Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/CEkYTmNqh4ud0nioNMk1K4djUfo.roa
File:                     CEkYTmNqh4ud0nioNMk1K4djUfo.roa (raw, json)
Hash identifier:          bhH9nZDHYzzeKrmVjURmPT3vNUIoH+wcuXxEhHTEVU8=
Subject key identifier:   08:49:18:4E:63:6A:87:8B:9D:D2:78:A8:34:C9:35:2B:87:63:51:FA
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019CF7D4E154BC4A7A3AD3D00FB9F4A6EF83
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/CEkYTmNqh4ud0nioNMk1K4djUfo.roa
Signing time:             Mon 16 Mar 2026 18:07:29 +0000
ROA not before:           Mon 16 Mar 2026 18:07:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201814
IP address blocks:        185.56.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:d4:e1:54:bc:4a:7a:3a:d3:d0:0f:b9:f4:a6:ef:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: Mar 16 18:07:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0849184e636a878b9dd278a834c9352b876351fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e4:d3:40:0f:5d:48:83:fa:97:82:38:43:28:
                    28:aa:0f:05:3b:27:5d:24:b9:9e:3b:8d:dd:7f:9c:
                    c0:c5:73:f7:5f:f9:12:42:6b:6a:bf:60:d8:ac:c1:
                    57:1d:56:b7:42:97:61:1c:54:d6:8b:f7:9d:7e:92:
                    6e:b4:a3:c2:9a:a2:bf:b2:79:26:e2:2e:5a:09:3e:
                    ee:c1:d9:28:f4:e6:b5:cd:c8:c5:c6:5a:84:7e:5e:
                    c9:cf:ec:03:10:f4:fe:69:df:8f:65:75:44:92:60:
                    8a:5f:5f:19:1e:55:2f:55:d1:12:cd:1a:ee:5f:43:
                    65:b2:3e:a1:88:56:72:01:dd:57:7b:cd:a2:a7:0a:
                    ae:fa:3e:e7:06:d4:80:20:e6:ef:b6:b0:00:f7:98:
                    52:74:54:7d:99:7e:41:4f:3d:91:09:e2:6f:93:b4:
                    f1:6d:7a:8b:ae:dd:b8:67:e9:0e:d7:1f:46:d5:05:
                    ed:61:bd:0c:69:ed:00:b9:68:41:97:7c:52:ae:48:
                    27:93:7c:53:30:7f:09:ce:f4:be:d8:42:ac:95:fd:
                    73:06:56:e1:ad:18:d4:e3:4f:a4:41:c8:b6:1d:2c:
                    8e:ce:65:77:2c:ad:31:25:98:56:c2:3b:af:7e:fd:
                    a2:2b:5e:ca:83:4e:f4:7d:26:18:8f:21:d1:d7:54:
                    f0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:49:18:4E:63:6A:87:8B:9D:D2:78:A8:34:C9:35:2B:87:63:51:FA
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/CEkYTmNqh4ud0nioNMk1K4djUfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:34:1a:80:a9:00:46:4f:51:ab:ce:4a:9a:01:a3:0c:79:02:
         e5:54:4b:7f:ac:fe:7b:16:65:72:d4:c4:35:31:9a:bb:16:f7:
         a7:f9:9a:dd:31:4c:34:28:61:1b:e7:b0:5d:9e:d1:bb:3a:17:
         6b:fd:2a:b9:45:bd:33:ef:dd:15:10:af:ef:f5:fc:ad:bf:93:
         95:10:90:19:3b:69:a7:30:03:05:d8:0f:79:13:ad:d9:d3:39:
         5b:4d:93:1d:23:d5:5a:c3:37:8d:0a:86:db:11:94:6f:02:56:
         34:b8:9f:4b:26:d2:64:cf:48:58:d6:64:19:f0:23:4a:db:e0:
         e7:7d:76:d0:8a:47:a7:67:73:85:b7:a5:d3:bc:25:13:a6:56:
         52:9c:3c:6f:82:e2:98:ff:34:06:37:5a:5c:ff:af:6c:d1:0f:
         f4:9b:65:c2:5f:01:89:fd:c7:e3:f7:41:2c:03:d5:8f:5c:f9:
         01:7c:fd:0e:ba:79:35:cb:a4:4e:e1:56:a7:aa:b9:4f:65:a0:
         3e:de:f4:92:cf:97:91:21:bd:92:5a:b4:01:ff:16:ef:d3:2c:
         ee:05:ff:47:7b:42:db:18:fc:8b:96:a7:37:3f:de:e2:36:fd:
         65:64:16:99:cc:3b:f5:04:0d:f8:03:75:6f:d6:e8:32:f5:9c:
         dd:f8:fa:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz31OFUvEp6OtPQD7n0pu+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwMzE2MTgwNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODQ5MTg0ZTYzNmE4NzhiOWRkMjc4YTgzNGM5MzUyYjg3NjM1MWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOTTQA9dSIP6l4I4Qygoqg8FOydd
JLmeO43df5zAxXP3X/kSQmtqv2DYrMFXHVa3QpdhHFTWi/edfpJutKPCmqK/snkm
4i5aCT7uwdko9Oa1zcjFxlqEfl7Jz+wDEPT+ad+PZXVEkmCKX18ZHlUvVdESzRru
X0Nlsj6hiFZyAd1Xe82ipwqu+j7nBtSAIObvtrAA95hSdFR9mX5BTz2RCeJvk7Tx
bXqLrt24Z+kO1x9G1QXtYb0Mae0AuWhBl3xSrkgnk3xTMH8JzvS+2EKslf1zBlbh
rRjU40+kQci2HSyOzmV3LK0xJZhWwjuvfv2iK17Kg070fSYYjyHR11TwYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhJGE5jaoeLndJ4qDTJNSuHY1H6MB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvQ0VrWVRtTnFoNHVkMG5pb05NazFLNGRqVWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTgsMA0G
CSqGSIb3DQEBCwUAA4IBAQCbNBqAqQBGT1GrzkqaAaMMeQLlVEt/rP57FmVy1MQ1
MZq7Fven+ZrdMUw0KGEb57BdntG7Ohdr/Sq5Rb0z790VEK/v9fytv5OVEJAZO2mn
MAMF2A95E63Z0zlbTZMdI9VawzeNCobbEZRvAlY0uJ9LJtJkz0hY1mQZ8CNK2+Dn
fXbQikenZ3OFt6XTvCUTplZSnDxvguKY/zQGN1pc/69s0Q/0m2XCXwGJ/cfj90Es
A9WPXPkBfP0Ounk1y6RO4VanqrlPZaA+3vSSz5eRIb2SWrQB/xbv0yzuBf9He0Lb
GPyLlqc3P97iNv1lZBaZzDv1BA34A3Vv1ugy9Zzd+Pp/
-----END CERTIFICATE-----