Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1aRW_7yMDbmOo2mZfBWhyRdPQ90.roa
File:                     1aRW_7yMDbmOo2mZfBWhyRdPQ90.roa (raw, json)
Hash identifier:          5L6gwBXrqq9kBEr7KPTsfOo6IGOJWrBT3w7myc2yRiI=
Subject key identifier:   D5:A4:56:FF:BC:8C:0D:B9:8E:A3:69:99:7C:15:A1:C9:17:4F:43:DD
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019D008B1BCD4BDAE1B8E83CAC6664C12B72
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1aRW_7yMDbmOo2mZfBWhyRdPQ90.roa
Signing time:             Wed 18 Mar 2026 10:43:29 +0000
ROA not before:           Wed 18 Mar 2026 10:43:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49392
IP address blocks:        194.165.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:8b:1b:cd:4b:da:e1:b8:e8:3c:ac:66:64:c1:2b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Mar 18 10:43:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5a456ffbc8c0db98ea369997c15a1c9174f43dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3a:75:99:7f:e4:d6:46:4c:db:02:23:14:90:
                    85:cd:76:50:ef:ba:26:f9:e2:b5:99:6e:9e:ce:5a:
                    c2:b1:41:b0:ae:d4:76:eb:4d:b0:6a:27:96:64:09:
                    64:3f:7b:92:a8:91:84:3a:38:e7:60:55:90:18:87:
                    45:62:ba:ac:f7:14:f8:7d:bf:42:87:27:63:29:5d:
                    93:6f:bc:42:6f:53:0b:5a:7e:9f:98:5d:af:05:1d:
                    da:b7:43:2b:14:4a:71:af:a8:68:60:99:96:d3:7b:
                    9d:fa:00:da:24:e5:dc:a6:34:a3:e8:16:1b:b0:38:
                    60:23:af:e2:35:60:82:29:59:17:9a:49:2c:16:06:
                    75:18:7b:33:aa:13:d2:dc:a7:a4:23:69:24:8d:71:
                    14:22:13:55:82:e2:36:4a:8b:b3:a9:75:86:d7:df:
                    97:fa:43:0a:c8:1b:79:ca:49:32:bf:8a:09:32:93:
                    59:2b:17:0c:fd:32:a5:2c:a8:37:f0:85:32:31:12:
                    6b:84:8a:97:ae:0d:8d:43:34:92:34:23:1c:85:e9:
                    69:1d:8a:92:7d:66:04:22:d5:c1:49:77:d1:a2:81:
                    c6:38:28:4c:d4:71:3e:3c:03:9d:2f:df:ef:44:6d:
                    76:6a:12:6e:86:12:88:95:29:ae:f6:c1:ab:d3:72:
                    c6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:A4:56:FF:BC:8C:0D:B9:8E:A3:69:99:7C:15:A1:C9:17:4F:43:DD
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1aRW_7yMDbmOo2mZfBWhyRdPQ90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:71:db:33:8b:10:0a:82:3b:f1:5d:ac:b5:76:6b:7c:89:a3:
         14:7b:38:29:76:3a:81:7d:e5:7f:fc:fe:e2:df:31:97:7a:73:
         35:a4:32:e3:c1:6c:42:96:9a:2b:71:c0:2a:49:bb:a7:20:80:
         37:d1:f4:cf:cf:e0:b2:3e:60:31:c1:f6:7e:db:f2:b0:fb:b5:
         1b:2c:39:14:3f:32:76:eb:af:ae:75:02:62:3e:60:14:3a:89:
         ea:b9:1b:99:5e:87:27:b3:1f:36:cd:92:6f:54:2c:19:0f:a9:
         22:bd:a3:c8:d4:19:6a:14:26:df:da:3d:f3:a0:ee:4f:5f:2c:
         db:0f:9f:c3:48:39:37:d6:04:91:0e:ea:8e:9b:c9:a5:7f:f5:
         5b:f3:00:1c:a8:0e:ce:02:57:49:f3:e6:e1:bd:32:96:c8:0c:
         d5:43:1f:ac:86:34:d7:5a:c8:1c:5d:58:9c:34:ba:81:91:10:
         c9:c0:58:bc:35:3c:19:cd:14:56:d5:c3:0d:89:21:b2:88:96:
         c1:1c:28:5d:6c:55:93:bc:d5:77:e2:7f:ef:6f:ff:3c:6c:e0:
         22:71:b1:84:b9:ea:ea:cd:3c:01:51:33:13:4d:64:ac:2f:82:
         e5:3a:44:f8:72:b9:e4:5c:36:f8:e5:2d:a6:c4:59:bb:1c:ee:
         e2:27:cd:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AixvNS9rhuOg8rGZkwStyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwMzE4MTA0MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWE0NTZmZmJjOGMwZGI5OGVhMzY5OTk3YzE1YTFjOTE3NGY0M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDp1mX/k1kZM2wIjFJCFzXZQ77om
+eK1mW6ezlrCsUGwrtR2602waieWZAlkP3uSqJGEOjjnYFWQGIdFYrqs9xT4fb9C
hydjKV2Tb7xCb1MLWn6fmF2vBR3at0MrFEpxr6hoYJmW03ud+gDaJOXcpjSj6BYb
sDhgI6/iNWCCKVkXmkksFgZ1GHszqhPS3KekI2kkjXEUIhNVguI2SouzqXWG19+X
+kMKyBt5ykkyv4oJMpNZKxcM/TKlLKg38IUyMRJrhIqXrg2NQzSSNCMchelpHYqS
fWYEItXBSXfRooHGOChM1HE+PAOdL9/vRG12ahJuhhKIlSmu9sGr03LGNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWkVv+8jA25jqNpmXwVockXT0PdMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvMWFSV183eU1EYm1PbzJtWmZCV2h5UmRQUTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqUDMA0G
CSqGSIb3DQEBCwUAA4IBAQCrcdszixAKgjvxXay1dmt8iaMUezgpdjqBfeV//P7i
3zGXenM1pDLjwWxClporccAqSbunIIA30fTPz+CyPmAxwfZ+2/Kw+7UbLDkUPzJ2
66+udQJiPmAUOonquRuZXocnsx82zZJvVCwZD6kivaPI1BlqFCbf2j3zoO5PXyzb
D5/DSDk31gSRDuqOm8mlf/Vb8wAcqA7OAldJ8+bhvTKWyAzVQx+shjTXWsgcXVic
NLqBkRDJwFi8NTwZzRRW1cMNiSGyiJbBHChdbFWTvNV34n/vb/88bOAicbGEuerq
zTwBUTMTTWSsL4LlOkT4crnkXDb45S2mxFm7HO7iJ83E
-----END CERTIFICATE-----