Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/Be3WyMsg4Z1uGznIaamQbZpb7RU.roa
File:                     Be3WyMsg4Z1uGznIaamQbZpb7RU.roa (raw, json)
Hash identifier:          tleesENUxphJmxbIc0LjFcojfwFjurtbi0voCnAJsFM=
Subject key identifier:   05:ED:D6:C8:CB:20:E1:9D:6E:1B:39:C8:69:A9:90:6D:9A:5B:ED:15
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019D0DBE5284EEEE4E9479B3CBAF56F5A37B
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/Be3WyMsg4Z1uGznIaamQbZpb7RU.roa
Signing time:             Sat 21 Mar 2026 00:14:29 +0000
ROA not before:           Sat 21 Mar 2026 00:14:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        185.145.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0d:be:52:84:ee:ee:4e:94:79:b3:cb:af:56:f5:a3:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Mar 21 00:14:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05edd6c8cb20e19d6e1b39c869a9906d9a5bed15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:dc:9b:49:8e:03:c3:79:1d:59:4d:eb:d5:58:
                    59:d4:fa:1d:2f:a2:8a:72:a3:fc:b2:83:89:fa:a4:
                    4a:03:8c:e8:d3:d9:1d:ad:21:51:5c:6b:3e:56:f6:
                    75:28:02:79:f4:dd:f9:86:27:fd:5d:be:71:fc:81:
                    0f:6a:5b:83:ff:81:a6:8a:8f:26:78:9e:7d:4b:1c:
                    d5:e3:84:85:f7:38:95:58:8e:3e:32:62:6d:d9:1b:
                    ca:89:e9:d0:32:b5:ee:0f:af:6b:5b:4c:8e:16:5f:
                    0b:33:1e:73:a1:f1:10:48:57:2a:da:9c:2a:f5:7b:
                    d6:f9:65:31:65:4c:b5:42:cd:bf:63:ef:a7:f3:1b:
                    97:14:61:13:ec:98:df:80:f9:fc:b9:25:3c:57:d6:
                    83:05:ea:46:5b:05:92:a0:cf:77:6b:70:df:c4:80:
                    15:98:aa:f6:74:cb:2a:c0:f1:71:f3:80:4a:af:0f:
                    d3:2f:f1:98:b4:81:5f:8c:f8:3f:84:5a:d2:c2:57:
                    02:29:4e:95:00:f2:78:9c:d9:fc:e4:bb:d8:67:ad:
                    32:ef:f6:8a:3f:73:2a:db:26:d7:f0:85:19:94:cc:
                    21:c9:c3:0e:e0:ec:2d:02:0d:b8:c4:08:ad:3f:92:
                    66:9d:f4:de:8a:31:80:55:ca:18:af:fd:14:f1:b4:
                    2a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:ED:D6:C8:CB:20:E1:9D:6E:1B:39:C8:69:A9:90:6D:9A:5B:ED:15
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/Be3WyMsg4Z1uGznIaamQbZpb7RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:34:2a:c4:6f:aa:66:c0:98:cc:f2:ad:1a:5f:a4:2b:d1:07:
         5c:8f:c8:de:f3:01:4e:c8:be:00:ea:da:2b:0e:a8:ea:56:da:
         52:f4:3d:80:e9:03:aa:ab:c0:13:11:cc:89:bc:59:7d:5e:a4:
         48:d1:70:e3:c7:50:2e:72:bc:21:cf:56:14:5c:35:f1:7a:a1:
         73:50:a4:91:4b:07:dc:e1:bc:e3:eb:af:f8:31:18:69:98:ae:
         d4:9a:0d:02:78:85:bd:32:72:e7:49:cb:55:a8:29:f0:a4:50:
         84:30:04:41:86:81:8a:3e:97:ce:81:d3:e4:22:3c:6d:41:d2:
         78:9c:6e:29:73:9d:b9:a3:1e:7b:40:5f:f2:8f:bf:07:f0:6f:
         5b:70:af:7f:30:67:a6:6e:b3:8f:7b:3c:b7:a2:8c:f3:a9:48:
         92:e4:e7:5a:04:2f:21:be:a7:48:18:bb:0e:d4:35:7c:30:0a:
         9a:f8:65:d8:db:e3:14:3d:af:ee:e2:0c:f4:f8:86:70:2a:6a:
         2e:52:08:74:61:a3:e5:5c:33:8e:cf:6f:3d:f1:a9:05:f0:9d:
         38:08:f9:dd:26:f7:24:ab:e4:ec:09:12:bb:a7:bb:f8:9b:a2:
         a7:2a:7b:2d:3f:59:ec:57:8e:86:40:6d:43:e8:92:b3:48:d4:
         67:0b:a6:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0NvlKE7u5OlHmzy69W9aN7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjYwMzIxMDAxNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWVkZDZjOGNiMjBlMTlkNmUxYjM5Yzg2OWE5OTA2ZDlhNWJlZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtybSY4Dw3kdWU3r1VhZ1PodL6KK
cqP8soOJ+qRKA4zo09kdrSFRXGs+VvZ1KAJ59N35hif9Xb5x/IEPaluD/4Gmio8m
eJ59SxzV44SF9ziVWI4+MmJt2RvKienQMrXuD69rW0yOFl8LMx5zofEQSFcq2pwq
9XvW+WUxZUy1Qs2/Y++n8xuXFGET7JjfgPn8uSU8V9aDBepGWwWSoM93a3DfxIAV
mKr2dMsqwPFx84BKrw/TL/GYtIFfjPg/hFrSwlcCKU6VAPJ4nNn85LvYZ60y7/aK
P3Mq2ybX8IUZlMwhycMO4OwtAg24xAitP5JmnfTeijGAVcoYr/0U8bQqCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXt1sjLIOGdbhs5yGmpkG2aW+0VMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvQmUzV3lNc2c0WjF1R3puSWFhbVFiWnBiN1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZE0MA0G
CSqGSIb3DQEBCwUAA4IBAQCrNCrEb6pmwJjM8q0aX6Qr0Qdcj8je8wFOyL4A6tor
DqjqVtpS9D2A6QOqq8ATEcyJvFl9XqRI0XDjx1Aucrwhz1YUXDXxeqFzUKSRSwfc
4bzj66/4MRhpmK7Umg0CeIW9MnLnSctVqCnwpFCEMARBhoGKPpfOgdPkIjxtQdJ4
nG4pc525ox57QF/yj78H8G9bcK9/MGembrOPezy3oozzqUiS5OdaBC8hvqdIGLsO
1DV8MAqa+GXY2+MUPa/u4gz0+IZwKmouUgh0YaPlXDOOz2898akF8J04CPndJvck
q+TsCRK7p7v4m6KnKnstP1nsV46GQG1D6JKzSNRnC6br
-----END CERTIFICATE-----