Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/d3pkWWdmvNQR45OZHT-x9rdGQNs.roa
File:                     d3pkWWdmvNQR45OZHT-x9rdGQNs.roa (raw, json)
Hash identifier:          TDl/0oWRr3l5gDCKGW8colL6v491r+s+27SkHi8/nrc=
Subject key identifier:   77:7A:64:59:67:66:BC:D4:11:E3:93:99:1D:3F:B1:F6:B7:46:40:DB
Certificate issuer:       /CN=1331334c8a35da66b44d909347a643ee44191aaf
Certificate serial:       019D9A974EF97084E8BBD62567D0F7FB1CBE
Authority key identifier: 13:31:33:4C:8A:35:DA:66:B4:4D:90:93:47:A6:43:EE:44:19:1A:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EzEzTIo12ma0TZCTR6ZD7kQZGq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/d3pkWWdmvNQR45OZHT-x9rdGQNs.roa
Signing time:             Fri 17 Apr 2026 08:38:20 +0000
ROA not before:           Fri 17 Apr 2026 08:38:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24824
IP address blocks:        185.44.48.0/22 maxlen: 24
                          194.107.0.0/20 maxlen: 24
                          2a00:f720::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/EzEzTIo12ma0TZCTR6ZD7kQZGq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/EzEzTIo12ma0TZCTR6ZD7kQZGq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EzEzTIo12ma0TZCTR6ZD7kQZGq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:97:4e:f9:70:84:e8:bb:d6:25:67:d0:f7:fb:1c:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1331334c8a35da66b44d909347a643ee44191aaf
        Validity
            Not Before: Apr 17 08:38:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=777a64596766bcd411e393991d3fb1f6b74640db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:aa:91:95:44:e2:82:2d:db:35:72:06:50:31:
                    c7:10:48:1e:c7:25:31:fd:1e:f5:05:ab:be:fc:3e:
                    31:4f:af:76:11:35:3e:09:ef:30:32:56:b1:20:eb:
                    8d:1f:0a:96:e0:4f:48:55:aa:64:43:d1:fb:f8:e2:
                    6d:a8:0e:80:7c:c8:3a:6f:f6:27:09:33:d5:ea:0d:
                    be:8e:78:14:28:be:be:0e:4e:93:3f:8d:6e:2b:23:
                    d2:7c:d4:a6:e8:45:be:6f:5a:bd:d0:ec:59:7c:8c:
                    d6:91:2e:b7:6c:fd:ab:dd:15:d7:48:42:83:11:50:
                    a1:b3:89:02:11:19:ea:21:ce:63:11:e4:f6:4b:d3:
                    58:4f:13:e5:2e:23:73:12:3b:48:83:06:69:b3:0a:
                    d6:42:86:93:d5:88:df:c1:60:69:f2:05:08:bb:95:
                    9a:35:6a:7d:12:4f:d0:15:af:de:29:09:98:d7:df:
                    15:e8:d4:2a:3f:75:33:65:ac:ce:e6:99:f6:ae:71:
                    5a:86:a3:16:93:7b:e9:e3:af:9d:2e:12:92:57:8e:
                    3c:33:9c:82:67:90:17:d9:0e:98:68:46:29:4e:13:
                    70:67:d5:aa:9d:37:fd:62:29:63:2e:7c:63:f5:cd:
                    b7:84:94:84:9e:df:24:d4:ad:17:ce:c5:f6:ee:fb:
                    f6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:7A:64:59:67:66:BC:D4:11:E3:93:99:1D:3F:B1:F6:B7:46:40:DB
            X509v3 Authority Key Identifier:
