Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/RgoVuEZzrB6iPeoDkS2VZ5UJEjM.roa
File:                     RgoVuEZzrB6iPeoDkS2VZ5UJEjM.roa (raw, json)
Hash identifier:          7eIfiRclCfgNOCGCCRoqijzNwFTi6X6q7V5T2mrxMRU=
Subject key identifier:   46:0A:15:B8:46:73:AC:1E:A2:3D:EA:03:91:2D:95:67:95:09:12:33
Certificate issuer:       /CN=43015654082578c4946cd27be1e89a3dd7562fa4
Certificate serial:       019E2B9B47635931E115D25D1FE0A4C04F2D
Authority key identifier: 43:01:56:54:08:25:78:C4:94:6C:D2:7B:E1:E8:9A:3D:D7:56:2F:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwFWVAgleMSUbNJ74eiaPddWL6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/RgoVuEZzrB6iPeoDkS2VZ5UJEjM.roa
Signing time:             Fri 15 May 2026 12:27:37 +0000
ROA not before:           Fri 15 May 2026 12:27:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49127
IP address blocks:        83.98.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/QwFWVAgleMSUbNJ74eiaPddWL6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/QwFWVAgleMSUbNJ74eiaPddWL6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QwFWVAgleMSUbNJ74eiaPddWL6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:9b:47:63:59:31:e1:15:d2:5d:1f:e0:a4:c0:4f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43015654082578c4946cd27be1e89a3dd7562fa4
        Validity
            Not Before: May 15 12:27:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=460a15b84673ac1ea23dea03912d956795091233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e9:99:f3:10:57:1e:0e:fa:1c:5d:da:c6:0b:
                    10:e7:b4:2c:30:44:f6:3c:ad:19:ad:8c:3e:ea:95:
                    1f:5e:dd:db:a4:9d:16:54:80:98:8e:34:8a:2b:1e:
                    ac:40:b2:bc:cd:c2:a1:e7:91:f6:75:b8:21:a1:04:
                    2a:94:f6:39:9e:94:f9:63:bf:a6:cc:5a:8c:8a:99:
                    33:25:c9:7e:d6:af:7a:40:1e:ca:c7:a4:ce:9e:7f:
                    aa:2f:19:f2:a4:6c:88:e2:23:43:ca:51:af:55:9b:
                    ef:55:1c:6b:ff:c1:4d:fc:b9:ac:a2:f0:1a:56:c8:
                    36:c4:bb:6c:3f:b1:7f:cb:7f:ec:f6:f3:59:b0:db:
                    a6:de:c2:9c:1a:da:ae:d5:ff:60:9b:6c:d0:e6:81:
                    c5:8f:2f:fe:1d:26:60:2f:c3:c7:03:88:83:53:fc:
                    af:e9:65:5f:41:7e:5a:dd:47:22:bf:6c:2a:a5:16:
                    26:b4:e2:43:13:e8:ba:b8:11:ec:5c:44:2a:36:d9:
                    2b:40:8b:f9:46:28:4b:f1:2f:4f:06:d2:b4:42:d2:
                    3c:64:e1:d3:6b:79:10:49:3d:26:f1:e3:48:94:ef:
                    2e:9d:f9:f9:5e:08:58:ab:5e:20:41:e8:70:34:a9:
                    12:37:d9:d5:7b:50:c9:24:43:3e:94:2b:ad:f5:e5:
                    ff:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:0A:15:B8:46:73:AC:1E:A2:3D:EA:03:91:2D:95:67:95:09:12:33
            X509v3 Authority Key Identifier:
