Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/5n4uvrNtnkO4eGR8ZtmlT5JQXXE.roa
File:                     5n4uvrNtnkO4eGR8ZtmlT5JQXXE.roa (raw, json)
Hash identifier:          4cYHd40RL707GScqgxSvABvoDBiTFeHb4+nk74FKrXY=
Subject key identifier:   E6:7E:2E:BE:B3:6D:9E:43:B8:78:64:7C:66:D9:A5:4F:92:50:5D:71
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019D16783410E9320EBFD6C8CA226BAB3980
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/5n4uvrNtnkO4eGR8ZtmlT5JQXXE.roa
Signing time:             Sun 22 Mar 2026 16:54:29 +0000
ROA not before:           Sun 22 Mar 2026 16:54:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216039
IP address blocks:        132.243.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:16:78:34:10:e9:32:0e:bf:d6:c8:ca:22:6b:ab:39:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Mar 22 16:54:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e67e2ebeb36d9e43b878647c66d9a54f92505d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:20:d6:c2:87:d4:f5:b9:95:b4:74:52:38:c0:
                    8f:a1:fa:cb:66:37:e4:d3:37:c4:85:c6:75:a4:e7:
                    ae:e8:5b:20:d3:00:33:02:1f:ca:76:76:fc:fa:f0:
                    3f:4f:89:8e:ac:f4:ea:b2:e9:83:3c:b5:87:cd:fc:
                    c2:7a:ef:d8:53:37:45:b2:f8:e1:5f:a9:40:f9:3f:
                    0b:4d:09:27:c7:79:1b:dd:53:04:e2:f1:c3:07:f7:
                    82:77:9e:7f:a7:21:88:10:7b:29:c8:5f:a5:af:c5:
                    9b:43:87:5e:42:10:1a:7f:d0:c3:0f:05:95:12:0d:
                    43:bb:2d:cf:27:6b:1a:c6:05:a7:c1:d9:49:c0:34:
                    01:28:f4:8d:2e:8d:dd:7b:cf:62:58:d7:65:db:93:
                    0b:9b:81:80:03:f3:94:ae:04:1e:58:61:6f:af:75:
                    4b:1e:c6:e3:71:9a:d9:00:ae:54:f1:b0:03:26:5c:
                    09:e8:1d:16:d1:8a:86:43:21:29:51:8c:7c:6c:9d:
                    af:cf:06:36:ae:50:57:36:db:d1:7b:83:c7:f6:46:
                    32:63:70:3e:11:3f:da:34:47:62:69:d8:b3:b0:00:
                    52:3e:df:01:0a:fc:cb:da:cc:61:f2:d2:55:9d:3d:
                    1d:5d:66:36:c7:59:87:32:49:f6:1a:dc:ec:af:58:
                    7d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:7E:2E:BE:B3:6D:9E:43:B8:78:64:7C:66:D9:A5:4F:92:50:5D:71
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/5n4uvrNtnkO4eGR8ZtmlT5JQXXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:64:41:3a:5e:90:81:93:d2:c0:d5:e1:e4:6f:5b:5c:e0:2e:
         a0:78:fd:72:5d:d2:4b:a3:28:ef:f4:fd:48:65:df:9b:5b:26:
         90:08:a1:9d:43:cc:9b:e4:d4:16:be:f7:65:05:ad:19:b6:66:
         9f:42:ec:a1:a4:6d:5f:f8:e2:2e:17:42:4d:f9:75:27:1f:95:
         49:da:2d:d0:0d:97:78:ef:b5:60:c7:16:66:04:b4:c2:10:fc:
         da:af:81:8f:b5:e7:aa:f7:56:23:dc:bc:45:aa:1f:f8:91:f3:
         5c:c3:53:b2:78:44:9c:4a:95:25:2e:e8:10:99:55:88:66:77:
         6b:ed:88:1e:6e:87:73:90:0a:07:5e:fc:0d:16:3c:68:e3:f7:
         9b:95:47:b7:c1:6b:f4:88:29:59:c7:a3:73:6c:2f:e6:d0:42:
         f3:f6:bf:00:d8:4f:44:e9:a0:91:74:a0:42:d3:bd:b5:ca:df:
         43:dc:21:ff:a6:6c:03:1b:d6:0c:98:2d:1f:80:fd:6a:bc:48:
         b8:45:99:ac:4d:89:36:a7:e0:22:75:7f:3a:74:2d:ba:ad:5f:
         01:f1:2a:2d:fa:8e:3f:1f:72:32:c3:93:6f:be:1d:34:4d:cb:
         de:b0:2e:00:10:af:e6:0c:68:12:86:03:d4:62:14:fc:92:26:
         79:95:9f:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0WeDQQ6TIOv9bIyiJrqzmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwMzIyMTY1NDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjdlMmViZWIzNmQ5ZTQzYjg3ODY0N2M2NmQ5YTU0ZjkyNTA1ZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSDWwofU9bmVtHRSOMCPofrLZjfk
0zfEhcZ1pOeu6Fsg0wAzAh/Kdnb8+vA/T4mOrPTqsumDPLWHzfzCeu/YUzdFsvjh
X6lA+T8LTQknx3kb3VME4vHDB/eCd55/pyGIEHspyF+lr8WbQ4deQhAaf9DDDwWV
Eg1Duy3PJ2saxgWnwdlJwDQBKPSNLo3de89iWNdl25MLm4GAA/OUrgQeWGFvr3VL
HsbjcZrZAK5U8bADJlwJ6B0W0YqGQyEpUYx8bJ2vzwY2rlBXNtvRe4PH9kYyY3A+
ET/aNEdiadizsABSPt8BCvzL2sxh8tJVnT0dXWY2x1mHMkn2Gtzsr1h9FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZ+Lr6zbZ5DuHhkfGbZpU+SUF1xMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvNW40dXZyTnRua080ZUdSOFp0bWxUNUpRWFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhPPeMA0G
CSqGSIb3DQEBCwUAA4IBAQBEZEE6XpCBk9LA1eHkb1tc4C6geP1yXdJLoyjv9P1I
Zd+bWyaQCKGdQ8yb5NQWvvdlBa0ZtmafQuyhpG1f+OIuF0JN+XUnH5VJ2i3QDZd4
77VgxxZmBLTCEPzar4GPteeq91Yj3LxFqh/4kfNcw1OyeEScSpUlLugQmVWIZndr
7YgebodzkAoHXvwNFjxo4/eblUe3wWv0iClZx6NzbC/m0ELz9r8A2E9E6aCRdKBC
0721yt9D3CH/pmwDG9YMmC0fgP1qvEi4RZmsTYk2p+AidX86dC26rV8B8Sot+o4/
H3Iyw5Nvvh00TcvesC4AEK/mDGgShgPUYhT8kiZ5lZ8F
-----END CERTIFICATE-----