d5:58:07:
         e9:e9:e4:8c:83:24:5c:f8:8e:2d:27:12:fb:4c:f2:a9:81:5d:
         ca:c5:59:8d:bc:96:ec:90:0c:dd:cd:9f:94:3c:a8:e9:9a:37:
         35:11:75:7c:72:5f:57:1b:da:03:63:62:00:83:f8:1a:b0:6a:
         0f:3b:19:93:dc:fe:9b:d0:1b:b1:b8:65:2d:6b:bb:8f:d0:49:
         c0:ea:75:46:4e:0d:dd:cc:a1:23:c9:4f:8b:00:3e:7a:c4:b4:
         70:84:3c:ab:7d:32:54:ad:bb:4b:f3:74:4c:10:64:1a:12:2b:
         e7:ef:c8:e6:ab:bf:ae:89:ce:ab:79:f7:1f:c4:46:cd:27:cc:
         b2:a2:dd:cd:43:da:57:5c:02:90:c4:ee:0a:fa:87:a9:28:ac:
         bd:df:d6:77:e2:18:6c:1f:5c:0d:6e:32:bf:6b:18:d4:63:eb:
         01:ae:d3:c7:41:d0:8a:54:3f:3b:da:65:74:93:c3:04:08:31:
         91:72:8d:17:00:11:a1:7e:84:d3:d0:a2:bd:c5:63:e1:89:ac:
         b9:a6:c9:8d:db:25:4a:75:6e:a4:3d:39:44:11:d1:5f:92:4e:
         e2:4f:6b:24:17:b5:1b:f4:d0:31:71:40:90:3d:be:7b:aa:c7:
         a2:ed:87:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ10p2TJFo2W0dw5Ug/u1ZqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODU2YzMwODJhYjJmYzhkZDFiMzU5YTdiMzk5MTM2ODUz
OGI0ZDAwHhcNMjYwNDA5MjM1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQxNGU3NDhkMGMyNGI3NzVlYjA3YWY3N2EwZTAzZGRjNzAyMzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtInVjA8Ng+uryzlBHU2k+dxHRo9
qlCigWR+xAS+UFzdlIAPsM5u8e3V3eMRrBoEnRl5vA/hSSXI8ahsSzlLjyqSRR5D
0Y92h7vf73TyArjBul7rk6tlC4ilIZt82yC4uqBAp9Z2LLNTRMVcKSqE8KGTfJ7r
MvVs4GO4xBeHa8DbIAmyVglfH9aLPJ/ja/oIxz4r0Ujhei2Fv1TsCgHhkYEWO5Z3
qlj/p4uoWfrVbfVp2eV3PrRUekswpY/8rZIskqxDwrIAO0nncrq8Oz8N9YQYBUPe
ID0POVrZzDYxo5e35y9jsrwbKBRE284+oj4mXPDeze8vkK7CZR8xXl6TbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1BTnSNDCS3desHr3eg4D3ccCM1MB8GA1UdIwQY
MBaAFOGFbDCCqy/I3Rs1mns5kTaFOLTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmIt
OGVhYTZiZjQwMzU3LzEvRFVGT2RJME1KTGQxNndldmQ2RGdQZHh3SXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmItOGVhYTZiZjQwMzU3
LzEvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue1fMA0G
CSqGSIb3DQEBCwUAA4IBAQAqvl6uWvXqsxVqTd0RRFPVWAfp6eSMgyRc+I4tJxL7
TPKpgV3KxVmNvJbskAzdzZ+UPKjpmjc1EXV8cl9XG9oDY2IAg/gasGoPOxmT3P6b
0BuxuGUta7uP0EnA6nVGTg3dzKEjyU+LAD56xLRwhDyrfTJUrbtL83RMEGQaEivn
78jmq7+uic6refcfxEbNJ8yyot3NQ9pXXAKQxO4K+oepKKy939Z34hhsH1wNbjK/
axjUY+sBrtPHQdCKVD872mV0k8MECDGRco0XABGhfoTT0KK9xWPhiay5psmN2yVK
dW6kPTlEEdFfkk7iT2skF7Ub9NAxcUCQPb57qsei7Ye6
-----END CERTIFICATE-----