Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/421476-b808-485e-bb56-f19a2fde1e6a/1/4insj3pucuWS5WBRNtcX06ZuH-Y.roa
File:                     4insj3pucuWS5WBRNtcX06ZuH-Y.roa (raw, json)
Hash identifier:          VUuXsJpu6FaH+zLOTesRLETFV8rJOEX7P+g0BMZ48VA=
Subject key identifier:   E2:29:EC:8F:7A:6E:72:E5:92:E5:60:51:36:D7:17:D3:A6:6E:1F:E6
Certificate issuer:       /CN=031ec4ae1d04dae14015c627fa396b3efce56062
Certificate serial:       019B76EB3F775FC433906876787153473267
Authority key identifier: 03:1E:C4:AE:1D:04:DA:E1:40:15:C6:27:FA:39:6B:3E:FC:E5:60:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ax7Erh0E2uFAFcYn-jlrPvzlYGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/421476-b808-485e-bb56-f19a2fde1e6a/1/4insj3pucuWS5WBRNtcX06ZuH-Y.roa
Signing time:             Thu 01 Jan 2026 00:18:07 +0000
ROA not before:           Thu 01 Jan 2026 00:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216436
IP address blocks:        185.19.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/421476-b808-485e-bb56-f19a2fde1e6a/1/Ax7Erh0E2uFAFcYn-jlrPvzlYGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/421476-b808-485e-bb56-f19a2fde1e6a/1/Ax7Erh0E2uFAFcYn-jlrPvzlYGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ax7Erh0E2uFAFcYn-jlrPvzlYGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:3f:77:5f:c4:33:90:68:76:78:71:53:47:32:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=031ec4ae1d04dae14015c627fa396b3efce56062
        Validity
            Not Before: Jan  1 00:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e229ec8f7a6e72e592e5605136d717d3a66e1fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:74:2a:8a:12:59:e6:a2:66:c9:b0:fb:f9:8a:
                    e9:f0:cb:cf:ce:f0:e1:28:2b:77:c9:30:c4:0b:65:
                    5e:e5:4c:9a:a0:d0:b9:27:df:e4:5f:6a:63:8f:d5:
                    e1:ce:df:01:bc:04:74:50:90:6c:9e:c7:95:93:f9:
                    ee:b7:33:94:36:22:f2:c0:99:55:82:bc:d9:d2:12:
                    d4:cf:00:9e:15:3d:ae:d8:aa:43:2c:50:b1:55:0b:
                    ec:91:85:fc:ee:f0:74:f3:26:93:b3:58:b6:df:52:
                    bf:52:09:20:55:0a:80:60:bc:93:12:41:5f:fa:2e:
                    3f:25:47:9a:d0:41:d3:d5:3a:61:8e:89:6d:15:b3:
                    68:7a:ac:d9:0c:9a:26:30:b1:27:75:64:76:8c:33:
                    b4:0c:13:f0:3e:82:d7:42:ef:8d:f8:86:c2:21:b6:
                    d9:63:bb:4a:0d:89:1b:5b:a2:a2:fd:8f:a6:4f:48:
                    28:6c:f5:64:b4:82:75:5d:b8:cb:63:27:61:9b:d1:
                    e4:4c:35:09:40:5f:27:df:4c:8c:ea:08:af:80:69:
                    ec:ea:43:d9:a6:83:95:5f:f1:99:e8:01:81:74:27:
                    ee:37:3f:07:04:38:f6:b7:c3:03:b2:f3:20:a6:f7:
                    6f:f3:77:d2:df:e0:b1:2b:f0:ae:b3:d4:99:43:93:
                    e8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:29:EC:8F:7A:6E:72:E5:92:E5:60:51:36:D7:17:D3:A6:6E:1F:E6
            X509v3 Authority Key Identifier:
