Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/M0nXoemZM80cs7-wgz7LynloKRU.roa
File:                     M0nXoemZM80cs7-wgz7LynloKRU.roa (raw, json)
Hash identifier:          Ml2fWT6fJ60kgFf8AT9u9ZFbZB2Z3iBFnyjQVhvjjO4=
Subject key identifier:   33:49:D7:A1:E9:99:33:CD:1C:B3:BF:B0:83:3E:CB:CA:79:68:29:15
Certificate issuer:       /CN=d71f1659eac9a6a3431df609f9e2e2196a045c8d
Certificate serial:       019CADB074FF211E21F5B508E27D5A3EB3DF
Authority key identifier: D7:1F:16:59:EA:C9:A6:A3:43:1D:F6:09:F9:E2:E2:19:6A:04:5C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1x8WWerJpqNDHfYJ-eLiGWoEXI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/M0nXoemZM80cs7-wgz7LynloKRU.roa
Signing time:             Mon 02 Mar 2026 08:35:48 +0000
ROA not before:           Mon 02 Mar 2026 08:35:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214703
IP address blocks:        185.180.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/1x8WWerJpqNDHfYJ-eLiGWoEXI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/1x8WWerJpqNDHfYJ-eLiGWoEXI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1x8WWerJpqNDHfYJ-eLiGWoEXI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:b0:74:ff:21:1e:21:f5:b5:08:e2:7d:5a:3e:b3:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d71f1659eac9a6a3431df609f9e2e2196a045c8d
        Validity
            Not Before: Mar  2 08:35:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3349d7a1e99933cd1cb3bfb0833ecbca79682915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:3c:15:2c:a4:8d:e7:f9:9e:7c:29:c9:0a:84:
                    81:66:c4:75:ad:cd:04:f9:5c:52:d6:cf:59:6f:84:
                    3b:93:83:73:90:a9:10:8f:ae:d0:de:e8:0c:5b:2e:
                    cd:d4:df:1c:21:82:e2:0a:5f:17:18:cc:46:86:6c:
                    2a:58:43:c3:f3:f3:45:27:b9:a7:40:9a:0f:bc:8d:
                    76:7a:6d:7f:5f:79:c6:2e:e2:8a:38:ba:b8:7c:44:
                    94:cf:b1:e4:f6:df:64:82:41:2d:ac:35:6d:50:5c:
                    08:21:51:8e:ff:ed:06:45:79:ec:cf:0c:61:b6:22:
                    a9:f2:60:48:4d:f0:92:01:35:4c:f8:6b:0a:ba:94:
                    18:3a:94:0a:81:de:50:0c:48:c3:52:93:d1:a1:23:
                    d1:06:97:ff:24:c7:4a:5f:2a:24:de:53:d9:b4:14:
                    38:bb:79:9c:ea:23:c6:23:e7:d1:57:11:b6:d3:f1:
                    4f:36:04:ef:85:02:7d:fa:f0:13:3f:a3:7c:06:08:
                    12:72:75:a2:fe:45:b5:75:85:ec:0a:45:d0:54:c1:
                    a2:b6:fa:da:cb:6a:8a:8d:35:b7:02:76:38:f1:77:
                    6d:a7:d9:8c:e0:30:0e:77:b8:08:6b:33:ea:4f:15:
                    43:04:a8:ce:26:d7:08:3f:ae:95:cf:00:d9:6a:46:
                    0a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:49:D7:A1:E9:99:33:CD:1C:B3:BF:B0:83:3E:CB:CA:79:68:29:15
            X509v3 Authority Key Identifier:
