Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/280ad2-07e4-49f7-8c0b-9aba0f363177/1/cdK-ddxQ6uw5AVK3VADEiG5b7xU.roa
File:                     cdK-ddxQ6uw5AVK3VADEiG5b7xU.roa (raw, json)
Hash identifier:          kzD188j7ogf+ogrfaYMQ1BaJogJz8brxVXslH2Z+iS8=
Subject key identifier:   71:D2:BE:75:DC:50:EA:EC:39:01:52:B7:54:00:C4:88:6E:5B:EF:15
Certificate issuer:       /CN=c43b74697ef8b05709f7d394d1fe2951e89d5c55
Certificate serial:       019DC55972C572915D031992B8FEA3768060
Authority key identifier: C4:3B:74:69:7E:F8:B0:57:09:F7:D3:94:D1:FE:29:51:E8:9D:5C:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xDt0aX74sFcJ99OU0f4pUeidXFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/280ad2-07e4-49f7-8c0b-9aba0f363177/1/cdK-ddxQ6uw5AVK3VADEiG5b7xU.roa
Signing time:             Sat 25 Apr 2026 15:54:26 +0000
ROA not before:           Sat 25 Apr 2026 15:54:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401077
IP address blocks:        185.43.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/280ad2-07e4-49f7-8c0b-9aba0f363177/1/xDt0aX74sFcJ99OU0f4pUeidXFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/280ad2-07e4-49f7-8c0b-9aba0f363177/1/xDt0aX74sFcJ99OU0f4pUeidXFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xDt0aX74sFcJ99OU0f4pUeidXFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c5:59:72:c5:72:91:5d:03:19:92:b8:fe:a3:76:80:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c43b74697ef8b05709f7d394d1fe2951e89d5c55
        Validity
            Not Before: Apr 25 15:54:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71d2be75dc50eaec390152b75400c4886e5bef15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7a:29:d2:ca:02:1a:94:97:d5:ae:a5:f7:06:
                    23:fe:57:33:85:8d:33:09:67:9e:79:51:53:2f:8e:
                    67:5c:ea:eb:f7:1b:60:f5:68:18:6c:5d:cb:3e:77:
                    2c:a4:ba:b4:8d:06:54:be:70:80:95:52:83:44:94:
                    5b:ef:bd:b1:ca:87:0a:1b:6a:e4:00:c5:79:c6:3f:
                    b6:a9:e3:05:2b:ce:f7:07:60:e0:6e:e2:43:2d:8c:
                    73:07:2b:f6:d1:5e:0a:e3:dd:97:a4:a8:b3:81:42:
                    86:21:0e:12:9b:14:e3:b9:95:9f:ee:cb:1b:fc:de:
                    54:62:23:d3:42:12:6e:4f:35:1d:93:72:09:ed:13:
                    23:00:e4:9e:5a:d0:cb:6f:43:49:ab:6d:3d:ca:c0:
                    ce:69:02:2b:6d:df:12:84:93:40:29:6e:86:53:4a:
                    64:a5:d1:76:66:2e:4e:41:f0:86:0c:fc:52:2d:d5:
                    d3:3c:98:c2:d2:b5:e7:e7:ab:45:49:e7:c3:6c:5b:
                    26:ec:8c:10:eb:90:c9:12:70:db:74:a4:e8:0e:93:
                    8f:60:cc:73:03:f7:fd:92:ba:c0:00:d7:0a:a6:d1:
                    bb:bf:1b:7b:df:83:ac:b3:19:81:fe:5d:0b:4d:ee:
                    1b:e5:ce:eb:3f:7b:bc:d3:30:de:46:e7:27:f2:72:
                    a0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D2:BE:75:DC:50:EA:EC:39:01:52:B7:54:00:C4:88:6E:5B:EF:15
            X509v3 Authority Key Identifier:
