Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/mgruyOr_bhqrj5DuwHE1ll_puAo.roa
File:                     mgruyOr_bhqrj5DuwHE1ll_puAo.roa (raw, json)
Hash identifier:          YRLf4HOJtTcb2BtLsq3In58Yh9rOqegL3BjCqnES5Mc=
Subject key identifier:   9A:0A:EE:C8:EA:FF:6E:1A:AB:8F:90:EE:C0:71:35:96:5F:E9:B8:0A
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019D7664556C39C2E9D2B806540D172BF589
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/mgruyOr_bhqrj5DuwHE1ll_puAo.roa
Signing time:             Fri 10 Apr 2026 07:56:20 +0000
ROA not before:           Fri 10 Apr 2026 07:56:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137517
IP address blocks:        185.145.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:64:55:6c:39:c2:e9:d2:b8:06:54:0d:17:2b:f5:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Apr 10 07:56:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a0aeec8eaff6e1aab8f90eec07135965fe9b80a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:23:82:b4:39:8f:ec:cf:21:43:8b:58:f7:82:
                    c2:54:aa:d2:89:67:4f:e1:df:d3:47:92:c6:d3:ea:
                    1b:23:e6:ae:b5:4a:6d:00:9b:32:cf:ed:08:48:95:
                    70:04:04:1a:91:d7:09:45:c6:bb:de:33:08:77:10:
                    2d:c8:d4:56:00:b1:99:66:d8:65:54:19:4f:b4:87:
                    08:cf:79:a7:df:e2:6d:e9:91:83:5a:ce:38:67:b5:
                    34:8d:7d:84:32:7e:10:ee:fe:17:16:2a:e9:4e:85:
                    3c:fd:11:f9:be:1d:0c:96:a4:ac:cb:f8:0a:7c:5d:
                    48:72:7a:bb:e8:98:40:86:aa:d2:a9:30:26:7d:1a:
                    48:19:20:b0:0a:80:5e:1c:fc:d8:c2:a7:ba:7e:07:
                    dd:67:6b:9d:90:54:9b:e4:58:46:f8:d1:d4:48:e9:
                    40:bd:d4:a5:9b:71:b1:9e:3f:9d:45:58:9e:c7:a2:
                    4f:96:03:6b:a0:0d:77:e5:29:02:49:b4:f7:e3:2e:
                    f0:70:58:9c:13:fb:06:ab:e4:1f:be:95:27:32:76:
                    96:aa:e8:6b:39:4b:91:bc:ff:e1:0c:76:48:eb:54:
                    48:08:c1:c0:e5:9a:3a:0d:50:09:c9:a3:66:8e:17:
                    59:40:89:e5:36:9d:33:a0:5b:11:97:e0:8b:aa:79:
                    10:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:0A:EE:C8:EA:FF:6E:1A:AB:8F:90:EE:C0:71:35:96:5F:E9:B8:0A
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/mgruyOr_bhqrj5DuwHE1ll_puAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:a8:73:c2:79:2d:60:8e:17:ab:f9:2a:e1:1f:29:1c:f9:75:
         18:f5:93:d5:d0:d7:49:73:79:89:19:13:8c:44:a0:56:a2:b5:
         36:04:42:0e:6d:69:62:f2:4e:d1:7d:2f:f6:9f:14:33:87:79:
         1c:11:94:c1:16:81:ba:c0:b8:bb:c1:72:c3:05:40:76:0a:16:
         3a:b2:4a:5e:86:b4:bb:24:75:2b:a1:f3:bd:91:41:f6:57:0f:
         36:ce:c0:3c:c5:7c:05:36:c3:f4:bf:98:83:00:eb:4d:d2:71:
         aa:f6:de:38:18:ba:ae:a3:2a:da:67:7d:55:f0:c5:b3:34:35:
         8c:24:67:99:73:23:88:13:f9:c9:9e:58:6a:64:02:33:c6:28:
         81:08:ce:01:e0:c6:7f:ff:f0:d7:d4:56:42:ef:31:ab:93:2c:
         08:e2:34:3f:46:bb:8a:25:88:fe:e4:db:e2:a5:58:ef:67:c8:
         7b:5a:30:cc:68:68:69:20:c6:11:9a:60:6f:67:8e:3f:67:9b:
         66:75:ab:5a:c2:1b:33:d7:72:ef:6d:d8:cc:78:97:b0:38:7b:
         e6:c5:b5:d8:f6:72:69:e7:7d:0b:f4:12:17:45:71:d6:d5:4d:
         c8:ce:f2:0f:ed:79:fb:49:35:a9:9a:87:22:22:9f:56:eb:7d:
         50:b2:c4:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ12ZFVsOcLp0rgGVA0XK/WJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwNDEwMDc1NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTBhZWVjOGVhZmY2ZTFhYWI4ZjkwZWVjMDcxMzU5NjVmZTliODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSOCtDmP7M8hQ4tY94LCVKrSiWdP
4d/TR5LG0+obI+autUptAJsyz+0ISJVwBAQakdcJRca73jMIdxAtyNRWALGZZthl
VBlPtIcIz3mn3+Jt6ZGDWs44Z7U0jX2EMn4Q7v4XFirpToU8/RH5vh0MlqSsy/gK
fF1Icnq76JhAhqrSqTAmfRpIGSCwCoBeHPzYwqe6fgfdZ2udkFSb5FhG+NHUSOlA
vdSlm3Gxnj+dRViex6JPlgNroA135SkCSbT34y7wcFicE/sGq+QfvpUnMnaWquhr
OUuRvP/hDHZI61RICMHA5Zo6DVAJyaNmjhdZQInlNp0zoFsRl+CLqnkQxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJoK7sjq/24aq4+Q7sBxNZZf6bgKMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvbWdydXlPcl9iaHFyajVEdXdIRTFsbF9wdUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZHrMA0G
CSqGSIb3DQEBCwUAA4IBAQA1qHPCeS1gjher+SrhHykc+XUY9ZPV0NdJc3mJGROM
RKBWorU2BEIObWli8k7RfS/2nxQzh3kcEZTBFoG6wLi7wXLDBUB2ChY6skpehrS7
JHUrofO9kUH2Vw82zsA8xXwFNsP0v5iDAOtN0nGq9t44GLquoyraZ31V8MWzNDWM
JGeZcyOIE/nJnlhqZAIzxiiBCM4B4MZ///DX1FZC7zGrkywI4jQ/RruKJYj+5Nvi
pVjvZ8h7WjDMaGhpIMYRmmBvZ44/Z5tmdatawhsz13LvbdjMeJewOHvmxbXY9nJp
530L9BIXRXHW1U3IzvIP7Xn7STWpmociIp9W631QssRo
-----END CERTIFICATE-----