Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/a6de87-5517-4681-a236-368bc1bf83ea/1/rdpASP2znJQvquGxJOvyDRpnmhU.roa
File:                     rdpASP2znJQvquGxJOvyDRpnmhU.roa (raw, json)
Hash identifier:          2K9g0ofmwtg+0wCGPKVHPvtZQPkH/atZkucjpNuBbHw=
Subject key identifier:   AD:DA:40:48:FD:B3:9C:94:2F:AA:E1:B1:24:EB:F2:0D:1A:67:9A:15
Certificate issuer:       /CN=8583e91386b7c002a47a7fa4f7b7fd35ff9e4e0a
Certificate serial:       019CA5326923B71FE2538E9B00B420EC9E68
Authority key identifier: 85:83:E9:13:86:B7:C0:02:A4:7A:7F:A4:F7:B7:FD:35:FF:9E:4E:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hYPpE4a3wAKken-k97f9Nf-eTgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/a6de87-5517-4681-a236-368bc1bf83ea/1/rdpASP2znJQvquGxJOvyDRpnmhU.roa
Signing time:             Sat 28 Feb 2026 17:01:10 +0000
ROA not before:           Sat 28 Feb 2026 17:01:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48920
IP address blocks:        192.175.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/a6de87-5517-4681-a236-368bc1bf83ea/1/hYPpE4a3wAKken-k97f9Nf-eTgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/a6de87-5517-4681-a236-368bc1bf83ea/1/hYPpE4a3wAKken-k97f9Nf-eTgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hYPpE4a3wAKken-k97f9Nf-eTgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a5:32:69:23:b7:1f:e2:53:8e:9b:00:b4:20:ec:9e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8583e91386b7c002a47a7fa4f7b7fd35ff9e4e0a
        Validity
            Not Before: Feb 28 17:01:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=adda4048fdb39c942faae1b124ebf20d1a679a15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fc:17:95:95:0b:ff:03:77:8b:ac:93:c7:cf:
                    9d:20:50:94:57:11:7b:28:85:97:78:34:be:7b:e7:
                    7e:9a:52:b9:48:7f:0a:40:b9:33:4f:cc:73:80:ac:
                    58:33:21:1c:8d:64:3d:26:c2:c5:66:09:ae:98:39:
                    e9:79:53:10:d0:ce:11:c7:b3:b2:59:c1:e5:20:4e:
                    9e:42:c6:6f:1c:6c:79:dc:bb:03:f1:4e:2e:2b:3c:
                    3f:73:0e:78:17:ed:93:06:d5:f2:b3:6b:8b:02:dd:
                    77:97:d3:10:be:61:24:4f:61:b2:ef:1d:2b:7b:b6:
                    54:b0:1b:ff:58:30:f9:e2:ef:07:90:62:ab:c1:6e:
                    c9:21:04:bf:31:e0:1b:df:92:ef:44:cf:0c:56:cf:
                    1e:eb:2e:f5:0b:ca:aa:33:a4:23:4e:2d:6b:a6:01:
                    46:19:60:38:66:61:25:e1:5e:99:1d:70:82:01:af:
                    81:fb:31:8e:1a:1a:b6:21:0b:c7:5e:90:8b:99:31:
                    59:ba:43:9b:83:a6:20:59:00:6b:55:22:98:08:f4:
                    d9:fc:4a:cd:15:ca:7e:db:5e:77:3d:c3:e8:3d:49:
                    b5:e8:05:aa:4c:5f:ee:87:90:e6:da:e0:1b:dd:03:
                    1f:26:3f:77:ac:db:d5:13:61:8c:60:10:4a:33:69:
                    72:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:DA:40:48:FD:B3:9C:94:2F:AA:E1:B1:24:EB:F2:0D:1A:67:9A:15
            X509v3 Authority Key Identifier:
