Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/O4W8V4ta9TPH3JBR2-Drko17mnI.roa
File:                     O4W8V4ta9TPH3JBR2-Drko17mnI.roa (raw, json)
Hash identifier:          eZbauCAYEP75NZzjmVokJXIEy1y7iTaIYD5JjGsUAuo=
Subject key identifier:   3B:85:BC:57:8B:5A:F5:33:C7:DC:90:51:DB:E0:EB:92:8D:7B:9A:72
Certificate issuer:       /CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
Certificate serial:       019DBBC868BD04BF2B554DCB44D0667DD236
Authority key identifier: 45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/O4W8V4ta9TPH3JBR2-Drko17mnI.roa
Signing time:             Thu 23 Apr 2026 19:19:26 +0000
ROA not before:           Thu 23 Apr 2026 19:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401496
IP address blocks:        2a01:f440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bb:c8:68:bd:04:bf:2b:55:4d:cb:44:d0:66:7d:d2:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
        Validity
            Not Before: Apr 23 19:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b85bc578b5af533c7dc9051dbe0eb928d7b9a72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:05:1e:59:2a:8d:a4:a9:25:5f:b4:14:b0:3f:
                    f6:c9:30:37:34:7c:9a:3d:04:96:f4:81:bf:3e:98:
                    fb:5e:df:1d:b6:c5:71:07:4b:92:35:dc:0e:fa:54:
                    8d:6f:51:be:de:71:65:ff:eb:71:ab:e8:12:2f:a3:
                    18:ac:76:a2:85:eb:0c:8e:ab:da:04:b4:0d:28:c8:
                    5c:94:eb:1c:b7:37:23:3b:f5:bd:33:97:3e:76:b2:
                    bf:53:2b:67:ef:0b:be:62:e5:17:78:d3:33:52:e6:
                    a2:60:68:c8:7e:c7:c7:ee:84:7a:ef:a5:00:e2:37:
                    a2:65:58:2c:d2:b7:ec:36:ef:8b:b9:ef:3d:bb:10:
                    8f:9c:90:fa:23:ac:e3:15:1d:9b:7d:42:c0:b1:6e:
                    a9:8f:91:14:aa:12:d4:a0:d5:b5:ad:8e:ce:d2:6d:
                    b9:54:a0:d8:9d:41:20:a8:84:cf:43:63:8f:af:80:
                    9e:39:e9:a1:5d:c0:7b:15:18:3c:ec:8e:b8:bb:4a:
                    d4:00:16:bd:2d:08:c7:90:3f:e3:59:61:1d:c7:e7:
                    50:75:ab:57:37:88:2f:de:95:cb:b8:f3:60:85:4f:
                    45:cb:62:94:7f:79:ec:3c:af:30:98:74:07:cc:23:
                    38:35:5a:c4:08:b3:63:b0:ab:09:db:dc:7a:9b:dc:
                    4d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:85:BC:57:8B:5A:F5:33:C7:DC:90:51:DB:E0:EB:92:8D:7B:9A:72
            X509v3 Authority Key Identifier:
                keyid:45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/O4W8V4ta9TPH3JBR2-Drko17mnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f440::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:eb:06:b3:02:5f:7d:5b:24:64:65:1c:90:b9:19:a6:55:2b:
         cd:79:01:38:58:91:aa:1a:98:97:6b:58:07:70:9c:ce:74:24:
         28:57:e2:f0:af:ff:dd:e6:ce:ef:c1:01:eb:64:b5:f1:d0:6a:
         ea:e1:e3:17:36:32:73:08:a1:e4:bc:11:9f:0a:ec:e1:69:82:
         10:16:da:d9:c5:38:47:37:23:29:5b:08:24:43:21:9b:9d:95:
         2d:13:71:aa:6a:98:f5:22:2f:83:e4:49:3a:62:99:ad:ba:42:
         5c:58:07:d5:9d:02:b5:74:58:0f:75:a7:8b:da:fc:86:bd:e4:
         82:19:e4:db:3c:af:f5:3a:e2:5b:bc:d2:c6:43:70:23:00:dd:
         90:67:6a:55:15:45:b3:88:77:bd:2e:83:32:cd:a0:36:0d:f0:
         92:9d:40:5c:f0:f4:20:d9:bd:52:33:c0:4b:01:d4:d7:f9:49:
         f5:dc:77:e5:03:c3:65:8f:be:c6:97:ef:f6:6e:68:ed:67:7c:
         1a:5e:fb:08:11:0d:68:f3:76:a4:2e:62:85:18:df:3d:b3:45:
         fa:0d:66:2d:3b:dd:41:de:f8:31:98:2b:da:55:1d:50:86:a9:
         9e:f3:ec:8d:a7:01:80:e3:cf:79:85:6d:6e:aa:c3:af:5d:51:
         09:29:c4:4c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ27yGi9BL8rVU3LRNBmfdI2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZWZmZTk4YzI0YzNkNmQ2MDg3YzhkMWQzZjkwMWI4Y2Nk
NDAwODgwHhcNMjYwNDIzMTkxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg1YmM1NzhiNWFmNTMzYzdkYzkwNTFkYmUwZWI5MjhkN2I5YTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAUeWSqNpKklX7QUsD/2yTA3NHya
PQSW9IG/Ppj7Xt8dtsVxB0uSNdwO+lSNb1G+3nFl/+txq+gSL6MYrHaihesMjqva
BLQNKMhclOsctzcjO/W9M5c+drK/Uytn7wu+YuUXeNMzUuaiYGjIfsfH7oR676UA
4jeiZVgs0rfsNu+Lue89uxCPnJD6I6zjFR2bfULAsW6pj5EUqhLUoNW1rY7O0m25
VKDYnUEgqITPQ2OPr4CeOemhXcB7FRg87I64u0rUABa9LQjHkD/jWWEdx+dQdatX
N4gv3pXLuPNghU9Fy2KUf3nsPK8wmHQHzCM4NVrECLNjsKsJ29x6m9xNvwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDuFvFeLWvUzx9yQUdvg65KNe5pyMB8GA1UdIwQY
MBaAFEXv/pjCTD1tYIfI0dP5AbjM1ACIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAt
ZGViN2I5MTg5MTY5LzEvTzRXOFY0dGE5VFBIM0pCUjItRHJrbzE3bW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAtZGViN2I5MTg5MTY5
LzEvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgH0QDAN
BgkqhkiG9w0BAQsFAAOCAQEAlesGswJffVskZGUckLkZplUrzXkBOFiRqhqYl2tY
B3CcznQkKFfi8K//3ebO78EB62S18dBq6uHjFzYycwih5LwRnwrs4WmCEBba2cU4
RzcjKVsIJEMhm52VLRNxqmqY9SIvg+RJOmKZrbpCXFgH1Z0CtXRYD3Wni9r8hr3k
ghnk2zyv9TriW7zSxkNwIwDdkGdqVRVFs4h3vS6DMs2gNg3wkp1AXPD0INm9UjPA
SwHU1/lJ9dx35QPDZY++xpfv9m5o7Wd8Gl77CBENaPN2pC5ihRjfPbNF+g1mLTvd
Qd74MZgr2lUdUIapnvPsjacBgOPPeYVtbqrDr11RCSnETA==
-----END CERTIFICATE-----