Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/a438a5-b9b0-4802-9909-3845a42dae0b/1/Gk3qRjHc4sWF2rOaGo2ujBXucwU.roa
File:                     Gk3qRjHc4sWF2rOaGo2ujBXucwU.roa (raw, json)
Hash identifier:          pHlVorceZH8dGeu3/EtQuQX+jpCTueBXs4FELHev8DM=
Subject key identifier:   1A:4D:EA:46:31:DC:E2:C5:85:DA:B3:9A:1A:8D:AE:8C:15:EE:73:05
Certificate issuer:       /CN=bd63ea4f2cbfb7c8d3d6819940d37764ac5bb7d8
Certificate serial:       019DF340950200859CC27CA598DBAAC95A5C
Authority key identifier: BD:63:EA:4F:2C:BF:B7:C8:D3:D6:81:99:40:D3:77:64:AC:5B:B7:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vWPqTyy_t8jT1oGZQNN3ZKxbt9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/a438a5-b9b0-4802-9909-3845a42dae0b/1/Gk3qRjHc4sWF2rOaGo2ujBXucwU.roa
Signing time:             Mon 04 May 2026 13:49:49 +0000
ROA not before:           Mon 04 May 2026 13:49:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211346
IP address blocks:        153.56.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/a438a5-b9b0-4802-9909-3845a42dae0b/1/vWPqTyy_t8jT1oGZQNN3ZKxbt9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/a438a5-b9b0-4802-9909-3845a42dae0b/1/vWPqTyy_t8jT1oGZQNN3ZKxbt9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vWPqTyy_t8jT1oGZQNN3ZKxbt9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 11:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f3:40:95:02:00:85:9c:c2:7c:a5:98:db:aa:c9:5a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd63ea4f2cbfb7c8d3d6819940d37764ac5bb7d8
        Validity
            Not Before: May  4 13:49:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a4dea4631dce2c585dab39a1a8dae8c15ee7305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:8f:ba:f6:f0:e2:b9:08:15:66:03:fa:ff:b4:
                    7c:53:55:93:7f:96:17:f5:05:a4:fb:6b:3b:a4:ae:
                    eb:ec:75:93:05:bc:ec:db:4d:f0:c6:0b:d8:0b:b4:
                    ea:5d:13:21:98:54:3d:51:69:60:a8:b0:81:b5:d2:
                    81:8d:1e:8d:6e:b7:1a:19:02:5f:0d:94:8b:4b:4b:
                    ec:bc:3e:bd:d0:d6:74:07:48:bd:ac:3a:be:cb:8d:
                    27:44:a4:7c:bf:ed:ce:bc:35:71:26:2c:17:0d:46:
                    dc:c2:15:f5:4f:8b:df:15:34:17:0c:26:3d:42:84:
                    9b:a9:1c:4f:54:86:a4:7d:a3:9c:da:a4:8b:fc:e9:
                    ed:ca:15:c9:10:24:89:ef:d2:43:70:f4:2c:2f:c3:
                    62:13:ee:4c:6a:32:49:9b:32:11:9b:ae:98:31:c1:
                    5f:70:ac:48:99:b6:38:5c:97:5c:86:03:26:1a:3d:
                    8d:99:49:41:ab:27:bd:f2:40:75:ea:2c:7b:dd:6b:
                    61:07:f0:b9:c6:a6:12:ff:0c:62:17:28:50:e2:52:
                    4a:f1:2b:93:0a:f1:e3:db:b7:bd:80:d5:8e:04:c0:
                    c9:31:7c:3c:6e:79:b4:29:f1:0a:32:86:a9:e4:11:
                    a4:30:4d:2a:13:64:11:51:3f:ed:30:41:7c:36:a0:
                    2e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:4D:EA:46:31:DC:E2:C5:85:DA:B3:9A:1A:8D:AE:8C:15:EE:73:05
            X509v3 Authority Key Identifier:
