Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/V1PdVFoshW1ar5HpIYyNCl-wxZg.roa
File:                     V1PdVFoshW1ar5HpIYyNCl-wxZg.roa (raw, json)
Hash identifier:          8JNuhL/a0qXG5i850tam3mN3diEt2c5ox0iX3jf8huA=
Subject key identifier:   57:53:DD:54:5A:2C:85:6D:5A:AF:91:E9:21:8C:8D:0A:5F:B0:C5:98
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019D43CE2A9BDD1784C3FC03173B63621E0B
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/V1PdVFoshW1ar5HpIYyNCl-wxZg.roa
Signing time:             Tue 31 Mar 2026 12:11:17 +0000
ROA not before:           Tue 31 Mar 2026 12:11:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204023
IP address blocks:        185.225.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:ce:2a:9b:dd:17:84:c3:fc:03:17:3b:63:62:1e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Mar 31 12:11:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5753dd545a2c856d5aaf91e9218c8d0a5fb0c598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:db:ff:29:de:c9:49:ef:9d:2b:8b:f2:9d:a7:
                    9b:b2:89:34:8d:48:45:a5:31:cd:79:46:b7:95:73:
                    a2:0a:c3:1d:be:ea:33:9e:b9:f8:93:c7:42:64:a8:
                    e4:80:26:82:16:c7:8e:bd:f7:63:28:4f:8a:29:b0:
                    ae:32:3f:71:23:fe:e0:3d:d0:74:a4:95:12:bf:2c:
                    dd:6f:30:4f:b3:0a:39:e4:21:9f:d3:e7:32:47:02:
                    78:3f:08:ba:23:8b:0e:14:6e:8f:03:1e:de:e1:21:
                    ef:f0:97:78:f5:c3:73:ea:0b:d7:05:95:98:b8:9b:
                    fa:d8:e5:53:73:d6:49:2d:25:a6:d9:77:7c:db:a3:
                    00:01:26:f5:35:eb:4b:56:03:20:aa:4e:d5:7d:ec:
                    91:05:d5:4e:4f:82:bf:c2:5c:c7:8b:cf:4a:6d:e3:
                    fc:bd:c8:21:ae:91:78:6b:ce:9f:83:b5:55:db:7a:
                    ec:26:54:60:8e:af:b4:e4:b0:c2:3d:9e:c1:4f:22:
                    6e:97:5e:c0:64:5d:ea:5c:50:bd:b1:7a:96:58:58:
                    33:d1:83:fb:3d:21:91:ba:2d:72:aa:6d:52:18:3c:
                    da:d7:bb:9d:54:fd:4e:26:e3:f4:43:64:a0:ca:eb:
                    b7:fa:18:0a:f0:72:ba:cc:f7:0e:b1:be:22:0b:81:
                    60:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:53:DD:54:5A:2C:85:6D:5A:AF:91:E9:21:8C:8D:0A:5F:B0:C5:98
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/V1PdVFoshW1ar5HpIYyNCl-wxZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:16:65:8d:16:2f:c4:24:77:02:63:ab:e6:89:71:58:ea:0d:
         8e:e5:cc:c6:70:cc:0e:f6:51:b5:13:c1:36:68:5b:d6:92:0a:
         c4:40:14:89:6e:2a:18:f0:68:0d:f0:f1:2a:a8:fb:17:6d:63:
         9c:f1:13:fc:b0:cf:0a:f9:18:30:a1:aa:f4:f6:32:1f:ba:08:
         fa:5b:8c:df:04:1f:7d:47:21:b1:b7:8a:9c:63:c6:9c:90:78:
         d6:4a:ba:b6:82:3f:b2:41:d0:66:2a:14:cb:8b:14:26:71:73:
         ea:1c:d5:fa:9c:5f:82:35:2c:ae:3b:8a:ea:36:04:32:06:ed:
         c9:16:ec:18:f7:73:94:52:34:40:33:0f:d5:89:07:26:ec:12:
         ee:77:d4:f3:d0:32:39:74:c5:59:4c:65:31:b2:65:4c:96:f8:
         01:3a:9f:b1:c4:27:3d:97:6c:1c:e1:7a:7a:8e:7e:7f:98:84:
         21:62:22:74:18:2c:fd:14:8b:67:fe:9f:f7:af:6a:65:a7:ce:
         32:84:42:58:a8:9f:62:d1:69:3a:54:6a:88:e7:e1:b6:43:7d:
         1f:2e:76:31:17:54:2a:6c:5b:dc:2b:cb:03:7a:d7:f3:11:80:
         b9:59:0f:1a:ff:5e:59:16:5e:b0:97:e9:30:e5:0e:d4:b1:d2:
         43:a7:39:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Dziqb3ReEw/wDFztjYh4LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjYwMzMxMTIxMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzUzZGQ1NDVhMmM4NTZkNWFhZjkxZTkyMThjOGQwYTVmYjBjNTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdv/Kd7JSe+dK4vynaebsok0jUhF
pTHNeUa3lXOiCsMdvuoznrn4k8dCZKjkgCaCFseOvfdjKE+KKbCuMj9xI/7gPdB0
pJUSvyzdbzBPswo55CGf0+cyRwJ4Pwi6I4sOFG6PAx7e4SHv8Jd49cNz6gvXBZWY
uJv62OVTc9ZJLSWm2Xd826MAASb1NetLVgMgqk7VfeyRBdVOT4K/wlzHi89KbeP8
vcghrpF4a86fg7VV23rsJlRgjq+05LDCPZ7BTyJul17AZF3qXFC9sXqWWFgz0YP7
PSGRui1yqm1SGDza17udVP1OJuP0Q2Sgyuu3+hgK8HK6zPcOsb4iC4Fg4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdT3VRaLIVtWq+R6SGMjQpfsMWYMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvVjFQZFZGb3NoVzFhcjVIcElZeU5DbC13eFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHNMA0G
CSqGSIb3DQEBCwUAA4IBAQClFmWNFi/EJHcCY6vmiXFY6g2O5czGcMwO9lG1E8E2
aFvWkgrEQBSJbioY8GgN8PEqqPsXbWOc8RP8sM8K+Rgwoar09jIfugj6W4zfBB99
RyGxt4qcY8ackHjWSrq2gj+yQdBmKhTLixQmcXPqHNX6nF+CNSyuO4rqNgQyBu3J
FuwY93OUUjRAMw/ViQcm7BLud9Tz0DI5dMVZTGUxsmVMlvgBOp+xxCc9l2wc4Xp6
jn5/mIQhYiJ0GCz9FItn/p/3r2plp84yhEJYqJ9i0Wk6VGqI5+G2Q30fLnYxF1Qq
bFvcK8sDetfzEYC5WQ8a/15ZFl6wl+kw5Q7UsdJDpzkr
-----END CERTIFICATE-----