Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/A0pMujiN4FPOo4-n_oLnAf04fAQ.roa
File:                     A0pMujiN4FPOo4-n_oLnAf04fAQ.roa (raw, json)
Hash identifier:          5v5KqUw61EZA+vdCtLNp2T3kdHp+i9JF7qo8iT5zXQg=
Subject key identifier:   03:4A:4C:BA:38:8D:E0:53:CE:A3:8F:A7:FE:82:E7:01:FD:38:7C:04
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       019E041886D95202D4965814DFEB9F79B2F7
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/A0pMujiN4FPOo4-n_oLnAf04fAQ.roa
Signing time:             Thu 07 May 2026 20:19:36 +0000
ROA not before:           Thu 07 May 2026 20:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402047
IP address blocks:        212.116.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:04:18:86:d9:52:02:d4:96:58:14:df:eb:9f:79:b2:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: May  7 20:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=034a4cba388de053cea38fa7fe82e701fd387c04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:96:8b:e1:3e:1f:5c:5b:1f:54:6b:16:63:a5:
                    82:aa:7b:0f:6e:a9:c6:94:9c:e3:05:50:62:45:e0:
                    e6:8f:33:d0:40:dc:7b:79:72:ed:b4:ab:3c:e3:2e:
                    3c:25:33:9c:14:5b:c9:93:a9:fc:1e:be:45:67:bd:
                    57:d5:c0:56:1f:8c:e1:a4:6b:84:12:4d:16:94:06:
                    b6:2d:03:cf:df:a6:fa:46:d4:2d:72:4d:00:78:43:
                    d8:06:b3:4c:15:e2:5d:63:60:99:a9:e7:8f:99:dc:
                    c6:63:78:b6:d4:76:86:8f:f0:3d:5e:6d:86:3b:4b:
                    16:e8:9b:de:0d:c8:5a:2b:2a:a1:fd:3c:14:75:1f:
                    b9:d2:d0:c6:cc:f7:b8:88:1a:96:0a:07:a6:5a:99:
                    36:46:ee:cd:cc:3f:9d:17:e7:c5:a9:f3:2d:09:5f:
                    2f:57:58:70:a0:d0:dd:26:5c:39:03:a5:97:9b:c0:
                    45:55:59:dd:e4:20:26:3b:13:68:ae:8d:6f:fa:64:
                    ed:df:41:c9:2a:04:bc:84:18:18:a4:d2:d4:5c:b4:
                    da:b8:e1:e4:79:6d:48:23:21:2c:f5:53:33:1a:df:
                    e0:5e:8e:11:79:de:2b:a0:f0:8a:fa:64:2a:65:f0:
                    98:15:d7:e0:d9:3f:fb:64:4f:f9:3a:48:09:3f:d9:
                    7e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4A:4C:BA:38:8D:E0:53:CE:A3:8F:A7:FE:82:E7:01:FD:38:7C:04
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/A0pMujiN4FPOo4-n_oLnAf04fAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:52:62:8e:49:b4:55:26:23:b9:d4:36:c4:d1:0d:4d:26:0a:
         ad:3a:68:a5:79:9e:e3:c7:4d:82:18:ea:de:78:aa:bc:f8:93:
         b1:fc:0f:59:54:27:b2:03:b5:be:fe:f2:f8:04:8f:a4:2f:65:
         51:ed:36:d6:87:6e:a8:e4:cc:62:02:8c:ce:77:61:8e:ff:97:
         a0:72:07:ef:11:f7:4f:97:2d:2d:c7:3b:e2:38:ac:b8:f9:3f:
         32:2d:36:d5:3c:02:79:13:5f:24:51:28:cd:3b:2d:14:03:bd:
         9d:47:c5:60:9d:7e:78:2a:be:48:31:6c:19:d7:4d:29:44:b0:
         5f:d2:80:3e:8b:b9:a1:ad:a7:05:4f:2d:0b:80:f1:5e:a4:ab:
         f8:5e:c9:5f:fe:fe:fc:a1:90:d5:c7:12:5b:ed:c0:46:96:ce:
         e3:6c:5a:fa:8f:6e:81:7d:18:a3:aa:44:87:6b:d5:4d:d2:d9:
         b2:1a:e6:de:d6:9b:df:44:c0:64:1b:7b:e6:0c:21:91:da:74:
         9c:e7:09:2a:42:af:a2:4c:9e:02:83:2b:58:89:29:cc:18:60:
         4b:ad:71:c0:86:79:85:8e:dd:9f:88:07:fd:0e:1e:2a:ef:1e:
         5f:e3:8f:e1:5d:74:84:33:31:09:f1:02:53:84:46:8d:0c:f8:
         be:cd:24:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4EGIbZUgLUllgU3+ufebL3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjYwNTA3MjAxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzRhNGNiYTM4OGRlMDUzY2VhMzhmYTdmZTgyZTcwMWZkMzg3YzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ZaL4T4fXFsfVGsWY6WCqnsPbqnG
lJzjBVBiReDmjzPQQNx7eXLttKs84y48JTOcFFvJk6n8Hr5FZ71X1cBWH4zhpGuE
Ek0WlAa2LQPP36b6RtQtck0AeEPYBrNMFeJdY2CZqeePmdzGY3i21HaGj/A9Xm2G
O0sW6JveDchaKyqh/TwUdR+50tDGzPe4iBqWCgemWpk2Ru7NzD+dF+fFqfMtCV8v
V1hwoNDdJlw5A6WXm8BFVVnd5CAmOxNoro1v+mTt30HJKgS8hBgYpNLUXLTauOHk
eW1IIyEs9VMzGt/gXo4Red4roPCK+mQqZfCYFdfg2T/7ZE/5OkgJP9l+DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANKTLo4jeBTzqOPp/6C5wH9OHwEMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvQTBwTXVqaU40RlBPbzQtbl9vTG5BZjA0ZkFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HTkMA0G
CSqGSIb3DQEBCwUAA4IBAQACUmKOSbRVJiO51DbE0Q1NJgqtOmileZ7jx02CGOre
eKq8+JOx/A9ZVCeyA7W+/vL4BI+kL2VR7TbWh26o5MxiAozOd2GO/5egcgfvEfdP
ly0txzviOKy4+T8yLTbVPAJ5E18kUSjNOy0UA72dR8VgnX54Kr5IMWwZ100pRLBf
0oA+i7mhracFTy0LgPFepKv4Xslf/v78oZDVxxJb7cBGls7jbFr6j26BfRijqkSH
a9VN0tmyGube1pvfRMBkG3vmDCGR2nSc5wkqQq+iTJ4CgytYiSnMGGBLrXHAhnmF
jt2fiAf9Dh4q7x5f44/hXXSEMzEJ8QJThEaNDPi+zSTC
-----END CERTIFICATE-----