Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/p1MVFW1JPFQ6f-h728WIfEC56Bg.roa
File:                     p1MVFW1JPFQ6f-h728WIfEC56Bg.roa (raw, json)
Hash identifier:          BgJ/Uv7EIetRPcg9hT8aA4XXL6AwMO8c50H3eXJ7Mno=
Subject key identifier:   A7:53:15:15:6D:49:3C:54:3A:7F:E8:7B:DB:C5:88:7C:40:B9:E8:18
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       019DB643C09223E934E1FADE2FE0CFFF5A4A
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/p1MVFW1JPFQ6f-h728WIfEC56Bg.roa
Signing time:             Wed 22 Apr 2026 17:36:26 +0000
ROA not before:           Wed 22 Apr 2026 17:36:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151704
IP address blocks:        109.104.134.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:43:c0:92:23:e9:34:e1:fa:de:2f:e0:cf:ff:5a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Apr 22 17:36:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a75315156d493c543a7fe87bdbc5887c40b9e818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:48:0c:d8:f9:44:27:43:18:14:c9:04:8c:89:
                    69:5f:2c:de:87:d5:43:f6:ae:0c:f3:92:dc:1d:f5:
                    9f:70:de:ab:f5:46:48:20:16:39:43:0e:e3:f6:e3:
                    9c:fe:da:56:dc:79:c7:cc:79:bc:e5:78:99:cf:8d:
                    14:88:3e:ea:e0:66:11:d6:34:78:d6:61:d5:67:4f:
                    c4:25:15:16:1d:28:98:b4:dd:80:5e:ab:bc:58:6a:
                    d0:b0:9d:48:fe:30:05:7f:82:bb:5b:7a:19:dd:d6:
                    df:c2:a0:10:a5:da:f1:39:e7:07:a4:21:17:5d:b0:
                    1e:39:23:8f:d8:40:1b:ec:75:51:ae:ca:88:c7:3b:
                    ab:28:47:79:ea:a3:3c:07:a9:e6:51:12:20:0c:50:
                    20:48:64:59:ba:28:08:38:eb:3b:0e:07:60:de:72:
                    5a:92:98:b3:fa:7e:4e:76:89:3f:ed:9b:2d:b7:d7:
                    fe:e3:e7:76:32:cc:fa:86:21:ac:90:b4:b3:4d:f3:
                    44:f8:ea:1a:6f:a1:d0:5b:b6:81:eb:9e:1d:4e:26:
                    5d:95:d8:42:61:78:37:b8:42:79:ce:22:dd:5e:af:
                    d0:07:c9:ae:7f:ad:0c:42:f3:a9:c8:6e:c5:3f:27:
                    15:19:07:ed:c4:3a:d2:d0:fe:94:14:d4:9b:df:8f:
                    6a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:53:15:15:6D:49:3C:54:3A:7F:E8:7B:DB:C5:88:7C:40:B9:E8:18
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/p1MVFW1JPFQ6f-h728WIfEC56Bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:59:6c:ba:cb:c3:64:9b:38:59:18:04:af:f9:88:c0:ff:e9:
         ce:83:12:7c:2a:3c:73:57:b7:33:2c:7c:43:d6:d7:5c:91:58:
         e2:43:ad:8b:33:19:78:c3:67:72:62:32:8c:f0:24:24:5f:cb:
         e0:91:b4:aa:ea:a1:9b:4d:af:bf:0c:e6:f3:5b:ee:5b:cf:98:
         23:41:bb:a8:2e:b1:e1:c4:52:fd:2d:40:b4:a6:55:19:58:99:
         0c:31:3f:bb:71:32:8f:af:0d:2a:ad:d9:07:5e:bb:da:e7:8a:
         fb:c5:50:c0:cf:18:b1:8b:f8:a8:07:28:94:66:b3:4e:29:86:
         24:e3:39:dd:a9:3c:2d:11:28:8c:56:61:4f:2e:c8:6e:d5:d0:
         8a:08:a3:4a:30:24:8f:2e:1f:96:7c:e4:c4:3b:08:0f:f2:9c:
         d7:4a:d7:09:e7:c7:d7:e3:74:d5:c9:5f:45:fd:a8:43:26:81:
         11:f5:08:9e:1c:90:23:56:9a:7d:43:fa:eb:73:1d:16:56:5f:
         e6:ea:4a:6d:50:56:cc:98:b7:18:dc:14:d9:02:50:df:de:16:
         6a:56:f4:41:a8:99:11:b3:5a:48:77:4a:c2:07:8a:99:a5:49:
         ee:b9:cd:1f:78:14:a2:f0:ca:00:3a:b8:c4:db:c5:01:55:cf:
         60:cc:f7:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ22Q8CSI+k04freL+DP/1pKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjYwNDIyMTczNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzUzMTUxNTZkNDkzYzU0M2E3ZmU4N2JkYmM1ODg3YzQwYjllODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEgM2PlEJ0MYFMkEjIlpXyzeh9VD
9q4M85LcHfWfcN6r9UZIIBY5Qw7j9uOc/tpW3HnHzHm85XiZz40UiD7q4GYR1jR4
1mHVZ0/EJRUWHSiYtN2AXqu8WGrQsJ1I/jAFf4K7W3oZ3dbfwqAQpdrxOecHpCEX
XbAeOSOP2EAb7HVRrsqIxzurKEd56qM8B6nmURIgDFAgSGRZuigIOOs7Dgdg3nJa
kpiz+n5Odok/7Zstt9f+4+d2Msz6hiGskLSzTfNE+Ooab6HQW7aB654dTiZdldhC
YXg3uEJ5ziLdXq/QB8muf60MQvOpyG7FPycVGQftxDrS0P6UFNSb349q3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdTFRVtSTxUOn/oe9vFiHxAuegYMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvcDFNVkZXMUpQRlE2Zi1oNzI4V0lmRUM1NkJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWiGMA0G
CSqGSIb3DQEBCwUAA4IBAQCBWWy6y8NkmzhZGASv+YjA/+nOgxJ8KjxzV7czLHxD
1tdckVjiQ62LMxl4w2dyYjKM8CQkX8vgkbSq6qGbTa+/DObzW+5bz5gjQbuoLrHh
xFL9LUC0plUZWJkMMT+7cTKPrw0qrdkHXrva54r7xVDAzxixi/ioByiUZrNOKYYk
4zndqTwtESiMVmFPLshu1dCKCKNKMCSPLh+WfOTEOwgP8pzXStcJ58fX43TVyV9F
/ahDJoER9QieHJAjVpp9Q/rrcx0WVl/m6kptUFbMmLcY3BTZAlDf3hZqVvRBqJkR
s1pId0rCB4qZpUnuuc0feBSi8MoAOrjE28UBVc9gzPc+
-----END CERTIFICATE-----