Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/4W5RX0R_SRBYnVHW7igdATw8Wds.roa
File:                     4W5RX0R_SRBYnVHW7igdATw8Wds.roa (raw, json)
Hash identifier:          pn8BRMjejF/+oE8L9QpRaD57T9H5aCypnF0owK+vn3g=
Subject key identifier:   E1:6E:51:5F:44:7F:49:10:58:9D:51:D6:EE:28:1D:01:3C:3C:59:DB
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019D63384B79CD871AA931D5A34EBE0B9DB4
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/4W5RX0R_SRBYnVHW7igdATw8Wds.roa
Signing time:             Mon 06 Apr 2026 14:35:26 +0000
ROA not before:           Mon 06 Apr 2026 14:35:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0c:9a40:8711::/48 maxlen: 48
                          2a0c:9a40:8920::/48 maxlen: 48
                          2a0c:9a40:8eaa::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:38:4b:79:cd:87:1a:a9:31:d5:a3:4e:be:0b:9d:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Apr  6 14:35:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e16e515f447f4910589d51d6ee281d013c3c59db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:74:53:f0:2d:53:e8:48:33:48:e5:28:7a:da:
                    46:4a:0e:09:4f:dc:1d:52:2b:44:23:d3:4b:20:f8:
                    24:9b:02:d5:2c:9f:a7:2a:00:f2:c8:16:ec:9f:e7:
                    96:41:af:cf:c5:6c:7a:02:b9:33:c1:73:17:52:d4:
                    b5:a8:83:a3:aa:ec:72:b6:ee:5d:9e:62:4f:dc:1f:
                    d2:35:9a:c2:58:49:02:69:1d:df:6b:79:00:2c:db:
                    21:c8:84:5d:e5:4e:21:a5:45:c3:e9:ed:e4:06:49:
                    a1:dd:02:cd:71:c5:12:d3:7d:c0:6a:d3:62:2f:48:
                    d7:a3:36:08:f0:b8:29:84:a2:ff:2e:ed:cc:c3:b6:
                    bc:d4:8a:22:fe:f7:5a:25:c3:bd:17:35:88:47:d6:
                    52:bf:f3:d3:3c:fb:e3:91:12:93:72:e1:6c:36:63:
                    49:3e:f2:2c:05:65:fc:2f:f1:c0:02:8a:60:62:e6:
                    76:af:fa:c4:b7:df:b4:19:0e:64:b6:43:0c:f3:62:
                    15:0f:e9:ab:f3:fc:0d:8f:bf:b3:7b:5f:ff:2e:99:
                    aa:46:71:aa:d2:83:8b:08:ed:f5:8e:85:2a:61:04:
                    45:59:33:4a:93:cf:67:95:34:ff:3a:01:33:0d:06:
                    4c:a7:88:63:b7:ed:c9:c8:2a:5a:7a:9f:58:ec:76:
                    d6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6E:51:5F:44:7F:49:10:58:9D:51:D6:EE:28:1D:01:3C:3C:59:DB
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/4W5RX0R_SRBYnVHW7igdATw8Wds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8711::/48
                  2a0c:9a40:8920::/48
                  2a0c:9a40:8eaa::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:d5:c9:a8:69:e8:d0:43:30:90:49:0d:59:a5:4b:8f:8f:66:
         af:b3:4a:6b:35:f3:80:62:97:bc:5e:41:d4:f7:84:7d:d9:ed:
         9b:59:09:25:2b:4c:60:23:9c:6f:ff:ee:64:78:2c:14:75:34:
         94:c9:92:3e:53:4b:1e:c6:04:cc:86:1f:29:89:e4:5c:c9:05:
         b6:b7:b1:8e:c9:9e:06:62:44:8a:f9:57:f1:ed:c5:47:0b:f1:
         35:60:60:d6:b6:45:f6:33:3b:e5:88:28:0d:29:f9:4f:97:28:
         01:6f:3c:2d:eb:81:9b:6b:ff:10:7d:d5:1f:b2:63:cb:9a:fa:
         df:d5:a1:67:da:90:ff:11:7c:e8:7e:c5:14:92:8e:cf:d4:bf:
         4a:eb:56:62:d0:e2:6c:0d:78:b4:0f:94:68:d5:63:52:b0:ad:
         04:e3:71:cb:6f:55:61:30:4e:30:57:17:3a:1d:38:2c:a8:c1:
         86:97:0a:70:85:ca:75:41:b5:de:76:94:1d:02:26:14:8e:52:
         05:11:e4:b6:86:47:b9:3b:b7:c5:84:28:2f:3c:66:b8:e6:94:
         70:77:d3:bb:41:6e:ec:ea:81:d7:7e:88:0f:be:c6:c5:9f:0f:
         a5:98:40:54:84:d6:b9:9e:3c:2f:aa:c8:8c:77:2c:53:0d:d1:
         15:57:9c:d3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ1jOEt5zYcaqTHVo06+C520MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwNDA2MTQzNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTZlNTE1ZjQ0N2Y0OTEwNTg5ZDUxZDZlZTI4MWQwMTNjM2M1OWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHRT8C1T6EgzSOUoetpGSg4JT9wd
UitEI9NLIPgkmwLVLJ+nKgDyyBbsn+eWQa/PxWx6ArkzwXMXUtS1qIOjquxytu5d
nmJP3B/SNZrCWEkCaR3fa3kALNshyIRd5U4hpUXD6e3kBkmh3QLNccUS033AatNi
L0jXozYI8LgphKL/Lu3Mw7a81Ioi/vdaJcO9FzWIR9ZSv/PTPPvjkRKTcuFsNmNJ
PvIsBWX8L/HAAopgYuZ2r/rEt9+0GQ5ktkMM82IVD+mr8/wNj7+ze1//LpmqRnGq
0oOLCO31joUqYQRFWTNKk89nlTT/OgEzDQZMp4hjt+3JyCpaep9Y7HbW7QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOFuUV9Ef0kQWJ1R1u4oHQE8PFnbMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvNFc1UlgwUl9TUkJZblZIVzdpZ2RBVHc4V2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgyaQIcR
AwcAKgyaQIkgAwcAKgyaQI6qMA0GCSqGSIb3DQEBCwUAA4IBAQBz1cmoaejQQzCQ
SQ1ZpUuPj2avs0prNfOAYpe8XkHU94R92e2bWQklK0xgI5xv/+5keCwUdTSUyZI+
U0sexgTMhh8pieRcyQW2t7GOyZ4GYkSK+Vfx7cVHC/E1YGDWtkX2MzvliCgNKflP
lygBbzwt64Gba/8QfdUfsmPLmvrf1aFn2pD/EXzofsUUko7P1L9K61Zi0OJsDXi0
D5Ro1WNSsK0E43HLb1VhME4wVxc6HTgsqMGGlwpwhcp1QbXedpQdAiYUjlIFEeS2
hke5O7fFhCgvPGa45pRwd9O7QW7s6oHXfogPvsbFnw+lmEBUhNa5njwvqsiMdyxT
DdEVV5zT
-----END CERTIFICATE-----