                keyid:13:31:33:4C:8A:35:DA:66:B4:4D:90:93:47:A6:43:EE:44:19:1A:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EzEzTIo12ma0TZCTR6ZD7kQZGq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/d3pkWWdmvNQR45OZHT-x9rdGQNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/EzEzTIo12ma0TZCTR6ZD7kQZGq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.48.0/22
                  194.107.0.0/20
                IPv6:
                  2a00:f720::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:e9:62:2c:6e:f4:0d:64:65:77:26:d9:47:32:44:4e:28:84:
         c3:e3:f7:d1:bd:21:65:9e:ae:00:a0:ea:a0:f0:a2:03:a6:27:
         e4:2a:c2:51:59:5f:30:32:1e:70:c6:cb:18:55:d3:3d:0f:e3:
         06:62:ae:85:13:ee:ba:93:71:f0:d8:df:71:36:ff:b3:be:22:
         b2:bb:e6:76:46:4a:22:df:68:29:09:ad:2c:43:ac:4f:f7:ee:
         e8:07:08:60:a8:fd:e4:31:4e:d9:ad:b8:54:ca:c9:36:18:f4:
         74:e6:74:eb:0b:98:43:08:a0:d7:a6:c7:c7:ec:85:56:8c:a5:
         85:86:53:f6:8d:87:54:30:ea:d7:8b:b3:ab:90:ca:da:96:ef:
         a5:91:36:9b:0d:1b:3a:fc:15:2b:d1:6a:9a:00:53:e2:5c:11:
         d9:c7:06:78:65:71:a1:f9:c9:1f:1a:88:41:76:8d:39:07:bc:
         a9:27:b6:ef:b5:a0:e8:e7:d7:2d:bf:dd:3e:3d:a2:c5:a6:95:
         b5:24:db:01:49:bb:44:a4:58:cc:1e:4a:06:0d:43:18:75:cb:
         6d:1d:52:ad:96:20:55:a8:c2:aa:03:2f:1f:c8:dc:38:51:55:
         19:0d:82:ad:7c:26:3f:78:61:82:40:8e:cf:d1:a8:a2:dd:dc:
         f1:b3:f8:86
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ2al075cITou9YlZ9D3+xy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMzEzMzRjOGEzNWRhNjZiNDRkOTA5MzQ3YTY0M2VlNDQx
OTFhYWYwHhcNMjYwNDE3MDgzODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzdhNjQ1OTY3NjZiY2Q0MTFlMzkzOTkxZDNmYjFmNmI3NDY0MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaqRlUTigi3bNXIGUDHHEEgexyUx
/R71Bau+/D4xT692ETU+Ce8wMlaxIOuNHwqW4E9IVapkQ9H7+OJtqA6AfMg6b/Yn
CTPV6g2+jngUKL6+Dk6TP41uKyPSfNSm6EW+b1q90OxZfIzWkS63bP2r3RXXSEKD
EVChs4kCERnqIc5jEeT2S9NYTxPlLiNzEjtIgwZpswrWQoaT1YjfwWBp8gUIu5Wa
NWp9Ek/QFa/eKQmY198V6NQqP3UzZazO5pn2rnFahqMWk3vp46+dLhKSV448M5yC
Z5AX2Q6YaEYpThNwZ9WqnTf9YiljLnxj9c23hJSEnt8k1K0XzsX27vv29QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHd6ZFlnZrzUEeOTmR0/sfa3RkDbMB8GA1UdIwQY
MBaAFBMxM0yKNdpmtE2Qk0emQ+5EGRqvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXpFelRJbzEybWEwVFpDVFI2WkQ3a1FaR3E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hNGFhNDctODBhZS00ZmZkLTgxZGUt
YTdlM2U4YTU3MzZjLzEvZDNwa1dXZG12TlFSNDVPWkhULXg5cmRHUU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hNGFhNDctODBhZS00ZmZkLTgxZGUtYTdlM2U4YTU3MzZj
LzEvRXpFelRJbzEybWEwVFpDVFI2WkQ3a1FaR3E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuSwwAwQE
wmsAMA0EAgACMAcDBQAqAPcgMA0GCSqGSIb3DQEBCwUAA4IBAQB66WIsbvQNZGV3
JtlHMkROKITD4/fRvSFlnq4AoOqg8KIDpifkKsJRWV8wMh5wxssYVdM9D+MGYq6F
E+66k3Hw2N9xNv+zviKyu+Z2Rkoi32gpCa0sQ6xP9+7oBwhgqP3kMU7ZrbhUysk2
GPR05nTrC5hDCKDXpsfH7IVWjKWFhlP2jYdUMOrXi7OrkMralu+lkTabDRs6/BUr
0WqaAFPiXBHZxwZ4ZXGh+ckfGohBdo05B7ypJ7bvtaDo59ctv90+PaLFppW1JNsB
SbtEpFjMHkoGDUMYdcttHVKtliBVqMKqAy8fyNw4UVUZDYKtfCY/eGGCQI7P0aii
3dzxs/iG
-----END CERTIFICATE-----