Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/1oC4uffGuoTq3tmi5Iur1xPb9V0.roa
File:                     1oC4uffGuoTq3tmi5Iur1xPb9V0.roa (raw, json)
Hash identifier:          yLTsMFkan793u0UGWgG0hRj6x8EGqm4ldKC+67jh2FM=
Subject key identifier:   D6:80:B8:B9:F7:C6:BA:84:EA:DE:D9:A2:E4:8B:AB:D7:13:DB:F5:5D
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D1931D7DB0D12DA6B8E1370738042D170
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/1oC4uffGuoTq3tmi5Iur1xPb9V0.roa
Signing time:             Mon 23 Mar 2026 05:36:29 +0000
ROA not before:           Mon 23 Mar 2026 05:36:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     27687
IP address blocks:        31.15.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:18:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:31:d7:db:0d:12:da:6b:8e:13:70:73:80:42:d1:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 23 05:36:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d680b8b9f7c6ba84eaded9a2e48babd713dbf55d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4c:45:ff:6a:ed:8b:b8:c3:45:7e:2a:c5:1b:
                    1c:a8:68:15:91:2a:11:f4:48:c5:8e:68:37:37:79:
                    9e:29:a6:0a:17:a4:84:c5:af:14:0c:10:cf:63:4f:
                    e4:e0:64:6a:10:2b:2a:0d:ad:0a:31:07:2c:3c:6b:
                    57:cc:f6:34:3f:72:05:67:b4:87:98:4f:5f:b1:d0:
                    cb:d0:ae:d1:60:be:ab:6f:94:06:07:6a:8e:03:0d:
                    44:f4:20:1b:52:53:48:f4:54:56:21:fb:6b:d1:91:
                    67:36:e5:f5:27:62:36:0b:9e:6f:9b:1c:7f:09:b2:
                    d0:74:e5:59:14:6f:48:55:a1:dc:6a:ff:ab:e4:93:
                    21:14:2b:d6:3a:99:b4:c2:c9:2c:69:ed:7a:bb:21:
                    90:60:31:ae:b9:20:15:f9:0b:c0:35:1b:ba:4d:21:
                    5a:8e:88:06:54:5f:b2:cd:a1:ab:f5:00:f1:b6:55:
                    35:ed:55:10:f2:8d:e6:c5:d8:84:18:b9:dd:d0:50:
                    2e:fc:a4:74:29:a2:3f:e8:82:2c:9b:f0:a7:c8:db:
                    93:ed:cb:18:60:bc:4b:ee:35:ca:ee:5c:a9:21:88:
                    5d:e9:d3:a6:86:6b:65:b1:e5:0a:6b:a3:15:75:3b:
                    a1:ce:22:5c:ae:4c:a7:d4:63:68:8d:13:55:68:41:
                    d6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:80:B8:B9:F7:C6:BA:84:EA:DE:D9:A2:E4:8B:AB:D7:13:DB:F5:5D
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/1oC4uffGuoTq3tmi5Iur1xPb9V0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:f2:dd:44:cb:57:b0:2c:c3:03:0e:4b:d0:d0:59:1e:97:fc:
         03:6c:c6:e5:32:59:8f:e4:8b:74:5c:95:d3:e7:ae:90:34:f9:
         f3:e1:9f:bb:74:b5:3a:6f:4d:69:32:26:0e:5c:a2:57:71:4f:
         47:5e:14:79:4f:4c:1a:83:80:96:29:39:16:8d:5a:f5:6d:49:
         36:03:c8:e1:39:49:b8:50:c6:64:53:21:5e:16:be:20:41:fd:
         65:c4:64:c5:da:35:38:be:e3:0a:c7:26:b6:de:6e:75:84:28:
         ca:70:cf:66:f3:62:f9:71:f8:65:97:62:46:50:55:dc:a4:c8:
         f7:6f:69:cd:e8:22:fe:b1:c4:1a:45:07:b1:16:72:1a:87:95:
         8a:b3:dc:dd:cb:ef:a9:9e:79:96:e4:c4:3a:7f:2f:28:8d:5f:
         0f:94:71:14:d5:9e:9d:33:a4:a5:fb:07:16:a0:bb:11:eb:f7:
         2a:46:31:9e:5e:c3:92:63:b2:58:82:59:78:f5:27:40:6a:da:
         27:5a:f9:95:2a:2b:0f:73:dc:e9:da:5b:ef:c3:28:30:a3:3d:
         e9:f2:9b:c0:f2:ff:61:c3:f1:b6:55:95:81:93:24:2d:dc:39:
         53:b9:ae:4b:9f:96:1e:67:7e:33:ea:cb:7f:96:8f:53:09:7b:
         5f:c4:8c:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0ZMdfbDRLaa44TcHOAQtFwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzIzMDUzNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjgwYjhiOWY3YzZiYTg0ZWFkZWQ5YTJlNDhiYWJkNzEzZGJmNTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0xF/2rti7jDRX4qxRscqGgVkSoR
9EjFjmg3N3meKaYKF6SExa8UDBDPY0/k4GRqECsqDa0KMQcsPGtXzPY0P3IFZ7SH
mE9fsdDL0K7RYL6rb5QGB2qOAw1E9CAbUlNI9FRWIftr0ZFnNuX1J2I2C55vmxx/
CbLQdOVZFG9IVaHcav+r5JMhFCvWOpm0wsksae16uyGQYDGuuSAV+QvANRu6TSFa
jogGVF+yzaGr9QDxtlU17VUQ8o3mxdiEGLnd0FAu/KR0KaI/6IIsm/CnyNuT7csY
YLxL7jXK7lypIYhd6dOmhmtlseUKa6MVdTuhziJcrkyn1GNojRNVaEHW5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaAuLn3xrqE6t7ZouSLq9cT2/VdMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvMW9DNHVmZkd1b1RxM3RtaTVJdXIxeFBiOVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw8EMA0G
CSqGSIb3DQEBCwUAA4IBAQDM8t1Ey1ewLMMDDkvQ0Fkel/wDbMblMlmP5It0XJXT
566QNPnz4Z+7dLU6b01pMiYOXKJXcU9HXhR5T0wag4CWKTkWjVr1bUk2A8jhOUm4
UMZkUyFeFr4gQf1lxGTF2jU4vuMKxya23m51hCjKcM9m82L5cfhll2JGUFXcpMj3
b2nN6CL+scQaRQexFnIah5WKs9zdy++pnnmW5MQ6fy8ojV8PlHEU1Z6dM6Sl+wcW
oLsR6/cqRjGeXsOSY7JYgll49SdAatonWvmVKisPc9zp2lvvwygwoz3p8pvA8v9h
w/G2VZWBkyQt3DlTua5Ln5YeZ34z6st/lo9TCXtfxIyr
-----END CERTIFICATE-----