Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/DDngBeugBflz2Y90QC-zDicHQ24.roa
File:                     DDngBeugBflz2Y90QC-zDicHQ24.roa (raw, json)
Hash identifier:          m0YvcO7ROlX6F4MB7yRaAW8MqkEMP4GHYTq9pzb6NPA=
Subject key identifier:   0C:39:E0:05:EB:A0:05:F9:73:D9:8F:74:40:2F:B3:0E:27:07:43:6E
Certificate issuer:       /CN=adac830ccaa74783dd961fab241a228d7cc6f808
Certificate serial:       019B7EA670C7A70FFCBDDDCC4A04E56E23FB
Authority key identifier: AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/DDngBeugBflz2Y90QC-zDicHQ24.roa
Signing time:             Fri 02 Jan 2026 12:19:55 +0000
ROA not before:           Fri 02 Jan 2026 12:19:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47241
IP address blocks:        37.98.160.0/19 maxlen: 24
                          46.160.0.0/18 maxlen: 24
                          109.60.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:70:c7:a7:0f:fc:bd:dd:cc:4a:04:e5:6e:23:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adac830ccaa74783dd961fab241a228d7cc6f808
        Validity
            Not Before: Jan  2 12:19:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c39e005eba005f973d98f74402fb30e2707436e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ea:33:e4:90:7b:95:38:e5:71:a8:e8:f9:8e:
                    2a:b6:6f:9d:6b:31:3c:2d:a5:72:c4:60:57:09:2f:
                    6f:cb:ec:59:6f:90:e0:25:af:c4:d1:25:32:26:2c:
                    c4:32:b1:68:cf:62:d6:fc:33:06:ff:26:d5:0f:c8:
                    f8:a6:2b:d3:69:9a:c8:1a:1d:d8:62:a3:21:ba:aa:
                    2a:50:6f:00:64:d7:62:56:3d:d2:dd:89:f1:35:61:
                    63:95:0c:cd:08:00:63:04:83:01:8d:cf:b9:a6:94:
                    55:09:61:d1:94:8c:70:c9:c0:e5:a7:6b:10:a2:ad:
                    56:1f:be:89:d5:89:b2:e1:14:b1:b2:d8:01:4f:d4:
                    bb:1d:06:cb:37:84:e0:af:e1:88:bd:30:b3:c3:6d:
                    21:cd:6d:15:d2:32:51:6f:44:9c:59:3e:a5:5e:5c:
                    80:dc:5d:e8:98:ce:56:e3:ad:10:64:19:60:c8:29:
                    f7:cf:24:8d:fb:0c:a4:5f:1a:0a:61:1c:be:1d:08:
                    cb:fe:6d:4b:ee:66:67:31:01:11:67:73:0f:a5:24:
                    29:fb:8e:41:d4:28:b1:d1:b9:93:72:5a:6f:af:13:
                    a7:91:eb:6d:ba:fe:d8:5f:49:ac:1e:29:59:23:cd:
                    99:fb:86:a7:ad:cc:48:40:9a:1d:ea:c7:c9:6a:82:
                    24:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:39:E0:05:EB:A0:05:F9:73:D9:8F:74:40:2F:B3:0E:27:07:43:6E
            X509v3 Authority Key Identifier:
                keyid:AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/DDngBeugBflz2Y90QC-zDicHQ24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.160.0/19
                  46.160.0.0/18
                  109.60.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         77:d2:fb:7e:bf:6b:70:bf:5c:46:ed:33:46:8e:aa:17:1d:39:
         7b:14:f0:7b:06:38:0d:04:f1:e2:bd:fe:bb:22:95:14:e3:07:
         1d:b6:34:f6:a0:24:40:d3:21:0d:5b:1a:86:92:84:54:23:bc:
         6d:43:9c:9c:6a:aa:6b:12:d3:f7:ee:31:8e:e7:11:fc:24:cc:
         89:54:cd:08:84:e8:88:63:3a:3b:19:2e:13:9f:55:a0:b9:04:
         80:45:57:30:bb:a4:00:44:22:9c:73:00:43:a6:9e:fa:26:8e:
         1c:b0:5a:06:58:f0:a9:89:4a:b4:89:e8:3b:c0:df:52:0f:5d:
         8a:4a:9e:f9:da:73:5a:9c:c7:c1:84:cc:86:39:bd:73:4b:43:
         04:b5:f5:93:94:a1:d4:b9:1b:07:2c:67:b0:1e:7d:11:19:f3:
         cd:19:6e:ac:eb:49:b2:2d:f0:9a:ce:2b:6d:43:69:54:28:b5:
         17:fa:f8:14:78:31:d4:13:3c:27:e4:01:56:9f:b7:54:ac:ed:
         c7:97:43:15:46:09:b2:e7:50:49:26:a8:cf:71:e8:c3:ab:7c:
         1f:be:5e:7b:83:61:ad:1e:d7:90:d2:f0:70:d8:41:4f:6a:9c:
         13:8a:c2:7f:65:9f:9d:57:bb:dc:55:5c:a8:3e:d1:d1:88:ce:
         91:da:c1:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt+pnDHpw/8vd3MSgTlbiP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYWM4MzBjY2FhNzQ3ODNkZDk2MWZhYjI0MWEyMjhkN2Nj
NmY4MDgwHhcNMjYwMTAyMTIxOTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzM5ZTAwNWViYTAwNWY5NzNkOThmNzQ0MDJmYjMwZTI3MDc0MzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuoz5JB7lTjlcajo+Y4qtm+dazE8
LaVyxGBXCS9vy+xZb5DgJa/E0SUyJizEMrFoz2LW/DMG/ybVD8j4pivTaZrIGh3Y
YqMhuqoqUG8AZNdiVj3S3YnxNWFjlQzNCABjBIMBjc+5ppRVCWHRlIxwycDlp2sQ
oq1WH76J1Ymy4RSxstgBT9S7HQbLN4Tgr+GIvTCzw20hzW0V0jJRb0ScWT6lXlyA
3F3omM5W460QZBlgyCn3zySN+wykXxoKYRy+HQjL/m1L7mZnMQERZ3MPpSQp+45B
1Cix0bmTclpvrxOnkettuv7YX0msHilZI82Z+4anrcxIQJod6sfJaoIkLwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAw54AXroAX5c9mPdEAvsw4nB0NuMB8GA1UdIwQY
MBaAFK2sgwzKp0eD3ZYfqyQaIo18xvgIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgt
OTI5ZjdkNjM1ZjRiLzEvRERuZ0JldWdCZmx6Mlk5MFFDLXpEaWNIUTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgtOTI5ZjdkNjM1ZjRi
LzEvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFJWKgAwQG
LqAAAwQHbTyAMA0GCSqGSIb3DQEBCwUAA4IBAQB30vt+v2twv1xG7TNGjqoXHTl7
FPB7BjgNBPHivf67IpUU4wcdtjT2oCRA0yENWxqGkoRUI7xtQ5ycaqprEtP37jGO
5xH8JMyJVM0IhOiIYzo7GS4Tn1WguQSARVcwu6QARCKccwBDpp76Jo4csFoGWPCp
iUq0ieg7wN9SD12KSp752nNanMfBhMyGOb1zS0MEtfWTlKHUuRsHLGewHn0RGfPN
GW6s60myLfCazittQ2lUKLUX+vgUeDHUEzwn5AFWn7dUrO3Hl0MVRgmy51BJJqjP
cejDq3wfvl57g2GtHteQ0vBw2EFPapwTisJ/ZZ+dV7vcVVyoPtHRiM6R2sEZ
-----END CERTIFICATE-----