Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/VTea53OmJEHJwddWLIOrBXN7NCU.roa
File:                     VTea53OmJEHJwddWLIOrBXN7NCU.roa (raw, json)
Hash identifier:          MA0ih7Cny2DYqbaaArx/Vqwv+xYc7aS/X6KjSMQOwx4=
Subject key identifier:   55:37:9A:E7:73:A6:24:41:C9:C1:D7:56:2C:83:AB:05:73:7B:34:25
Certificate issuer:       /CN=24a55bd68397566895b15ecb97fc1d65c0c879ce
Certificate serial:       019B7834BB8C652616711ADF758814EB3AD4
Authority key identifier: 24:A5:5B:D6:83:97:56:68:95:B1:5E:CB:97:FC:1D:65:C0:C8:79:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JKVb1oOXVmiVsV7Ll_wdZcDIec4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/VTea53OmJEHJwddWLIOrBXN7NCU.roa
Signing time:             Thu 01 Jan 2026 06:18:00 +0000
ROA not before:           Thu 01 Jan 2026 06:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210947
IP address blocks:        185.110.136.0/22 maxlen: 24
                          2a06:5680::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/JKVb1oOXVmiVsV7Ll_wdZcDIec4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/JKVb1oOXVmiVsV7Ll_wdZcDIec4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JKVb1oOXVmiVsV7Ll_wdZcDIec4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:bb:8c:65:26:16:71:1a:df:75:88:14:eb:3a:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24a55bd68397566895b15ecb97fc1d65c0c879ce
        Validity
            Not Before: Jan  1 06:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55379ae773a62441c9c1d7562c83ab05737b3425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:52:55:3f:4d:af:88:9e:7d:f2:2e:87:6a:07:
                    a8:15:bf:78:c8:d3:50:9c:6b:31:68:da:08:2d:d7:
                    1d:db:ca:bf:87:c8:61:8b:30:d9:18:30:ea:f7:f7:
                    46:f9:15:4b:8d:82:cb:1b:71:07:c9:c9:fe:47:8f:
                    8a:35:ca:6d:0a:86:9a:c9:7d:6f:a0:ac:7e:5d:51:
                    c6:87:47:bc:d5:13:72:6d:f4:a3:09:b4:83:0e:8e:
                    c3:74:cb:9a:49:97:fd:58:64:57:87:a4:ec:7f:36:
                    c1:c9:fb:3f:4f:5c:29:25:08:ec:b2:d2:04:44:e6:
                    86:73:df:ee:6b:76:f7:f1:51:e7:df:52:73:a1:aa:
                    40:ce:b8:d0:44:c1:00:61:51:f1:02:50:f1:2a:1e:
                    85:7e:34:ef:db:8e:ff:86:2e:84:c1:f2:b4:1b:c8:
                    8d:ca:ca:43:82:d8:77:ce:4d:49:58:73:77:cd:27:
                    11:16:8c:10:b6:0f:0c:3f:bf:c5:f7:ad:30:27:08:
                    65:a3:5a:a6:10:94:30:ff:73:34:d9:fb:8a:04:c8:
                    bd:80:f1:fb:f9:9d:1e:0b:88:cf:bd:d2:22:0c:eb:
                    db:d6:85:b6:9b:e9:67:ad:7f:4b:1b:62:d2:20:d7:
                    6f:2c:89:b1:c6:31:d3:fc:f4:a0:0a:fd:7b:a4:81:
                    73:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:37:9A:E7:73:A6:24:41:C9:C1:D7:56:2C:83:AB:05:73:7B:34:25
            X509v3 Authority Key Identifier:
