Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/f3e494-ea53-413c-ae14-a1f859517c1b/1/1-lY38nhDVvu5ZSrT6Z3R4RmIIVc.roa
File:                     1-lY38nhDVvu5ZSrT6Z3R4RmIIVc.roa (raw, json)
Hash identifier:          O4GfhlXh/C7NHP0rQL1wBLfHvkzMi75adQIiTOFpZhk=
Subject key identifier:   FA:56:37:F2:78:43:56:FB:B9:65:2A:D3:E9:9D:D1:E1:19:88:21:57
Certificate issuer:       /CN=cb56c6ade1e2a617e7c77557b95f06954d9390ba
Certificate serial:       019D959851456AF6DC145A4CC08E19AF6141
Authority key identifier: CB:56:C6:AD:E1:E2:A6:17:E7:C7:75:57:B9:5F:06:95:4D:93:90:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y1bGreHiphfnx3VXuV8GlU2TkLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/f3e494-ea53-413c-ae14-a1f859517c1b/1/1-lY38nhDVvu5ZSrT6Z3R4RmIIVc.roa
Signing time:             Thu 16 Apr 2026 09:21:20 +0000
ROA not before:           Thu 16 Apr 2026 09:21:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47147
IP address blocks:        185.145.116.0/24 maxlen: 24
                          185.145.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/f3e494-ea53-413c-ae14-a1f859517c1b/1/y1bGreHiphfnx3VXuV8GlU2TkLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/f3e494-ea53-413c-ae14-a1f859517c1b/1/y1bGreHiphfnx3VXuV8GlU2TkLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y1bGreHiphfnx3VXuV8GlU2TkLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:98:51:45:6a:f6:dc:14:5a:4c:c0:8e:19:af:61:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb56c6ade1e2a617e7c77557b95f06954d9390ba
        Validity
            Not Before: Apr 16 09:21:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa5637f2784356fbb9652ad3e99dd1e119882157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8a:b0:d3:b0:58:ed:27:38:14:4a:f9:cb:26:
                    34:21:b2:67:e4:05:e3:2c:2c:93:77:04:96:b5:e7:
                    6d:18:ff:04:ea:95:d2:bd:02:69:0e:07:24:14:96:
                    c1:05:4c:34:53:a1:85:ef:dd:1e:53:4e:35:f1:60:
                    5c:32:21:dd:be:9e:34:de:02:75:f9:3f:b3:9f:a9:
                    e8:28:b3:6e:06:40:6b:5e:d7:a1:a7:2c:f3:c8:b8:
                    38:e0:eb:3a:41:33:4b:8a:3d:21:c5:ff:f3:eb:cc:
                    af:05:59:3c:b9:4a:e4:c2:fc:81:3b:ea:5f:c3:7c:
                    ae:46:02:43:eb:ac:af:af:13:9d:eb:a0:3c:ba:c8:
                    b1:75:b7:25:94:42:eb:ec:d4:3e:fa:21:c4:58:2f:
                    aa:9f:0a:e5:cc:71:03:5e:ab:60:15:4a:ef:f9:b5:
                    e4:a8:45:03:62:5a:8f:27:03:5c:a9:fc:5f:f5:80:
                    35:53:c4:46:b0:52:16:4a:cf:0a:9c:42:48:bb:e1:
                    a3:53:a4:03:44:8e:75:4a:af:a2:39:fd:5c:a0:fb:
                    93:c0:9c:ec:f6:8e:93:42:d5:dd:fd:2a:4f:a4:52:
                    77:66:48:15:23:b9:34:8a:3a:6c:ee:44:30:a1:1e:
                    d7:9a:53:d8:e7:26:d6:f2:d1:eb:37:9a:0c:de:e0:
                    64:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:56:37:F2:78:43:56:FB:B9:65:2A:D3:E9:9D:D1:E1:19:88:21:57
            X509v3 Authority Key Identifier:
