Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/s4keaOLSGv5iay3uwF7bbENt8dA.roa
File:                     s4keaOLSGv5iay3uwF7bbENt8dA.roa (raw, json)
Hash identifier:          ifSIDy9ZMvqEQASbIB6bmay/TQ1Bx7g6nh3lczLZnHo=
Subject key identifier:   B3:89:1E:68:E2:D2:1A:FE:62:6B:2D:EE:C0:5E:DB:6C:43:6D:F1:D0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019E463FF98C20E14A95747BDEFF7A7F106B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/s4keaOLSGv5iay3uwF7bbENt8dA.roa
Signing time:             Wed 20 May 2026 16:37:38 +0000
ROA not before:           Wed 20 May 2026 16:37:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216416
IP address blocks:        85.31.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 May 2026 14:33:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:3f:f9:8c:20:e1:4a:95:74:7b:de:ff:7a:7f:10:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 20 16:37:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3891e68e2d21afe626b2deec05edb6c436df1d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:da:df:28:7e:90:98:61:c8:a4:b6:d0:80:a7:
                    08:c5:0b:e3:44:3c:cc:94:34:f6:c1:37:bb:ce:e3:
                    e4:e7:d4:3b:43:58:e0:09:e8:e6:6f:13:b0:92:99:
                    79:2b:0a:de:40:97:4b:92:41:1c:25:5e:8d:c2:1f:
                    79:0d:e5:bc:55:8f:33:81:61:f5:5b:ce:43:2e:2d:
                    6b:ef:2c:96:36:07:ab:49:14:e0:73:0a:71:c0:3d:
                    0f:15:2c:b2:ac:c0:81:e1:70:82:0d:72:67:78:83:
                    ea:ea:fe:19:4e:60:58:80:12:16:f1:24:54:88:cb:
                    f3:68:4c:50:05:a7:7b:a5:a9:bf:4f:f8:56:6e:ff:
                    25:0e:ba:b9:24:7b:2c:05:12:4a:e3:e5:19:3a:b2:
                    e4:ad:9b:c4:c5:9b:47:f6:40:9a:4b:95:2a:87:d8:
                    7c:5d:db:a2:b2:f9:a3:6a:c9:05:17:d1:c7:ca:5c:
                    81:e6:2f:de:1d:f4:9f:1f:75:e2:88:14:e9:dc:ac:
                    58:0b:fe:c7:a1:e3:60:59:6f:1a:29:48:44:db:4c:
                    69:d0:1b:f9:56:b5:47:96:ac:2e:e6:0a:62:59:6e:
                    73:62:5b:d6:b0:05:4c:f5:c7:a3:89:97:ae:76:43:
                    7e:0b:bc:45:c3:74:2b:b9:01:b9:fc:c5:18:4e:fd:
                    dc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:89:1E:68:E2:D2:1A:FE:62:6B:2D:EE:C0:5E:DB:6C:43:6D:F1:D0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/s4keaOLSGv5iay3uwF7bbENt8dA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:93:2b:71:d7:bf:b6:2b:63:0f:f5:00:41:ec:df:14:e6:07:
         83:76:5c:a3:65:5a:1b:bb:c3:f9:c7:26:3e:3f:f7:7a:48:d4:
         88:9f:e2:93:74:29:c6:e5:27:83:7e:ae:c7:53:41:53:ef:66:
         81:08:47:d8:ef:4a:cf:39:c9:f8:bc:4d:e8:6a:6c:e9:3c:8d:
         f7:f5:c4:59:1b:19:af:be:71:82:c4:22:f2:17:e7:e7:46:94:
         01:90:13:32:fb:21:2b:72:6a:2f:a9:54:48:b6:2a:0c:c9:68:
         13:cd:12:40:9f:46:ba:86:e0:43:15:a3:dd:b9:81:8b:15:78:
         b9:77:06:27:16:ce:f6:39:0d:54:c5:da:1c:8e:eb:1c:bf:3a:
         da:01:35:06:4a:64:01:87:19:f5:ae:82:be:f2:17:70:3b:ee:
         fb:51:2a:6a:b5:8a:a3:1d:31:7f:4d:b2:5c:d0:78:a2:72:f9:
         14:a7:cd:9c:9f:35:6b:2d:25:be:ba:7b:ba:95:a4:75:a9:30:
         45:10:8e:8e:8c:a8:a2:5c:bc:28:f0:e7:fb:4b:d1:2b:c1:b6:
         88:60:12:0b:a4:4f:08:1b:73:ac:cf:e8:f4:64:e6:e4:48:d3:
         ea:4b:d0:23:0c:d0:8d:fb:c5:54:17:3b:be:65:66:f6:c1:51:
         ef:67:3d:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5GP/mMIOFKlXR73v96fxBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNTIwMTYzNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzg5MWU2OGUyZDIxYWZlNjI2YjJkZWVjMDVlZGI2YzQzNmRmMWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNrfKH6QmGHIpLbQgKcIxQvjRDzM
lDT2wTe7zuPk59Q7Q1jgCejmbxOwkpl5KwreQJdLkkEcJV6Nwh95DeW8VY8zgWH1
W85DLi1r7yyWNgerSRTgcwpxwD0PFSyyrMCB4XCCDXJneIPq6v4ZTmBYgBIW8SRU
iMvzaExQBad7pam/T/hWbv8lDrq5JHssBRJK4+UZOrLkrZvExZtH9kCaS5Uqh9h8
XduisvmjaskFF9HHylyB5i/eHfSfH3XiiBTp3KxYC/7HoeNgWW8aKUhE20xp0Bv5
VrVHlqwu5gpiWW5zYlvWsAVM9cejiZeudkN+C7xFw3QruQG5/MUYTv3cLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOJHmji0hr+Ymst7sBe22xDbfHQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvczRrZWFPTFNHdjVpYXkzdXdGN2JiRU50OGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR8vMA0G
CSqGSIb3DQEBCwUAA4IBAQCDkytx17+2K2MP9QBB7N8U5geDdlyjZVobu8P5xyY+
P/d6SNSIn+KTdCnG5SeDfq7HU0FT72aBCEfY70rPOcn4vE3oamzpPI339cRZGxmv
vnGCxCLyF+fnRpQBkBMy+yErcmovqVRItioMyWgTzRJAn0a6huBDFaPduYGLFXi5
dwYnFs72OQ1UxdocjuscvzraATUGSmQBhxn1roK+8hdwO+77USpqtYqjHTF/TbJc
0HiicvkUp82cnzVrLSW+unu6laR1qTBFEI6OjKiiXLwo8Of7S9ErwbaIYBILpE8I
G3Osz+j0ZObkSNPqS9AjDNCN+8VUFzu+ZWb2wVHvZz3Z
-----END CERTIFICATE-----