Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/4Kh-wiVIa_wF1R9W3XzccDNoVUc.roa
File:                     4Kh-wiVIa_wF1R9W3XzccDNoVUc.roa (raw, json)
Hash identifier:          U1SGZ7dHHdS8dvKLoriFmpqg5VQOSKSqAGTildLfbPQ=
Subject key identifier:   E0:A8:7E:C2:25:48:6B:FC:05:D5:1F:56:DD:7C:DC:70:33:68:55:47
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019E7361C32AAF6B560941DE752AFA8AD478
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/4Kh-wiVIa_wF1R9W3XzccDNoVUc.roa
Signing time:             Fri 29 May 2026 10:57:27 +0000
ROA not before:           Fri 29 May 2026 10:57:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        2a10:3c82::/32 maxlen: 32
                          2a10:3c86::/32 maxlen: 32
                          2a10:3c87::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 May 2026 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:61:c3:2a:af:6b:56:09:41:de:75:2a:fa:8a:d4:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 29 10:57:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0a87ec225486bfc05d51f56dd7cdc7033685547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7f:43:33:ad:53:0e:41:07:fa:5b:fc:24:06:
                    13:99:f4:78:1c:d2:81:ca:51:fe:10:98:51:f5:5f:
                    c8:de:b7:81:73:a5:b6:6b:ec:5d:f7:23:62:85:37:
                    33:5a:61:f7:6b:20:e6:82:8d:37:80:bc:19:ec:e9:
                    a5:6b:ab:21:28:f4:7c:be:d3:ed:dc:55:86:74:fc:
                    83:0f:e1:82:9e:a0:66:59:5e:03:91:8d:33:79:f9:
                    b3:b2:77:87:0f:96:a4:db:43:5e:a1:96:9b:67:b4:
                    13:83:c1:f4:34:e1:fe:f2:58:48:da:39:78:35:94:
                    7a:70:61:01:70:d6:61:47:b5:e2:76:0a:a0:8e:8a:
                    c5:82:db:a8:66:23:fb:ae:2c:69:c4:29:36:f8:81:
                    2d:7d:fa:dc:e0:02:4a:bb:be:0d:51:fd:d0:51:ba:
                    38:87:a7:97:17:2d:8b:fa:c8:0e:21:13:f8:70:54:
                    2e:12:ab:8e:72:ff:2e:7b:ae:79:03:44:8f:78:61:
                    dc:73:1e:2b:7d:15:8c:15:9e:84:ae:e1:3b:9a:76:
                    c9:06:b6:ac:a1:9e:7b:3d:dc:92:e6:7a:94:f6:d4:
                    ef:03:2c:7c:18:15:b0:f2:38:6a:0f:bd:f5:ad:45:
                    f1:56:62:85:5f:f8:67:4b:fd:c1:74:33:14:95:8e:
                    56:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A8:7E:C2:25:48:6B:FC:05:D5:1F:56:DD:7C:DC:70:33:68:55:47
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/4Kh-wiVIa_wF1R9W3XzccDNoVUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3c82::/32
                  2a10:3c86::/31

    Signature Algorithm: sha256WithRSAEncryption
         86:90:d0:73:03:4d:94:09:11:fe:f2:92:47:d6:23:cf:ec:f8:
         51:ac:ae:db:df:4c:5e:e6:f7:bf:0b:ab:05:f9:13:21:16:48:
         90:ea:c1:93:ce:ad:cb:f8:91:ef:90:01:53:86:ff:67:2b:38:
         04:6e:c7:15:20:18:97:5d:f2:86:2d:1f:a4:a7:84:b7:62:30:
         fa:8e:88:f2:34:01:14:a7:38:21:31:d8:88:69:52:bc:ba:77:
         f3:f1:06:81:b9:80:00:b2:ac:1a:16:9d:2f:62:10:67:ca:f9:
         c1:db:57:a0:ac:74:67:ff:9a:ed:2f:76:4b:d2:01:6b:1e:76:
         0c:43:c6:fa:ff:73:6e:84:33:f7:f1:be:d7:81:ff:4d:e6:94:
         9b:f1:7b:56:af:f6:54:5e:d1:3d:54:44:29:57:79:09:f1:cc:
         8f:68:7f:36:61:f1:a4:21:79:b8:5c:1c:b3:74:75:f7:93:26:
         af:50:6c:c7:2d:19:a6:27:16:c5:b5:2b:39:38:4c:5d:33:bb:
         12:57:e9:9e:c3:3e:39:93:02:a4:2e:24:06:5f:1a:36:e2:c3:
         c6:7d:1f:9f:2c:9d:98:88:f1:fc:79:c1:4f:4a:98:0b:cd:dc:
         d5:e2:e4:1f:1e:a1:a5:d6:67:ae:66:71:9d:1e:e6:e9:4d:fb:
         24:2c:16:fd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5zYcMqr2tWCUHedSr6itR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNTI5MTA1NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGE4N2VjMjI1NDg2YmZjMDVkNTFmNTZkZDdjZGM3MDMzNjg1NTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw39DM61TDkEH+lv8JAYTmfR4HNKB
ylH+EJhR9V/I3reBc6W2a+xd9yNihTczWmH3ayDmgo03gLwZ7Omla6shKPR8vtPt
3FWGdPyDD+GCnqBmWV4DkY0zefmzsneHD5ak20NeoZabZ7QTg8H0NOH+8lhI2jl4
NZR6cGEBcNZhR7XidgqgjorFgtuoZiP7rixpxCk2+IEtffrc4AJKu74NUf3QUbo4
h6eXFy2L+sgOIRP4cFQuEquOcv8ue655A0SPeGHccx4rfRWMFZ6EruE7mnbJBras
oZ57PdyS5nqU9tTvAyx8GBWw8jhqD731rUXxVmKFX/hnS/3BdDMUlY5WiwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOCofsIlSGv8BdUfVt183HAzaFVHMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvNEtoLXdpVklhX3dGMVI5VzNYemNjRE5vVlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhA8ggMF
ASoQPIYwDQYJKoZIhvcNAQELBQADggEBAIaQ0HMDTZQJEf7ykkfWI8/s+FGsrtvf
TF7m978LqwX5EyEWSJDqwZPOrcv4ke+QAVOG/2crOARuxxUgGJdd8oYtH6SnhLdi
MPqOiPI0ARSnOCEx2IhpUry6d/PxBoG5gACyrBoWnS9iEGfK+cHbV6CsdGf/mu0v
dkvSAWsedgxDxvr/c26EM/fxvteB/03mlJvxe1av9lRe0T1URClXeQnxzI9ofzZh
8aQhebhcHLN0dfeTJq9QbMctGaYnFsW1Kzk4TF0zuxJX6Z7DPjmTAqQuJAZfGjbi
w8Z9H58snZiI8fx5wU9KmAvN3NXi5B8eoaXWZ65mcZ0e5ulN+yQsFv0=
-----END CERTIFICATE-----