Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/4lzSs8W2GWMch7tAczphFQKoA3M.roa
File:                     4lzSs8W2GWMch7tAczphFQKoA3M.roa (raw, json)
Hash identifier:          C/+A63uamFGvYKmSNRe6/EapSXL9lnVCn+UPv7Jr3OA=
Subject key identifier:   E2:5C:D2:B3:C5:B6:19:63:1C:87:BB:40:73:3A:61:15:02:A8:03:73
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E35784CEE5C36B3C2CF17C57F41F43BE4
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/4lzSs8W2GWMch7tAczphFQKoA3M.roa
Signing time:             Sun 17 May 2026 10:25:36 +0000
ROA not before:           Sun 17 May 2026 10:25:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152918
IP address blocks:        178.253.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:35:78:4c:ee:5c:36:b3:c2:cf:17:c5:7f:41:f4:3b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 17 10:25:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e25cd2b3c5b619631c87bb40733a611502a80373
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:17:b9:88:22:4a:a4:cc:63:29:a9:cf:e7:3d:
                    6f:5e:e3:ee:18:43:33:cb:26:89:a5:32:3c:fd:5a:
                    7b:0b:81:f3:c7:91:ba:ee:4e:6f:1d:97:16:6e:39:
                    52:99:4a:72:b6:e3:bb:78:15:c2:3d:4d:08:9e:4d:
                    cf:b8:aa:0a:0a:70:24:18:45:c7:42:f2:81:66:01:
                    6b:98:19:bc:8b:2f:06:84:c3:ad:d8:55:29:b5:67:
                    f4:46:9c:b6:ad:bd:72:de:d9:04:1a:a1:60:e5:cc:
                    f3:53:7a:ad:79:c5:e9:99:e4:a1:57:56:23:c4:d9:
                    40:f1:c3:ed:58:79:3f:99:0e:ff:aa:53:82:c3:df:
                    70:82:7c:bb:10:12:c9:74:49:e5:84:c9:b2:00:ae:
                    de:3a:14:2a:3a:69:db:a6:9e:eb:b3:76:3e:32:7f:
                    c7:8c:bb:36:9f:81:d8:03:8d:88:17:f9:32:5c:51:
                    12:65:40:27:25:3b:0a:47:f7:d0:d6:0c:dc:d4:bd:
                    78:d6:89:d2:6e:e2:8b:71:f7:19:70:bb:a4:f8:cd:
                    39:0a:27:2d:c2:5a:40:03:f9:48:c8:38:54:d5:c2:
                    b2:c2:0e:8c:a4:28:69:70:18:b5:37:cd:cc:34:87:
                    46:43:91:ec:0e:91:86:c9:7e:cc:72:a5:de:a8:3f:
                    fd:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:5C:D2:B3:C5:B6:19:63:1C:87:BB:40:73:3A:61:15:02:A8:03:73
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/4lzSs8W2GWMch7tAczphFQKoA3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:d0:89:28:c4:ff:b8:ee:6d:d3:3b:b7:31:3b:89:2d:41:ed:
         f1:8a:be:48:76:de:31:9d:5c:3d:b7:76:32:6f:50:1f:e7:55:
         ba:8a:7c:cb:50:02:c2:e2:a8:83:e9:89:1d:0a:12:08:4c:7f:
         57:5d:df:6f:4c:4e:76:b0:ec:8b:fa:24:da:85:cb:cb:f1:b2:
         1d:77:38:11:ac:0f:e9:cf:cc:c2:45:97:08:0a:9a:b8:53:f4:
         32:e1:b9:89:d3:1e:2f:88:16:dd:c0:c6:25:1e:3e:60:c6:69:
         05:5b:4c:9f:29:7d:e4:05:6c:c1:bf:3f:ed:cc:5d:f7:68:8c:
         e2:9b:a4:c4:71:21:18:d8:92:68:b4:7a:f5:63:32:b5:63:6c:
         cf:59:3c:bd:ba:d7:3c:77:3f:ae:6d:dd:de:a3:be:ab:b7:51:
         a6:68:76:05:01:cd:e6:99:f7:8f:1c:d0:5c:00:c3:71:4d:89:
         23:a6:8a:ae:55:d0:6f:e7:00:65:22:d5:46:87:8c:74:5e:dc:
         ad:cb:62:ab:af:b9:82:fe:58:24:21:30:6f:85:6a:6b:4d:67:
         f4:d4:e1:d4:0f:8e:f2:0a:9a:ce:0b:ec:29:4e:55:38:1e:21:
         7a:77:64:31:79:93:93:ca:c6:bd:9f:af:af:4e:8e:35:13:84:
         1c:d6:46:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ41eEzuXDazws8XxX9B9DvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTE3MTAyNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjVjZDJiM2M1YjYxOTYzMWM4N2JiNDA3MzNhNjExNTAyYTgwMzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxe5iCJKpMxjKanP5z1vXuPuGEMz
yyaJpTI8/Vp7C4Hzx5G67k5vHZcWbjlSmUpytuO7eBXCPU0Ink3PuKoKCnAkGEXH
QvKBZgFrmBm8iy8GhMOt2FUptWf0Rpy2rb1y3tkEGqFg5czzU3qtecXpmeShV1Yj
xNlA8cPtWHk/mQ7/qlOCw99wgny7EBLJdEnlhMmyAK7eOhQqOmnbpp7rs3Y+Mn/H
jLs2n4HYA42IF/kyXFESZUAnJTsKR/fQ1gzc1L141onSbuKLcfcZcLuk+M05Cict
wlpAA/lIyDhU1cKywg6MpChpcBi1N83MNIdGQ5HsDpGGyX7McqXeqD/9NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJc0rPFthljHIe7QHM6YRUCqANzMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvNGx6U3M4VzJHV01jaDd0QWN6cGhGUUtvQTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3vMA0G
CSqGSIb3DQEBCwUAA4IBAQA60IkoxP+47m3TO7cxO4ktQe3xir5Idt4xnVw9t3Yy
b1Af51W6inzLUALC4qiD6YkdChIITH9XXd9vTE52sOyL+iTahcvL8bIddzgRrA/p
z8zCRZcICpq4U/Qy4bmJ0x4viBbdwMYlHj5gxmkFW0yfKX3kBWzBvz/tzF33aIzi
m6TEcSEY2JJotHr1YzK1Y2zPWTy9utc8dz+ubd3eo76rt1GmaHYFAc3mmfePHNBc
AMNxTYkjpoquVdBv5wBlItVGh4x0Xtyty2Krr7mC/lgkITBvhWprTWf01OHUD47y
CprOC+wpTlU4HiF6d2QxeZOTysa9n6+vTo41E4Qc1kaK
-----END CERTIFICATE-----