                keyid:C4:3B:74:69:7E:F8:B0:57:09:F7:D3:94:D1:FE:29:51:E8:9D:5C:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xDt0aX74sFcJ99OU0f4pUeidXFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/280ad2-07e4-49f7-8c0b-9aba0f363177/1/cdK-ddxQ6uw5AVK3VADEiG5b7xU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/280ad2-07e4-49f7-8c0b-9aba0f363177/1/xDt0aX74sFcJ99OU0f4pUeidXFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:a6:58:26:ad:a9:34:76:65:97:10:5f:1e:93:0a:66:ee:2f:
         1f:48:51:6e:86:f2:1c:5e:b3:69:89:29:f7:bf:10:fd:31:19:
         b5:01:04:3a:ff:91:ee:83:42:94:7d:2d:c9:7a:b2:60:2c:c9:
         14:73:e3:db:d3:7d:58:b7:04:9b:e0:f9:89:7d:58:c1:93:a4:
         c7:d4:df:4a:37:d4:a0:fb:18:d4:7b:e7:e6:a4:57:3d:de:f4:
         c4:ec:e2:f0:c2:8e:b0:f6:aa:a1:f0:1b:d1:e8:ba:f3:f7:cc:
         16:95:1d:eb:6f:62:89:96:69:08:a4:d8:6c:a7:14:57:93:73:
         e4:e1:0e:52:05:5d:86:d3:13:5e:59:21:13:36:1f:f2:a7:d8:
         66:0f:76:74:24:61:86:fb:f2:3a:dc:4a:9e:2d:ff:b8:a4:07:
         c5:b0:ec:26:c8:7e:ab:d4:77:b9:1f:29:8b:47:3c:4f:5e:35:
         de:bb:cd:d0:7a:88:cd:36:10:d9:01:89:a7:7e:08:e6:ae:54:
         df:08:84:5b:86:bf:16:5e:f6:ea:b9:b3:73:1d:89:67:81:3b:
         66:97:4d:c8:75:41:c4:f6:3f:10:c3:68:93:20:5b:70:41:da:
         29:b7:08:8a:38:7f:69:49:83:05:d8:1d:8f:b7:24:06:a4:5b:
         95:0a:a3:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3FWXLFcpFdAxmSuP6jdoBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0M2I3NDY5N2VmOGIwNTcwOWY3ZDM5NGQxZmUyOTUxZTg5
ZDVjNTUwHhcNMjYwNDI1MTU1NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQyYmU3NWRjNTBlYWVjMzkwMTUyYjc1NDAwYzQ4ODZlNWJlZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnop0soCGpSX1a6l9wYj/lczhY0z
CWeeeVFTL45nXOrr9xtg9WgYbF3LPncspLq0jQZUvnCAlVKDRJRb772xyocKG2rk
AMV5xj+2qeMFK873B2DgbuJDLYxzByv20V4K492XpKizgUKGIQ4SmxTjuZWf7ssb
/N5UYiPTQhJuTzUdk3IJ7RMjAOSeWtDLb0NJq209ysDOaQIrbd8ShJNAKW6GU0pk
pdF2Zi5OQfCGDPxSLdXTPJjC0rXn56tFSefDbFsm7IwQ65DJEnDbdKToDpOPYMxz
A/f9krrAANcKptG7vxt734OssxmB/l0LTe4b5c7rP3u80zDeRucn8nKgtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHSvnXcUOrsOQFSt1QAxIhuW+8VMB8GA1UdIwQY
MBaAFMQ7dGl++LBXCffTlNH+KVHonVxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveER0MGFYNzRzRmNKOTlPVTBmNHBVZWlkWEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yODBhZDItMDdlNC00OWY3LThjMGIt
OWFiYTBmMzYzMTc3LzEvY2RLLWRkeFE2dXc1QVZLM1ZBREVpRzViN3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yODBhZDItMDdlNC00OWY3LThjMGItOWFiYTBmMzYzMTc3
LzEveER0MGFYNzRzRmNKOTlPVTBmNHBVZWlkWEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuStAMA0G
CSqGSIb3DQEBCwUAA4IBAQA+plgmrak0dmWXEF8ekwpm7i8fSFFuhvIcXrNpiSn3
vxD9MRm1AQQ6/5Hug0KUfS3JerJgLMkUc+Pb031YtwSb4PmJfVjBk6TH1N9KN9Sg
+xjUe+fmpFc93vTE7OLwwo6w9qqh8BvR6Lrz98wWlR3rb2KJlmkIpNhspxRXk3Pk
4Q5SBV2G0xNeWSETNh/yp9hmD3Z0JGGG+/I63EqeLf+4pAfFsOwmyH6r1He5HymL
RzxPXjXeu83QeojNNhDZAYmnfgjmrlTfCIRbhr8WXvbqubNzHYlngTtml03IdUHE
9j8Qw2iTIFtwQdoptwiKOH9pSYMF2B2PtyQGpFuVCqPP
-----END CERTIFICATE-----