Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/8QVX0SOrf06I6Hu1_Mi-GX-EXHU.roa
File:                     8QVX0SOrf06I6Hu1_Mi-GX-EXHU.roa (raw, json)
Hash identifier:          bFKty8gyU326bAS/KciRgtFT8EYhzokt50KmaXXmn1M=
Subject key identifier:   F1:05:57:D1:23:AB:7F:4E:88:E8:7B:B5:FC:C8:BE:19:7F:84:5C:75
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019DD4BD2DC2CF480446B6DAEB167420A704
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/8QVX0SOrf06I6Hu1_Mi-GX-EXHU.roa
Signing time:             Tue 28 Apr 2026 15:37:40 +0000
ROA not before:           Tue 28 Apr 2026 15:37:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40994
IP address blocks:        132.243.203.0/24 maxlen: 24
                          132.243.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:bd:2d:c2:cf:48:04:46:b6:da:eb:16:74:20:a7:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Apr 28 15:37:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f10557d123ab7f4e88e87bb5fcc8be197f845c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6b:1e:50:de:b5:58:c2:26:8d:ef:77:71:01:
                    17:ad:e6:92:0e:1f:29:0b:04:c7:14:24:8c:ca:98:
                    ca:4c:0c:a3:6d:10:4d:8e:8e:27:f8:3c:71:21:76:
                    2b:77:df:03:98:dc:76:4f:8f:a4:0b:83:0e:de:0f:
                    92:8b:90:99:20:cc:36:8d:08:80:9f:14:d3:cd:98:
                    fd:7d:17:73:15:ec:6e:ce:36:4a:2c:f0:8f:2b:34:
                    1a:98:31:ff:14:6d:31:fc:bb:98:e6:60:14:93:0e:
                    d1:dc:1c:b5:8f:18:e5:b4:39:d8:85:07:23:c1:ac:
                    4a:29:0e:c4:fa:69:0a:75:f1:d7:cd:8c:7f:bd:c2:
                    ff:8a:1b:0c:63:35:c8:1f:3f:35:86:94:c2:6c:f3:
                    63:94:ac:0d:26:81:c9:01:c3:c7:eb:26:28:5d:98:
                    29:83:b6:77:2f:b4:91:55:14:32:e9:52:62:68:38:
                    5f:b0:ae:f7:9d:63:b6:58:2a:53:ad:35:ff:d4:16:
                    ec:1a:dc:57:ba:7a:a3:d4:08:cb:f8:52:9e:15:b7:
                    db:1a:3d:0c:fd:63:04:4d:ca:87:b0:4f:6e:77:fc:
                    14:35:83:27:d6:78:45:6b:4b:38:ee:c7:0a:da:26:
                    c5:3f:af:9b:44:d1:67:68:86:a3:7e:4a:de:9f:f9:
                    2a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:05:57:D1:23:AB:7F:4E:88:E8:7B:B5:FC:C8:BE:19:7F:84:5C:75
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/8QVX0SOrf06I6Hu1_Mi-GX-EXHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.203.0/24
                  132.243.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:02:54:30:f9:ce:1f:2e:dc:22:7f:17:dd:23:39:96:49:af:
         ff:75:ea:c8:f4:5c:e9:ef:d1:d0:68:8a:3d:a2:66:92:95:99:
         a8:14:ba:77:f6:8f:06:8c:b4:d9:e4:b2:a5:48:ad:f7:df:c8:
         04:c3:8e:79:71:10:96:57:bc:b9:2f:ea:cb:22:e2:88:91:0a:
         94:08:27:ec:22:d1:c4:68:46:07:50:ca:03:00:6e:2c:f9:dd:
         18:a8:25:27:b4:73:eb:c9:cd:48:29:58:c3:b2:64:6f:55:2d:
         fa:ad:47:e4:7c:c1:e6:cb:0c:c8:53:c0:4a:38:16:b4:46:a3:
         18:21:2b:92:51:3e:ff:5a:b1:27:62:be:43:1b:c1:c1:15:2b:
         61:57:8b:76:7c:2e:12:fb:a6:0c:3a:6b:fa:77:2f:4d:c5:0f:
         33:3a:3e:d0:61:18:81:bf:f2:b2:79:54:3e:f6:9e:b7:cd:45:
         bf:79:7e:e3:f3:d7:54:dc:a0:e5:6f:b6:24:2f:be:b9:15:c9:
         75:ca:f8:7a:9d:42:7e:21:7e:ab:f1:99:f2:2c:ec:5d:c5:05:
         06:fe:06:db:b8:b2:3c:f8:1b:bc:45:26:3d:67:95:61:1e:c8:
         5e:86:c5:a6:cf:9d:e9:b0:24:a8:62:31:73:66:c0:09:93:4f:
         6e:8f:dc:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3UvS3Cz0gERrba6xZ0IKcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNDI4MTUzNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTA1NTdkMTIzYWI3ZjRlODhlODdiYjVmY2M4YmUxOTdmODQ1Yzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGseUN61WMImje93cQEXreaSDh8p
CwTHFCSMypjKTAyjbRBNjo4n+DxxIXYrd98DmNx2T4+kC4MO3g+Si5CZIMw2jQiA
nxTTzZj9fRdzFexuzjZKLPCPKzQamDH/FG0x/LuY5mAUkw7R3By1jxjltDnYhQcj
waxKKQ7E+mkKdfHXzYx/vcL/ihsMYzXIHz81hpTCbPNjlKwNJoHJAcPH6yYoXZgp
g7Z3L7SRVRQy6VJiaDhfsK73nWO2WCpTrTX/1BbsGtxXunqj1AjL+FKeFbfbGj0M
/WMETcqHsE9ud/wUNYMn1nhFa0s47scK2ibFP6+bRNFnaIajfkren/kqTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPEFV9Ejq39OiOh7tfzIvhl/hFx1MB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvOFFWWDBTT3JmMDZJNkh1MV9NaS1HWC1FWEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAhPPLAwQA
hPP1MA0GCSqGSIb3DQEBCwUAA4IBAQB5AlQw+c4fLtwifxfdIzmWSa//derI9Fzp
79HQaIo9omaSlZmoFLp39o8GjLTZ5LKlSK3338gEw455cRCWV7y5L+rLIuKIkQqU
CCfsItHEaEYHUMoDAG4s+d0YqCUntHPryc1IKVjDsmRvVS36rUfkfMHmywzIU8BK
OBa0RqMYISuSUT7/WrEnYr5DG8HBFSthV4t2fC4S+6YMOmv6dy9NxQ8zOj7QYRiB
v/KyeVQ+9p63zUW/eX7j89dU3KDlb7YkL765Fcl1yvh6nUJ+IX6r8ZnyLOxdxQUG
/gbbuLI8+Bu8RSY9Z5VhHshehsWmz53psCSoYjFzZsAJk09uj9xr
-----END CERTIFICATE-----