Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/SmOl0GvV5DsT7QCJ4G9S0D2y9JI.roa
File:                     SmOl0GvV5DsT7QCJ4G9S0D2y9JI.roa (raw, json)
Hash identifier:          wO3PQDBi84MCPWOqSTZR9XqT3nmvEoAZ3UZDvn9zyIY=
Subject key identifier:   4A:63:A5:D0:6B:D5:E4:3B:13:ED:00:89:E0:6F:52:D0:3D:B2:F4:92
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       019D18B1AB681E731444D49A6D109B92F06C
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/SmOl0GvV5DsT7QCJ4G9S0D2y9JI.roa
Signing time:             Mon 23 Mar 2026 03:16:30 +0000
ROA not before:           Mon 23 Mar 2026 03:16:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402047
IP address blocks:        86.110.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 18:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:18:b1:ab:68:1e:73:14:44:d4:9a:6d:10:9b:92:f0:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Mar 23 03:16:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a63a5d06bd5e43b13ed0089e06f52d03db2f492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:bc:eb:a0:39:cf:70:f2:d9:ff:00:dc:0f:27:
                    42:68:17:2c:d8:38:33:43:f7:48:97:c0:59:ea:79:
                    86:ce:75:56:e3:bc:e4:35:2b:05:3f:85:26:16:3e:
                    d4:ea:fc:f9:aa:72:86:a0:8b:e9:bd:e5:3e:7e:f6:
                    88:55:1c:97:3a:76:0f:24:fb:bb:86:3b:c0:64:af:
                    9d:67:2a:28:3f:c7:d7:ab:83:73:cc:6f:96:3b:0a:
                    66:95:e7:94:ec:d5:05:84:77:1d:f8:47:ca:40:02:
                    a7:9f:15:81:f1:9a:2b:64:b2:ef:21:cb:5c:0d:ff:
                    e7:6b:37:f2:14:18:e1:30:cb:bc:4f:22:02:40:2d:
                    df:b8:51:62:38:29:13:3a:1f:2e:4c:fc:c4:7d:49:
                    c0:5b:42:c4:90:e5:34:c7:20:8d:3a:d7:ae:fc:67:
                    96:29:05:18:84:4a:dc:a0:4d:1c:ff:25:f0:3d:8d:
                    04:0e:80:28:fd:8a:a9:a6:9b:ea:d6:77:d5:7e:6a:
                    19:7c:4f:10:36:f4:7f:60:3a:a9:f1:d9:8e:59:91:
                    d8:78:d4:f6:05:1b:b5:35:27:2b:e8:a6:b3:5a:53:
                    38:29:0c:52:1f:88:27:3d:0b:69:4b:65:71:f8:1a:
                    a2:22:01:b2:eb:3c:e6:f5:77:6f:e9:de:89:1a:32:
                    14:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:63:A5:D0:6B:D5:E4:3B:13:ED:00:89:E0:6F:52:D0:3D:B2:F4:92
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/SmOl0GvV5DsT7QCJ4G9S0D2y9JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:f0:83:a4:19:3c:cb:51:6b:66:19:cb:c2:f4:cb:9e:04:3e:
         cb:49:e8:71:e7:7a:7c:9c:6c:ff:19:22:c1:18:4c:1a:4b:6e:
         59:12:11:8a:df:86:c6:27:72:1c:b1:31:15:14:89:85:1f:13:
         08:e6:d8:1d:cf:79:8e:6b:c1:db:42:03:f9:b3:7a:71:c4:fd:
         14:98:c2:f4:96:42:e9:60:f5:a2:a5:2e:31:e9:66:52:fb:54:
         cb:02:d3:f8:de:45:f0:bc:b0:9b:1d:d7:b7:f3:9a:39:c0:8d:
         f4:4b:47:23:0d:7a:d3:54:66:2d:ca:da:15:a6:8c:2b:16:9a:
         43:f8:10:7b:8d:7b:7b:43:cb:ea:a3:cf:7e:f7:96:f0:2f:80:
         33:9e:68:22:e4:92:04:f9:d7:5c:99:f3:38:4e:17:68:80:9d:
         84:57:9b:4b:75:5c:d4:93:6d:59:ee:76:f8:81:b1:81:48:da:
         25:00:54:cd:2a:20:c2:65:d6:37:8d:9b:0f:b8:24:ce:e8:c9:
         ed:b8:0f:19:39:1b:d6:9f:69:9d:57:ba:4b:84:96:a2:a6:05:
         e5:92:5e:f0:39:da:aa:87:66:2b:7f:3d:2b:30:dc:5f:8c:b7:
         c9:63:92:9f:d4:ca:81:00:df:83:82:7f:02:45:e4:00:ce:b5:
         77:b5:e0:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0YsatoHnMURNSabRCbkvBsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjYwMzIzMDMxNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTYzYTVkMDZiZDVlNDNiMTNlZDAwODllMDZmNTJkMDNkYjJmNDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LzroDnPcPLZ/wDcDydCaBcs2Dgz
Q/dIl8BZ6nmGznVW47zkNSsFP4UmFj7U6vz5qnKGoIvpveU+fvaIVRyXOnYPJPu7
hjvAZK+dZyooP8fXq4NzzG+WOwpmleeU7NUFhHcd+EfKQAKnnxWB8ZorZLLvIctc
Df/nazfyFBjhMMu8TyICQC3fuFFiOCkTOh8uTPzEfUnAW0LEkOU0xyCNOteu/GeW
KQUYhErcoE0c/yXwPY0EDoAo/Yqpppvq1nfVfmoZfE8QNvR/YDqp8dmOWZHYeNT2
BRu1NScr6KazWlM4KQxSH4gnPQtpS2Vx+BqiIgGy6zzm9Xdv6d6JGjIUPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpjpdBr1eQ7E+0AieBvUtA9svSSMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvU21PbDBHdlY1RHNUN1FDSjRHOVMwRDJ5OUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4uMA0G
CSqGSIb3DQEBCwUAA4IBAQC98IOkGTzLUWtmGcvC9MueBD7LSehx53p8nGz/GSLB
GEwaS25ZEhGK34bGJ3IcsTEVFImFHxMI5tgdz3mOa8HbQgP5s3pxxP0UmML0lkLp
YPWipS4x6WZS+1TLAtP43kXwvLCbHde385o5wI30S0cjDXrTVGYtytoVpowrFppD
+BB7jXt7Q8vqo89+95bwL4Aznmgi5JIE+ddcmfM4ThdogJ2EV5tLdVzUk21Z7nb4
gbGBSNolAFTNKiDCZdY3jZsPuCTO6MntuA8ZORvWn2mdV7pLhJaipgXlkl7wOdqq
h2Yrfz0rMNxfjLfJY5Kf1MqBAN+Dgn8CReQAzrV3teAN
-----END CERTIFICATE-----