Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/OYUqnwa8yQK0vig2w6Um7A1Wcg4.roa
File:                     OYUqnwa8yQK0vig2w6Um7A1Wcg4.roa (raw, json)
Hash identifier:          vSXWDq1SS7TbMrb96ytcbFUS3oNQ6vxE3t+U54lGeWc=
Subject key identifier:   39:85:2A:9F:06:BC:C9:02:B4:BE:28:36:C3:A5:26:EC:0D:56:72:0E
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       019DA57CEBB563BFA0F125950B9CD26113D7
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/OYUqnwa8yQK0vig2w6Um7A1Wcg4.roa
Signing time:             Sun 19 Apr 2026 11:25:20 +0000
ROA not before:           Sun 19 Apr 2026 11:25:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9002
IP address blocks:        81.19.134.0/24 maxlen: 24
                          2a10:ad80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a5:7c:eb:b5:63:bf:a0:f1:25:95:0b:9c:d2:61:13:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Apr 19 11:25:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=39852a9f06bcc902b4be2836c3a526ec0d56720e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:cb:e2:5f:85:9c:b5:af:8f:2d:2f:c6:5d:73:
                    19:1a:48:80:44:f7:e8:48:d2:db:d8:dd:eb:f1:b6:
                    13:d1:ac:69:12:3d:1a:ed:dd:96:84:7d:18:fd:ba:
                    d5:f5:c9:c7:af:21:f2:08:9f:f0:e2:8b:06:00:e1:
                    03:84:eb:8f:16:63:0c:b6:b5:55:6a:74:fc:4f:7c:
                    09:01:4f:d6:70:ac:e4:06:8c:68:c9:6e:91:27:9e:
                    c3:72:7b:f7:ac:49:0e:43:f5:a8:45:72:05:1c:0f:
                    2f:0d:c4:b2:ab:d9:2c:da:44:70:e9:10:62:12:af:
                    87:51:04:73:2d:07:a6:93:d9:55:19:68:e6:4f:22:
                    71:e0:fb:9c:c7:09:e7:27:fd:a5:45:87:01:2d:a9:
                    aa:ef:54:7e:ce:cb:39:bb:79:05:02:21:69:b8:4d:
                    c5:34:05:16:84:5b:22:22:87:af:0a:1e:06:8a:42:
                    8f:28:f3:bc:69:13:65:88:e7:5a:e8:39:50:e2:00:
                    1f:9b:fd:10:13:3c:75:52:8b:30:75:c8:42:59:2e:
                    b4:2b:bd:6d:54:5c:53:f1:60:21:4a:fc:f4:34:39:
                    06:a6:69:32:68:cd:e8:2c:b2:c5:03:f2:cd:17:bf:
                    4e:2e:9b:ad:ec:52:62:3d:73:9b:9b:10:9d:6e:c0:
                    df:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:85:2A:9F:06:BC:C9:02:B4:BE:28:36:C3:A5:26:EC:0D:56:72:0E
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/OYUqnwa8yQK0vig2w6Um7A1Wcg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.134.0/24
                IPv6:
                  2a10:ad80::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:d3:8e:33:09:32:15:c2:55:a7:63:2c:04:54:d0:04:9b:ba:
         72:f3:4f:3e:e1:1e:f2:8b:a3:f2:2a:c8:52:43:43:c9:ea:2d:
         e8:ae:68:4c:df:6e:b1:36:39:6a:5f:38:23:08:73:10:2a:ec:
         34:62:ab:56:0e:3e:46:f5:ee:d3:0b:4a:f6:4e:c1:b8:ca:c4:
         dc:f7:11:a0:bc:0f:c9:00:f2:a7:50:3b:78:15:05:30:39:12:
         da:41:9c:f9:31:ef:cc:a9:4e:75:7f:c2:2a:af:8d:e0:81:34:
         7d:1a:93:b8:d0:13:87:20:78:83:4e:b0:40:62:18:a6:46:f5:
         72:4c:c1:6e:9c:5a:95:d7:d2:88:89:3d:e0:28:e5:8a:fd:8b:
         c7:c2:db:6d:10:06:4d:5c:07:6d:ae:f1:ca:a1:c0:fb:c6:e0:
         f3:f3:92:be:23:c5:a2:2d:46:57:0e:d6:c4:97:38:26:95:47:
         b4:84:c8:43:03:fc:46:15:de:bc:bf:fb:e0:d5:c7:4a:27:b4:
         dd:fd:ee:77:97:0b:f2:cd:d0:13:d0:c2:88:0a:c7:37:cf:a4:
         70:fb:bc:51:4b:3a:33:28:8d:16:ab:0c:2a:6b:5a:25:5d:65:
         6d:f9:60:2a:c2:05:8e:7c:94:ff:55:7f:f6:e1:2c:ae:55:94:
         a2:65:95:0a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ2lfOu1Y7+g8SWVC5zSYRPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjYwNDE5MTEyNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTg1MmE5ZjA2YmNjOTAyYjRiZTI4MzZjM2E1MjZlYzBkNTY3MjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cviX4Wcta+PLS/GXXMZGkiARPfo
SNLb2N3r8bYT0axpEj0a7d2WhH0Y/brV9cnHryHyCJ/w4osGAOEDhOuPFmMMtrVV
anT8T3wJAU/WcKzkBoxoyW6RJ57Dcnv3rEkOQ/WoRXIFHA8vDcSyq9ks2kRw6RBi
Eq+HUQRzLQemk9lVGWjmTyJx4PucxwnnJ/2lRYcBLamq71R+zss5u3kFAiFpuE3F
NAUWhFsiIoevCh4GikKPKPO8aRNliOda6DlQ4gAfm/0QEzx1UoswdchCWS60K71t
VFxT8WAhSvz0NDkGpmkyaM3oLLLFA/LNF79OLput7FJiPXObmxCdbsDfRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDmFKp8GvMkCtL4oNsOlJuwNVnIOMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvT1lVcW53YTh5UUswdmlnMnc2VW03QTFXY2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUROGMA8E
AgACMAkDBwAqEK2AAAAwDQYJKoZIhvcNAQELBQADggEBAIfTjjMJMhXCVadjLARU
0ASbunLzTz7hHvKLo/IqyFJDQ8nqLeiuaEzfbrE2OWpfOCMIcxAq7DRiq1YOPkb1
7tMLSvZOwbjKxNz3EaC8D8kA8qdQO3gVBTA5EtpBnPkx78ypTnV/wiqvjeCBNH0a
k7jQE4cgeINOsEBiGKZG9XJMwW6cWpXX0oiJPeAo5Yr9i8fC220QBk1cB22u8cqh
wPvG4PPzkr4jxaItRlcO1sSXOCaVR7SEyEMD/EYV3ry/++DVx0ontN397neXC/LN
0BPQwogKxzfPpHD7vFFLOjMojRarDCprWiVdZW35YCrCBY58lP9Vf/bhLK5VlKJl
lQo=
-----END CERTIFICATE-----