                keyid:43:01:56:54:08:25:78:C4:94:6C:D2:7B:E1:E8:9A:3D:D7:56:2F:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwFWVAgleMSUbNJ74eiaPddWL6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/RgoVuEZzrB6iPeoDkS2VZ5UJEjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/QwFWVAgleMSUbNJ74eiaPddWL6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.98.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:4a:b4:9f:03:66:ff:93:b4:59:2b:c5:bb:00:09:36:1b:bd:
         9e:c8:95:02:db:dc:23:50:e6:1d:60:e8:40:b4:26:84:15:28:
         5c:39:ce:9e:00:2a:87:1c:65:54:a7:6f:67:11:6f:a0:cc:a4:
         6d:68:d6:ec:46:6f:5d:82:ce:48:94:a6:ec:59:df:7e:92:02:
         04:1d:20:c2:63:51:16:7d:cb:41:9c:3d:ac:ac:51:dc:d2:51:
         4f:81:e5:3b:a8:d8:ab:5a:d6:5a:46:51:bd:aa:6a:a8:4a:91:
         18:c4:77:90:da:2b:66:8e:49:2e:98:22:7a:83:6f:c1:7c:44:
         51:50:54:6f:56:e9:8d:b3:a2:db:dd:f5:a4:9e:27:0f:78:bc:
         a7:5a:0c:ca:cc:9d:9b:9a:1d:48:4a:b5:6c:d5:b9:06:27:b5:
         d8:2e:a5:43:93:52:bf:aa:75:76:a0:96:cd:96:82:bf:10:35:
         ed:01:9c:d3:9c:c1:c2:98:8f:c3:2d:83:60:26:7b:38:0e:b0:
         da:02:1b:10:5c:17:5b:96:23:43:f9:60:4d:05:9a:f5:d5:75:
         47:6f:21:40:4a:3c:76:ec:a4:33:79:c7:98:ae:a0:3c:2f:4f:
         4d:fc:87:70:1a:4f:bf:a2:d5:0a:13:46:36:ba:fa:03:3b:41:
         b4:d3:67:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rm0djWTHhFdJdH+CkwE8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDE1NjU0MDgyNTc4YzQ5NDZjZDI3YmUxZTg5YTNkZDc1
NjJmYTQwHhcNMjYwNTE1MTIyNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjBhMTViODQ2NzNhYzFlYTIzZGVhMDM5MTJkOTU2Nzk1MDkxMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+mZ8xBXHg76HF3axgsQ57QsMET2
PK0ZrYw+6pUfXt3bpJ0WVICYjjSKKx6sQLK8zcKh55H2dbghoQQqlPY5npT5Y7+m
zFqMipkzJcl+1q96QB7Kx6TOnn+qLxnypGyI4iNDylGvVZvvVRxr/8FN/LmsovAa
Vsg2xLtsP7F/y3/s9vNZsNum3sKcGtqu1f9gm2zQ5oHFjy/+HSZgL8PHA4iDU/yv
6WVfQX5a3Uciv2wqpRYmtOJDE+i6uBHsXEQqNtkrQIv5RihL8S9PBtK0QtI8ZOHT
a3kQST0m8eNIlO8unfn5XghYq14gQehwNKkSN9nVe1DJJEM+lCut9eX/1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYKFbhGc6weoj3qA5EtlWeVCRIzMB8GA1UdIwQY
MBaAFEMBVlQIJXjElGzSe+Homj3XVi+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdGV1ZBZ2xlTVNVYk5KNzRlaWFQZGRXTDZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jMjdmYTYtYjJiMC00ZGNiLWE4OTkt
MTAzMGNkYmU2YmQ0LzEvUmdvVnVFWnpyQjZpUGVvRGtTMlZaNVVKRWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jMjdmYTYtYjJiMC00ZGNiLWE4OTktMTAzMGNkYmU2YmQ0
LzEvUXdGV1ZBZ2xlTVNVYk5KNzRlaWFQZGRXTDZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU2KdMA0G
CSqGSIb3DQEBCwUAA4IBAQBLSrSfA2b/k7RZK8W7AAk2G72eyJUC29wjUOYdYOhA
tCaEFShcOc6eACqHHGVUp29nEW+gzKRtaNbsRm9dgs5IlKbsWd9+kgIEHSDCY1EW
fctBnD2srFHc0lFPgeU7qNirWtZaRlG9qmqoSpEYxHeQ2itmjkkumCJ6g2/BfERR
UFRvVumNs6Lb3fWknicPeLynWgzKzJ2bmh1ISrVs1bkGJ7XYLqVDk1K/qnV2oJbN
loK/EDXtAZzTnMHCmI/DLYNgJns4DrDaAhsQXBdbliND+WBNBZr11XVHbyFASjx2
7KQzeceYrqA8L09N/IdwGk+/otUKE0Y2uvoDO0G002f7
-----END CERTIFICATE-----