                keyid:BD:63:EA:4F:2C:BF:B7:C8:D3:D6:81:99:40:D3:77:64:AC:5B:B7:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vWPqTyy_t8jT1oGZQNN3ZKxbt9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a438a5-b9b0-4802-9909-3845a42dae0b/1/Gk3qRjHc4sWF2rOaGo2ujBXucwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a438a5-b9b0-4802-9909-3845a42dae0b/1/vWPqTyy_t8jT1oGZQNN3ZKxbt9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.56.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:d1:34:30:9d:d6:28:25:5b:99:ba:6c:31:c5:18:cf:7a:6e:
         db:31:43:1a:b4:3f:fb:ee:a4:b5:be:1e:70:7d:a4:b8:83:9f:
         e0:b5:29:04:cc:70:9a:f6:d4:39:ff:4a:04:35:55:f0:a7:26:
         fd:87:d3:f2:98:70:40:f8:7b:d1:2a:88:73:9b:8e:8a:c9:4c:
         83:72:cc:4d:32:11:2a:cc:1e:7d:1c:61:2f:03:a4:36:2d:6f:
         6e:6a:36:15:71:db:3a:a8:5e:c7:f0:c5:10:b9:8d:58:95:0d:
         19:c7:0e:d7:f9:67:3e:fa:9e:b3:2d:96:9e:c1:db:46:fb:89:
         f9:a1:19:b3:3b:14:f6:df:bd:d6:40:97:71:20:5f:30:2b:db:
         02:6e:0d:f4:2d:8f:f3:b5:2f:bc:a7:7d:c0:75:5a:3e:cd:78:
         47:b4:81:be:27:d4:7c:96:3d:16:8b:c1:13:cb:37:41:3b:b4:
         bf:27:a0:cb:1b:b6:d0:4b:95:f0:10:41:aa:82:29:0e:16:81:
         fc:c9:37:d8:2e:4a:d9:db:7b:23:a0:51:05:d0:9a:cc:3f:12:
         f7:0b:40:a2:a6:fe:a7:bc:b1:8d:0f:bd:81:1c:df:23:b9:1b:
         08:a7:ea:6d:31:c1:37:35:1b:ca:b8:6a:f8:66:eb:53:61:34:
         82:1f:c8:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3zQJUCAIWcwnylmNuqyVpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNjNlYTRmMmNiZmI3YzhkM2Q2ODE5OTQwZDM3NzY0YWM1
YmI3ZDgwHhcNMjYwNTA0MTM0OTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTRkZWE0NjMxZGNlMmM1ODVkYWIzOWExYThkYWU4YzE1ZWU3MzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo+69vDiuQgVZgP6/7R8U1WTf5YX
9QWk+2s7pK7r7HWTBbzs203wxgvYC7TqXRMhmFQ9UWlgqLCBtdKBjR6NbrcaGQJf
DZSLS0vsvD690NZ0B0i9rDq+y40nRKR8v+3OvDVxJiwXDUbcwhX1T4vfFTQXDCY9
QoSbqRxPVIakfaOc2qSL/OntyhXJECSJ79JDcPQsL8NiE+5MajJJmzIRm66YMcFf
cKxImbY4XJdchgMmGj2NmUlBqye98kB16ix73WthB/C5xqYS/wxiFyhQ4lJK8SuT
CvHj27e9gNWOBMDJMXw8bnm0KfEKMoap5BGkME0qE2QRUT/tMEF8NqAugwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpN6kYx3OLFhdqzmhqNrowV7nMFMB8GA1UdIwQY
MBaAFL1j6k8sv7fI09aBmUDTd2SsW7fYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdldQcVR5eV90OGpUMW9HWlFOTjNaS3hidDlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hNDM4YTUtYjliMC00ODAyLTk5MDkt
Mzg0NWE0MmRhZTBiLzEvR2szcVJqSGM0c1dGMnJPYUdvMnVqQlh1Y3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hNDM4YTUtYjliMC00ODAyLTk5MDktMzg0NWE0MmRhZTBi
LzEvdldQcVR5eV90OGpUMW9HWlFOTjNaS3hidDlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTiOMA0G
CSqGSIb3DQEBCwUAA4IBAQBF0TQwndYoJVuZumwxxRjPem7bMUMatD/77qS1vh5w
faS4g5/gtSkEzHCa9tQ5/0oENVXwpyb9h9PymHBA+HvRKohzm46KyUyDcsxNMhEq
zB59HGEvA6Q2LW9uajYVcds6qF7H8MUQuY1YlQ0Zxw7X+Wc++p6zLZaewdtG+4n5
oRmzOxT2373WQJdxIF8wK9sCbg30LY/ztS+8p33AdVo+zXhHtIG+J9R8lj0Wi8ET
yzdBO7S/J6DLG7bQS5XwEEGqgikOFoH8yTfYLkrZ23sjoFEF0JrMPxL3C0Cipv6n
vLGND72BHN8juRsIp+ptMcE3NRvKuGr4ZutTYTSCH8hS
-----END CERTIFICATE-----