Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/7b6110-8c4b-4af6-a7ca-2edfe25bb58a/1/4pI4a8-tsvH-3VDbaKXuIvjNMz8.roa
File:                     4pI4a8-tsvH-3VDbaKXuIvjNMz8.roa (raw, json)
Hash identifier:          f0CZY2S4Rcr1NYYNDzp2PZIOWVKIDfe5fbwBQKjurLE=
Subject key identifier:   E2:92:38:6B:CF:AD:B2:F1:FE:DD:50:DB:68:A5:EE:22:F8:CD:33:3F
Certificate issuer:       /CN=a0acca9c4fe9bf9edf3bc6e5cabc52838d93cb13
Certificate serial:       019DC08AF9B63BBB6A87FC5988BBB437FA1E
Authority key identifier: A0:AC:CA:9C:4F:E9:BF:9E:DF:3B:C6:E5:CA:BC:52:83:8D:93:CB:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oKzKnE_pv57fO8blyrxSg42TyxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/7b6110-8c4b-4af6-a7ca-2edfe25bb58a/1/4pI4a8-tsvH-3VDbaKXuIvjNMz8.roa
Signing time:             Fri 24 Apr 2026 17:30:26 +0000
ROA not before:           Fri 24 Apr 2026 17:30:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        185.174.144.0/22 maxlen: 22
                          185.174.145.0/24 maxlen: 24
                          185.174.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/7b6110-8c4b-4af6-a7ca-2edfe25bb58a/1/oKzKnE_pv57fO8blyrxSg42TyxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/7b6110-8c4b-4af6-a7ca-2edfe25bb58a/1/oKzKnE_pv57fO8blyrxSg42TyxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oKzKnE_pv57fO8blyrxSg42TyxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c0:8a:f9:b6:3b:bb:6a:87:fc:59:88:bb:b4:37:fa:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0acca9c4fe9bf9edf3bc6e5cabc52838d93cb13
        Validity
            Not Before: Apr 24 17:30:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e292386bcfadb2f1fedd50db68a5ee22f8cd333f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:66:a3:98:bf:98:f0:63:0a:7d:2a:d7:3e:9a:
                    54:13:df:79:d2:fa:5e:e2:2c:aa:d2:ce:f8:dd:c2:
                    22:83:c1:c5:4b:76:db:d9:2c:f8:0e:91:c3:01:85:
                    c2:0b:40:77:c0:41:4c:08:fb:e6:a1:53:3d:9c:8c:
                    11:c6:3a:d9:d3:2e:6d:b9:a8:7c:9e:cd:00:5b:46:
                    39:00:56:e8:1a:42:5a:86:28:34:59:9f:47:3e:d9:
                    85:cd:d0:90:8d:56:5a:74:68:73:e5:7f:61:19:83:
                    99:18:7c:e4:2f:9d:cf:d0:0d:2d:b8:91:63:35:98:
                    52:d1:9b:af:94:2c:e8:40:7f:49:55:84:3c:19:a8:
                    8f:f5:0e:0a:b6:48:59:87:d6:74:c0:0c:6e:f8:df:
                    25:22:7b:33:7c:6f:6f:2b:d1:66:da:13:7d:0a:4b:
                    ee:cf:ca:08:49:32:7f:66:6d:a2:e7:56:a5:c0:21:
                    45:12:0f:08:79:6a:6b:e2:f6:d8:07:e6:34:8c:25:
                    e1:15:64:fb:d4:57:90:fb:f7:77:9f:ad:3b:89:c0:
                    da:fa:cf:e2:80:a6:74:88:f7:d6:ed:b7:ab:a7:dd:
                    f4:0a:9e:62:c2:aa:94:86:30:dd:b7:b8:25:68:70:
                    b3:5b:3a:87:0e:18:6d:77:8e:22:e9:ab:93:2c:36:
                    50:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:92:38:6B:CF:AD:B2:F1:FE:DD:50:DB:68:A5:EE:22:F8:CD:33:3F
            X509v3 Authority Key Identifier:
