Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/XMvIwzGddWBUba0mwiNnnHTZWm4.roa
File:                     XMvIwzGddWBUba0mwiNnnHTZWm4.roa (raw, json)
Hash identifier:          UWvDZc48OJ09VWHD0leBJU7x8wfw++aUQp2Q26I26MM=
Subject key identifier:   5C:CB:C8:C3:31:9D:75:60:54:6D:AD:26:C2:23:67:9C:74:D9:5A:6E
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019D0B964277BB6B49E8EA14280BB69E80CB
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/XMvIwzGddWBUba0mwiNnnHTZWm4.roa
Signing time:             Fri 20 Mar 2026 14:11:29 +0000
ROA not before:           Fri 20 Mar 2026 14:11:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199884
IP address blocks:        130.49.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:96:42:77:bb:6b:49:e8:ea:14:28:0b:b6:9e:80:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Mar 20 14:11:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ccbc8c3319d7560546dad26c223679c74d95a6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:36:70:fe:a7:b0:14:bf:e2:62:c5:dc:72:95:
                    42:86:69:d7:1b:b8:35:9d:19:f1:6a:b0:cb:90:d5:
                    bb:53:da:3d:05:46:66:f3:dc:ba:02:07:85:ef:7c:
                    d0:3b:81:17:a8:64:92:5c:50:23:96:da:10:61:6b:
                    4e:ad:62:eb:b0:ee:d7:94:ff:e6:29:12:59:c1:81:
                    79:dd:08:b8:12:34:02:68:ca:5b:93:d5:49:16:da:
                    8c:8a:b0:30:2d:95:f6:8f:67:99:89:a5:75:b2:bd:
                    29:3a:67:a1:c4:29:11:33:11:7a:63:91:e9:bf:a4:
                    21:68:aa:81:fc:c1:2f:02:de:dc:63:2a:93:c7:21:
                    aa:0f:cb:4b:d7:0f:4e:18:87:43:9b:fa:07:8c:d5:
                    b3:15:71:51:47:7f:a5:74:89:76:24:24:d5:5e:69:
                    7c:cc:36:40:ee:45:b6:f2:3b:b2:17:1b:e7:d4:6a:
                    a3:51:b4:90:7a:e7:10:39:1a:74:80:32:6b:c6:2c:
                    d5:ee:31:70:7b:1e:35:03:9e:50:43:00:73:d3:00:
                    d3:89:15:2b:48:b3:44:1f:28:fc:ff:b6:70:13:a3:
                    11:04:2b:41:4a:c3:1d:33:d6:8b:64:2a:5d:a2:43:
                    db:2c:b4:42:73:59:47:ce:2f:01:32:2d:9d:09:93:
                    47:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:CB:C8:C3:31:9D:75:60:54:6D:AD:26:C2:23:67:9C:74:D9:5A:6E
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/XMvIwzGddWBUba0mwiNnnHTZWm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.49.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:e7:ef:ef:07:78:d9:1b:93:09:07:54:1f:6f:ec:b8:61:a2:
         70:80:d1:7b:e3:d3:df:41:ea:17:5c:e9:a1:59:ac:03:7a:f6:
         63:7e:c6:25:9c:c6:43:0f:06:3a:1d:d9:ec:63:70:e8:38:ba:
         88:8e:e1:b4:8b:71:ec:4e:0b:d6:1c:17:34:35:74:8d:00:f5:
         81:d5:2f:1d:59:e8:4c:51:6d:0d:98:18:ba:56:06:e0:b5:63:
         af:65:a9:5c:7b:45:f5:fd:1e:70:45:23:c1:6e:19:a5:6c:70:
         f5:8b:35:0d:6e:3f:f3:31:4a:42:e5:80:d2:93:67:54:d4:df:
         53:35:2c:ee:22:41:a6:05:71:80:1d:1f:c9:d0:70:71:62:84:
         eb:de:35:0f:08:76:50:00:1d:bb:4a:2a:3f:35:79:0f:1c:32:
         79:d6:88:e0:c6:4a:d4:b5:2c:a7:8c:2f:69:49:7d:ee:ab:74:
         1f:d3:6e:e8:59:97:42:bb:53:50:1c:dc:96:e9:ad:07:2a:36:
         56:fc:08:20:8c:41:93:48:bb:1e:33:12:63:6a:96:39:90:54:
         59:a6:c6:b5:89:bc:de:ab:9d:e9:77:c0:cf:72:d8:24:cf:e3:
         6f:03:eb:57:31:1c:d3:08:22:93:b7:1f:f5:9b:61:f9:a0:80:
         e2:be:cd:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0LlkJ3u2tJ6OoUKAu2noDLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjYwMzIwMTQxMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2NiYzhjMzMxOWQ3NTYwNTQ2ZGFkMjZjMjIzNjc5Yzc0ZDk1YTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDZw/qewFL/iYsXccpVChmnXG7g1
nRnxarDLkNW7U9o9BUZm89y6AgeF73zQO4EXqGSSXFAjltoQYWtOrWLrsO7XlP/m
KRJZwYF53Qi4EjQCaMpbk9VJFtqMirAwLZX2j2eZiaV1sr0pOmehxCkRMxF6Y5Hp
v6QhaKqB/MEvAt7cYyqTxyGqD8tL1w9OGIdDm/oHjNWzFXFRR3+ldIl2JCTVXml8
zDZA7kW28juyFxvn1GqjUbSQeucQORp0gDJrxizV7jFwex41A55QQwBz0wDTiRUr
SLNEHyj8/7ZwE6MRBCtBSsMdM9aLZCpdokPbLLRCc1lHzi8BMi2dCZNHrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzLyMMxnXVgVG2tJsIjZ5x02VpuMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvWE12SXd6R2RkV0JVYmEwbXdpTm5uSFRaV200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgjG5MA0G
CSqGSIb3DQEBCwUAA4IBAQAe5+/vB3jZG5MJB1Qfb+y4YaJwgNF749PfQeoXXOmh
WawDevZjfsYlnMZDDwY6HdnsY3DoOLqIjuG0i3HsTgvWHBc0NXSNAPWB1S8dWehM
UW0NmBi6VgbgtWOvZalce0X1/R5wRSPBbhmlbHD1izUNbj/zMUpC5YDSk2dU1N9T
NSzuIkGmBXGAHR/J0HBxYoTr3jUPCHZQAB27Sio/NXkPHDJ51ojgxkrUtSynjC9p
SX3uq3Qf027oWZdCu1NQHNyW6a0HKjZW/AggjEGTSLseMxJjapY5kFRZpsa1ibze
q53pd8DPctgkz+NvA+tXMRzTCCKTtx/1m2H5oIDivs1x
-----END CERTIFICATE-----