Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/5h3Vg7MDu9OUqYLtpRUlybe2Q_0.roa
File:                     5h3Vg7MDu9OUqYLtpRUlybe2Q_0.roa (raw, json)
Hash identifier:          IXwF+8RbGzPxWOuNDAxrZeAv2mM67iWPHxzVwtDqkbQ=
Subject key identifier:   E6:1D:D5:83:B3:03:BB:D3:94:A9:82:ED:A5:15:25:C9:B7:B6:43:FD
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019CFB3523BA0A7A4BC3D97942271E675663
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/5h3Vg7MDu9OUqYLtpRUlybe2Q_0.roa
Signing time:             Tue 17 Mar 2026 09:51:29 +0000
ROA not before:           Tue 17 Mar 2026 09:51:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        132.243.197.0/24 maxlen: 24
                          195.226.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:35:23:ba:0a:7a:4b:c3:d9:79:42:27:1e:67:56:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Mar 17 09:51:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e61dd583b303bbd394a982eda51525c9b7b643fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:d5:0c:78:da:a3:69:f4:81:8f:90:56:67:23:
                    d0:c2:18:3d:da:f9:84:e3:b6:ab:bb:36:c4:a1:ce:
                    ce:88:18:f3:71:34:d8:ff:10:0c:67:23:7b:4f:2e:
                    b7:37:b3:7d:71:91:11:df:4e:93:ea:95:40:c3:55:
                    74:03:0f:0a:96:9e:09:bc:97:b2:45:2f:d0:ca:91:
                    37:44:88:cd:01:80:95:0f:c1:28:c0:2d:b5:e7:51:
                    47:78:43:63:d4:ee:23:1b:b5:3a:37:14:a7:b5:42:
                    bb:e3:09:04:e2:e9:e8:a2:f1:48:49:7b:60:bb:b8:
                    a7:87:4d:1f:43:8a:cb:e1:28:66:e7:22:49:b3:4e:
                    6e:e3:37:8a:64:1e:99:6f:70:a4:e5:42:91:61:a4:
                    ef:b9:58:83:d1:e2:9f:bb:14:c3:af:39:e1:96:d3:
                    c5:19:3e:d9:17:ca:e0:67:39:61:f0:52:0f:c8:aa:
                    f1:02:6d:15:87:08:71:dd:f1:3b:1e:a9:90:90:8c:
                    c7:e6:71:da:74:1e:49:c9:59:c1:93:be:8b:0f:3d:
                    0c:e0:26:94:8a:14:f8:fd:90:89:f4:ad:a6:fb:6e:
                    72:a7:93:39:43:f8:99:53:de:35:e7:bc:ee:8c:ce:
                    1c:d1:6b:90:78:26:17:4a:d2:15:3e:da:9d:1e:30:
                    72:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:1D:D5:83:B3:03:BB:D3:94:A9:82:ED:A5:15:25:C9:B7:B6:43:FD
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/5h3Vg7MDu9OUqYLtpRUlybe2Q_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.197.0/24
                  195.226.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:e9:8d:8c:d2:79:47:eb:64:68:6c:c1:35:90:7a:7f:97:be:
         27:c9:87:eb:54:c8:ab:f7:bb:d9:3d:9e:f2:c3:dd:a3:5c:e5:
         fd:db:56:16:1f:7d:3a:46:05:c8:bb:b6:92:4d:2d:a5:51:0b:
         7c:54:83:9c:f8:27:20:16:5e:01:37:9a:48:1e:74:36:ef:3b:
         bd:f7:0f:18:5d:74:9c:87:3a:49:b9:2a:ab:a7:4b:68:62:7d:
         04:d6:2c:4f:f9:94:6d:65:52:27:75:de:be:2b:bf:c0:ca:20:
         a8:a3:ea:f3:eb:87:26:0d:67:32:bf:2b:da:77:7b:61:49:d5:
         50:c7:49:c4:09:a6:4f:49:0f:b8:e7:f0:3b:02:ad:3a:6b:8b:
         c7:04:28:d6:e2:5f:c7:25:3c:64:9d:fd:2b:c0:1e:be:72:11:
         d7:2f:6c:4b:fd:75:1d:c6:d6:ef:e1:a8:dc:ff:5c:96:a9:30:
         b5:36:74:e1:ff:8f:ee:dc:1f:0f:18:f0:66:82:c6:44:d8:ef:
         0e:d1:22:88:13:4a:34:3c:4e:90:9c:ef:5d:ec:93:4c:41:dc:
         c5:35:3d:82:76:44:bc:f6:70:4f:c8:72:a5:92:fd:db:27:34:
         0c:69:8c:4a:5d:83:3c:6f:78:f7:2a:0b:98:25:f3:2c:2f:8e:
         10:63:0b:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz7NSO6CnpLw9l5QiceZ1ZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwMzE3MDk1MTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFkZDU4M2IzMDNiYmQzOTRhOTgyZWRhNTE1MjVjOWI3YjY0M2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA79UMeNqjafSBj5BWZyPQwhg92vmE
47aruzbEoc7OiBjzcTTY/xAMZyN7Ty63N7N9cZER306T6pVAw1V0Aw8Klp4JvJey
RS/QypE3RIjNAYCVD8EowC2151FHeENj1O4jG7U6NxSntUK74wkE4unoovFISXtg
u7inh00fQ4rL4Shm5yJJs05u4zeKZB6Zb3Ck5UKRYaTvuViD0eKfuxTDrznhltPF
GT7ZF8rgZzlh8FIPyKrxAm0Vhwhx3fE7HqmQkIzH5nHadB5JyVnBk76LDz0M4CaU
ihT4/ZCJ9K2m+25yp5M5Q/iZU94157zujM4c0WuQeCYXStIVPtqdHjBymwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOYd1YOzA7vTlKmC7aUVJcm3tkP9MB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvNWgzVmc3TUR1OU9VcVlMdHBSVWx5YmUyUV8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAhPPFAwQA
w+JdMA0GCSqGSIb3DQEBCwUAA4IBAQCR6Y2M0nlH62RobME1kHp/l74nyYfrVMir
97vZPZ7yw92jXOX921YWH306RgXIu7aSTS2lUQt8VIOc+CcgFl4BN5pIHnQ27zu9
9w8YXXSchzpJuSqrp0toYn0E1ixP+ZRtZVIndd6+K7/AyiCoo+rz64cmDWcyvyva
d3thSdVQx0nECaZPSQ+45/A7Aq06a4vHBCjW4l/HJTxknf0rwB6+chHXL2xL/XUd
xtbv4ajc/1yWqTC1NnTh/4/u3B8PGPBmgsZE2O8O0SKIE0o0PE6QnO9d7JNMQdzF
NT2CdkS89nBPyHKlkv3bJzQMaYxKXYM8b3j3KguYJfMsL44QYwvb
-----END CERTIFICATE-----