Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/4lh6zuN-Tq_BcgExhVd8NBQchD4.roa
File:                     4lh6zuN-Tq_BcgExhVd8NBQchD4.roa (raw, json)
Hash identifier:          P5LL4+rUzqUyR015fjGrIwNYgLO0xwDg5m3oq2ToJRo=
Subject key identifier:   E2:58:7A:CE:E3:7E:4E:AF:C1:72:01:31:85:57:7C:34:14:1C:84:3E
Certificate issuer:       /CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
Certificate serial:       019E468EAFBDB05BD21C9CF0A0B72A428D0B
Authority key identifier: 7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/4lh6zuN-Tq_BcgExhVd8NBQchD4.roa
Signing time:             Wed 20 May 2026 18:03:36 +0000
ROA not before:           Wed 20 May 2026 18:03:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61177
IP address blocks:        185.16.96.0/24 maxlen: 24
                          185.16.97.0/24 maxlen: 24
                          185.16.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 May 2026 20:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:8e:af:bd:b0:5b:d2:1c:9c:f0:a0:b7:2a:42:8d:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
        Validity
            Not Before: May 20 18:03:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2587acee37e4eafc172013185577c34141c843e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1c:39:bd:ed:eb:47:18:46:8c:1c:c1:ed:78:
                    05:7c:63:e3:36:32:03:bb:14:72:ee:99:93:9d:04:
                    a6:07:79:7b:52:e9:ad:cd:ab:b9:75:36:9f:85:01:
                    1d:0d:90:66:6c:a7:8f:de:fa:69:12:7e:60:84:af:
                    e5:92:17:2c:92:60:a8:1e:02:e2:18:41:e5:4b:c0:
                    5b:00:73:da:6f:74:47:7c:f9:b3:4a:38:63:cc:87:
                    f2:53:a7:63:6f:8a:ac:dc:90:e7:c5:ba:5f:57:8d:
                    26:d2:c1:d0:27:e6:a4:05:35:45:94:05:8f:86:7f:
                    b4:97:78:01:04:1c:1b:5d:35:4a:9c:e5:c1:bb:3b:
                    f9:d4:61:05:31:12:8e:bf:b4:87:9f:41:0b:53:eb:
                    3a:78:fd:46:b5:41:2a:87:a6:c1:e8:1e:8e:67:01:
                    65:de:5e:be:0d:3d:d7:c6:75:c0:e4:4c:89:92:3e:
                    15:7f:9b:6c:b3:88:bd:a8:1a:e8:44:bd:34:89:16:
                    af:77:d1:70:89:ee:14:b7:41:0d:2b:1f:84:d9:7c:
                    99:a8:dd:67:d8:16:b3:7c:d9:84:fc:02:b3:bd:9a:
                    00:83:9a:05:ab:21:8f:1a:21:e9:d8:a7:c1:20:7b:
                    07:d6:30:b3:8a:19:2a:79:80:7d:47:c5:3b:af:b2:
                    36:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:58:7A:CE:E3:7E:4E:AF:C1:72:01:31:85:57:7C:34:14:1C:84:3E
            X509v3 Authority Key Identifier:
                keyid:7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/4lh6zuN-Tq_BcgExhVd8NBQchD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.96.0/23
                  185.16.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:39:73:d8:82:72:f5:47:3e:f0:ab:9e:45:08:0c:d2:07:3c:
         4f:eb:95:f4:5d:d2:8f:a9:33:c9:91:7b:10:1f:68:73:23:8c:
         d6:88:88:5c:e3:e6:ff:53:29:ce:b2:68:2e:47:2c:14:a1:65:
         9d:ce:f4:55:65:f0:27:5a:f3:e7:3b:cd:a9:23:19:f8:46:03:
         a3:42:e4:98:36:6b:62:20:2a:12:36:18:2e:22:b6:fb:4c:81:
         04:77:ff:d2:a4:95:5b:23:bc:d9:66:6d:41:d4:ef:af:2a:1f:
         31:f7:b2:47:b7:5b:fa:6f:8a:52:ca:81:e4:dc:1e:b0:0c:5b:
         12:28:09:16:51:af:9c:dd:a4:85:2a:70:df:48:fe:6c:11:65:
         35:85:a8:0d:12:cf:5d:e3:d9:f8:dd:26:98:d7:17:54:40:bc:
         87:50:2d:2d:d7:20:64:fb:53:93:b4:a0:96:0d:70:87:e9:d4:
         f9:bc:10:7a:5d:cf:93:3a:5c:d4:14:69:11:fd:0e:3c:15:a4:
         a2:7d:75:c6:d7:15:49:1b:3b:9c:a4:fe:33:89:d2:34:cc:6f:
         5e:89:cb:77:c9:56:c6:4d:9d:ef:fb:9f:6a:d1:69:d5:f7:0f:
         c3:ab:0a:6b:76:32:4e:ba:e1:9f:52:31:6a:bb:8e:77:8d:5f:
         84:19:c2:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5Gjq+9sFvSHJzwoLcqQo0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZWIwYWVjNjM5NDlmNDEyNWM3M2FhNjE3N2VhMGI3MjFk
NTI3YmIwHhcNMjYwNTIwMTgwMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjU4N2FjZWUzN2U0ZWFmYzE3MjAxMzE4NTU3N2MzNDE0MWM4NDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhw5ve3rRxhGjBzB7XgFfGPjNjID
uxRy7pmTnQSmB3l7Uumtzau5dTafhQEdDZBmbKeP3vppEn5ghK/lkhcskmCoHgLi
GEHlS8BbAHPab3RHfPmzSjhjzIfyU6djb4qs3JDnxbpfV40m0sHQJ+akBTVFlAWP
hn+0l3gBBBwbXTVKnOXBuzv51GEFMRKOv7SHn0ELU+s6eP1GtUEqh6bB6B6OZwFl
3l6+DT3XxnXA5EyJkj4Vf5tss4i9qBroRL00iRavd9Fwie4Ut0ENKx+E2XyZqN1n
2BazfNmE/AKzvZoAg5oFqyGPGiHp2KfBIHsH1jCzihkqeYB9R8U7r7I2twIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOJYes7jfk6vwXIBMYVXfDQUHIQ+MB8GA1UdIwQY
MBaAFH7rCuxjlJ9BJcc6phd+oLch1Se7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMt
ZDI2ZDdkNGMyNTA1LzEvNGxoNnp1Ti1UcV9CY2dFeGhWZDhOQlFjaEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMtZDI2ZDdkNGMyNTA1
LzEvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuRBgAwQA
uRBjMA0GCSqGSIb3DQEBCwUAA4IBAQAtOXPYgnL1Rz7wq55FCAzSBzxP65X0XdKP
qTPJkXsQH2hzI4zWiIhc4+b/UynOsmguRywUoWWdzvRVZfAnWvPnO82pIxn4RgOj
QuSYNmtiICoSNhguIrb7TIEEd//SpJVbI7zZZm1B1O+vKh8x97JHt1v6b4pSyoHk
3B6wDFsSKAkWUa+c3aSFKnDfSP5sEWU1hagNEs9d49n43SaY1xdUQLyHUC0t1yBk
+1OTtKCWDXCH6dT5vBB6Xc+TOlzUFGkR/Q48FaSifXXG1xVJGzucpP4zidI0zG9e
ict3yVbGTZ3v+59q0WnV9w/DqwprdjJOuuGfUjFqu453jV+EGcKz
-----END CERTIFICATE-----