Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/D0Omi7eTzuK_0HEfZBlA62fHv-s.roa
File:                     D0Omi7eTzuK_0HEfZBlA62fHv-s.roa (raw, json)
Hash identifier:          0MjChUFTQrOrybRBrDN8jiZf3suuubHFJss7LSX+W2A=
Subject key identifier:   0F:43:A6:8B:B7:93:CE:E2:BF:D0:71:1F:64:19:40:EB:67:C7:BF:EB
Certificate issuer:       /CN=c61333d0e8107886d0305c7bd81bdd35489527ae
Certificate serial:       019C997328E88DCAB4826F52DCE247E950CA
Authority key identifier: C6:13:33:D0:E8:10:78:86:D0:30:5C:7B:D8:1B:DD:35:48:95:27:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhMz0OgQeIbQMFx72BvdNUiVJ64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/D0Omi7eTzuK_0HEfZBlA62fHv-s.roa
Signing time:             Thu 26 Feb 2026 10:16:27 +0000
ROA not before:           Thu 26 Feb 2026 10:16:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2854
IP address blocks:        5.182.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/xhMz0OgQeIbQMFx72BvdNUiVJ64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/xhMz0OgQeIbQMFx72BvdNUiVJ64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhMz0OgQeIbQMFx72BvdNUiVJ64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:73:28:e8:8d:ca:b4:82:6f:52:dc:e2:47:e9:50:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61333d0e8107886d0305c7bd81bdd35489527ae
        Validity
            Not Before: Feb 26 10:16:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f43a68bb793cee2bfd0711f641940eb67c7bfeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ac:f8:d7:20:41:d3:47:78:bd:47:27:05:34:
                    0f:04:9e:dc:36:ef:1e:96:d5:63:e0:98:f9:ac:6e:
                    5d:7a:62:af:41:c6:ef:14:a0:c2:f8:90:61:31:14:
                    85:e8:b0:0d:01:0c:49:36:55:a9:05:57:25:31:ee:
                    4b:77:1a:aa:53:ef:e9:a2:03:b9:2a:4a:d6:98:0b:
                    a3:af:54:ac:cc:b8:74:dd:ff:3b:bd:3d:90:ce:37:
                    2a:5f:9d:71:50:5a:38:04:b7:9e:d7:00:9f:fa:e7:
                    4b:e3:d1:15:5e:07:c9:68:c6:44:5c:41:1d:c3:2c:
                    f7:90:28:c3:98:c4:d3:2c:ea:7a:e5:9f:f1:b5:17:
                    69:2f:75:bb:fd:e1:f6:3e:f5:40:41:69:f2:9f:b3:
                    63:51:80:93:dd:60:24:c0:e1:d3:dc:a8:70:87:ed:
                    3f:b0:3c:7d:f4:67:51:ac:29:86:f5:61:15:bd:ca:
                    d5:42:21:76:9b:cf:71:fb:91:3a:b9:6c:ac:5f:bc:
                    2f:bf:1c:05:d8:e6:bf:84:a9:98:5b:8f:a4:87:f0:
                    84:d8:43:30:5e:a2:b7:07:c5:e5:14:ce:66:61:67:
                    a1:09:38:c3:f0:b6:60:ff:66:7b:53:56:9c:4f:dd:
                    c9:16:7c:12:e3:ab:35:58:43:0d:c8:9a:db:a4:bc:
                    b9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:43:A6:8B:B7:93:CE:E2:BF:D0:71:1F:64:19:40:EB:67:C7:BF:EB
            X509v3 Authority Key Identifier:
                keyid:C6:13:33:D0:E8:10:78:86:D0:30:5C:7B:D8:1B:DD:35:48:95:27:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhMz0OgQeIbQMFx72BvdNUiVJ64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/D0Omi7eTzuK_0HEfZBlA62fHv-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/dd32c3-fe8f-4047-b68a-8ec5f0eea045/1/xhMz0OgQeIbQMFx72BvdNUiVJ64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:02:b5:c2:24:e6:7f:76:f0:4e:ff:7d:0d:0a:14:43:98:c8:
         37:52:3d:44:40:10:4e:ce:4f:e8:17:c5:20:42:3a:74:2b:c1:
         91:37:f9:a0:76:c4:84:6c:28:52:46:66:01:c1:57:bf:18:74:
         e1:ce:13:28:e1:b1:75:06:75:3d:f9:a0:2c:9c:bf:26:92:3d:
         ab:24:9a:39:d9:6a:ac:26:7f:0e:56:7d:cc:08:96:85:ce:4f:
         c8:d4:f7:e5:bc:44:b6:ff:2e:99:d3:22:72:40:a4:53:7a:9f:
         67:7d:8d:22:b1:fc:ba:45:fb:5b:6d:87:6a:b3:ef:bc:d9:13:
         1d:4c:95:5f:89:52:05:af:41:c3:42:ab:a6:37:07:88:9b:7f:
         70:7f:f1:cc:b3:1b:c1:cf:46:72:f2:88:bd:9a:72:5d:7d:95:
         9e:23:33:5c:f2:34:c3:15:9c:1d:96:3c:39:0d:a2:61:ce:39:
         72:12:df:8b:c3:66:6e:45:cc:2f:5b:6f:0b:d6:fa:0b:a8:b1:
         fd:64:ef:70:79:18:11:06:93:59:c4:0b:3b:a5:4a:56:e8:75:
         e1:da:1c:cd:ad:76:c7:f7:32:c3:ca:27:9d:a3:12:64:a2:17:
         b4:28:62:58:f3:4c:24:f6:c5:1a:b9:05:f9:d5:11:89:5d:2e:
         13:d9:5d:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyZcyjojcq0gm9S3OJH6VDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTMzM2QwZTgxMDc4ODZkMDMwNWM3YmQ4MWJkZDM1NDg5
NTI3YWUwHhcNMjYwMjI2MTAxNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjQzYTY4YmI3OTNjZWUyYmZkMDcxMWY2NDE5NDBlYjY3YzdiZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKz41yBB00d4vUcnBTQPBJ7cNu8e
ltVj4Jj5rG5demKvQcbvFKDC+JBhMRSF6LANAQxJNlWpBVclMe5LdxqqU+/pogO5
KkrWmAujr1SszLh03f87vT2QzjcqX51xUFo4BLee1wCf+udL49EVXgfJaMZEXEEd
wyz3kCjDmMTTLOp65Z/xtRdpL3W7/eH2PvVAQWnyn7NjUYCT3WAkwOHT3Khwh+0/
sDx99GdRrCmG9WEVvcrVQiF2m89x+5E6uWysX7wvvxwF2Oa/hKmYW4+kh/CE2EMw
XqK3B8XlFM5mYWehCTjD8LZg/2Z7U1acT93JFnwS46s1WEMNyJrbpLy5gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9Dpou3k87iv9BxH2QZQOtnx7/rMB8GA1UdIwQY
MBaAFMYTM9DoEHiG0DBce9gb3TVIlSeuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhNejBPZ1FlSWJRTUZ4NzJCdmROVWlWSjY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9kZDMyYzMtZmU4Zi00MDQ3LWI2OGEt
OGVjNWYwZWVhMDQ1LzEvRDBPbWk3ZVR6dUtfMEhFZlpCbEE2MmZIdi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9kZDMyYzMtZmU4Zi00MDQ3LWI2OGEtOGVjNWYwZWVhMDQ1
LzEveGhNejBPZ1FlSWJRTUZ4NzJCdmROVWlWSjY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbY0MA0G
CSqGSIb3DQEBCwUAA4IBAQBJArXCJOZ/dvBO/30NChRDmMg3Uj1EQBBOzk/oF8Ug
Qjp0K8GRN/mgdsSEbChSRmYBwVe/GHThzhMo4bF1BnU9+aAsnL8mkj2rJJo52Wqs
Jn8OVn3MCJaFzk/I1PflvES2/y6Z0yJyQKRTep9nfY0isfy6RftbbYdqs++82RMd
TJVfiVIFr0HDQqumNweIm39wf/HMsxvBz0Zy8oi9mnJdfZWeIzNc8jTDFZwdljw5
DaJhzjlyEt+Lw2ZuRcwvW28L1voLqLH9ZO9weRgRBpNZxAs7pUpW6HXh2hzNrXbH
9zLDyiedoxJkohe0KGJY80wk9sUauQX51RGJXS4T2V0V
-----END CERTIFICATE-----