Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/SMH2Oc24_m72oqPVd7XOf3_OyRU.roa
File:                     SMH2Oc24_m72oqPVd7XOf3_OyRU.roa (raw, json)
Hash identifier:          WsgzmpsbvE0g6zXQzhps2wgMNgXJq/ibUvwvE7MedyM=
Subject key identifier:   48:C1:F6:39:CD:B8:FE:6E:F6:A2:A3:D5:77:B5:CE:7F:7F:CE:C9:15
Certificate issuer:       /CN=db99f330be3147b4da90d114a3cf4205fa451103
Certificate serial:       019D43E50DB7F0B6DFB31C2975C7D29C6060
Authority key identifier: DB:99:F3:30:BE:31:47:B4:DA:90:D1:14:A3:CF:42:05:FA:45:11:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/25nzML4xR7TakNEUo89CBfpFEQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/SMH2Oc24_m72oqPVd7XOf3_OyRU.roa
Signing time:             Tue 31 Mar 2026 12:36:17 +0000
ROA not before:           Tue 31 Mar 2026 12:36:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48254
IP address blocks:        213.155.3.0/24 maxlen: 24
                          213.155.4.0/24 maxlen: 24
                          213.155.5.0/24 maxlen: 24
                          213.155.6.0/24 maxlen: 24
                          213.155.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/25nzML4xR7TakNEUo89CBfpFEQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/25nzML4xR7TakNEUo89CBfpFEQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/25nzML4xR7TakNEUo89CBfpFEQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:e5:0d:b7:f0:b6:df:b3:1c:29:75:c7:d2:9c:60:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db99f330be3147b4da90d114a3cf4205fa451103
        Validity
            Not Before: Mar 31 12:36:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48c1f639cdb8fe6ef6a2a3d577b5ce7f7fcec915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3c:03:f8:a7:74:5e:1b:87:9c:df:4e:84:89:
                    f0:b3:85:07:7e:dd:e7:dd:76:b9:32:93:2d:92:d9:
                    21:95:71:12:ee:26:3d:a6:d1:1c:f6:7d:df:fc:61:
                    eb:41:57:b7:a1:e7:c9:bd:4f:29:4e:c1:2a:ce:bb:
                    6d:1f:ad:32:8f:22:ca:62:be:42:0c:d6:69:fd:2d:
                    25:1b:5d:4e:f2:f1:18:c5:db:d4:69:c7:a1:9c:39:
                    3b:3b:35:15:1a:ee:2c:04:f2:e4:e2:43:85:5e:11:
                    f8:e9:b1:9d:42:0a:5f:d0:12:ac:6e:fd:3f:9e:e6:
                    d7:9d:0d:d1:64:a9:d8:df:9e:4b:e0:82:cd:2c:3f:
                    b3:b0:e5:52:ef:f0:41:02:26:65:a2:f0:78:80:90:
                    0a:5a:f2:af:d2:86:95:2f:f5:00:f5:39:bb:e7:a0:
                    39:f5:ba:eb:38:12:de:e1:62:a7:b5:94:d9:ea:70:
                    74:06:11:60:e3:49:3b:b6:2f:a9:98:e8:dc:dc:59:
                    f1:44:2e:69:f5:2d:bd:3b:fa:17:a4:98:9e:d8:0f:
                    01:97:1f:98:f1:02:89:b6:0e:c8:5c:9a:17:8a:89:
                    1e:79:69:bd:db:f2:82:25:57:3f:1e:0e:09:0b:bb:
                    75:8e:be:9d:50:84:21:6d:5f:5e:d7:47:93:a4:89:
                    ba:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:C1:F6:39:CD:B8:FE:6E:F6:A2:A3:D5:77:B5:CE:7F:7F:CE:C9:15
            X509v3 Authority Key Identifier:
