Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/rNA54cjskPX4lQNjfLFcvXVm1ps.roa
File:                     rNA54cjskPX4lQNjfLFcvXVm1ps.roa (raw, json)
Hash identifier:          25Bd9sAqIVmNUoNvrSpnzoBxZmHIxEPQvqsKC2Kc+TY=
Subject key identifier:   AC:D0:39:E1:C8:EC:90:F5:F8:95:03:63:7C:B1:5C:BD:75:66:D6:9B
Certificate issuer:       /CN=421bae989898d9402424aadafbb47c3a6d4c25b3
Certificate serial:       019EB04E727151FCBEB49B121DCFF6359933
Authority key identifier: 42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/rNA54cjskPX4lQNjfLFcvXVm1ps.roa
Signing time:             Wed 10 Jun 2026 06:53:11 +0000
ROA not before:           Wed 10 Jun 2026 06:53:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214914
IP address blocks:        83.174.155.0/24 maxlen: 24
                          185.42.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 21:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b0:4e:72:71:51:fc:be:b4:9b:12:1d:cf:f6:35:99:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=421bae989898d9402424aadafbb47c3a6d4c25b3
        Validity
            Not Before: Jun 10 06:53:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=acd039e1c8ec90f5f89503637cb15cbd7566d69b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7e:bc:95:48:2d:9d:96:f4:65:8e:0c:b3:04:
                    ee:f5:27:f9:3d:36:b9:9c:c1:89:1f:84:7d:06:12:
                    07:3d:11:97:1e:46:66:ef:4e:ef:bc:76:e9:79:0b:
                    50:9e:69:b4:86:93:e8:44:6a:ee:82:49:82:53:c6:
                    9a:7b:7f:0c:ad:91:26:5d:a7:f9:be:0b:ee:d9:16:
                    cf:ee:14:f8:89:e7:a5:87:44:1f:cb:ca:9b:1c:70:
                    34:18:72:9d:59:1e:da:19:cc:df:00:ff:ea:9d:c4:
                    4a:9e:c7:4d:4a:08:2d:32:09:e2:bb:51:da:b5:1b:
                    d3:e1:e7:b2:9f:4a:b4:02:65:d6:ad:02:20:b6:99:
                    0a:1e:c5:1a:c9:d2:08:77:3d:fb:ae:30:20:2a:9d:
                    5d:b0:52:48:5c:da:e0:c4:a2:e3:1d:bb:b7:98:11:
                    fa:4b:a0:be:2a:8a:8e:32:13:35:3d:3f:d1:cd:1d:
                    00:db:e4:a5:9d:2a:49:34:7a:2f:1c:36:da:9a:e3:
                    f3:b7:bf:69:ab:7e:3a:73:de:ca:d9:35:0f:f1:46:
                    ba:a9:6f:23:d5:a8:5d:28:cf:03:13:09:9e:54:fe:
                    7b:8f:2f:f0:81:e9:f9:0a:55:bb:82:6c:eb:9e:2e:
                    c2:48:72:d5:b8:8c:d7:2b:8c:05:56:05:8f:ca:46:
                    e6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D0:39:E1:C8:EC:90:F5:F8:95:03:63:7C:B1:5C:BD:75:66:D6:9B
            X509v3 Authority Key Identifier:
                keyid:42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/rNA54cjskPX4lQNjfLFcvXVm1ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.174.155.0/24
                  185.42.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:6c:af:44:26:0e:77:39:ea:70:60:0d:83:3e:3d:73:70:13:
         2f:af:63:eb:41:f3:2e:51:ae:41:b3:c3:8b:ec:03:25:b5:4a:
         98:98:d5:02:6a:9d:0d:68:4c:68:f5:22:70:78:28:ca:81:c1:
         b9:81:85:0d:81:c3:d9:4a:ad:5b:73:09:59:12:76:91:7a:f1:
         b7:ed:9b:58:05:75:59:8d:8b:1f:59:a9:9f:a8:0a:0d:cc:44:
         e2:d7:84:b4:fe:7b:6b:8b:2a:eb:d0:a7:ce:b9:30:98:2f:0c:
         45:6b:96:ec:bd:c7:13:8a:0d:fe:46:3a:2d:a6:a5:d5:19:47:
         da:53:08:6e:2e:69:64:48:6a:49:e4:f6:23:63:0a:c4:b5:5f:
         24:0f:a7:94:e7:90:79:9f:35:a1:4a:a5:aa:25:af:17:da:44:
         2c:0d:0b:58:b8:8e:5f:50:2c:bb:d0:29:b9:bb:fc:22:bc:0e:
         6c:68:58:25:18:d1:2e:54:50:25:e5:47:a3:b4:f4:e2:c0:0a:
         dc:51:d4:1a:b3:db:06:eb:46:b5:60:66:b1:8f:ac:5b:0e:dc:
         a4:8e:f4:39:7e:e7:60:95:ab:07:70:85:ba:37:46:29:93:9d:
         e5:1a:23:c4:16:ce:13:a3:96:ca:38:a4:33:6d:de:7d:a5:9e:
         86:1a:e3:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6wTnJxUfy+tJsSHc/2NZkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWJhZTk4OTg5OGQ5NDAyNDI0YWFkYWZiYjQ3YzNhNmQ0
YzI1YjMwHhcNMjYwNjEwMDY1MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2QwMzllMWM4ZWM5MGY1Zjg5NTAzNjM3Y2IxNWNiZDc1NjZkNjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4H68lUgtnZb0ZY4MswTu9Sf5PTa5
nMGJH4R9BhIHPRGXHkZm707vvHbpeQtQnmm0hpPoRGrugkmCU8aae38MrZEmXaf5
vgvu2RbP7hT4ieelh0Qfy8qbHHA0GHKdWR7aGczfAP/qncRKnsdNSggtMgniu1Ha
tRvT4eeyn0q0AmXWrQIgtpkKHsUaydIIdz37rjAgKp1dsFJIXNrgxKLjHbu3mBH6
S6C+KoqOMhM1PT/RzR0A2+SlnSpJNHovHDbamuPzt79pq346c97K2TUP8Ua6qW8j
1ahdKM8DEwmeVP57jy/wgen5ClW7gmzrni7CSHLVuIzXK4wFVgWPykbmPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKzQOeHI7JD1+JUDY3yxXL11ZtabMB8GA1UdIwQY
MBaAFEIbrpiYmNlAJCSq2vu0fDptTCWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUt
NjdlZmNiM2Q4NmZlLzEvck5BNTRjanNrUFg0bFFOamZMRmN2WFZtMXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUtNjdlZmNiM2Q4NmZl
LzEvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU66bAwQA
uSrTMA0GCSqGSIb3DQEBCwUAA4IBAQBSbK9EJg53OepwYA2DPj1zcBMvr2PrQfMu
Ua5Bs8OL7AMltUqYmNUCap0NaExo9SJweCjKgcG5gYUNgcPZSq1bcwlZEnaRevG3
7ZtYBXVZjYsfWamfqAoNzETi14S0/ntriyrr0KfOuTCYLwxFa5bsvccTig3+Rjot
pqXVGUfaUwhuLmlkSGpJ5PYjYwrEtV8kD6eU55B5nzWhSqWqJa8X2kQsDQtYuI5f
UCy70Cm5u/wivA5saFglGNEuVFAl5UejtPTiwArcUdQas9sG60a1YGaxj6xbDtyk
jvQ5fudglasHcIW6N0Ypk53lGiPEFs4To5bKOKQzbd59pZ6GGuNY
-----END CERTIFICATE-----