Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/T4PgbZJKUaf02Iyto9Ou5c6N-5k.roa
File:                     T4PgbZJKUaf02Iyto9Ou5c6N-5k.roa (raw, json)
Hash identifier:          P/JrS7vgmwHnLPQ7IllINhLGvMiZM7MkKbg+lH2EE04=
Subject key identifier:   4F:83:E0:6D:92:4A:51:A7:F4:D8:8C:AD:A3:D3:AE:E5:CE:8D:FB:99
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019CF6F755079403746947FCEA1AD7874451
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/T4PgbZJKUaf02Iyto9Ou5c6N-5k.roa
Signing time:             Mon 16 Mar 2026 14:05:30 +0000
ROA not before:           Mon 16 Mar 2026 14:05:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211859
IP address blocks:        188.132.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:f7:55:07:94:03:74:69:47:fc:ea:1a:d7:87:44:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Mar 16 14:05:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f83e06d924a51a7f4d88cada3d3aee5ce8dfb99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ba:d9:d8:e0:c9:82:9f:56:c4:c4:23:17:38:
                    9f:f8:b1:1b:50:68:7a:d9:3a:d6:2b:f0:34:ba:7a:
                    f0:bb:17:81:7b:97:52:33:de:3e:4d:1f:39:ab:17:
                    2d:3e:1f:75:fb:49:ef:d1:3c:b0:63:9f:a6:13:40:
                    f4:d4:cd:cd:b8:6c:fe:2b:e6:ba:5f:3d:f8:54:68:
                    15:56:2c:98:1c:57:f4:60:62:f5:9b:1b:0b:aa:d6:
                    75:af:b4:ce:39:32:42:07:dc:fb:18:4c:21:b3:d9:
                    c1:46:27:0f:1f:41:ca:f7:4d:e8:09:ca:57:e4:13:
                    65:f1:b5:c8:5f:aa:8a:02:ef:a4:70:51:61:38:1e:
                    25:7f:36:14:b9:d2:d5:ea:b8:c2:2a:26:b4:ad:7a:
                    d8:21:45:1e:37:a7:3f:17:25:d8:86:44:16:16:e4:
                    de:f6:d2:b4:49:b9:01:a9:35:cb:cf:70:dc:64:32:
                    f5:66:32:47:b8:62:68:81:ee:bd:c5:ab:26:ee:a7:
                    c8:0c:81:98:1b:78:42:ac:bc:9e:6b:46:01:f5:d3:
                    26:5b:15:de:dc:96:4a:29:3f:73:ed:4e:44:f4:f6:
                    8e:ad:d1:58:c5:e8:c2:b9:f3:ac:02:6d:1f:96:c6:
                    64:75:ee:0a:01:7f:21:09:af:f1:40:0a:b3:3e:1f:
                    1a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:83:E0:6D:92:4A:51:A7:F4:D8:8C:AD:A3:D3:AE:E5:CE:8D:FB:99
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/T4PgbZJKUaf02Iyto9Ou5c6N-5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:45:81:80:78:8c:8e:6c:3f:14:b2:f2:4d:9a:ba:be:75:13:
         39:88:fe:1d:a2:d8:ae:77:50:8d:06:b3:e2:3c:86:4f:c6:47:
         cc:62:ff:9e:78:0e:86:6f:e1:ce:a4:0d:62:a8:b7:65:e3:e2:
         7d:33:fc:c3:23:15:af:3b:54:5b:f6:44:ea:e7:ca:2c:90:66:
         94:cf:1e:5a:22:d8:92:33:8b:c2:62:de:1e:c3:ae:a6:87:e0:
         39:e1:c5:c8:46:24:24:3a:54:45:2a:81:93:c9:d1:c7:ad:6f:
         d8:00:26:49:ca:8c:e4:df:2a:4d:58:02:89:d9:74:46:25:22:
         ea:65:fa:63:13:9b:2d:34:6a:7d:8b:de:77:1e:f0:0a:83:46:
         49:e7:de:d2:e0:6f:23:2b:2a:76:00:6a:a7:53:85:e4:97:b1:
         cc:e0:03:e3:40:dd:43:e6:30:dd:49:ec:bd:b0:82:1f:e5:7a:
         37:ed:12:e6:24:f8:8c:f7:31:9a:64:d6:6c:e7:8d:1a:f7:b2:
         dc:8b:5a:3c:42:0d:95:fc:a1:9b:c1:4b:23:67:5b:7e:82:13:
         61:f2:64:7c:45:c8:66:b7:68:3e:c3:2a:ed:1f:62:14:f8:93:
         82:b9:7b:24:08:a6:c7:77:36:9a:c2:68:b4:3c:4c:2d:18:d0:
         46:c8:f5:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz291UHlAN0aUf86hrXh0RRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwMzE2MTQwNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjgzZTA2ZDkyNGE1MWE3ZjRkODhjYWRhM2QzYWVlNWNlOGRmYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLrZ2ODJgp9WxMQjFzif+LEbUGh6
2TrWK/A0unrwuxeBe5dSM94+TR85qxctPh91+0nv0TywY5+mE0D01M3NuGz+K+a6
Xz34VGgVViyYHFf0YGL1mxsLqtZ1r7TOOTJCB9z7GEwhs9nBRicPH0HK903oCcpX
5BNl8bXIX6qKAu+kcFFhOB4lfzYUudLV6rjCKia0rXrYIUUeN6c/FyXYhkQWFuTe
9tK0SbkBqTXLz3DcZDL1ZjJHuGJoge69xasm7qfIDIGYG3hCrLyea0YB9dMmWxXe
3JZKKT9z7U5E9PaOrdFYxejCufOsAm0flsZkde4KAX8hCa/xQAqzPh8aQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+D4G2SSlGn9NiMraPTruXOjfuZMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvVDRQZ2JaSktVYWYwMkl5dG85T3U1YzZOLTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvITIMA0G
CSqGSIb3DQEBCwUAA4IBAQBxRYGAeIyObD8UsvJNmrq+dRM5iP4dotiud1CNBrPi
PIZPxkfMYv+eeA6Gb+HOpA1iqLdl4+J9M/zDIxWvO1Rb9kTq58oskGaUzx5aItiS
M4vCYt4ew66mh+A54cXIRiQkOlRFKoGTydHHrW/YACZJyozk3ypNWAKJ2XRGJSLq
ZfpjE5stNGp9i953HvAKg0ZJ597S4G8jKyp2AGqnU4Xkl7HM4APjQN1D5jDdSey9
sIIf5Xo37RLmJPiM9zGaZNZs540a97Lci1o8Qg2V/KGbwUsjZ1t+ghNh8mR8Rchm
t2g+wyrtH2IU+JOCuXskCKbHdzaawmi0PEwtGNBGyPV4
-----END CERTIFICATE-----