                keyid:DB:99:F3:30:BE:31:47:B4:DA:90:D1:14:A3:CF:42:05:FA:45:11:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/25nzML4xR7TakNEUo89CBfpFEQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/SMH2Oc24_m72oqPVd7XOf3_OyRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/25nzML4xR7TakNEUo89CBfpFEQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.155.3.0-213.155.7.255

    Signature Algorithm: sha256WithRSAEncryption
         72:74:9f:f1:f0:92:55:68:07:d1:be:1f:e8:50:75:02:7b:1c:
         99:56:7c:9e:06:95:9b:8e:1f:60:d1:96:8b:f4:c0:7a:16:d9:
         0b:16:d8:95:5c:10:a5:4d:3f:1f:bd:68:e5:79:33:5f:7b:17:
         36:fd:75:ad:22:06:41:94:10:e9:34:99:b9:94:f4:36:17:fa:
         f7:41:f4:f1:13:41:53:43:99:07:ec:7e:f8:b0:d1:f8:58:36:
         7e:74:6e:79:cb:4b:0b:73:b2:57:12:f2:99:52:b9:75:5c:59:
         4b:49:bb:c7:78:bf:94:e8:9c:e6:a9:98:72:bb:01:42:f9:58:
         18:a0:52:37:14:05:61:a6:27:c0:89:25:e2:2d:8a:b6:15:ac:
         31:29:bf:89:62:fe:5f:bf:8b:77:00:82:0e:0c:70:2b:ea:15:
         b6:fe:54:0d:52:b9:09:93:7c:15:91:43:21:4e:07:d9:24:ff:
         80:3c:2c:23:5f:fb:56:e0:7c:41:b8:8e:ed:42:e2:69:0a:3a:
         78:a0:69:12:47:72:36:19:80:86:da:f2:9a:00:78:33:c8:b0:
         b5:2b:36:36:05:f5:a1:f9:14:4a:41:15:30:49:27:24:a5:22:
         dc:f3:d1:6d:44:07:6d:c8:23:e5:f4:1a:ab:1a:fc:c0:42:9b:
         c1:b9:e7:96
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ1D5Q238LbfsxwpdcfSnGBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOTlmMzMwYmUzMTQ3YjRkYTkwZDExNGEzY2Y0MjA1ZmE0
NTExMDMwHhcNMjYwMzMxMTIzNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGMxZjYzOWNkYjhmZTZlZjZhMmEzZDU3N2I1Y2U3ZjdmY2VjOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTwD+Kd0XhuHnN9OhInws4UHft3n
3Xa5MpMtktkhlXES7iY9ptEc9n3f/GHrQVe3oefJvU8pTsEqzrttH60yjyLKYr5C
DNZp/S0lG11O8vEYxdvUacehnDk7OzUVGu4sBPLk4kOFXhH46bGdQgpf0BKsbv0/
nubXnQ3RZKnY355L4ILNLD+zsOVS7/BBAiZlovB4gJAKWvKv0oaVL/UA9Tm756A5
9brrOBLe4WKntZTZ6nB0BhFg40k7ti+pmOjc3FnxRC5p9S29O/oXpJie2A8Blx+Y
8QKJtg7IXJoXiokeeWm92/KCJVc/Hg4JC7t1jr6dUIQhbV9e10eTpIm6pwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEjB9jnNuP5u9qKj1Xe1zn9/zskVMB8GA1UdIwQY
MBaAFNuZ8zC+MUe02pDRFKPPQgX6RREDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjVuek1MNHhSN1Rha05FVW84OUNCZnBGRVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8zMDhjMDktMDAzNC00NDg2LTgyNzQt
ZDRkYmQ1ZTIwNGY3LzEvU01IMk9jMjRfbTcyb3FQVmQ3WE9mM19PeVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8zMDhjMDktMDAzNC00NDg2LTgyNzQtZDRkYmQ1ZTIwNGY3
LzEvMjVuek1MNHhSN1Rha05FVW84OUNCZnBGRVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADVmwMD
BAPVmwAwDQYJKoZIhvcNAQELBQADggEBAHJ0n/HwklVoB9G+H+hQdQJ7HJlWfJ4G
lZuOH2DRlov0wHoW2QsW2JVcEKVNPx+9aOV5M197Fzb9da0iBkGUEOk0mbmU9DYX
+vdB9PETQVNDmQfsfviw0fhYNn50bnnLSwtzslcS8plSuXVcWUtJu8d4v5TonOap
mHK7AUL5WBigUjcUBWGmJ8CJJeItirYVrDEpv4li/l+/i3cAgg4McCvqFbb+VA1S
uQmTfBWRQyFOB9kk/4A8LCNf+1bgfEG4ju1C4mkKOnigaRJHcjYZgIba8poAeDPI
sLUrNjYF9aH5FEpBFTBJJySlItzz0W1EB23II+X0Gqsa/MBCm8G555Y=
-----END CERTIFICATE-----