Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Th2adTOkopjhlJ25wcwyktd57wk.roa
File:                     Th2adTOkopjhlJ25wcwyktd57wk.roa (raw, json)
Hash identifier:          GpWnYTzTf7hBP6TDOkmn8+2X3RqmvubL/IyFk+5BLKw=
Subject key identifier:   4E:1D:9A:75:33:A4:A2:98:E1:94:9D:B9:C1:CC:32:92:D7:79:EF:09
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019E3EBACE088C6C253E716B7BBD252FC618
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Th2adTOkopjhlJ25wcwyktd57wk.roa
Signing time:             Tue 19 May 2026 05:34:50 +0000
ROA not before:           Tue 19 May 2026 05:34:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        188.246.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3e:ba:ce:08:8c:6c:25:3e:71:6b:7b:bd:25:2f:c6:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: May 19 05:34:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e1d9a7533a4a298e1949db9c1cc3292d779ef09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:79:cf:8d:d7:19:f4:2c:20:d5:82:d4:e3:17:
                    31:fc:76:a2:ba:3b:96:0a:40:9a:a7:23:3d:df:5c:
                    c9:e9:28:57:66:2e:f4:60:d9:8c:12:3f:f1:03:33:
                    c8:ea:16:19:49:4b:58:1c:50:3d:bd:cb:b4:34:31:
                    f6:bf:18:99:af:d5:f7:9f:06:6c:ed:0f:49:7b:e2:
                    46:ad:12:ff:90:78:77:9a:eb:a9:56:32:e2:85:cd:
                    bb:86:97:e8:22:2f:21:34:14:4a:db:c4:81:28:86:
                    08:46:6f:de:69:32:2d:bc:16:32:2f:b8:22:fb:b0:
                    43:14:22:99:0e:49:55:1b:ff:01:63:6a:e0:a5:15:
                    34:f2:67:9e:18:a6:a1:be:b5:db:20:b2:84:70:ea:
                    9e:53:6d:80:83:6d:72:1a:76:3c:81:9b:b0:42:d9:
                    6d:85:e2:de:dd:85:b1:d8:7c:bb:ae:05:d6:c2:eb:
                    b4:4f:90:7b:bf:09:4e:4c:b5:15:33:dd:49:dd:85:
                    2c:88:a6:f7:76:08:f0:2e:84:fc:4a:15:2d:0a:59:
                    35:9e:83:52:36:62:b7:d9:e7:69:04:5a:eb:fa:08:
                    fc:6d:65:6f:96:e2:00:9d:7f:5b:72:87:7e:88:d8:
                    0a:a3:b7:b2:29:81:eb:c1:37:52:96:2d:b4:10:3d:
                    e7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:1D:9A:75:33:A4:A2:98:E1:94:9D:B9:C1:CC:32:92:D7:79:EF:09
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Th2adTOkopjhlJ25wcwyktd57wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.246.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:4f:b1:01:a2:eb:b7:17:ee:6e:3e:d7:7f:a8:2f:f3:6b:ad:
         05:a3:77:d1:03:df:da:01:08:57:7f:08:1e:3a:3b:b8:53:b5:
         ce:90:46:86:43:03:ed:3e:91:1d:7a:f3:89:40:70:80:73:ba:
         80:6d:6d:d1:e6:e1:be:d5:72:ee:de:d7:6e:05:d2:44:d3:91:
         04:a7:c3:00:55:6e:2f:f7:34:fa:db:0d:c1:27:f2:09:77:ac:
         31:26:75:bf:ef:a6:b3:64:a5:56:6f:ce:46:b6:3c:34:c9:a8:
         22:cc:5e:c3:40:68:c2:bd:b7:6f:4f:82:0d:79:30:3a:e4:99:
         54:c2:df:12:c8:0e:29:24:81:29:78:4e:fa:6e:6b:a5:f1:cc:
         46:70:62:25:9a:b4:e1:93:85:8e:02:3a:02:c6:06:bc:8f:6f:
         1f:65:39:d1:2e:8f:8d:59:a1:e7:a5:f1:25:10:2e:9f:07:ba:
         2f:62:79:e8:a4:a8:f2:da:26:a7:35:64:7b:44:28:16:de:87:
         23:da:05:87:f4:08:2a:9b:5a:8d:4c:ca:64:b1:a9:66:d3:c0:
         3e:c5:6c:9b:8b:7a:f9:d7:2a:ec:0f:1d:ed:b5:91:40:f1:e9:
         4f:22:01:7c:be:74:0e:a0:87:2f:9a:2d:1a:86:34:44:2d:21:
         bb:eb:9b:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4+us4IjGwlPnFre70lL8YYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwNTE5MDUzNDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTFkOWE3NTMzYTRhMjk4ZTE5NDlkYjljMWNjMzI5MmQ3NzllZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXnPjdcZ9Cwg1YLU4xcx/HaiujuW
CkCapyM931zJ6ShXZi70YNmMEj/xAzPI6hYZSUtYHFA9vcu0NDH2vxiZr9X3nwZs
7Q9Je+JGrRL/kHh3muupVjLihc27hpfoIi8hNBRK28SBKIYIRm/eaTItvBYyL7gi
+7BDFCKZDklVG/8BY2rgpRU08meeGKahvrXbILKEcOqeU22Ag21yGnY8gZuwQtlt
heLe3YWx2Hy7rgXWwuu0T5B7vwlOTLUVM91J3YUsiKb3dgjwLoT8ShUtClk1noNS
NmK32edpBFrr+gj8bWVvluIAnX9bcod+iNgKo7eyKYHrwTdSli20ED3n8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4dmnUzpKKY4ZSducHMMpLXee8JMB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvVGgyYWRUT2tvcGpobEoyNXdjd3lrdGQ1N3drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPbRMA0G
CSqGSIb3DQEBCwUAA4IBAQBST7EBouu3F+5uPtd/qC/za60Fo3fRA9/aAQhXfwge
Oju4U7XOkEaGQwPtPpEdevOJQHCAc7qAbW3R5uG+1XLu3tduBdJE05EEp8MAVW4v
9zT62w3BJ/IJd6wxJnW/76azZKVWb85Gtjw0yagizF7DQGjCvbdvT4INeTA65JlU
wt8SyA4pJIEpeE76bmul8cxGcGIlmrThk4WOAjoCxga8j28fZTnRLo+NWaHnpfEl
EC6fB7ovYnnopKjy2ianNWR7RCgW3ocj2gWH9Agqm1qNTMpksalm08A+xWybi3r5
1yrsDx3ttZFA8elPIgF8vnQOoIcvmi0ahjRELSG765tr
-----END CERTIFICATE-----