                keyid:85:83:E9:13:86:B7:C0:02:A4:7A:7F:A4:F7:B7:FD:35:FF:9E:4E:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hYPpE4a3wAKken-k97f9Nf-eTgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/a6de87-5517-4681-a236-368bc1bf83ea/1/rdpASP2znJQvquGxJOvyDRpnmhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/a6de87-5517-4681-a236-368bc1bf83ea/1/hYPpE4a3wAKken-k97f9Nf-eTgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.175.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:40:25:6c:bc:f7:8d:22:f5:ef:ee:a1:b1:eb:c9:2c:42:4f:
         94:30:f8:af:fe:e8:39:95:49:0a:fb:76:f7:e0:a3:75:25:85:
         b4:c8:d5:34:77:5c:71:d3:4d:f7:51:0f:68:6a:67:69:b3:16:
         cd:11:3a:0e:d0:fb:69:22:72:69:80:70:6c:75:25:43:c7:70:
         4c:50:48:a9:8d:dd:05:be:0c:d2:5b:63:03:19:6f:a3:af:a4:
         5d:8b:f4:5f:f7:9f:e7:09:8e:b5:76:2f:f5:08:87:40:c4:f0:
         c2:57:1c:da:30:e7:f4:f1:52:fb:ae:a9:f6:6c:e0:b9:d7:9d:
         2b:cd:c8:02:1b:8b:57:1d:47:e0:da:44:af:a2:1d:b4:ce:bd:
         28:98:2b:7e:f6:fd:7a:11:bb:97:3f:54:a3:3e:2b:82:85:f3:
         17:fe:df:cd:82:6a:ef:49:f4:c7:c1:d0:e6:40:b0:de:69:0c:
         e8:41:ac:af:22:47:73:2a:7e:69:eb:51:13:95:7b:05:b7:ef:
         4b:fc:b7:81:ba:73:d3:5b:59:af:41:91:fe:26:5e:8b:79:1c:
         10:94:cc:fd:05:9c:df:f7:30:d0:70:f3:4d:af:95:15:31:50:
         33:98:95:8d:3e:2a:0e:c4:6e:75:5b:b2:25:9a:60:5a:1e:eb:
         14:ee:7b:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZylMmkjtx/iU46bALQg7J5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ODNlOTEzODZiN2MwMDJhNDdhN2ZhNGY3YjdmZDM1ZmY5
ZTRlMGEwHhcNMjYwMjI4MTcwMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGRhNDA0OGZkYjM5Yzk0MmZhYWUxYjEyNGViZjIwZDFhNjc5YTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvwXlZUL/wN3i6yTx8+dIFCUVxF7
KIWXeDS+e+d+mlK5SH8KQLkzT8xzgKxYMyEcjWQ9JsLFZgmumDnpeVMQ0M4Rx7Oy
WcHlIE6eQsZvHGx53LsD8U4uKzw/cw54F+2TBtXys2uLAt13l9MQvmEkT2Gy7x0r
e7ZUsBv/WDD54u8HkGKrwW7JIQS/MeAb35LvRM8MVs8e6y71C8qqM6QjTi1rpgFG
GWA4ZmEl4V6ZHXCCAa+B+zGOGhq2IQvHXpCLmTFZukObg6YgWQBrVSKYCPTZ/ErN
Fcp+2153PcPoPUm16AWqTF/uh5Dm2uAb3QMfJj93rNvVE2GMYBBKM2lyTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3aQEj9s5yUL6rhsSTr8g0aZ5oVMB8GA1UdIwQY
MBaAFIWD6ROGt8ACpHp/pPe3/TX/nk4KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFlQcEU0YTN3QUtrZW4tazk3ZjlOZi1lVGdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hNmRlODctNTUxNy00NjgxLWEyMzYt
MzY4YmMxYmY4M2VhLzEvcmRwQVNQMnpuSlF2cXVHeEpPdnlEUnBubWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hNmRlODctNTUxNy00NjgxLWEyMzYtMzY4YmMxYmY4M2Vh
LzEvaFlQcEU0YTN3QUtrZW4tazk3ZjlOZi1lVGdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwK8lMA0G
CSqGSIb3DQEBCwUAA4IBAQAsQCVsvPeNIvXv7qGx68ksQk+UMPiv/ug5lUkK+3b3
4KN1JYW0yNU0d1xx0033UQ9oamdpsxbNEToO0PtpInJpgHBsdSVDx3BMUEipjd0F
vgzSW2MDGW+jr6Rdi/Rf95/nCY61di/1CIdAxPDCVxzaMOf08VL7rqn2bOC5150r
zcgCG4tXHUfg2kSvoh20zr0omCt+9v16EbuXP1SjPiuChfMX/t/NgmrvSfTHwdDm
QLDeaQzoQayvIkdzKn5p61ETlXsFt+9L/LeBunPTW1mvQZH+Jl6LeRwQlMz9BZzf
9zDQcPNNr5UVMVAzmJWNPioOxG51W7IlmmBaHusU7ntG
-----END CERTIFICATE-----