Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4aOJA3eXn9P-8dX6vE97NLHvnBA.roa
File:                     4aOJA3eXn9P-8dX6vE97NLHvnBA.roa (raw, json)
Hash identifier:          GW3CcE8nuvlDLzPn8To5sbezdXKRHCar7V2kaCqwQnY=
Subject key identifier:   E1:A3:89:03:77:97:9F:D3:FE:F1:D5:FA:BC:4F:7B:34:B1:EF:9C:10
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019DB9938BA460AECC1241AA432D5466BBD4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4aOJA3eXn9P-8dX6vE97NLHvnBA.roa
Signing time:             Thu 23 Apr 2026 09:02:27 +0000
ROA not before:           Thu 23 Apr 2026 09:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        87.120.68.0/24 maxlen: 24
                          185.252.160.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Apr 2026 14:06:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:93:8b:a4:60:ae:cc:12:41:aa:43:2d:54:66:bb:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 23 09:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e1a3890377979fd3fef1d5fabc4f7b34b1ef9c10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c4:30:d7:06:bc:a4:68:1f:01:f9:f8:3e:d5:
                    e5:40:1a:6b:37:27:ed:2c:38:c8:ad:4f:f3:9a:c7:
                    54:be:c2:61:a5:1a:ec:97:57:c2:79:1f:87:d8:53:
                    67:96:8b:20:a5:94:53:6a:22:b2:d7:1d:f9:4b:0f:
                    6e:bc:d5:78:a5:7a:d7:27:b4:3d:f9:e3:2a:c5:90:
                    22:fa:a5:db:ac:2b:59:34:c4:3f:9a:e8:68:15:5b:
                    e7:78:1a:46:22:6b:df:69:62:76:6a:3e:d8:b4:27:
                    96:ae:2d:ab:18:f8:50:be:52:f5:b5:50:7b:45:ab:
                    89:2e:0d:0c:0c:bd:cd:53:ed:f7:e3:45:e9:90:2b:
                    b8:6c:4b:f9:bd:20:fe:6a:91:52:a9:4f:f4:66:dd:
                    cd:f3:f8:63:32:01:c2:3a:97:9a:25:b6:31:56:8c:
                    43:6b:ed:28:f2:4c:7a:fe:90:76:14:08:49:d5:ff:
                    d4:15:e7:15:0d:2b:07:5c:fd:5f:85:0f:d1:9a:2d:
                    0b:2f:81:89:90:fa:14:4c:67:b6:94:dd:4e:25:d3:
                    a3:40:6f:48:7c:04:09:83:7d:29:4d:9b:b8:7b:8a:
                    8d:cf:d2:0f:37:e5:37:b7:d9:58:18:b4:2d:3f:c4:
                    bd:66:20:bb:29:09:11:d7:04:55:f0:3d:db:2c:c1:
                    af:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A3:89:03:77:97:9F:D3:FE:F1:D5:FA:BC:4F:7B:34:B1:EF:9C:10
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4aOJA3eXn9P-8dX6vE97NLHvnBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.68.0/24
                  185.252.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:50:f8:ca:b7:8e:f6:67:21:ca:0e:85:5e:96:ea:b8:f5:e3:
         2b:c2:dd:0f:a5:91:1a:c3:72:f5:03:7a:d1:43:f9:e8:63:0b:
         5c:54:ab:3f:ca:db:03:ad:c5:e8:da:5c:89:f1:dc:61:8b:e7:
         7d:f6:67:6c:65:2c:c5:3a:18:19:b5:dc:ca:7e:c1:a1:a4:b4:
         dd:d3:d3:5b:39:b0:36:60:41:fe:65:2d:7f:46:05:63:bf:2c:
         ec:e5:c0:b0:d4:46:6c:b1:0a:ed:30:1e:11:97:4c:f5:64:11:
         43:e8:1c:51:55:4c:d3:3c:31:fc:97:45:1d:44:6b:2b:13:eb:
         d2:7d:a0:6a:46:5b:9d:74:11:6e:c4:70:3f:cf:42:07:35:cd:
         c3:e7:0e:58:46:5b:6c:5b:91:74:f4:55:86:69:51:44:33:11:
         44:a5:c9:fd:f5:22:75:95:3f:d3:cf:c0:82:b1:17:39:5b:aa:
         56:88:c4:c3:2e:07:cc:e3:1a:53:b1:fb:f0:97:48:34:9b:c8:
         4b:c8:cf:75:31:95:56:78:d2:bf:78:20:5d:66:5f:aa:5a:02:
         f2:d8:91:d9:75:17:f1:97:ed:59:d7:b6:97:d6:9c:a5:ef:b1:
         19:28:f2:19:da:8b:f2:21:28:c1:e5:c5:9c:35:ac:ed:6d:38:
         8e:23:01:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ25k4ukYK7MEkGqQy1UZrvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNDIzMDkwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWEzODkwMzc3OTc5ZmQzZmVmMWQ1ZmFiYzRmN2IzNGIxZWY5YzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcQw1wa8pGgfAfn4PtXlQBprNyft
LDjIrU/zmsdUvsJhpRrsl1fCeR+H2FNnlosgpZRTaiKy1x35Sw9uvNV4pXrXJ7Q9
+eMqxZAi+qXbrCtZNMQ/muhoFVvneBpGImvfaWJ2aj7YtCeWri2rGPhQvlL1tVB7
RauJLg0MDL3NU+3340XpkCu4bEv5vSD+apFSqU/0Zt3N8/hjMgHCOpeaJbYxVoxD
a+0o8kx6/pB2FAhJ1f/UFecVDSsHXP1fhQ/Rmi0LL4GJkPoUTGe2lN1OJdOjQG9I
fAQJg30pTZu4e4qNz9IPN+U3t9lYGLQtP8S9ZiC7KQkR1wRV8D3bLMGvawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOGjiQN3l5/T/vHV+rxPezSx75wQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNGFPSkEzZVhuOVAtOGRYNnZFOTdOTEh2bkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3hEAwQB
ufygMA0GCSqGSIb3DQEBCwUAA4IBAQCoUPjKt472ZyHKDoVeluq49eMrwt0PpZEa
w3L1A3rRQ/noYwtcVKs/ytsDrcXo2lyJ8dxhi+d99mdsZSzFOhgZtdzKfsGhpLTd
09NbObA2YEH+ZS1/RgVjvyzs5cCw1EZssQrtMB4Rl0z1ZBFD6BxRVUzTPDH8l0Ud
RGsrE+vSfaBqRluddBFuxHA/z0IHNc3D5w5YRltsW5F09FWGaVFEMxFEpcn99SJ1
lT/Tz8CCsRc5W6pWiMTDLgfM4xpTsfvwl0g0m8hLyM91MZVWeNK/eCBdZl+qWgLy
2JHZdRfxl+1Z17aX1pyl77EZKPIZ2ovyISjB5cWcNaztbTiOIwH+
-----END CERTIFICATE-----