                keyid:A0:AC:CA:9C:4F:E9:BF:9E:DF:3B:C6:E5:CA:BC:52:83:8D:93:CB:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKzKnE_pv57fO8blyrxSg42TyxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/7b6110-8c4b-4af6-a7ca-2edfe25bb58a/1/4pI4a8-tsvH-3VDbaKXuIvjNMz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/7b6110-8c4b-4af6-a7ca-2edfe25bb58a/1/oKzKnE_pv57fO8blyrxSg42TyxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:2e:5e:5b:d5:08:f1:e9:a3:42:c1:01:67:4c:16:22:2b:d4:
         0d:db:67:eb:9b:f8:39:85:9f:21:e1:da:e1:b7:6b:1b:a8:ce:
         89:70:08:14:a9:30:f4:3c:eb:ff:90:29:11:0f:5e:bb:4d:d1:
         f0:9f:3d:1a:25:02:83:6e:a3:7c:73:b6:7f:4b:22:8a:43:54:
         39:be:89:7d:6d:8a:76:57:b0:3a:d6:03:9b:b9:f7:3f:1f:92:
         f3:6f:23:2c:9b:9b:da:4e:74:1d:fc:43:50:9b:b5:e7:ea:86:
         7c:8c:e5:ab:d5:a8:a1:47:44:ac:04:40:d6:90:a1:3a:33:24:
         f2:4c:84:5f:73:cc:74:9e:7e:e0:53:23:19:e4:6f:5b:41:c4:
         07:c6:33:95:3a:81:50:7f:c5:87:c6:00:7d:91:0e:4a:aa:c9:
         a0:fa:37:be:ad:b5:4a:f0:d1:c0:5d:23:cc:6e:e9:36:fb:d9:
         94:4c:5e:58:39:eb:66:9c:ec:eb:2d:3c:66:cc:b7:7d:24:91:
         d6:c9:e3:27:de:91:f4:e7:a2:b5:df:ce:f0:44:69:e6:8e:25:
         40:51:8a:fc:dd:68:60:ba:c8:2e:14:c0:02:7c:ff:b6:a2:8f:
         b7:1b:5f:3c:4a:38:a7:51:38:26:0f:3a:a5:12:da:1e:95:a4:
         e0:45:8d:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Aivm2O7tqh/xZiLu0N/oeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYWNjYTljNGZlOWJmOWVkZjNiYzZlNWNhYmM1MjgzOGQ5
M2NiMTMwHhcNMjYwNDI0MTczMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjkyMzg2YmNmYWRiMmYxZmVkZDUwZGI2OGE1ZWUyMmY4Y2QzMzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WajmL+Y8GMKfSrXPppUE9950vpe
4iyq0s743cIig8HFS3bb2Sz4DpHDAYXCC0B3wEFMCPvmoVM9nIwRxjrZ0y5tuah8
ns0AW0Y5AFboGkJahig0WZ9HPtmFzdCQjVZadGhz5X9hGYOZGHzkL53P0A0tuJFj
NZhS0ZuvlCzoQH9JVYQ8GaiP9Q4KtkhZh9Z0wAxu+N8lInszfG9vK9Fm2hN9Ckvu
z8oISTJ/Zm2i51alwCFFEg8IeWpr4vbYB+Y0jCXhFWT71FeQ+/d3n607icDa+s/i
gKZ0iPfW7berp930Cp5iwqqUhjDdt7glaHCzWzqHDhhtd44i6auTLDZQZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKSOGvPrbLx/t1Q22il7iL4zTM/MB8GA1UdIwQY
MBaAFKCsypxP6b+e3zvG5cq8UoONk8sTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0t6S25FX3B2NTdmTzhibHlyeFNnNDJUeXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83YjYxMTAtOGM0Yi00YWY2LWE3Y2Et
MmVkZmUyNWJiNThhLzEvNHBJNGE4LXRzdkgtM1ZEYmFLWHVJdmpOTXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni83YjYxMTAtOGM0Yi00YWY2LWE3Y2EtMmVkZmUyNWJiNThh
LzEvb0t6S25FX3B2NTdmTzhibHlyeFNnNDJUeXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCua6QMA0G
CSqGSIb3DQEBCwUAA4IBAQAmLl5b1Qjx6aNCwQFnTBYiK9QN22frm/g5hZ8h4drh
t2sbqM6JcAgUqTD0POv/kCkRD167TdHwnz0aJQKDbqN8c7Z/SyKKQ1Q5vol9bYp2
V7A61gObufc/H5LzbyMsm5vaTnQd/ENQm7Xn6oZ8jOWr1aihR0SsBEDWkKE6MyTy
TIRfc8x0nn7gUyMZ5G9bQcQHxjOVOoFQf8WHxgB9kQ5Kqsmg+je+rbVK8NHAXSPM
buk2+9mUTF5YOetmnOzrLTxmzLd9JJHWyeMn3pH056K1387wRGnmjiVAUYr83Whg
usguFMACfP+2oo+3G188SjinUTgmDzqlEtoelaTgRY3j
-----END CERTIFICATE-----