                keyid:24:A5:5B:D6:83:97:56:68:95:B1:5E:CB:97:FC:1D:65:C0:C8:79:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JKVb1oOXVmiVsV7Ll_wdZcDIec4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/VTea53OmJEHJwddWLIOrBXN7NCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/JKVb1oOXVmiVsV7Ll_wdZcDIec4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.136.0/22
                IPv6:
                  2a06:5680::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:06:70:9a:4e:03:ed:df:30:50:42:81:36:cb:f8:98:66:b8:
         6c:25:2b:e7:11:bf:46:34:77:69:84:ed:59:aa:16:66:86:22:
         80:59:6a:a4:f1:b9:72:fd:db:9d:e8:aa:95:b5:ab:90:8b:03:
         f5:06:1a:af:d9:4d:4c:81:05:1e:74:2c:78:f1:95:78:e0:d3:
         76:f6:e8:0e:0c:40:fa:80:80:11:78:58:8c:e1:09:12:f4:c6:
         a1:24:c1:cc:90:41:9a:c1:c9:ca:98:5d:62:b6:e7:85:33:6c:
         a9:de:ed:78:2d:a4:b7:ff:c4:53:03:da:66:c4:fe:66:f9:f3:
         f2:32:b7:b2:c5:51:86:60:01:96:de:5c:eb:db:72:4d:88:62:
         0e:43:bb:f8:c0:e9:8c:22:f4:69:c4:df:e3:07:82:e5:48:d0:
         9b:8d:05:1c:6a:a1:00:4a:ca:d0:9a:82:b0:f4:23:f2:5f:52:
         06:d8:84:c7:f3:26:b4:e4:ac:ac:a1:ec:b9:4b:50:36:90:9e:
         33:14:2f:94:8e:f9:99:16:2b:77:6d:3b:ac:24:4f:b0:8f:e6:
         db:bd:d2:cb:1a:d7:60:81:33:45:cc:4c:4d:fa:1e:78:f4:6c:
         e0:82:9b:cf:a6:4e:7c:50:15:46:a4:0f:86:c5:5b:7c:57:03:
         f9:a8:ff:e4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt4NLuMZSYWcRrfdYgU6zrUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YTU1YmQ2ODM5NzU2Njg5NWIxNWVjYjk3ZmMxZDY1YzBj
ODc5Y2UwHhcNMjYwMTAxMDYxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTM3OWFlNzczYTYyNDQxYzljMWQ3NTYyYzgzYWIwNTczN2IzNDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFJVP02viJ598i6HageoFb94yNNQ
nGsxaNoILdcd28q/h8hhizDZGDDq9/dG+RVLjYLLG3EHycn+R4+KNcptCoaayX1v
oKx+XVHGh0e81RNybfSjCbSDDo7DdMuaSZf9WGRXh6TsfzbByfs/T1wpJQjsstIE
ROaGc9/ua3b38VHn31JzoapAzrjQRMEAYVHxAlDxKh6FfjTv247/hi6EwfK0G8iN
yspDgth3zk1JWHN3zScRFowQtg8MP7/F960wJwhlo1qmEJQw/3M02fuKBMi9gPH7
+Z0eC4jPvdIiDOvb1oW2m+lnrX9LG2LSINdvLImxxjHT/PSgCv17pIFz6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFU3mudzpiRBycHXViyDqwVzezQlMB8GA1UdIwQY
MBaAFCSlW9aDl1ZolbFey5f8HWXAyHnOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSktWYjFvT1hWbWlWc1Y3TGxfd2RaY0RJZWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wZGU4OTktMjJlMS00NjNjLWE0ZGQt
YzM0ZTkwZDdmOGVhLzEvVlRlYTUzT21KRUhKd2RkV0xJT3JCWE43TkNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wZGU4OTktMjJlMS00NjNjLWE0ZGQtYzM0ZTkwZDdmOGVh
LzEvSktWYjFvT1hWbWlWc1Y3TGxfd2RaY0RJZWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuW6IMA0E
AgACMAcDBQMqBlaAMA0GCSqGSIb3DQEBCwUAA4IBAQBDBnCaTgPt3zBQQoE2y/iY
ZrhsJSvnEb9GNHdphO1ZqhZmhiKAWWqk8bly/dud6KqVtauQiwP1Bhqv2U1MgQUe
dCx48ZV44NN29ugODED6gIAReFiM4QkS9MahJMHMkEGawcnKmF1itueFM2yp3u14
LaS3/8RTA9pmxP5m+fPyMreyxVGGYAGW3lzr23JNiGIOQ7v4wOmMIvRpxN/jB4Ll
SNCbjQUcaqEASsrQmoKw9CPyX1IG2ITH8ya05Kysoey5S1A2kJ4zFC+UjvmZFit3
bTusJE+wj+bbvdLLGtdggTNFzExN+h549GzggpvPpk58UBVGpA+GxVt8VwP5qP/k
-----END CERTIFICATE-----