Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/2_chmdN9KFFBZIvF9VY89f23PGs.roa
File:                     2_chmdN9KFFBZIvF9VY89f23PGs.roa (raw, json)
Hash identifier:          oIVNlGlquIUtlwcT49BOjBM2tIxXAOLbTnaR8cakqIw=
Subject key identifier:   DB:F7:21:99:D3:7D:28:51:41:64:8B:C5:F5:56:3C:F5:FD:B7:3C:6B
Certificate issuer:       /CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Certificate serial:       019D1F683F3CCA7844A6B39FECCE5D55A428
Authority key identifier: D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/2_chmdN9KFFBZIvF9VY89f23PGs.roa
Signing time:             Tue 24 Mar 2026 10:33:38 +0000
ROA not before:           Tue 24 Mar 2026 10:33:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215518
IP address blocks:        45.151.94.0/24 maxlen: 24
                          45.151.95.0/24 maxlen: 24
                          185.198.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:68:3f:3c:ca:78:44:a6:b3:9f:ec:ce:5d:55:a4:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
        Validity
            Not Before: Mar 24 10:33:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dbf72199d37d285141648bc5f5563cf5fdb73c6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c3:5d:a6:b8:71:13:f3:9e:c2:14:af:74:c3:
                    4e:af:76:78:b5:98:49:64:b2:e4:4d:19:9c:b4:52:
                    f8:a9:a5:b5:cc:fd:17:1f:7b:9a:5f:a8:15:80:cf:
                    7d:73:64:3f:05:b6:2c:51:44:a9:9a:82:1a:d9:09:
                    2f:94:a1:fd:64:b5:e6:3a:23:34:0f:57:0e:95:0e:
                    6d:ec:02:17:ce:e0:0b:1c:35:46:61:df:0a:65:53:
                    33:5c:5a:bf:ee:94:53:15:f3:c1:41:9d:2c:e9:05:
                    55:e7:ee:b8:c9:5a:76:3d:96:49:a9:8b:c4:31:39:
                    e0:83:fe:03:0f:af:61:55:6f:fe:8d:e4:d6:92:71:
                    b4:01:6f:26:70:dd:6f:f7:ed:44:56:76:af:31:85:
                    40:43:00:7e:cd:90:4c:31:33:35:e5:0d:58:eb:9d:
                    f8:68:4e:d0:1b:55:01:4f:5d:68:4f:b6:7a:0c:66:
                    1b:b4:92:58:9a:09:c9:21:c6:f6:79:a2:db:ff:20:
                    77:0a:94:8c:59:05:4e:77:f7:34:d4:d4:5c:d7:93:
                    a4:95:51:d2:fa:00:fd:34:a3:04:23:4b:a8:4c:e3:
                    58:5b:2f:b3:52:92:1a:14:c4:6a:63:4e:c6:5c:1a:
                    eb:76:7d:51:89:6d:65:61:b4:f7:4b:58:e8:4c:94:
                    d1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F7:21:99:D3:7D:28:51:41:64:8B:C5:F5:56:3C:F5:FD:B7:3C:6B
            X509v3 Authority Key Identifier:
                keyid:D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/2_chmdN9KFFBZIvF9VY89f23PGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.94.0/23
                  185.198.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:3b:08:7e:0e:19:56:47:51:76:6b:6a:1f:96:55:0c:71:15:
         48:4d:a7:db:0f:15:4b:b5:9f:08:dd:0a:d6:06:0f:a5:93:ca:
         56:b7:37:48:90:7b:be:74:b9:0e:3f:07:27:f8:95:38:c8:a4:
         c8:cd:4e:3e:87:18:2f:ca:f4:36:d5:5e:63:d1:ff:9f:55:8a:
         d7:59:45:84:f9:4d:02:cb:a2:71:ed:5e:9a:be:8b:24:c1:72:
         d7:26:fa:d4:86:ee:6a:9d:65:f2:e3:5a:45:a8:69:fc:91:5e:
         61:08:73:38:ef:06:93:eb:de:ca:46:9c:3f:12:89:24:9b:76:
         25:3c:3e:15:7b:67:2e:52:5d:41:cf:33:63:33:84:e6:44:cc:
         92:26:55:cc:43:c8:6a:88:95:90:fd:fe:49:01:a2:81:42:07:
         64:d8:b6:60:fb:7e:47:2d:71:10:47:c9:32:30:be:64:4f:7c:
         50:43:7f:92:cd:d4:35:d7:2b:9c:d7:87:fe:da:5b:3c:9a:84:
         d2:f1:5e:2e:3d:ae:76:37:5a:2f:b3:95:8f:0a:37:44:45:b3:
         71:47:ea:9f:3f:f1:63:6a:06:58:d7:b3:8b:98:b4:cc:34:69:
         48:48:88:37:c7:72:c6:75:d1:7d:66:f0:1c:6b:8b:e1:08:d2:
         04:c6:5d:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0faD88ynhEprOf7M5dVaQoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzNiMTJjOGQ2MzUxOTBlYzkyODQzN2JiZDZjYjBlOGMz
OGY5YTkwHhcNMjYwMzI0MTAzMzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmY3MjE5OWQzN2QyODUxNDE2NDhiYzVmNTU2M2NmNWZkYjczYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8NdprhxE/OewhSvdMNOr3Z4tZhJ
ZLLkTRmctFL4qaW1zP0XH3uaX6gVgM99c2Q/BbYsUUSpmoIa2QkvlKH9ZLXmOiM0
D1cOlQ5t7AIXzuALHDVGYd8KZVMzXFq/7pRTFfPBQZ0s6QVV5+64yVp2PZZJqYvE
MTngg/4DD69hVW/+jeTWknG0AW8mcN1v9+1EVnavMYVAQwB+zZBMMTM15Q1Y6534
aE7QG1UBT11oT7Z6DGYbtJJYmgnJIcb2eaLb/yB3CpSMWQVOd/c01NRc15OklVHS
+gD9NKMEI0uoTONYWy+zUpIaFMRqY07GXBrrdn1RiW1lYbT3S1joTJTRxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNv3IZnTfShRQWSLxfVWPPX9tzxrMB8GA1UdIwQY
MBaAFNTDsSyNY1GQ7JKEN7vWyw6MOPmpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTkt
MGY5ZDU3YTVkNGZhLzEvMl9jaG1kTjlLRkZCWkl2RjlWWTg5ZjIzUEdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTktMGY5ZDU3YTVkNGZh
LzEvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZdeAwQA
ucbJMA0GCSqGSIb3DQEBCwUAA4IBAQBuOwh+DhlWR1F2a2ofllUMcRVITafbDxVL
tZ8I3QrWBg+lk8pWtzdIkHu+dLkOPwcn+JU4yKTIzU4+hxgvyvQ21V5j0f+fVYrX
WUWE+U0Cy6Jx7V6avoskwXLXJvrUhu5qnWXy41pFqGn8kV5hCHM47waT697KRpw/
Eokkm3YlPD4Ve2cuUl1BzzNjM4TmRMySJlXMQ8hqiJWQ/f5JAaKBQgdk2LZg+35H
LXEQR8kyML5kT3xQQ3+SzdQ11yuc14f+2ls8moTS8V4uPa52N1ovs5WPCjdERbNx
R+qfP/FjagZY17OLmLTMNGlISIg3x3LGddF9ZvAca4vhCNIExl0W
-----END CERTIFICATE-----