Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/OnvoRNLHbzsIkTRkRkLChjG1iT0.roa
File:                     OnvoRNLHbzsIkTRkRkLChjG1iT0.roa (raw, json)
Hash identifier:          qrtj2aNzirWTVBYJA9xano/gPNM1ljL51u+ViRJHcdQ=
Subject key identifier:   3A:7B:E8:44:D2:C7:6F:3B:08:91:34:64:46:42:C2:86:31:B5:89:3D
Certificate issuer:       /CN=c2006acc05f9dc451ea0d44e8727db470b928794
Certificate serial:       019B7B35577228CE7DA4192B0E0C26907777
Authority key identifier: C2:00:6A:CC:05:F9:DC:45:1E:A0:D4:4E:87:27:DB:47:0B:92:87:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wgBqzAX53EUeoNROhyfbRwuSh5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/OnvoRNLHbzsIkTRkRkLChjG1iT0.roa
Signing time:             Thu 01 Jan 2026 20:17:31 +0000
ROA not before:           Thu 01 Jan 2026 20:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198763
IP address blocks:        45.133.48.0/22 maxlen: 24
                          95.129.120.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/wgBqzAX53EUeoNROhyfbRwuSh5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/wgBqzAX53EUeoNROhyfbRwuSh5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wgBqzAX53EUeoNROhyfbRwuSh5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 20:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:57:72:28:ce:7d:a4:19:2b:0e:0c:26:90:77:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2006acc05f9dc451ea0d44e8727db470b928794
        Validity
            Not Before: Jan  1 20:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a7be844d2c76f3b089134644642c28631b5893d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ff:fe:ee:4d:59:b1:71:4f:4d:6e:71:f5:06:
                    85:61:41:13:22:0c:56:c0:50:da:49:14:b5:fc:09:
                    e7:a6:66:6a:92:16:60:85:83:22:6f:d1:2a:06:07:
                    b1:07:59:d2:52:01:e5:db:01:2f:5a:a6:9a:7f:3b:
                    d1:60:b4:1c:b0:01:bc:75:0d:61:7b:d4:fd:cb:9b:
                    9e:27:ce:1b:96:5b:49:90:cb:74:6c:0a:ac:88:72:
                    0e:b7:9b:8e:52:e2:4f:5b:a2:99:cd:6f:23:d5:36:
                    5c:03:76:91:4c:43:99:71:2e:33:7f:6e:62:94:2d:
                    b1:c6:fe:dd:82:ea:3f:6a:62:2a:cd:04:70:76:c8:
                    5b:8b:a3:b5:f6:17:00:3c:8b:1d:60:9d:49:d7:fd:
                    ca:ad:ce:17:27:02:43:f9:6b:b9:c8:f1:28:5f:ac:
                    aa:1b:6d:56:c0:33:ff:10:af:7b:87:2f:b3:70:97:
                    16:40:0a:78:dd:d2:03:5b:35:33:38:ba:89:20:4b:
                    c9:f6:5a:5c:6e:7e:38:52:5f:ef:cc:37:7f:ad:37:
                    b0:b3:e3:cb:49:90:a1:ec:4d:00:ba:03:fa:97:d8:
                    37:20:0c:f9:01:60:1a:ec:29:7a:10:f4:e0:2f:99:
                    b4:2e:b3:4d:c7:f8:d6:77:53:28:1d:e8:ac:4b:a2:
                    6a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7B:E8:44:D2:C7:6F:3B:08:91:34:64:46:42:C2:86:31:B5:89:3D
            X509v3 Authority Key Identifier:
