Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/PpX6Lsph6rTaL76Tj2A4yQr961M.roa
File:                     PpX6Lsph6rTaL76Tj2A4yQr961M.roa (raw, json)
Hash identifier:          HFF+cIFVcNuSSJ91Ot+1zWOlMJiB1K2AUufg3nSBkcY=
Subject key identifier:   3E:95:FA:2E:CA:61:EA:B4:DA:2F:BE:93:8F:60:38:C9:0A:FD:EB:53
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019D06CD472F084B67762C9DE0A7729BD81B
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/PpX6Lsph6rTaL76Tj2A4yQr961M.roa
Signing time:             Thu 19 Mar 2026 15:53:29 +0000
ROA not before:           Thu 19 Mar 2026 15:53:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     38880
IP address blocks:        132.243.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:cd:47:2f:08:4b:67:76:2c:9d:e0:a7:72:9b:d8:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Mar 19 15:53:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e95fa2eca61eab4da2fbe938f6038c90afdeb53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ea:e0:0e:f1:3c:35:2c:9f:83:f4:a5:8f:88:
                    56:04:5b:21:73:fa:63:85:dd:7f:c8:c4:87:69:08:
                    09:4c:c5:8c:ad:9e:59:4d:cf:2b:77:a2:92:78:44:
                    5d:b8:fe:36:4b:39:83:f7:c2:f9:20:5b:b0:89:c0:
                    97:29:24:f7:22:d5:20:82:02:08:17:70:3f:a6:dc:
                    16:97:a9:9b:56:12:63:13:ca:0f:c5:f5:ac:3a:92:
                    1f:bc:f2:33:cb:2f:4f:05:2e:73:ea:44:ec:9b:c7:
                    78:73:1d:66:58:0a:7e:aa:5d:73:ee:b6:eb:02:df:
                    b7:89:27:a1:00:d8:4c:6d:4d:60:44:28:7a:2a:db:
                    6c:6c:37:24:ac:83:6d:ed:2c:07:fe:9e:ed:e5:e5:
                    a9:92:09:49:19:1b:3d:59:8c:b1:8d:d9:c9:a8:33:
                    a9:13:bd:5e:27:bb:4c:59:59:11:32:d1:cb:34:4f:
                    c6:78:65:20:20:85:74:c7:9b:20:9b:0f:b0:34:67:
                    2a:07:2e:d0:d0:e4:32:01:36:3f:02:b9:0a:dd:40:
                    dd:41:41:0d:f4:bf:f6:8c:66:44:6e:86:17:3b:2c:
                    12:f3:b7:a5:0b:b7:4a:b3:f6:a0:0f:fa:53:6e:f0:
                    23:85:ab:64:ae:0c:09:0f:62:fb:81:96:5b:c4:a2:
                    7d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:95:FA:2E:CA:61:EA:B4:DA:2F:BE:93:8F:60:38:C9:0A:FD:EB:53
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/PpX6Lsph6rTaL76Tj2A4yQr961M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:39:54:fe:c1:40:b6:c5:2f:ba:54:74:da:dc:75:bf:8b:a8:
         ae:31:2d:4a:69:54:fb:a1:0d:a4:d3:f5:99:93:a1:22:7b:70:
         10:72:d5:f6:e7:d3:ce:b9:86:98:40:02:c2:aa:1a:ba:b9:6e:
         1a:90:57:4b:e9:35:d5:cd:86:0a:c7:7e:98:23:8a:bd:8f:77:
         26:19:7d:e5:ce:98:a8:51:8e:ee:e5:8e:02:1b:50:f7:d4:7a:
         9d:8e:9b:d1:f3:10:cd:8b:8a:cd:0e:ee:ec:c7:fc:02:de:93:
         77:e5:c7:6f:2d:b0:ab:7e:b3:ee:e6:ac:55:6b:1f:5b:28:fa:
         dc:b4:d8:4d:08:34:d0:72:4f:4a:d9:a7:3a:36:29:5a:3b:d2:
         88:21:29:80:5d:a4:2c:62:3a:6f:58:b9:54:42:c0:3d:18:2e:
         de:7e:df:8d:c9:d6:d5:85:ff:2d:7b:2a:38:e9:a9:bc:41:e5:
         27:88:51:94:23:62:d3:69:59:77:0a:52:2b:9e:27:ed:05:22:
         a1:f3:9a:15:2c:95:43:ea:2a:2d:bb:67:45:0a:a7:de:49:23:
         3e:8c:14:91:bb:51:aa:75:66:53:aa:d0:a1:18:a9:af:26:00:
         31:80:5f:8a:eb:b9:0c:e5:48:6a:af:64:83:c9:01:e1:45:e7:
         58:5c:09:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0GzUcvCEtndiyd4Kdym9gbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwMzE5MTU1MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTk1ZmEyZWNhNjFlYWI0ZGEyZmJlOTM4ZjYwMzhjOTBhZmRlYjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApergDvE8NSyfg/Slj4hWBFshc/pj
hd1/yMSHaQgJTMWMrZ5ZTc8rd6KSeERduP42SzmD98L5IFuwicCXKST3ItUgggII
F3A/ptwWl6mbVhJjE8oPxfWsOpIfvPIzyy9PBS5z6kTsm8d4cx1mWAp+ql1z7rbr
At+3iSehANhMbU1gRCh6KttsbDckrINt7SwH/p7t5eWpkglJGRs9WYyxjdnJqDOp
E71eJ7tMWVkRMtHLNE/GeGUgIIV0x5sgmw+wNGcqBy7Q0OQyATY/ArkK3UDdQUEN
9L/2jGZEboYXOywS87elC7dKs/agD/pTbvAjhatkrgwJD2L7gZZbxKJ9jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6V+i7KYeq02i++k49gOMkK/etTMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvUHBYNkxzcGg2clRhTDc2VGoyQTR5UXI5NjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhPPBMA0G
CSqGSIb3DQEBCwUAA4IBAQCpOVT+wUC2xS+6VHTa3HW/i6iuMS1KaVT7oQ2k0/WZ
k6Eie3AQctX259POuYaYQALCqhq6uW4akFdL6TXVzYYKx36YI4q9j3cmGX3lzpio
UY7u5Y4CG1D31HqdjpvR8xDNi4rNDu7sx/wC3pN35cdvLbCrfrPu5qxVax9bKPrc
tNhNCDTQck9K2ac6NilaO9KIISmAXaQsYjpvWLlUQsA9GC7eft+NydbVhf8teyo4
6am8QeUniFGUI2LTaVl3ClIrniftBSKh85oVLJVD6iotu2dFCqfeSSM+jBSRu1Gq
dWZTqtChGKmvJgAxgF+K67kM5Uhqr2SDyQHhRedYXAkD
-----END CERTIFICATE-----