Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/otUzKwRd6GBAsljV8Az6vI91Wm8.roa
File:                     otUzKwRd6GBAsljV8Az6vI91Wm8.roa (raw, json)
Hash identifier:          xAQ8R/NzuROt6W3+7yBGOI/IJMxvPp94UPWHfwh4704=
Subject key identifier:   A2:D5:33:2B:04:5D:E8:60:40:B2:58:D5:F0:0C:FA:BC:8F:75:5A:6F
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D193DED5CAACC798756C22A63E33A5CF7
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/otUzKwRd6GBAsljV8Az6vI91Wm8.roa
Signing time:             Mon 23 Mar 2026 05:49:41 +0000
ROA not before:           Mon 23 Mar 2026 05:49:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273267
IP address blocks:        185.225.246.0/23 maxlen: 23
                          185.225.246.0/24 maxlen: 24
                          185.225.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:3d:ed:5c:aa:cc:79:87:56:c2:2a:63:e3:3a:5c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 23 05:49:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2d5332b045de86040b258d5f00cfabc8f755a6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:46:dd:dc:a4:e5:68:6d:2f:f4:8b:5a:23:d5:
                    0f:ac:fa:86:2b:25:34:0e:ba:42:0d:7e:e0:14:5f:
                    dd:5d:ae:1e:94:86:c4:a4:d9:54:5c:dc:16:76:f9:
                    0d:a7:1e:4a:5e:b2:6c:00:91:ce:ab:e9:30:ef:3c:
                    01:f8:96:82:15:cb:b9:79:89:bb:20:c1:82:5e:9f:
                    76:dd:2b:ac:02:99:ba:66:5f:74:cf:31:01:7f:ba:
                    1b:65:2f:50:f6:f3:ec:ce:83:51:7a:2d:ff:30:0b:
                    c9:de:7a:0e:98:fa:0e:8d:98:b6:d2:95:0a:84:34:
                    e6:4e:b8:c9:1b:32:3e:32:16:a5:00:2c:27:fc:9a:
                    89:25:a7:69:f7:6a:ed:b5:8c:a1:16:1c:20:62:8a:
                    49:37:30:b9:db:56:3c:3f:7e:0b:c6:0d:de:e2:ed:
                    67:3f:12:b4:7c:c2:b2:1d:e0:57:07:00:84:17:e2:
                    a2:b3:9c:25:54:f3:de:f8:e8:4b:43:36:3a:b4:8d:
                    ac:31:4c:7d:3f:57:3c:b6:43:21:ce:98:33:1b:47:
                    9d:41:54:3d:c3:eb:4d:4f:5e:7a:77:45:10:ba:03:
                    94:59:28:16:94:ba:eb:93:03:37:b4:9e:ba:fb:35:
                    81:ac:2f:7c:18:a4:51:2b:22:b3:98:19:e8:d6:78:
                    85:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:D5:33:2B:04:5D:E8:60:40:B2:58:D5:F0:0C:FA:BC:8F:75:5A:6F
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/otUzKwRd6GBAsljV8Az6vI91Wm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:6b:b5:65:05:75:63:51:1c:ca:c7:3d:1a:0a:9d:58:ee:08:
         34:74:86:d3:f4:13:5d:b8:63:d7:5b:1c:d4:9f:e6:2e:1c:eb:
         34:fe:b3:b6:79:9d:ac:bc:bd:92:d1:1c:e7:57:77:8f:71:8d:
         b5:82:6f:f5:49:a9:0b:72:39:cb:78:4e:f3:20:de:d3:dc:01:
         18:92:b6:96:c5:84:da:48:ec:7e:46:57:38:39:23:18:67:fb:
         27:43:1b:30:2b:db:fd:ca:06:b2:06:c6:6c:ab:e7:14:e2:e4:
         e3:82:a5:bb:c8:ab:e9:fb:a0:b9:62:34:30:95:ec:ed:1f:a2:
         ff:f4:ad:28:e6:6c:ba:0e:8f:fa:d8:3d:ea:4a:fb:a6:30:20:
         d4:eb:cd:22:e6:9c:fd:47:78:c8:40:64:62:c5:2b:73:d5:d6:
         15:2a:fb:54:83:ff:75:1b:8f:22:e1:0e:07:3c:47:2b:50:7c:
         d5:10:fa:40:97:94:1e:45:4f:4c:a7:96:ef:93:16:65:11:28:
         34:4b:1e:60:24:fd:c0:a2:5d:f9:5c:c0:fb:64:0b:0e:e5:3d:
         dc:ba:a4:43:3c:a1:dc:24:89:86:c0:98:4b:61:2d:b9:4b:09:
         43:fd:78:c8:2b:09:ab:b6:e4:ab:11:9e:6a:44:cf:b0:d0:9d:
         ed:2e:ff:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0ZPe1cqsx5h1bCKmPjOlz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzIzMDU0OTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmQ1MzMyYjA0NWRlODYwNDBiMjU4ZDVmMDBjZmFiYzhmNzU1YTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEbd3KTlaG0v9ItaI9UPrPqGKyU0
DrpCDX7gFF/dXa4elIbEpNlUXNwWdvkNpx5KXrJsAJHOq+kw7zwB+JaCFcu5eYm7
IMGCXp923SusApm6Zl90zzEBf7obZS9Q9vPszoNRei3/MAvJ3noOmPoOjZi20pUK
hDTmTrjJGzI+MhalACwn/JqJJadp92rttYyhFhwgYopJNzC521Y8P34Lxg3e4u1n
PxK0fMKyHeBXBwCEF+Kis5wlVPPe+OhLQzY6tI2sMUx9P1c8tkMhzpgzG0edQVQ9
w+tNT156d0UQugOUWSgWlLrrkwM3tJ66+zWBrC98GKRRKyKzmBno1niFVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLVMysEXehgQLJY1fAM+ryPdVpvMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvb3RVekt3UmQ2R0JBc2xqVjhBejZ2STkxV204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueH2MA0G
CSqGSIb3DQEBCwUAA4IBAQBma7VlBXVjURzKxz0aCp1Y7gg0dIbT9BNduGPXWxzU
n+YuHOs0/rO2eZ2svL2S0RznV3ePcY21gm/1SakLcjnLeE7zIN7T3AEYkraWxYTa
SOx+Rlc4OSMYZ/snQxswK9v9ygayBsZsq+cU4uTjgqW7yKvp+6C5YjQwleztH6L/
9K0o5my6Do/62D3qSvumMCDU680i5pz9R3jIQGRixStz1dYVKvtUg/91G48i4Q4H
PEcrUHzVEPpAl5QeRU9Mp5bvkxZlESg0Sx5gJP3Aol35XMD7ZAsO5T3cuqRDPKHc
JImGwJhLYS25SwlD/XjIKwmrtuSrEZ5qRM+w0J3tLv/N
-----END CERTIFICATE-----