Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/VUMNA6zRqMDbJLH8n7Dv0wu3Yj8.roa
File:                     VUMNA6zRqMDbJLH8n7Dv0wu3Yj8.roa (raw, json)
Hash identifier:          JF7LReHN5tEwtuDy7Vt1DvkFsxPQcE6Wq6RuqABJqP8=
Subject key identifier:   55:43:0D:03:AC:D1:A8:C0:DB:24:B1:FC:9F:B0:EF:D3:0B:B7:62:3F
Certificate issuer:       /CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
Certificate serial:       019CBF1F4C61F0ED567DFD42F4172A1C616F
Authority key identifier: E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/VUMNA6zRqMDbJLH8n7Dv0wu3Yj8.roa
Signing time:             Thu 05 Mar 2026 17:50:25 +0000
ROA not before:           Thu 05 Mar 2026 17:50:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        37.153.170.0/24 maxlen: 24
                          37.153.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bf:1f:4c:61:f0:ed:56:7d:fd:42:f4:17:2a:1c:61:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
        Validity
            Not Before: Mar  5 17:50:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55430d03acd1a8c0db24b1fc9fb0efd30bb7623f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d9:8b:a9:53:8b:fa:85:ae:81:a8:2b:98:ed:
                    0e:b1:ca:ec:31:fe:e2:9f:18:79:58:b4:c4:e8:6b:
                    16:25:11:89:87:e9:c3:12:ca:5d:dc:61:96:43:f8:
                    20:b1:06:71:51:b2:db:2b:cc:5f:63:71:ec:9b:2f:
                    c4:b6:99:fe:d2:f9:25:a2:ad:92:f3:a3:20:29:c5:
                    7e:d4:2e:b1:fa:aa:5b:fa:17:28:e8:ae:63:1f:49:
                    74:5a:4b:c2:44:da:a2:0f:37:c9:d8:b7:a3:cf:3e:
                    c0:cb:c2:da:77:2d:26:e0:9f:7c:95:0f:dd:35:9d:
                    c5:60:75:84:14:5c:d8:33:eb:30:e5:f2:75:32:ac:
                    9f:61:16:9c:d0:40:e9:55:80:20:6d:bc:a3:de:9d:
                    67:af:49:29:4c:5d:a7:2d:29:97:74:20:77:34:c4:
                    ed:29:a9:95:54:03:9a:6d:b0:9c:ea:d8:85:86:17:
                    2a:55:62:47:1c:78:16:b4:fb:69:f8:90:b1:d0:89:
                    81:eb:53:f3:6b:26:4d:c1:32:ff:16:36:38:d3:bd:
                    57:da:02:e6:c5:cf:b8:42:1b:87:7b:42:11:26:c1:
                    9b:6d:66:21:63:0a:be:e1:21:c2:7e:ba:17:b1:df:
                    38:4e:66:2a:56:40:89:3f:d5:c4:d7:2c:e0:cc:ee:
                    2e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:43:0D:03:AC:D1:A8:C0:DB:24:B1:FC:9F:B0:EF:D3:0B:B7:62:3F
            X509v3 Authority Key Identifier:
                keyid:E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/VUMNA6zRqMDbJLH8n7Dv0wu3Yj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:86:11:25:32:e9:f6:51:19:0b:5f:16:c0:7b:14:c8:7b:45:
         2c:e8:99:44:2e:fa:18:75:b4:67:0a:83:12:85:8a:57:1f:75:
         56:44:35:76:fa:12:e7:d3:e9:45:77:db:ce:42:68:10:ea:45:
         96:f7:68:db:6d:d3:29:10:8c:d0:73:2f:a2:8a:83:bf:c5:d1:
         a1:69:fe:dd:0e:06:0f:bd:1b:e5:e1:27:87:b5:64:ca:db:b2:
         e5:e5:05:f2:95:af:74:54:61:83:69:5d:cf:50:56:56:07:07:
         02:d3:d8:6f:22:f8:f4:46:7f:f2:47:a8:3d:1d:c4:76:11:a6:
         4f:c5:4b:fe:a6:bd:d7:6e:d9:b9:86:35:9e:71:27:d4:e1:a2:
         3a:d1:98:05:1a:e2:c3:d1:6e:fc:27:48:56:92:b5:b3:49:10:
         6e:d2:de:d4:75:3f:05:23:53:12:68:41:36:cc:27:3f:a6:f9:
         d3:c5:4e:d8:70:d0:f5:fe:5e:9f:0b:68:9b:a2:3e:1a:b3:2f:
         69:d8:2b:1d:b6:88:33:c4:21:ed:7d:20:c8:17:3e:2a:97:30:
         e6:42:32:c3:32:c4:f9:37:74:64:9a:8d:b3:25:6e:6a:6b:24:
         51:b2:6b:c8:c0:4b:5c:c4:95:97:00:ba:c6:aa:2e:0c:aa:13:
         a3:f9:70:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy/H0xh8O1Wff1C9BcqHGFvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMzhlYzI0MmE0M2U5YzlkNGNlYjI1ZGM5MGU1NDUzMzcz
ZDNmNDYwHhcNMjYwMzA1MTc1MDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTQzMGQwM2FjZDFhOGMwZGIyNGIxZmM5ZmIwZWZkMzBiYjc2MjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudmLqVOL+oWugagrmO0OscrsMf7i
nxh5WLTE6GsWJRGJh+nDEspd3GGWQ/ggsQZxUbLbK8xfY3Hsmy/Etpn+0vkloq2S
86MgKcV+1C6x+qpb+hco6K5jH0l0WkvCRNqiDzfJ2Lejzz7Ay8Lady0m4J98lQ/d
NZ3FYHWEFFzYM+sw5fJ1MqyfYRac0EDpVYAgbbyj3p1nr0kpTF2nLSmXdCB3NMTt
KamVVAOabbCc6tiFhhcqVWJHHHgWtPtp+JCx0ImB61PzayZNwTL/FjY4071X2gLm
xc+4QhuHe0IRJsGbbWYhYwq+4SHCfroXsd84TmYqVkCJP9XE1yzgzO4uBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVDDQOs0ajA2ySx/J+w79MLt2I/MB8GA1UdIwQY
MBaAFOE47CQqQ+nJ1M6yXckOVFM3PT9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgt
Njc4NWNkNDU2ODcxLzEvVlVNTkE2elJxTURiSkxIOG43RHYwd3UzWWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgtNjc4NWNkNDU2ODcx
LzEvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJZmqMA0G
CSqGSIb3DQEBCwUAA4IBAQBNhhElMun2URkLXxbAexTIe0Us6JlELvoYdbRnCoMS
hYpXH3VWRDV2+hLn0+lFd9vOQmgQ6kWW92jbbdMpEIzQcy+iioO/xdGhaf7dDgYP
vRvl4SeHtWTK27Ll5QXyla90VGGDaV3PUFZWBwcC09hvIvj0Rn/yR6g9HcR2EaZP
xUv+pr3Xbtm5hjWecSfU4aI60ZgFGuLD0W78J0hWkrWzSRBu0t7UdT8FI1MSaEE2
zCc/pvnTxU7YcND1/l6fC2iboj4asy9p2CsdtogzxCHtfSDIFz4qlzDmQjLDMsT5
N3Rkmo2zJW5qayRRsmvIwEtcxJWXALrGqi4MqhOj+XC4
-----END CERTIFICATE-----