Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ANTFJ4BzMqza6ZI-Fr_L18YA0Xw.roa
File:                     ANTFJ4BzMqza6ZI-Fr_L18YA0Xw.roa (raw, json)
Hash identifier:          c+s8a2xq9a8wP0AN9c3of5I2bj0dvSL1hF6a6ZH0OhQ=
Subject key identifier:   00:D4:C5:27:80:73:32:AC:DA:E9:92:3E:16:BF:CB:D7:C6:00:D1:7C
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019CE5E191D29A036669C3DECE5433DD360B
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ANTFJ4BzMqza6ZI-Fr_L18YA0Xw.roa
Signing time:             Fri 13 Mar 2026 06:28:10 +0000
ROA not before:           Fri 13 Mar 2026 06:28:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198584
IP address blocks:        89.44.243.0/24 maxlen: 24
                          188.212.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e5:e1:91:d2:9a:03:66:69:c3:de:ce:54:33:dd:36:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Mar 13 06:28:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00d4c527807332acdae9923e16bfcbd7c600d17c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:b4:1e:a1:2d:ca:a7:fb:62:19:a8:0e:66:
                    59:61:69:f3:b7:83:24:0e:41:33:60:89:4e:3b:0b:
                    76:d7:3e:2f:84:b0:37:81:de:80:e8:95:b6:b5:54:
                    54:6d:6f:01:4e:98:78:8d:96:1b:83:31:43:2b:96:
                    00:b2:d6:95:d0:96:18:36:ec:4e:13:fe:5b:ae:30:
                    6c:a1:84:23:e0:a0:6d:e5:ba:dd:67:87:c6:37:8a:
                    fc:6f:b6:4f:66:92:8c:31:cb:b5:80:d7:e8:40:26:
                    15:e7:0a:04:9f:59:f1:eb:a5:a7:ae:ad:30:11:e6:
                    c7:c0:b0:80:86:bc:ae:48:0a:c9:74:9b:f9:26:b6:
                    3a:6b:48:31:a5:b9:7d:bf:66:8e:9f:e6:5a:3b:d5:
                    c3:18:d2:1a:cd:90:42:1e:fd:7a:60:e0:0a:42:2a:
                    5b:71:83:c5:c0:07:62:63:b5:ef:ba:ed:f2:44:f0:
                    c2:4c:6e:23:b4:82:61:02:de:0b:8b:1e:ab:fb:ab:
                    6b:a9:5e:9e:f6:3a:f6:3f:ca:17:bc:e6:20:75:99:
                    28:e3:6d:c6:22:1c:8e:6e:e5:e9:19:5f:2b:01:0a:
                    2d:e4:ce:43:a9:a1:d3:17:67:00:12:62:7d:79:02:
                    82:9f:6a:1e:fe:ef:e5:71:1a:09:80:2f:75:45:8d:
                    b2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:D4:C5:27:80:73:32:AC:DA:E9:92:3E:16:BF:CB:D7:C6:00:D1:7C
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ANTFJ4BzMqza6ZI-Fr_L18YA0Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.243.0/24
                  188.212.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:a1:12:e1:55:bb:d2:9b:6f:11:de:95:1b:a7:f1:31:6f:21:
         44:ac:33:bf:5b:7e:21:5f:3b:c4:69:04:33:46:67:27:7c:0d:
         4f:bf:a9:fe:55:60:54:a4:2e:2c:77:d2:e9:59:97:e2:bc:ba:
         0c:dd:0d:0c:7a:5c:d5:78:75:ed:9b:a9:b2:d8:b6:0b:3a:76:
         c8:1d:ef:71:0c:91:62:98:0f:89:a5:22:f6:1d:ef:d5:06:7a:
         91:ca:1c:9f:52:e6:46:d0:05:a6:a2:b2:66:11:b1:9b:22:88:
         e8:a8:d1:86:23:a0:74:49:f1:4e:d6:a7:ca:a5:30:19:88:96:
         31:a6:0a:2e:7a:ab:90:09:f9:d9:ad:63:c3:55:b7:2a:8f:49:
         1f:16:e9:96:af:60:60:2d:0d:3b:ad:4a:72:40:b7:31:18:40:
         00:39:8c:c2:69:08:3d:98:ad:c1:68:64:9b:4d:61:bf:54:60:
         38:5e:8b:fd:e2:7c:a5:ce:a2:93:db:60:fb:e4:8e:25:cd:84:
         f9:e9:69:29:f4:5b:3f:dc:b1:1f:67:42:57:a0:4b:06:f0:50:
         0e:81:b2:ab:49:81:84:d6:07:71:d1:32:3f:b6:93:c8:25:03:
         58:93:89:52:3e:35:e7:7f:b3:c7:e5:99:37:e3:07:95:25:e6:
         a9:5c:b6:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzl4ZHSmgNmacPezlQz3TYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMzEzMDYyODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGQ0YzUyNzgwNzMzMmFjZGFlOTkyM2UxNmJmY2JkN2M2MDBkMTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRO0HqEtyqf7YhmoDmZZYWnzt4Mk
DkEzYIlOOwt21z4vhLA3gd6A6JW2tVRUbW8BTph4jZYbgzFDK5YAstaV0JYYNuxO
E/5brjBsoYQj4KBt5brdZ4fGN4r8b7ZPZpKMMcu1gNfoQCYV5woEn1nx66Wnrq0w
EebHwLCAhryuSArJdJv5JrY6a0gxpbl9v2aOn+ZaO9XDGNIazZBCHv16YOAKQipb
cYPFwAdiY7Xvuu3yRPDCTG4jtIJhAt4Lix6r+6trqV6e9jr2P8oXvOYgdZko423G
IhyObuXpGV8rAQot5M5DqaHTF2cAEmJ9eQKCn2oe/u/lcRoJgC91RY2ydQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFADUxSeAczKs2umSPha/y9fGANF8MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvQU5URko0QnpNcXphNlpJLUZyX0wxOFlBMFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSzzAwQA
vNRiMA0GCSqGSIb3DQEBCwUAA4IBAQA4oRLhVbvSm28R3pUbp/ExbyFErDO/W34h
XzvEaQQzRmcnfA1Pv6n+VWBUpC4sd9LpWZfivLoM3Q0MelzVeHXtm6my2LYLOnbI
He9xDJFimA+JpSL2He/VBnqRyhyfUuZG0AWmorJmEbGbIojoqNGGI6B0SfFO1qfK
pTAZiJYxpgouequQCfnZrWPDVbcqj0kfFumWr2BgLQ07rUpyQLcxGEAAOYzCaQg9
mK3BaGSbTWG/VGA4Xov94nylzqKT22D75I4lzYT56Wkp9Fs/3LEfZ0JXoEsG8FAO
gbKrSYGE1gdx0TI/tpPIJQNYk4lSPjXnf7PH5Zk34weVJeapXLaw
-----END CERTIFICATE-----