Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/vKFd01lINY7HRrJ2_dwDiQU35jk.roa
File:                     vKFd01lINY7HRrJ2_dwDiQU35jk.roa (raw, json)
Hash identifier:          EvsKuWDSYn3JYsN/EsaPWkUuZAJip44s6VOQyBwOiXc=
Subject key identifier:   BC:A1:5D:D3:59:48:35:8E:C7:46:B2:76:FD:DC:03:89:05:37:E6:39
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019D012C3D3E77B291B3DA63AF4A948369BB
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/vKFd01lINY7HRrJ2_dwDiQU35jk.roa
Signing time:             Wed 18 Mar 2026 13:39:29 +0000
ROA not before:           Wed 18 Mar 2026 13:39:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     812
IP address blocks:        185.145.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:2c:3d:3e:77:b2:91:b3:da:63:af:4a:94:83:69:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Mar 18 13:39:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bca15dd35948358ec746b276fddc03890537e639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a5:3f:a3:8c:68:10:96:05:68:54:04:01:76:
                    a0:c5:90:a4:bc:3b:f8:1b:1d:ce:63:44:34:dd:f3:
                    d2:b5:b6:e1:32:0d:0e:b6:25:d7:6e:5d:3f:e5:37:
                    c8:45:15:09:b7:6b:83:a7:e1:57:5f:2d:16:e1:66:
                    20:5b:ee:a2:16:f6:2c:d3:72:11:8b:bf:52:7f:fb:
                    4a:a6:1c:c1:8b:69:4a:a4:66:60:e3:83:82:fd:4d:
                    76:8d:bf:8f:b4:b8:2a:89:78:aa:74:3b:aa:a2:d6:
                    70:89:9d:79:4f:06:56:57:26:9d:70:6a:bd:c1:f0:
                    4c:a4:b4:b2:26:1e:97:74:2f:42:3b:e4:99:50:ce:
                    93:a1:b7:c5:ae:05:a1:ef:98:55:29:15:b8:d9:e6:
                    e0:6d:da:22:78:10:4d:36:97:74:d0:fd:77:ac:99:
                    6d:c7:7a:bd:3f:c7:50:16:e4:61:7f:1b:a4:3d:3b:
                    b7:d0:67:87:34:da:56:3b:3b:51:16:af:89:7c:e7:
                    d6:2c:40:29:1a:b7:b6:cf:83:db:b9:9d:64:3b:8f:
                    56:84:c5:d2:be:08:70:ae:a8:d9:cd:0c:db:63:5d:
                    9e:25:0e:d8:ce:dc:eb:ed:ee:61:76:d4:25:3c:ab:
                    db:2b:be:7c:3e:15:5b:96:5c:63:4a:28:cf:36:0e:
                    2c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A1:5D:D3:59:48:35:8E:C7:46:B2:76:FD:DC:03:89:05:37:E6:39
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/vKFd01lINY7HRrJ2_dwDiQU35jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:27:f6:a7:fe:51:eb:5d:94:dd:28:18:45:ca:96:8f:0a:b0:
         67:24:a8:98:2a:b7:bf:56:b5:9d:69:9d:d3:25:cb:da:75:fb:
         e4:69:15:78:d4:c4:05:3c:b1:20:15:fd:0d:01:fb:47:6e:90:
         c2:c2:e3:1f:af:d4:f7:0f:a9:98:8a:61:bd:96:4c:45:97:0f:
         cf:cb:73:c2:2b:48:62:c5:43:75:dd:76:2d:0f:d8:86:de:18:
         01:20:4b:7c:c6:66:00:7c:b3:a3:66:60:4e:b7:3a:a3:1b:ef:
         a8:a6:5c:46:d0:c0:e6:88:a0:a1:81:d0:43:65:20:a7:44:f8:
         f5:20:5c:2d:46:b8:99:a9:38:28:bb:b9:ca:42:f2:72:1f:e3:
         3b:04:26:6f:a5:1a:4a:d8:e9:3c:d0:d9:3e:20:27:dd:a5:1f:
         e0:35:e1:8d:ad:26:58:13:ff:3f:01:cc:47:fa:1a:69:86:fe:
         3d:16:64:75:00:aa:6c:23:a3:48:95:26:d0:0d:e9:0d:18:79:
         5f:f4:ca:07:16:b8:2a:16:f5:1c:bf:64:23:31:16:b6:34:bb:
         16:e8:12:7e:06:b8:db:49:04:27:74:b2:e5:48:e3:c2:da:e2:
         16:77:a8:34:c6:68:7d:6e:da:36:71:c6:90:e3:0a:d7:34:97:
         26:b9:b6:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0BLD0+d7KRs9pjr0qUg2m7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjYwMzE4MTMzOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2ExNWRkMzU5NDgzNThlYzc0NmIyNzZmZGRjMDM4OTA1MzdlNjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKU/o4xoEJYFaFQEAXagxZCkvDv4
Gx3OY0Q03fPStbbhMg0OtiXXbl0/5TfIRRUJt2uDp+FXXy0W4WYgW+6iFvYs03IR
i79Sf/tKphzBi2lKpGZg44OC/U12jb+PtLgqiXiqdDuqotZwiZ15TwZWVyadcGq9
wfBMpLSyJh6XdC9CO+SZUM6TobfFrgWh75hVKRW42ebgbdoieBBNNpd00P13rJlt
x3q9P8dQFuRhfxukPTu30GeHNNpWOztRFq+JfOfWLEApGre2z4PbuZ1kO49WhMXS
vghwrqjZzQzbY12eJQ7Yztzr7e5hdtQlPKvbK758PhVbllxjSijPNg4sBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyhXdNZSDWOx0aydv3cA4kFN+Y5MB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvdktGZDAxbElOWTdIUnJKMl9kd0RpUVUzNWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZHYMA0G
CSqGSIb3DQEBCwUAA4IBAQACJ/an/lHrXZTdKBhFypaPCrBnJKiYKre/VrWdaZ3T
JcvadfvkaRV41MQFPLEgFf0NAftHbpDCwuMfr9T3D6mYimG9lkxFlw/Py3PCK0hi
xUN13XYtD9iG3hgBIEt8xmYAfLOjZmBOtzqjG++oplxG0MDmiKChgdBDZSCnRPj1
IFwtRriZqTgou7nKQvJyH+M7BCZvpRpK2Ok80Nk+ICfdpR/gNeGNrSZYE/8/AcxH
+hpphv49FmR1AKpsI6NIlSbQDekNGHlf9MoHFrgqFvUcv2QjMRa2NLsW6BJ+Brjb
SQQndLLlSOPC2uIWd6g0xmh9bto2ccaQ4wrXNJcmubaz
-----END CERTIFICATE-----