Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/SyRWDapgdiRLDss3KXe8eXxRuZ0.roa
File:                     SyRWDapgdiRLDss3KXe8eXxRuZ0.roa (raw, json)
Hash identifier:          pJmQlmIr1AzwEH3PoCcI3G9chIsW+y2rZ6mV5Din8qQ=
Subject key identifier:   4B:24:56:0D:AA:60:76:24:4B:0E:CB:37:29:77:BC:79:7C:51:B9:9D
Certificate issuer:       /CN=521a30077223c25c6f37dcf59480778c0b5b1068
Certificate serial:       019DE4ACE48C360B007D025F5852EC9A4CA5
Authority key identifier: 52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/SyRWDapgdiRLDss3KXe8eXxRuZ0.roa
Signing time:             Fri 01 May 2026 17:53:49 +0000
ROA not before:           Fri 01 May 2026 17:53:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205517
IP address blocks:        185.194.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:ac:e4:8c:36:0b:00:7d:02:5f:58:52:ec:9a:4c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521a30077223c25c6f37dcf59480778c0b5b1068
        Validity
            Not Before: May  1 17:53:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b24560daa6076244b0ecb372977bc797c51b99d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bd:40:92:ad:34:d0:e1:73:df:c6:32:5b:39:
                    f8:b6:b9:c7:4f:f6:c5:f9:4b:dd:a9:b8:d2:1c:c7:
                    7d:ce:4c:61:bd:c0:29:c8:7f:1b:bc:45:fd:3a:dd:
                    97:61:0b:52:8d:3a:1d:d7:28:5a:a8:83:39:e6:b6:
                    2b:b9:7e:05:b8:f8:13:2e:bd:d1:01:6d:41:46:67:
                    21:c4:84:8c:54:82:ea:26:c1:5b:df:f7:0c:5c:47:
                    05:f3:c2:99:c6:75:3b:48:47:8b:ff:05:80:f8:64:
                    41:1e:33:7b:65:dc:0c:57:e9:0b:f3:00:c9:66:3c:
                    20:4e:53:f4:97:71:44:3f:b5:82:01:05:14:27:5f:
                    e5:39:ba:f0:88:ba:57:c5:e5:ff:3f:d6:54:03:36:
                    8c:36:29:6a:1d:b8:da:19:3e:b3:f5:ee:a8:ae:4f:
                    e9:09:8b:49:5e:07:07:d9:06:5d:ff:9e:6c:b4:cb:
                    db:08:a3:e2:35:e2:f2:03:9f:c9:6e:b5:97:5a:ef:
                    b3:33:5f:f4:9a:e2:d1:a0:e8:fb:c3:49:3d:75:dc:
                    a2:cf:84:e8:fc:5e:ed:76:ac:c9:d3:19:0d:e1:50:
                    d4:a1:1e:ae:a4:c8:4d:47:c8:c6:c2:fc:f9:ba:fc:
                    95:ff:8a:c5:50:65:60:e7:41:c2:68:53:d3:fa:cd:
                    85:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:24:56:0D:AA:60:76:24:4B:0E:CB:37:29:77:BC:79:7C:51:B9:9D
            X509v3 Authority Key Identifier:
                keyid:52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/SyRWDapgdiRLDss3KXe8eXxRuZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:1f:55:6b:a1:aa:b1:70:80:63:b1:1c:ec:75:35:d9:af:d4:
         e6:f5:38:8a:3b:07:f4:c6:71:78:0a:c8:ae:d2:2f:ac:87:b6:
         67:dc:19:b1:12:59:db:a0:87:a9:df:7f:0e:08:b7:cc:83:39:
         9c:ab:a4:0e:f3:fe:0d:2e:d4:78:58:be:c9:31:7b:a2:a8:3c:
         ff:67:dd:9f:e4:48:a0:1d:26:92:f8:a5:f5:fc:19:ef:1f:59:
         12:71:2e:ec:d3:59:0d:14:a2:62:23:a1:6e:6a:5a:23:4f:5d:
         62:31:0b:8d:d8:5b:51:89:53:0c:71:31:ee:0f:2f:43:06:07:
         73:fe:60:90:b7:52:f6:d9:50:da:d4:92:75:87:1f:4f:9b:26:
         d2:08:12:fc:7b:33:9e:22:c3:9f:47:8f:86:b8:f3:08:3f:e7:
         1a:a8:c0:56:8f:4a:fb:d7:7c:eb:af:7c:b1:13:58:99:25:1f:
         5d:63:5f:e1:40:e0:87:af:d7:1c:72:58:49:70:62:b9:fc:0d:
         b5:66:06:21:84:4d:ab:5e:e2:33:67:05:4e:30:1f:3b:08:b1:
         31:f2:27:95:87:c5:18:50:51:02:81:93:57:49:22:bd:22:50:
         46:76:ad:bc:90:46:b1:31:ea:f8:63:56:47:28:e0:63:b3:85:
         66:b5:0c:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3krOSMNgsAfQJfWFLsmkylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWEzMDA3NzIyM2MyNWM2ZjM3ZGNmNTk0ODA3NzhjMGI1
YjEwNjgwHhcNMjYwNTAxMTc1MzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjI0NTYwZGFhNjA3NjI0NGIwZWNiMzcyOTc3YmM3OTdjNTFiOTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb1Akq000OFz38YyWzn4trnHT/bF
+UvdqbjSHMd9zkxhvcApyH8bvEX9Ot2XYQtSjTod1yhaqIM55rYruX4FuPgTLr3R
AW1BRmchxISMVILqJsFb3/cMXEcF88KZxnU7SEeL/wWA+GRBHjN7ZdwMV+kL8wDJ
ZjwgTlP0l3FEP7WCAQUUJ1/lObrwiLpXxeX/P9ZUAzaMNilqHbjaGT6z9e6ork/p
CYtJXgcH2QZd/55stMvbCKPiNeLyA5/JbrWXWu+zM1/0muLRoOj7w0k9ddyiz4To
/F7tdqzJ0xkN4VDUoR6upMhNR8jGwvz5uvyV/4rFUGVg50HCaFPT+s2FTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEskVg2qYHYkSw7LNyl3vHl8UbmdMB8GA1UdIwQY
MBaAFFIaMAdyI8Jcbzfc9ZSAd4wLWxBoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMt
MGY1ZjA5YjJlYjE0LzEvU3lSV0RhcGdkaVJMRHNzM0tYZThlWHhSdVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMtMGY1ZjA5YjJlYjE0
LzEvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucJzMA0G
CSqGSIb3DQEBCwUAA4IBAQBBH1VroaqxcIBjsRzsdTXZr9Tm9TiKOwf0xnF4Csiu
0i+sh7Zn3BmxElnboIep338OCLfMgzmcq6QO8/4NLtR4WL7JMXuiqDz/Z92f5Eig
HSaS+KX1/BnvH1kScS7s01kNFKJiI6FualojT11iMQuN2FtRiVMMcTHuDy9DBgdz
/mCQt1L22VDa1JJ1hx9PmybSCBL8ezOeIsOfR4+GuPMIP+caqMBWj0r713zrr3yx
E1iZJR9dY1/hQOCHr9ccclhJcGK5/A21ZgYhhE2rXuIzZwVOMB87CLEx8ieVh8UY
UFECgZNXSSK9IlBGdq28kEaxMer4Y1ZHKOBjs4VmtQwm
-----END CERTIFICATE-----