                keyid:C2:00:6A:CC:05:F9:DC:45:1E:A0:D4:4E:87:27:DB:47:0B:92:87:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wgBqzAX53EUeoNROhyfbRwuSh5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/OnvoRNLHbzsIkTRkRkLChjG1iT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/wgBqzAX53EUeoNROhyfbRwuSh5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.48.0/22
                  95.129.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:aa:7e:20:31:c9:9f:f9:97:da:a9:94:de:b7:98:69:fb:77:
         39:39:2d:90:50:ec:63:e7:87:0f:d8:17:e9:fa:22:6f:6c:ad:
         ee:d1:a1:b4:13:5e:83:66:3a:08:d8:ef:1a:19:8c:33:7d:c5:
         c0:29:93:db:92:d1:67:06:d6:d1:7f:ca:7e:eb:e1:87:02:cd:
         51:01:7b:e4:c1:d9:66:8c:52:8c:c2:91:b8:0d:f1:bf:ea:7d:
         06:6e:5c:55:2c:ef:67:e2:4e:e1:92:8e:c7:6b:62:bb:b0:f9:
         d3:b0:39:c4:05:d5:25:a6:5f:38:12:dd:27:14:25:d6:d3:5a:
         a6:95:46:6c:19:cb:ff:94:b9:c6:c3:ba:f5:68:fc:f2:4e:7f:
         3b:05:75:8a:6a:05:6d:99:c5:b0:2c:21:95:9d:82:d7:23:38:
         b8:2e:bc:ac:3d:15:cc:4d:b4:a4:41:aa:af:d0:d9:5c:fc:4a:
         ed:d6:11:57:63:a7:10:64:a6:e1:a9:b5:1d:45:29:65:77:58:
         3c:24:1c:d9:d0:90:48:4e:bd:9c:97:54:b2:c7:35:bc:ac:b8:
         1d:1b:71:29:10:3e:09:82:c5:5e:f1:01:d8:61:93:9c:e0:07:
         75:4e:cb:ff:d9:18:8a:3c:28:64:c9:53:3b:4c:67:d9:15:6c:
         75:b1:ae:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt7NVdyKM59pBkrDgwmkHd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMDA2YWNjMDVmOWRjNDUxZWEwZDQ0ZTg3MjdkYjQ3MGI5
Mjg3OTQwHhcNMjYwMTAxMjAxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdiZTg0NGQyYzc2ZjNiMDg5MTM0NjQ0NjQyYzI4NjMxYjU4OTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs//+7k1ZsXFPTW5x9QaFYUETIgxW
wFDaSRS1/AnnpmZqkhZghYMib9EqBgexB1nSUgHl2wEvWqaafzvRYLQcsAG8dQ1h
e9T9y5ueJ84blltJkMt0bAqsiHIOt5uOUuJPW6KZzW8j1TZcA3aRTEOZcS4zf25i
lC2xxv7dguo/amIqzQRwdshbi6O19hcAPIsdYJ1J1/3Krc4XJwJD+Wu5yPEoX6yq
G21WwDP/EK97hy+zcJcWQAp43dIDWzUzOLqJIEvJ9lpcbn44Ul/vzDd/rTews+PL
SZCh7E0AugP6l9g3IAz5AWAa7Cl6EPTgL5m0LrNNx/jWd1MoHeisS6Jq5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDp76ETSx287CJE0ZEZCwoYxtYk9MB8GA1UdIwQY
MBaAFMIAaswF+dxFHqDUTocn20cLkoeUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2dCcXpBWDUzRVVlb05ST2h5ZmJSd3VTaDVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yM2I3MmYtOWRlNC00NzA2LThlMzIt
Zjk5MWY5MDA5MGM2LzEvT252b1JOTEhienNJa1RSa1JrTENoakcxaVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yM2I3MmYtOWRlNC00NzA2LThlMzItZjk5MWY5MDA5MGM2
LzEvd2dCcXpBWDUzRVVlb05ST2h5ZmJSd3VTaDVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYUwAwQD
X4F4MA0GCSqGSIb3DQEBCwUAA4IBAQAqqn4gMcmf+ZfaqZTet5hp+3c5OS2QUOxj
54cP2Bfp+iJvbK3u0aG0E16DZjoI2O8aGYwzfcXAKZPbktFnBtbRf8p+6+GHAs1R
AXvkwdlmjFKMwpG4DfG/6n0GblxVLO9n4k7hko7Ha2K7sPnTsDnEBdUlpl84Et0n
FCXW01qmlUZsGcv/lLnGw7r1aPzyTn87BXWKagVtmcWwLCGVnYLXIzi4LrysPRXM
TbSkQaqv0Nlc/Ert1hFXY6cQZKbhqbUdRSlld1g8JBzZ0JBITr2cl1SyxzW8rLgd
G3EpED4JgsVe8QHYYZOc4Ad1Tsv/2RiKPChkyVM7TGfZFWx1sa5J
-----END CERTIFICATE-----