Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/03LMksp47oDVGmMApNkpC-Qj5oE.roa
File:                     03LMksp47oDVGmMApNkpC-Qj5oE.roa (raw, json)
Hash identifier:          f/U7iiBnLhVZvsPDN3o9USa5Z6pVWUtWsL9gLOdZA8I=
Subject key identifier:   D3:72:CC:92:CA:78:EE:80:D5:1A:63:00:A4:D9:29:0B:E4:23:E6:81
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019CC5AC92C8287D1D62D05972F244896BA5
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/03LMksp47oDVGmMApNkpC-Qj5oE.roa
Signing time:             Sat 07 Mar 2026 00:22:27 +0000
ROA not before:           Sat 07 Mar 2026 00:22:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        91.186.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c5:ac:92:c8:28:7d:1d:62:d0:59:72:f2:44:89:6b:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Mar  7 00:22:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d372cc92ca78ee80d51a6300a4d9290be423e681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:27:3f:23:cc:2b:f8:7f:62:ad:3d:44:6c:69:
                    80:f2:d2:18:67:76:b1:c9:f0:c0:b5:cc:96:eb:14:
                    2f:62:57:74:f0:67:40:f9:83:38:d9:39:7f:31:ad:
                    2d:0b:d8:7e:78:cb:39:df:02:1e:82:5d:73:a7:95:
                    44:31:c8:e0:4a:06:7d:4f:24:10:4c:98:9c:66:51:
                    f2:a2:fc:88:5d:65:b5:83:b6:74:15:44:28:65:aa:
                    5c:d7:bd:d7:98:ed:fd:ba:f7:ba:cc:4e:d0:f9:7a:
                    a2:63:30:59:9c:48:f0:1e:8a:2f:64:83:77:c4:8e:
                    c5:b9:ec:79:de:37:8f:d3:f4:1a:ba:da:1b:5c:da:
                    f9:8c:84:86:c1:ca:fd:f0:a1:d6:87:b7:ca:f4:6f:
                    6b:27:af:2d:eb:ce:e5:17:89:c5:5d:d5:59:05:0c:
                    ea:bc:45:10:86:98:23:bb:7b:fc:15:b8:ce:66:95:
                    a4:00:64:78:6e:0a:8e:16:58:95:27:9a:7b:91:c5:
                    d9:d4:48:bd:f3:da:4c:cf:7b:d1:dc:b9:8f:dd:5b:
                    23:2d:bf:36:f1:74:80:f5:70:11:27:29:e6:45:50:
                    47:fc:57:cb:dc:e4:a7:f4:35:52:a4:12:16:d2:2e:
                    6a:79:5a:f2:5c:61:44:1d:e3:83:d2:23:2a:3e:fe:
                    f0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:72:CC:92:CA:78:EE:80:D5:1A:63:00:A4:D9:29:0B:E4:23:E6:81
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/03LMksp47oDVGmMApNkpC-Qj5oE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:60:c2:32:32:b6:66:0b:09:1c:d1:77:6f:f9:e6:6a:05:70:
         08:28:73:7c:d7:2d:6f:de:6d:c2:0f:4b:33:96:92:ac:75:de:
         1c:7d:18:ba:46:bb:84:1b:8e:ab:7c:39:97:88:af:16:ac:97:
         ab:78:cf:9f:89:dd:72:c8:14:03:56:4b:a2:8c:f1:b3:d3:69:
         a9:6c:5e:13:fa:8c:d6:44:07:38:af:a7:4b:a4:66:aa:d4:93:
         74:60:85:4f:77:43:60:cf:5e:bf:28:d9:94:58:39:bf:9c:94:
         7d:79:2e:f8:19:f3:05:89:1e:94:47:e8:32:91:25:03:7b:e1:
         de:77:99:b8:9f:30:4f:1e:e3:8a:0c:3c:48:ee:84:b3:f0:2e:
         8d:50:29:38:6a:4f:39:19:82:e5:03:c4:f3:57:5c:2d:e2:c5:
         69:c0:f4:93:74:94:07:01:9a:30:88:80:e8:09:b5:65:c4:70:
         75:4f:ff:7f:da:30:ba:b5:49:5f:48:aa:94:7c:18:7b:70:47:
         f9:d0:3b:02:c1:e5:fc:8e:fe:ef:de:aa:16:e3:51:4c:19:6f:
         0f:5e:24:04:5b:3a:7e:f4:65:9a:55:84:27:f2:d3:b5:b5:09:
         ab:7c:6b:d2:79:df:53:fe:4d:94:46:2e:c1:92:19:0f:ea:e1:
         23:42:eb:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzFrJLIKH0dYtBZcvJEiWulMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwMzA3MDAyMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzcyY2M5MmNhNzhlZTgwZDUxYTYzMDBhNGQ5MjkwYmU0MjNlNjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyc/I8wr+H9irT1EbGmA8tIYZ3ax
yfDAtcyW6xQvYld08GdA+YM42Tl/Ma0tC9h+eMs53wIegl1zp5VEMcjgSgZ9TyQQ
TJicZlHyovyIXWW1g7Z0FUQoZapc173XmO39uve6zE7Q+XqiYzBZnEjwHoovZIN3
xI7Fuex53jeP0/QautobXNr5jISGwcr98KHWh7fK9G9rJ68t687lF4nFXdVZBQzq
vEUQhpgju3v8FbjOZpWkAGR4bgqOFliVJ5p7kcXZ1Ei989pMz3vR3LmP3VsjLb82
8XSA9XARJynmRVBH/FfL3OSn9DVSpBIW0i5qeVryXGFEHeOD0iMqPv7wxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNyzJLKeO6A1RpjAKTZKQvkI+aBMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvMDNMTWtzcDQ3b0RWR21NQXBOa3BDLVFqNW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7rCMA0G
CSqGSIb3DQEBCwUAA4IBAQBaYMIyMrZmCwkc0Xdv+eZqBXAIKHN81y1v3m3CD0sz
lpKsdd4cfRi6RruEG46rfDmXiK8WrJereM+fid1yyBQDVkuijPGz02mpbF4T+ozW
RAc4r6dLpGaq1JN0YIVPd0Ngz16/KNmUWDm/nJR9eS74GfMFiR6UR+gykSUDe+He
d5m4nzBPHuOKDDxI7oSz8C6NUCk4ak85GYLlA8TzV1wt4sVpwPSTdJQHAZowiIDo
CbVlxHB1T/9/2jC6tUlfSKqUfBh7cEf50DsCweX8jv7v3qoW41FMGW8PXiQEWzp+
9GWaVYQn8tO1tQmrfGvSed9T/k2URi7BkhkP6uEjQuuC
-----END CERTIFICATE-----