                keyid:CB:56:C6:AD:E1:E2:A6:17:E7:C7:75:57:B9:5F:06:95:4D:93:90:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y1bGreHiphfnx3VXuV8GlU2TkLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f3e494-ea53-413c-ae14-a1f859517c1b/1/1-lY38nhDVvu5ZSrT6Z3R4RmIIVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f3e494-ea53-413c-ae14-a1f859517c1b/1/y1bGreHiphfnx3VXuV8GlU2TkLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:63:cb:86:94:31:97:8f:84:b8:8a:04:2a:25:16:23:9b:03:
         55:43:de:b2:42:76:70:aa:4e:6b:9b:ad:f1:50:d7:43:b5:74:
         b7:28:af:f7:6a:1e:b0:90:29:88:a8:1f:8c:ae:38:6f:fb:e8:
         0f:1d:4f:8a:c8:72:83:7d:88:34:f9:71:b6:93:69:56:1c:18:
         9c:ce:cf:3f:d7:b5:b2:b2:c4:0b:01:04:f2:dd:89:34:6b:0e:
         fe:79:d9:25:ff:51:e3:e8:0d:95:5b:ce:c5:65:60:dc:a9:47:
         c6:f3:7a:a5:85:70:bd:ae:dc:ee:a5:1f:cc:a4:ef:03:59:d8:
         63:5e:84:f8:6a:df:25:77:f2:6d:d9:43:5c:82:2d:f4:96:a4:
         0f:1c:85:90:1d:26:f9:e3:00:a2:0b:4e:9f:d1:1e:2d:5c:27:
         52:b4:10:91:ea:99:b8:db:01:8f:a4:33:a8:8a:0a:c5:17:93:
         4f:90:12:5c:49:0a:a0:fb:4f:5d:63:f0:90:0d:18:a8:27:21:
         3b:19:51:9d:e5:9d:40:bc:9d:06:7a:91:34:fb:85:5e:af:ee:
         6e:be:fd:21:dc:03:0f:ef:a7:72:c2:ae:e7:26:53:44:14:79:
         44:52:ae:ce:63:bf:96:71:d7:29:82:4f:c5:d4:21:12:22:1d:
         98:4f:dc:3a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2VmFFFavbcFFpMwI4Zr2FBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNTZjNmFkZTFlMmE2MTdlN2M3NzU1N2I5NWYwNjk1NGQ5
MzkwYmEwHhcNMjYwNDE2MDkyMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTU2MzdmMjc4NDM1NmZiYjk2NTJhZDNlOTlkZDFlMTE5ODgyMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04qw07BY7Sc4FEr5yyY0IbJn5AXj
LCyTdwSWtedtGP8E6pXSvQJpDgckFJbBBUw0U6GF790eU0418WBcMiHdvp403gJ1
+T+zn6noKLNuBkBrXtehpyzzyLg44Os6QTNLij0hxf/z68yvBVk8uUrkwvyBO+pf
w3yuRgJD66yvrxOd66A8usixdbcllELr7NQ++iHEWC+qnwrlzHEDXqtgFUrv+bXk
qEUDYlqPJwNcqfxf9YA1U8RGsFIWSs8KnEJIu+GjU6QDRI51Sq+iOf1coPuTwJzs
9o6TQtXd/SpPpFJ3ZkgVI7k0ijps7kQwoR7XmlPY5ybW8tHrN5oM3uBk/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpWN/J4Q1b7uWUq0+md0eEZiCFXMB8GA1UdIwQY
MBaAFMtWxq3h4qYX58d1V7lfBpVNk5C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTFiR3JlSGlwaGZueDNWWHVWOEdsVTJUa0xvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mM2U0OTQtZWE1My00MTNjLWFlMTQt
YTFmODU5NTE3YzFiLzEvMS1sWTM4bmhEVnZ1NVpTclQ2WjNSNFJtSUlWYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzMvZjNlNDk0LWVhNTMtNDEzYy1hZTE0LWExZjg1OTUxN2Mx
Yi8xL3kxYkdyZUhpcGhmbngzVlh1VjhHbFUyVGtMby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbmRdDAN
BgkqhkiG9w0BAQsFAAOCAQEAmmPLhpQxl4+EuIoEKiUWI5sDVUPeskJ2cKpOa5ut
8VDXQ7V0tyiv92oesJApiKgfjK44b/voDx1Pishyg32INPlxtpNpVhwYnM7PP9e1
srLECwEE8t2JNGsO/nnZJf9R4+gNlVvOxWVg3KlHxvN6pYVwva7c7qUfzKTvA1nY
Y16E+GrfJXfybdlDXIIt9JakDxyFkB0m+eMAogtOn9EeLVwnUrQQkeqZuNsBj6Qz
qIoKxReTT5ASXEkKoPtPXWPwkA0YqCchOxlRneWdQLydBnqRNPuFXq/ubr79IdwD
D++ncsKu5yZTRBR5RFKuzmO/lnHXKYJPxdQhEiIdmE/cOg==
-----END CERTIFICATE-----