                keyid:D7:1F:16:59:EA:C9:A6:A3:43:1D:F6:09:F9:E2:E2:19:6A:04:5C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1x8WWerJpqNDHfYJ-eLiGWoEXI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/M0nXoemZM80cs7-wgz7LynloKRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/1x8WWerJpqNDHfYJ-eLiGWoEXI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:f7:2f:e4:30:9f:9e:d6:f0:f7:81:fa:cb:c0:09:ec:05:9e:
         90:23:cf:f9:b6:eb:f2:1b:4c:63:24:e3:09:0a:df:97:1b:6d:
         82:2a:0d:40:e8:9b:e4:0a:9e:49:df:72:70:40:54:3e:13:de:
         78:20:fe:64:de:bf:8f:20:65:ea:ad:a4:62:88:79:9c:c2:e8:
         d8:a5:0a:19:0f:0e:e6:bd:20:bf:60:48:52:9e:87:51:a3:9e:
         3a:d7:b7:8a:f3:d9:67:67:ac:55:1c:93:97:ae:8d:76:92:63:
         c9:42:62:34:a1:2c:53:c3:93:dd:bd:52:56:d0:7b:65:e8:90:
         93:bd:b0:c2:45:15:a9:d3:5b:f6:14:05:d3:00:d2:43:bd:db:
         64:f0:e0:77:93:2e:1e:a7:44:6a:06:57:38:45:0d:f8:0e:a6:
         e3:fe:d9:a8:98:5c:ec:6f:33:f0:10:bd:e4:b6:87:4c:74:9f:
         a9:0e:8d:54:5d:65:6f:b2:8d:b2:4f:8a:30:06:e3:60:0c:bc:
         47:d2:c5:df:da:98:73:b0:c4:3d:8b:48:ce:e1:ea:3c:48:bf:
         39:7a:1e:74:46:cc:6f:52:02:7e:5f:d7:50:4d:68:1c:e1:42:
         f5:62:3a:20:42:ac:13:66:19:4c:e9:29:0e:2f:65:6b:73:db:
         e6:4e:9f:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZytsHT/IR4h9bUI4n1aPrPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MWYxNjU5ZWFjOWE2YTM0MzFkZjYwOWY5ZTJlMjE5NmEw
NDVjOGQwHhcNMjYwMzAyMDgzNTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzQ5ZDdhMWU5OTkzM2NkMWNiM2JmYjA4MzNlY2JjYTc5NjgyOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTwVLKSN5/mefCnJCoSBZsR1rc0E
+VxS1s9Zb4Q7k4NzkKkQj67Q3ugMWy7N1N8cIYLiCl8XGMxGhmwqWEPD8/NFJ7mn
QJoPvI12em1/X3nGLuKKOLq4fESUz7Hk9t9kgkEtrDVtUFwIIVGO/+0GRXnszwxh
tiKp8mBITfCSATVM+GsKupQYOpQKgd5QDEjDUpPRoSPRBpf/JMdKXyok3lPZtBQ4
u3mc6iPGI+fRVxG20/FPNgTvhQJ9+vATP6N8BggScnWi/kW1dYXsCkXQVMGitvra
y2qKjTW3AnY48Xdtp9mM4DAOd7gIazPqTxVDBKjOJtcIP66VzwDZakYKIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNJ16HpmTPNHLO/sIM+y8p5aCkVMB8GA1UdIwQY
MBaAFNcfFlnqyaajQx32Cfni4hlqBFyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXg4V1dlckpwcU5ESGZZSi1lTGlHV29FWEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9iMzZlNjktZjgxYi00MDBhLWFlZDEt
NWQzZWZlMjEwOWFhLzEvTTBuWG9lbVpNODBjczctd2d6N0x5bmxvS1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9iMzZlNjktZjgxYi00MDBhLWFlZDEtNWQzZWZlMjEwOWFh
LzEvMXg4V1dlckpwcU5ESGZZSi1lTGlHV29FWEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubQCMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ9y/kMJ+e1vD3gfrLwAnsBZ6QI8/5tuvyG0xjJOMJ
Ct+XG22CKg1A6JvkCp5J33JwQFQ+E954IP5k3r+PIGXqraRiiHmcwujYpQoZDw7m
vSC/YEhSnodRo54617eK89lnZ6xVHJOXro12kmPJQmI0oSxTw5PdvVJW0Htl6JCT
vbDCRRWp01v2FAXTANJDvdtk8OB3ky4ep0RqBlc4RQ34Dqbj/tmomFzsbzPwEL3k
todMdJ+pDo1UXWVvso2yT4owBuNgDLxH0sXf2phzsMQ9i0jO4eo8SL85eh50Rsxv
UgJ+X9dQTWgc4UL1YjogQqwTZhlM6SkOL2Vrc9vmTp9+
-----END CERTIFICATE-----