Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/vcRDfnTX2gyrdrA1Q2iobyhrLbg.roa
File:                     vcRDfnTX2gyrdrA1Q2iobyhrLbg.roa (raw, json)
Hash identifier:          WhEgCfRq1Bs7FaaitSPpQsKSjIAWEGum8Uk5iEcvHxU=
Subject key identifier:   BD:C4:43:7E:74:D7:DA:0C:AB:76:B0:35:43:68:A8:6F:28:6B:2D:B8
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D052DA3DA89348D84C9E44D0CF848448F
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/vcRDfnTX2gyrdrA1Q2iobyhrLbg.roa
Signing time:             Thu 19 Mar 2026 08:19:30 +0000
ROA not before:           Thu 19 Mar 2026 08:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209618
IP address blocks:        185.226.192.0/24 maxlen: 24
                          2a0a:e9c2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:2d:a3:da:89:34:8d:84:c9:e4:4d:0c:f8:48:44:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 19 08:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdc4437e74d7da0cab76b0354368a86f286b2db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:31:f5:92:c8:8c:fb:1d:8e:5d:df:02:09:5f:
                    2e:d3:23:a5:7b:c3:e1:c3:97:d5:ec:61:5c:eb:b7:
                    d7:a5:fb:d2:9b:ed:46:04:54:05:7a:fd:29:12:04:
                    e0:82:7e:dd:2e:d5:79:59:15:47:0d:83:bc:98:46:
                    33:1e:39:1f:b9:f3:c5:32:85:33:66:36:d4:1d:a1:
                    64:69:03:4d:f3:58:a0:b8:04:d7:2c:64:af:12:41:
                    a9:45:4a:47:31:57:58:68:a1:35:46:15:94:f8:66:
                    ca:d9:f8:03:c6:dd:6b:31:1c:ab:e4:e6:a1:19:20:
                    71:ab:f2:b3:45:4e:3d:03:e9:71:72:52:ff:e1:49:
                    46:6c:f0:32:f5:5f:04:14:fd:48:fa:ad:d0:f5:b5:
                    8f:ab:48:f8:dc:3b:f8:56:11:72:e1:dd:77:1b:51:
                    13:4d:cc:7d:bf:df:50:08:20:0e:72:0d:f2:96:9a:
                    fa:8f:f9:d9:14:1d:46:82:44:b2:75:3d:9f:ef:0d:
                    8d:57:07:99:3d:5f:07:0c:22:5d:62:30:c9:dd:33:
                    7d:d1:b2:10:49:12:21:dc:56:70:32:4b:14:c3:fd:
                    60:aa:e8:e1:70:e1:45:b2:6b:90:ab:78:35:71:28:
                    53:2c:5a:0c:26:95:7f:da:71:64:c6:41:46:84:e2:
                    e0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C4:43:7E:74:D7:DA:0C:AB:76:B0:35:43:68:A8:6F:28:6B:2D:B8
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/vcRDfnTX2gyrdrA1Q2iobyhrLbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.192.0/24
                IPv6:
                  2a0a:e9c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:3b:76:6d:92:e8:72:66:cf:f5:f4:46:13:32:79:b0:36:f5:
         4e:8b:3c:19:17:52:ec:7f:a6:9b:72:80:ed:a7:2c:f7:c8:63:
         0e:47:40:7c:cf:68:cc:a7:98:aa:43:52:b0:ea:b6:ff:aa:a0:
         0f:7d:ac:28:8e:fd:67:86:64:5f:d0:58:ae:c0:32:d1:49:a8:
         d8:59:cd:8e:1f:1a:51:2d:2e:52:02:ff:a8:11:be:43:1c:6e:
         9b:f6:4a:8b:99:4b:95:b2:0b:73:21:92:0c:38:a0:40:6a:06:
         69:c2:53:cf:2f:5e:16:df:26:5a:61:b1:d7:1d:be:9a:22:85:
         af:5d:92:be:56:de:68:85:71:de:62:10:ef:3a:0d:c1:4c:ba:
         f5:e9:a8:de:f4:71:0a:17:cf:c4:5c:3a:5f:c5:db:32:a1:41:
         4a:a9:78:96:3f:8e:c5:9d:95:30:c9:68:f3:23:c0:1e:1e:fe:
         0a:cc:c5:2b:b5:1d:62:ba:ef:ff:fa:35:e3:74:8f:78:46:f3:
         d8:b1:42:2f:1f:cb:a7:6e:eb:c5:53:84:8d:8d:97:e7:ca:5e:
         e5:8b:07:2d:e4:d2:29:09:b7:4c:a6:8c:a4:75:b8:fc:d1:77:
         81:d4:e1:ea:3b:ef:bc:94:e2:11:41:de:27:26:01:84:c9:7d:
         6d:e4:c7:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0FLaPaiTSNhMnkTQz4SESPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzE5MDgxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGM0NDM3ZTc0ZDdkYTBjYWI3NmIwMzU0MzY4YTg2ZjI4NmIyZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzH1ksiM+x2OXd8CCV8u0yOle8Ph
w5fV7GFc67fXpfvSm+1GBFQFev0pEgTggn7dLtV5WRVHDYO8mEYzHjkfufPFMoUz
ZjbUHaFkaQNN81iguATXLGSvEkGpRUpHMVdYaKE1RhWU+GbK2fgDxt1rMRyr5Oah
GSBxq/KzRU49A+lxclL/4UlGbPAy9V8EFP1I+q3Q9bWPq0j43Dv4VhFy4d13G1ET
Tcx9v99QCCAOcg3ylpr6j/nZFB1GgkSydT2f7w2NVweZPV8HDCJdYjDJ3TN90bIQ
SRIh3FZwMksUw/1gqujhcOFFsmuQq3g1cShTLFoMJpV/2nFkxkFGhOLgPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL3EQ35019oMq3awNUNoqG8oay24MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvdmNSRGZuVFgyZ3lyZHJBMVEyaW9ieWhyTGJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueLAMA0E
AgACMAcDBQAqCunCMA0GCSqGSIb3DQEBCwUAA4IBAQBfO3ZtkuhyZs/19EYTMnmw
NvVOizwZF1Lsf6abcoDtpyz3yGMOR0B8z2jMp5iqQ1Kw6rb/qqAPfawojv1nhmRf
0FiuwDLRSajYWc2OHxpRLS5SAv+oEb5DHG6b9kqLmUuVsgtzIZIMOKBAagZpwlPP
L14W3yZaYbHXHb6aIoWvXZK+Vt5ohXHeYhDvOg3BTLr16aje9HEKF8/EXDpfxdsy
oUFKqXiWP47FnZUwyWjzI8AeHv4KzMUrtR1iuu//+jXjdI94RvPYsUIvH8unbuvF
U4SNjZfnyl7liwct5NIpCbdMpoykdbj80XeB1OHqO++8lOIRQd4nJgGEyX1t5MdL
-----END CERTIFICATE-----