Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/rAV_y4-NevcPXbza-t6ZOR9FvHc.roa
File:                     rAV_y4-NevcPXbza-t6ZOR9FvHc.roa (raw, json)
Hash identifier:          5pvfB3nTTbHi/Ny0ZoNFS5BiI3yuVYiNAtvSGsVUR/Y=
Subject key identifier:   AC:05:7F:CB:8F:8D:7A:F7:0F:5D:BC:DA:FA:DE:99:39:1F:45:BC:77
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       019D45D0B10980B97A67140321184F4EB4BF
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/rAV_y4-NevcPXbza-t6ZOR9FvHc.roa
Signing time:             Tue 31 Mar 2026 21:33:17 +0000
ROA not before:           Tue 31 Mar 2026 21:33:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52053
IP address blocks:        185.255.112.0/24 maxlen: 24
                          193.38.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:45:d0:b1:09:80:b9:7a:67:14:03:21:18:4f:4e:b4:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Mar 31 21:33:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac057fcb8f8d7af70f5dbcdafade99391f45bc77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b3:21:4b:e3:02:f3:3e:68:24:5d:bc:31:94:
                    3e:7f:72:33:ea:e9:62:57:ef:51:b1:de:02:10:67:
                    b1:1a:d2:6b:be:4d:b6:2d:f1:23:58:46:c2:c1:33:
                    5d:9d:7f:bc:eb:5d:5d:52:5b:73:b4:13:e7:df:d5:
                    af:19:8f:8e:d2:b5:c5:1d:34:f5:86:96:9a:15:01:
                    d2:1a:09:08:f9:14:a8:87:94:7e:78:83:62:0f:1b:
                    bc:1e:76:51:4e:a0:1f:70:7f:91:e4:0c:c6:65:a9:
                    72:9e:72:59:fc:41:dc:45:47:08:38:36:7b:2a:4c:
                    86:6c:10:40:72:f7:7a:fb:45:d1:f2:44:40:8d:7f:
                    c7:79:bb:72:93:fb:ba:ee:9f:84:d3:51:83:50:55:
                    23:54:3a:97:49:38:c4:eb:5d:c0:fc:47:a0:8c:f9:
                    a6:ed:e5:8c:c3:7b:e0:45:65:06:63:57:c3:c1:60:
                    da:b6:03:5e:68:fa:2d:15:b2:dc:5c:ab:bf:e3:ad:
                    d5:3a:c4:25:23:da:bb:68:13:a1:03:46:14:d9:5b:
                    d5:df:55:19:53:aa:01:e6:2f:8a:25:3f:f9:7b:32:
                    46:e9:9c:2f:d9:b9:1e:28:98:f2:28:c3:bd:ea:ec:
                    f7:48:5b:f2:fe:94:69:ed:0e:c6:aa:1b:9d:8e:f8:
                    b2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:05:7F:CB:8F:8D:7A:F7:0F:5D:BC:DA:FA:DE:99:39:1F:45:BC:77
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/rAV_y4-NevcPXbza-t6ZOR9FvHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.112.0/24
                  193.38.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:cf:ee:ad:99:80:00:12:b5:fb:38:72:dc:7d:65:95:a8:c6:
         e0:9e:10:72:bb:2d:99:63:08:98:e2:6f:44:75:e2:b3:fb:06:
         9f:30:bf:1d:ac:d8:41:00:85:61:49:b7:d1:cc:ad:5e:d6:34:
         8f:dc:0a:3b:63:28:55:89:6d:a1:fb:74:c9:6d:db:4f:28:4a:
         ce:47:7d:26:c3:16:ea:74:06:b9:c1:49:70:29:2f:b7:1f:66:
         d6:72:af:76:56:da:37:51:ee:2b:b6:cf:11:c5:7a:d1:1c:ad:
         c3:05:d6:e8:c3:b6:50:ae:ff:09:f4:b7:23:93:3f:e8:ba:84:
         ee:a2:23:a6:64:b6:81:bc:d5:e0:4e:6a:df:a7:97:b6:65:d3:
         3c:2b:61:e6:40:a9:5e:88:d2:54:6b:36:e3:9c:cd:26:f3:ef:
         19:e8:d8:2d:db:56:37:e2:99:1a:5d:f8:29:5c:c0:8c:0f:5a:
         40:93:62:41:f7:8c:10:34:ce:e0:54:a4:4f:fd:62:83:30:85:
         0f:0f:7c:75:ae:5b:1b:91:b2:aa:a0:c3:59:d5:b3:01:07:c6:
         4b:8c:a9:59:c9:fe:89:9e:0a:10:90:0f:b8:b1:24:f9:e8:07:
         86:f7:4b:5a:1b:23:56:36:2c:8c:e5:08:94:21:32:38:52:cc:
         47:31:77:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1F0LEJgLl6ZxQDIRhPTrS/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjYwMzMxMjEzMzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzA1N2ZjYjhmOGQ3YWY3MGY1ZGJjZGFmYWRlOTkzOTFmNDViYzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobMhS+MC8z5oJF28MZQ+f3Iz6uli
V+9Rsd4CEGexGtJrvk22LfEjWEbCwTNdnX+8611dUltztBPn39WvGY+O0rXFHTT1
hpaaFQHSGgkI+RSoh5R+eINiDxu8HnZRTqAfcH+R5AzGZalynnJZ/EHcRUcIODZ7
KkyGbBBAcvd6+0XR8kRAjX/Hebtyk/u67p+E01GDUFUjVDqXSTjE613A/EegjPmm
7eWMw3vgRWUGY1fDwWDatgNeaPotFbLcXKu/463VOsQlI9q7aBOhA0YU2VvV31UZ
U6oB5i+KJT/5ezJG6Zwv2bkeKJjyKMO96uz3SFvy/pRp7Q7GqhudjviySwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKwFf8uPjXr3D1282vremTkfRbx3MB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvckFWX3k0LU5ldmNQWGJ6YS10NlpPUjlGdkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuf9wAwQA
wSb6MA0GCSqGSIb3DQEBCwUAA4IBAQBVz+6tmYAAErX7OHLcfWWVqMbgnhByuy2Z
YwiY4m9EdeKz+wafML8drNhBAIVhSbfRzK1e1jSP3Ao7YyhViW2h+3TJbdtPKErO
R30mwxbqdAa5wUlwKS+3H2bWcq92Vto3Ue4rts8RxXrRHK3DBdbow7ZQrv8J9Lcj
kz/ouoTuoiOmZLaBvNXgTmrfp5e2ZdM8K2HmQKleiNJUazbjnM0m8+8Z6Ngt21Y3
4pkaXfgpXMCMD1pAk2JB94wQNM7gVKRP/WKDMIUPD3x1rlsbkbKqoMNZ1bMBB8ZL
jKlZyf6JngoQkA+4sST56AeG90taGyNWNiyM5QiUITI4UsxHMXcP
-----END CERTIFICATE-----