                keyid:03:1E:C4:AE:1D:04:DA:E1:40:15:C6:27:FA:39:6B:3E:FC:E5:60:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ax7Erh0E2uFAFcYn-jlrPvzlYGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/421476-b808-485e-bb56-f19a2fde1e6a/1/4insj3pucuWS5WBRNtcX06ZuH-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/421476-b808-485e-bb56-f19a2fde1e6a/1/Ax7Erh0E2uFAFcYn-jlrPvzlYGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:65:a6:15:48:ee:a9:6c:93:33:c6:ba:ea:ef:ce:4a:b9:19:
         c8:f9:14:d2:2e:b0:25:6a:fc:61:59:d8:0d:97:b1:04:df:7c:
         0f:9c:b0:b3:09:62:dd:d2:77:33:9e:8d:94:3e:4e:61:1a:93:
         88:c5:ef:1d:dc:58:7a:b7:73:26:3e:8a:4f:ef:01:bf:27:99:
         bc:c3:df:8f:79:27:1c:ac:d6:75:d5:20:ba:49:f4:dc:16:14:
         1f:ad:69:3f:be:85:ad:50:40:66:ea:9d:f4:fa:a4:07:a3:a1:
         2d:35:0e:70:78:e9:20:b9:ba:93:df:bd:ba:1b:df:d3:20:85:
         42:e0:f6:b2:92:78:7b:36:eb:8e:c5:67:5a:22:43:32:db:c7:
         b2:6f:f5:d7:79:16:ca:41:0d:fa:5a:94:55:e7:f5:2c:84:70:
         20:e0:e5:ab:51:d0:00:8b:62:94:1c:28:ac:42:92:be:5e:b4:
         4d:71:7f:d7:dd:aa:9e:36:ce:b2:15:58:39:2a:61:b4:16:c3:
         ca:ad:4e:bb:86:54:3d:ea:a2:b8:e9:41:c2:99:0c:9a:10:6e:
         8d:8b:cc:04:ba:ee:41:13:cc:a9:e8:c7:57:67:a9:4c:b2:5d:
         59:7c:02:80:1d:95:23:27:a4:4b:f0:21:e5:00:49:b3:d9:16:
         5a:ff:75:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26z93X8QzkGh2eHFTRzJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMWVjNGFlMWQwNGRhZTE0MDE1YzYyN2ZhMzk2YjNlZmNl
NTYwNjIwHhcNMjYwMTAxMDAxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjI5ZWM4ZjdhNmU3MmU1OTJlNTYwNTEzNmQ3MTdkM2E2NmUxZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynQqihJZ5qJmybD7+Yrp8MvPzvDh
KCt3yTDEC2Ve5UyaoNC5J9/kX2pjj9Xhzt8BvAR0UJBsnseVk/nutzOUNiLywJlV
grzZ0hLUzwCeFT2u2KpDLFCxVQvskYX87vB08yaTs1i231K/UgkgVQqAYLyTEkFf
+i4/JUea0EHT1TphjoltFbNoeqzZDJomMLEndWR2jDO0DBPwPoLXQu+N+IbCIbbZ
Y7tKDYkbW6Ki/Y+mT0gobPVktIJ1XbjLYydhm9HkTDUJQF8n30yM6givgGns6kPZ
poOVX/GZ6AGBdCfuNz8HBDj2t8MDsvMgpvdv83fS3+CxK/Cus9SZQ5PokwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIp7I96bnLlkuVgUTbXF9Ombh/mMB8GA1UdIwQY
MBaAFAMexK4dBNrhQBXGJ/o5az785WBiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXg3RXJoMEUydUZBRmNZbi1qbHJQdnpsWUdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS80MjE0NzYtYjgwOC00ODVlLWJiNTYt
ZjE5YTJmZGUxZTZhLzEvNGluc2ozcHVjdVdTNVdCUk50Y1gwNlp1SC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS80MjE0NzYtYjgwOC00ODVlLWJiNTYtZjE5YTJmZGUxZTZh
LzEvQXg3RXJoMEUydUZBRmNZbi1qbHJQdnpsWUdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRMgMA0G
CSqGSIb3DQEBCwUAA4IBAQCIZaYVSO6pbJMzxrrq785KuRnI+RTSLrAlavxhWdgN
l7EE33wPnLCzCWLd0nczno2UPk5hGpOIxe8d3Fh6t3MmPopP7wG/J5m8w9+PeScc
rNZ11SC6SfTcFhQfrWk/voWtUEBm6p30+qQHo6EtNQ5weOkgubqT3726G9/TIIVC
4Payknh7NuuOxWdaIkMy28eyb/XXeRbKQQ36WpRV5/UshHAg4OWrUdAAi2KUHCis
QpK+XrRNcX/X3aqeNs6yFVg5KmG0FsPKrU67hlQ96qK46UHCmQyaEG6Ni8wEuu5B
E8yp6MdXZ6lMsl1ZfAKAHZUjJ6RL8CHlAEmz2RZa/3VG
-----END CERTIFICATE-----