Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/4F0qq7jfLgA4RD6gA7xmoqFDdAQ.roa
File:                     4F0qq7jfLgA4RD6gA7xmoqFDdAQ.roa (raw, json)
Hash identifier:          9eu4ch/L8yFJeyFrLuDangAXcD7SJ7FBYBZ7Pt6AAHE=
Subject key identifier:   E0:5D:2A:AB:B8:DF:2E:00:38:44:3E:A0:03:BC:66:A2:A1:43:74:04
Certificate issuer:       /CN=380b283a0513940d520a680b8b3d14dbc367770d
Certificate serial:       019E9750B765D67D9C27EE50BB7665619F6F
Authority key identifier: 38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/4F0qq7jfLgA4RD6gA7xmoqFDdAQ.roa
Signing time:             Fri 05 Jun 2026 10:25:09 +0000
ROA not before:           Fri 05 Jun 2026 10:25:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57771
IP address blocks:        185.54.94.0/24 maxlen: 24
                          2a00:8641::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:50:b7:65:d6:7d:9c:27:ee:50:bb:76:65:61:9f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380b283a0513940d520a680b8b3d14dbc367770d
        Validity
            Not Before: Jun  5 10:25:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e05d2aabb8df2e0038443ea003bc66a2a1437404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fc:e2:a5:18:31:07:08:a1:94:1e:96:e5:00:
                    d5:69:ed:d5:2b:46:e9:68:cd:82:f0:33:c5:e5:4b:
                    62:77:29:ce:f5:1a:7a:b4:3d:49:e8:34:81:17:e3:
                    3c:66:9f:45:e2:4a:d9:03:1b:01:19:53:40:37:a8:
                    de:40:68:be:5f:c3:ad:5e:ce:66:0d:71:84:0a:ea:
                    2b:2d:2d:56:59:6c:b1:39:b2:71:d1:17:70:50:a0:
                    87:9b:30:5c:a4:a5:34:2b:78:19:3c:79:28:6b:63:
                    0a:dd:09:bb:e0:8b:a8:15:c4:9c:2f:31:46:68:b3:
                    f4:af:7f:58:39:2b:aa:6d:ff:59:97:18:96:a2:8c:
                    93:0a:f9:78:31:07:75:26:65:c4:f4:87:17:37:b0:
                    41:68:e8:1b:45:b9:62:61:40:08:1a:33:ac:9f:a4:
                    c9:68:2c:d8:14:85:46:35:25:b0:93:3a:09:4b:62:
                    f2:0e:61:bd:bb:97:ef:0d:94:04:1c:5e:c2:30:68:
                    31:6b:d0:eb:33:57:c9:b8:f5:3a:6b:3c:cf:15:8f:
                    58:a1:bf:22:d9:59:ee:73:18:47:b8:5b:16:ee:e3:
                    bc:28:f0:af:32:41:67:fe:71:69:a0:c9:44:48:2f:
                    08:26:5e:e1:af:e7:82:d7:67:af:36:f9:fd:c6:c8:
                    d2:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:5D:2A:AB:B8:DF:2E:00:38:44:3E:A0:03:BC:66:A2:A1:43:74:04
            X509v3 Authority Key Identifier:
                keyid:38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/4F0qq7jfLgA4RD6gA7xmoqFDdAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.94.0/24
                IPv6:
                  2a00:8641::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:78:66:74:70:f9:a2:4f:20:ad:c4:62:ea:3a:c1:44:fa:d8:
         2b:df:e8:e7:51:d1:ca:2e:c0:a4:b1:9a:0a:11:78:47:44:f5:
         15:dd:f8:9b:aa:a1:45:6d:c2:fd:a0:6a:ed:e2:a3:4f:5e:60:
         c3:1a:60:b6:0f:51:c9:73:93:6d:f9:1a:f0:94:f7:f8:79:74:
         44:70:58:95:4e:92:34:9d:d2:27:79:1c:66:0a:e7:c6:27:38:
         68:f5:e1:ca:ff:02:58:b5:11:6e:3b:36:8c:5b:7f:e3:7e:72:
         1c:6b:be:3e:2f:a9:5a:cb:0d:19:20:24:84:11:45:72:ef:d7:
         25:ef:04:31:fb:5a:9d:ff:57:b4:d1:94:36:b3:1e:bd:17:ec:
         39:1e:5a:55:f5:25:89:56:84:e4:5d:07:59:89:1a:8d:fc:1a:
         69:ba:cf:39:b3:27:21:8f:0c:93:ec:db:14:b3:9a:93:99:95:
         47:14:10:61:d3:ae:00:a7:57:8f:69:09:44:de:be:90:ce:17:
         2b:d4:86:af:8f:a7:0c:4e:90:60:e9:5c:25:f5:fa:ca:60:6a:
         46:06:8d:f3:4a:74:74:20:fd:06:94:fa:63:aa:a0:a5:6a:77:
         e2:56:0c:36:0d:99:3f:51:ac:03:69:31:fe:27:bb:de:2b:72:
         e6:83:e3:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ6XULdl1n2cJ+5Qu3ZlYZ9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGIyODNhMDUxMzk0MGQ1MjBhNjgwYjhiM2QxNGRiYzM2
Nzc3MGQwHhcNMjYwNjA1MTAyNTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDVkMmFhYmI4ZGYyZTAwMzg0NDNlYTAwM2JjNjZhMmExNDM3NDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfzipRgxBwihlB6W5QDVae3VK0bp
aM2C8DPF5UtidynO9Rp6tD1J6DSBF+M8Zp9F4krZAxsBGVNAN6jeQGi+X8OtXs5m
DXGECuorLS1WWWyxObJx0RdwUKCHmzBcpKU0K3gZPHkoa2MK3Qm74IuoFcScLzFG
aLP0r39YOSuqbf9ZlxiWooyTCvl4MQd1JmXE9IcXN7BBaOgbRbliYUAIGjOsn6TJ
aCzYFIVGNSWwkzoJS2LyDmG9u5fvDZQEHF7CMGgxa9DrM1fJuPU6azzPFY9Yob8i
2VnucxhHuFsW7uO8KPCvMkFn/nFpoMlESC8IJl7hr+eC12evNvn9xsjSzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOBdKqu43y4AOEQ+oAO8ZqKhQ3QEMB8GA1UdIwQY
MBaAFDgLKDoFE5QNUgpoC4s9FNvDZ3cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEt
Y2NmNjQ1NGJiMjRjLzEvNEYwcXE3amZMZ0E0UkQ2Z0E3eG1vcUZEZEFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEtY2NmNjQ1NGJiMjRj
LzEvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTZeMA0E
AgACMAcDBQAqAIZBMA0GCSqGSIb3DQEBCwUAA4IBAQApeGZ0cPmiTyCtxGLqOsFE
+tgr3+jnUdHKLsCksZoKEXhHRPUV3fibqqFFbcL9oGrt4qNPXmDDGmC2D1HJc5Nt
+RrwlPf4eXREcFiVTpI0ndIneRxmCufGJzho9eHK/wJYtRFuOzaMW3/jfnIca74+
L6layw0ZICSEEUVy79cl7wQx+1qd/1e00ZQ2sx69F+w5HlpV9SWJVoTkXQdZiRqN
/Bppus85sychjwyT7NsUs5qTmZVHFBBh064Ap1ePaQlE3r6Qzhcr1Iavj6cMTpBg
6Vwl9frKYGpGBo3zSnR0IP0GlPpjqqClanfiVgw2DZk/UawDaTH+J7veK3Lmg+MG
-----END CERTIFICATE-----