Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/E5g4hZH3LlY5gRj3X1IHc_TlYQg.roa
File:                     E5g4hZH3LlY5gRj3X1IHc_TlYQg.roa (raw, json)
Hash identifier:          X9C9qUlaNCOlK6+AuNAgEerAXM1G27T5Vc1zplG2pmE=
Subject key identifier:   13:98:38:85:91:F7:2E:56:39:81:18:F7:5F:52:07:73:F4:E5:61:08
Certificate issuer:       /CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
Certificate serial:       019D637FB02B0F30F0CC40E924DA8343591A
Authority key identifier: 1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/E5g4hZH3LlY5gRj3X1IHc_TlYQg.roa
Signing time:             Mon 06 Apr 2026 15:53:25 +0000
ROA not before:           Mon 06 Apr 2026 15:53:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        194.88.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 09:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:7f:b0:2b:0f:30:f0:cc:40:e9:24:da:83:43:59:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
        Validity
            Not Before: Apr  6 15:53:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1398388591f72e56398118f75f520773f4e56108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:60:7b:7b:4c:09:50:70:49:aa:8a:a1:8e:86:
                    48:9b:13:9e:81:d6:fe:32:8b:30:8d:d2:47:37:52:
                    9e:fd:98:42:7c:90:57:15:20:5a:31:88:98:c1:4e:
                    83:e4:38:d0:65:7c:4b:5f:8f:21:bb:dc:79:9e:3a:
                    95:c1:80:95:12:55:da:5e:af:00:7e:12:02:25:7c:
                    3b:cd:ef:21:91:10:26:44:b2:6e:bc:a2:1b:4e:9e:
                    50:17:fd:19:c7:5b:64:41:b1:3c:ef:55:ac:47:5b:
                    75:41:e3:3e:a5:d5:f7:77:ba:0c:54:28:06:27:fb:
                    0e:38:3b:cb:4d:68:df:38:87:6a:f4:59:93:86:9d:
                    cd:12:b7:a3:40:37:9a:2c:b1:06:11:39:8f:2e:b3:
                    44:91:a5:5c:d3:74:b9:75:20:41:c5:9d:fc:71:ff:
                    5b:0d:dc:f0:3d:4d:31:9d:f7:7a:1d:88:de:4c:b5:
                    b0:a6:4e:f7:c5:54:f0:d5:19:81:8c:d7:55:27:68:
                    ee:ef:a2:2f:f1:98:d7:06:8f:82:4b:16:73:91:2a:
                    48:3a:8e:f1:9b:a8:1d:77:ef:87:e2:29:6f:81:3c:
                    e1:2e:2a:ea:2b:1f:fc:56:be:f3:30:04:0c:fb:2b:
                    5a:ff:47:2b:a3:83:d5:f3:4a:08:8a:59:50:9d:00:
                    e1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:98:38:85:91:F7:2E:56:39:81:18:F7:5F:52:07:73:F4:E5:61:08
            X509v3 Authority Key Identifier:
                keyid:1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/E5g4hZH3LlY5gRj3X1IHc_TlYQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:b5:5e:dc:b6:3e:6d:e6:ee:75:0d:9e:9c:27:67:6e:21:9f:
         74:17:ee:ba:2a:fe:28:19:44:a8:f6:d4:29:ba:f8:f2:b7:62:
         6d:65:15:fe:e6:7a:60:e4:a9:96:e8:47:82:f9:3e:bb:8e:d8:
         1b:2f:1e:64:0c:49:3d:97:b9:f8:be:df:71:c8:57:de:6b:c9:
         81:a5:e5:eb:a5:aa:03:5a:c7:85:a8:42:c7:7d:bc:ae:3e:48:
         8a:49:66:2a:5f:1d:f6:30:99:fb:74:b2:3c:d9:73:0a:c5:f9:
         56:d7:7b:f1:c8:9a:6f:5d:d4:45:4e:5d:11:6b:76:22:e0:35:
         88:7b:07:03:ae:b8:4f:41:cb:1d:da:5f:c9:07:e8:de:0c:c1:
         2b:33:1f:72:fe:69:99:2f:2a:90:bc:d8:58:36:4a:cd:71:de:
         23:ea:46:ab:65:3d:57:3e:37:f5:2d:fe:0c:92:c0:7f:a8:ee:
         9d:d8:bb:bd:d6:20:54:b3:b7:11:c1:d6:82:b1:aa:1b:60:aa:
         97:2d:86:2f:26:5a:75:0e:98:ac:b5:ce:8e:e2:66:aa:af:53:
         4a:bc:3c:48:f6:7b:f7:b5:2c:fc:b8:75:84:77:f2:e6:0a:da:
         d4:b1:e3:48:44:53:d6:0b:82:80:6c:01:e7:bd:58:8a:a4:58:
         a1:4f:89:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1jf7ArDzDwzEDpJNqDQ1kaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGU2YTFkM2NjMWU0ZjNkYzAxYWI5NmM5NDE5NmI5YzQ5
ZDI5MTYwHhcNMjYwNDA2MTU1MzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzk4Mzg4NTkxZjcyZTU2Mzk4MTE4Zjc1ZjUyMDc3M2Y0ZTU2MTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWB7e0wJUHBJqoqhjoZImxOegdb+
MoswjdJHN1Ke/ZhCfJBXFSBaMYiYwU6D5DjQZXxLX48hu9x5njqVwYCVElXaXq8A
fhICJXw7ze8hkRAmRLJuvKIbTp5QF/0Zx1tkQbE871WsR1t1QeM+pdX3d7oMVCgG
J/sOODvLTWjfOIdq9FmThp3NErejQDeaLLEGETmPLrNEkaVc03S5dSBBxZ38cf9b
DdzwPU0xnfd6HYjeTLWwpk73xVTw1RmBjNdVJ2ju76Iv8ZjXBo+CSxZzkSpIOo7x
m6gdd++H4ilvgTzhLirqKx/8Vr7zMAQM+yta/0cro4PV80oIillQnQDhVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBOYOIWR9y5WOYEY919SB3P05WEIMB8GA1UdIwQY
MBaAFBxOah08weTz3AGrlslBlrnEnSkWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYt
MWE0MmY2MzJjMzA3LzEvRTVnNGhaSDNMbFk1Z1JqM1gxSUhjX1RsWVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYtMWE0MmY2MzJjMzA3
LzEvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljoMA0G
CSqGSIb3DQEBCwUAA4IBAQAQtV7ctj5t5u51DZ6cJ2duIZ90F+66Kv4oGUSo9tQp
uvjyt2JtZRX+5npg5KmW6EeC+T67jtgbLx5kDEk9l7n4vt9xyFfea8mBpeXrpaoD
WseFqELHfbyuPkiKSWYqXx32MJn7dLI82XMKxflW13vxyJpvXdRFTl0Ra3Yi4DWI
ewcDrrhPQcsd2l/JB+jeDMErMx9y/mmZLyqQvNhYNkrNcd4j6karZT1XPjf1Lf4M
ksB/qO6d2Lu91iBUs7cRwdaCsaobYKqXLYYvJlp1Dpistc6O4maqr1NKvDxI9nv3
tSz8uHWEd/LmCtrUseNIRFPWC4KAbAHnvViKpFihT4nb
-----END CERTIFICATE-----