Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/aroD3QvA2Mvi9mjtiEqgNunnyJ4.roa
File:                     aroD3QvA2Mvi9mjtiEqgNunnyJ4.roa (raw, json)
Hash identifier:          Ggd0AsLcjkyJmMLgyrAkOlZxfekcpOtw3TFv/7HD364=
Subject key identifier:   6A:BA:03:DD:0B:C0:D8:CB:E2:F6:68:ED:88:4A:A0:36:E9:E7:C8:9E
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       019D05A86A72D0EAF1F12EEE2D52575776F5
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/aroD3QvA2Mvi9mjtiEqgNunnyJ4.roa
Signing time:             Thu 19 Mar 2026 10:33:36 +0000
ROA not before:           Thu 19 Mar 2026 10:33:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212607
IP address blocks:        94.184.4.0/24 maxlen: 24
                          94.184.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:a8:6a:72:d0:ea:f1:f1:2e:ee:2d:52:57:57:76:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Mar 19 10:33:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6aba03dd0bc0d8cbe2f668ed884aa036e9e7c89e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:2a:1b:f8:71:62:f0:25:13:0f:f9:b3:ce:6c:
                    db:b4:ad:27:ec:73:2e:ef:a2:6b:f6:f4:9b:ff:37:
                    9e:47:41:f5:34:1c:8d:c2:58:d0:a5:c8:a1:29:aa:
                    21:8e:cd:b9:f8:56:da:b0:c8:4b:82:a3:a7:b1:cf:
                    97:28:bc:25:77:f8:a6:80:11:b0:8d:67:2b:44:12:
                    0a:e7:48:86:11:64:7f:4e:5e:67:80:12:dc:5c:14:
                    2d:56:b3:1e:d9:ea:93:67:35:7c:b2:85:0e:38:14:
                    ec:8e:55:b2:20:a2:a8:cc:0b:ba:ac:e6:e8:cf:7e:
                    41:4c:7d:8d:a0:ea:c6:c6:2e:e7:e6:0a:f5:6a:3d:
                    73:84:c5:db:e9:54:9e:6d:b0:a8:a9:d0:55:50:2e:
                    76:c4:ff:29:a2:5b:34:bf:99:f1:09:b5:14:e8:e1:
                    8e:fd:ab:1b:cf:0e:91:7c:13:9b:e0:c7:f3:5c:12:
                    dc:06:1f:ae:ea:29:85:5b:95:01:7f:9a:04:cb:58:
                    5a:d0:b0:e0:9b:e3:3b:96:b1:9a:93:e0:60:02:be:
                    96:bf:60:74:a6:dd:0e:aa:c0:35:34:1d:aa:7f:cd:
                    dd:3e:24:0a:26:80:ce:08:6b:23:dd:03:07:05:7f:
                    eb:e5:af:44:c3:fd:29:c9:11:a9:b6:3c:66:3c:b5:
                    16:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:BA:03:DD:0B:C0:D8:CB:E2:F6:68:ED:88:4A:A0:36:E9:E7:C8:9E
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/aroD3QvA2Mvi9mjtiEqgNunnyJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.184.4.0/24
                  94.184.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:9a:43:e4:04:77:5f:c9:a2:c8:9a:d3:66:f0:24:0c:0e:d4:
         40:80:3d:4c:9b:22:df:63:66:2f:f4:38:b1:9b:68:ad:a4:4b:
         16:0a:a5:13:d0:4e:f2:b1:06:09:f9:3e:b4:2b:e2:32:d0:da:
         10:79:84:9b:89:83:cb:c5:92:aa:35:d6:78:ac:fb:c7:cb:27:
         ec:10:f8:24:09:91:53:e8:27:50:c8:08:fe:3a:2d:88:fb:b5:
         ef:98:1c:51:dc:d7:65:81:a9:ec:ce:3f:22:e8:36:7e:1e:af:
         66:7d:7d:c7:5f:67:d5:3a:6e:9d:6a:89:c5:fd:19:41:3c:6b:
         ae:7e:7b:32:a3:86:8c:26:34:50:42:6c:55:88:ce:32:12:f8:
         83:c9:d9:4f:12:9d:30:ca:cb:bc:de:75:ff:d5:07:41:ae:e7:
         24:35:32:ca:08:27:df:10:02:80:1e:d8:f7:a4:ae:1a:0b:95:
         12:d0:c6:37:f9:7b:a3:b4:ca:a8:40:29:d2:c3:96:5c:c7:63:
         48:e7:d8:a3:49:dc:b5:7f:97:4a:b2:79:15:10:ba:ce:d6:5a:
         4c:67:12:f2:18:0a:31:08:14:3a:e0:1b:76:83:2f:30:1b:8b:
         03:7c:4f:e8:31:99:b3:1e:c9:02:12:33:4b:1a:17:18:3b:e8:
         4e:3d:c5:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0FqGpy0Orx8S7uLVJXV3b1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjYwMzE5MTAzMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWJhMDNkZDBiYzBkOGNiZTJmNjY4ZWQ4ODRhYTAzNmU5ZTdjODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iob+HFi8CUTD/mzzmzbtK0n7HMu
76Jr9vSb/zeeR0H1NByNwljQpcihKaohjs25+FbasMhLgqOnsc+XKLwld/imgBGw
jWcrRBIK50iGEWR/Tl5ngBLcXBQtVrMe2eqTZzV8soUOOBTsjlWyIKKozAu6rObo
z35BTH2NoOrGxi7n5gr1aj1zhMXb6VSebbCoqdBVUC52xP8pols0v5nxCbUU6OGO
/asbzw6RfBOb4MfzXBLcBh+u6imFW5UBf5oEy1ha0LDgm+M7lrGak+BgAr6Wv2B0
pt0OqsA1NB2qf83dPiQKJoDOCGsj3QMHBX/r5a9Ew/0pyRGptjxmPLUWlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGq6A90LwNjL4vZo7YhKoDbp58ieMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvYXJvRDNRdkEyTXZpOW1qdGlFcWdOdW5ueUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrgEAwQA
XrgdMA0GCSqGSIb3DQEBCwUAA4IBAQCPmkPkBHdfyaLImtNm8CQMDtRAgD1MmyLf
Y2Yv9Dixm2itpEsWCqUT0E7ysQYJ+T60K+Iy0NoQeYSbiYPLxZKqNdZ4rPvHyyfs
EPgkCZFT6CdQyAj+Oi2I+7XvmBxR3Ndlganszj8i6DZ+Hq9mfX3HX2fVOm6daonF
/RlBPGuufnsyo4aMJjRQQmxViM4yEviDydlPEp0wysu83nX/1QdBruckNTLKCCff
EAKAHtj3pK4aC5US0MY3+XujtMqoQCnSw5Zcx2NI59ijSdy1f5dKsnkVELrO1lpM
ZxLyGAoxCBQ64Bt2gy8wG4sDfE/oMZmzHskCEjNLGhcYO+hOPcVI
-----END CERTIFICATE-----