Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/4SHRDgDa8nRIMsnIbi-9l_IoDW4.roa
File:                     4SHRDgDa8nRIMsnIbi-9l_IoDW4.roa (raw, json)
Hash identifier:          mwHoplcyNYyzHFwU8xToZ8b4ZbZDDFLqXpxAFBxgxEg=
Subject key identifier:   E1:21:D1:0E:00:DA:F2:74:48:32:C9:C8:6E:2F:BD:97:F2:28:0D:6E
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019ED63882A339496E1BC436A68D7CF7CCE7
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/4SHRDgDa8nRIMsnIbi-9l_IoDW4.roa
Signing time:             Wed 17 Jun 2026 15:34:48 +0000
ROA not before:           Wed 17 Jun 2026 15:34:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197789
IP address blocks:        204.62.123.0/24 maxlen: 24
                          216.162.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 22 Jun 2026 00:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d6:38:82:a3:39:49:6e:1b:c4:36:a6:8d:7c:f7:cc:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Jun 17 15:34:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e121d10e00daf2744832c9c86e2fbd97f2280d6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:aa:d3:c4:b1:12:78:68:51:02:a3:79:4b:08:
                    96:28:3a:a1:a6:64:d3:41:39:5d:83:35:98:95:1f:
                    a9:29:d8:ac:fe:64:fb:64:69:6e:73:37:4a:24:98:
                    93:d0:94:1d:a6:f7:4a:59:cd:d5:26:8b:61:d5:86:
                    c6:62:15:10:9a:44:f5:6d:48:04:05:0a:c6:8f:a5:
                    bf:bf:3e:58:b3:44:f3:3d:1b:44:97:0a:07:c9:42:
                    c0:95:ec:92:09:95:7d:a9:05:f4:13:fa:35:51:8f:
                    13:d1:21:87:d2:f4:54:c1:70:50:18:19:c6:5e:67:
                    e4:22:6d:a2:64:8d:7f:50:c7:9c:d2:95:7e:76:4f:
                    d7:c2:82:e6:f6:63:64:94:e7:f4:db:40:55:1d:17:
                    37:3f:7f:58:47:a6:c6:5f:1a:a8:43:77:e3:58:2d:
                    dd:09:e6:03:3d:d7:2c:c5:4e:08:89:6a:d4:23:e6:
                    27:41:20:96:44:f8:84:c0:48:29:f6:2d:dc:e3:0f:
                    2f:c2:44:89:ea:96:bc:a0:3d:5e:d5:ea:57:85:a8:
                    21:b1:93:98:14:84:1b:20:b4:62:f8:62:a9:c7:dc:
                    ba:8a:5e:dd:22:a0:b6:ef:97:33:a7:ae:27:fe:3b:
                    d8:d1:2a:a8:86:1f:70:4c:73:a8:41:4d:f2:7b:31:
                    27:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:21:D1:0E:00:DA:F2:74:48:32:C9:C8:6E:2F:BD:97:F2:28:0D:6E
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/4SHRDgDa8nRIMsnIbi-9l_IoDW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.62.123.0/24
                  216.162.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:32:44:4d:2d:37:ca:5e:5f:d2:2b:77:e1:29:e8:fc:7c:2a:
         54:e5:2a:bd:c3:23:b5:72:c9:53:ca:51:e9:ec:c9:47:09:de:
         2a:20:2a:01:f0:fa:b4:89:19:2c:10:40:1f:89:6b:ae:0b:b0:
         d0:ef:75:ee:a5:55:17:9e:46:3f:cf:ae:50:74:48:9d:fe:3c:
         55:dc:97:48:b3:57:b2:f9:67:1a:fe:a3:82:52:18:e5:fc:4f:
         e6:57:f8:22:65:cc:67:fc:9a:91:78:10:3c:44:aa:64:45:c1:
         dc:d8:7d:a3:4c:7b:16:c0:c3:f4:a4:71:49:56:72:f5:29:d5:
         8d:3f:a1:8f:86:21:56:db:e4:c7:ae:a7:0c:04:a9:09:93:36:
         15:ca:03:b8:91:ef:a9:3d:ae:fb:62:a3:94:7c:a4:b8:b7:01:
         70:b4:a3:ad:23:06:b5:d9:60:0b:af:98:cd:c7:e2:a3:e6:c9:
         b2:d0:cd:6c:c3:f3:11:44:9e:7e:ee:35:e9:f4:40:19:79:ea:
         94:ec:81:ae:6f:fd:ac:a5:41:d0:ab:ae:dd:84:f8:43:f8:d8:
         74:3e:3a:8e:57:e2:73:be:a0:1d:af:a7:b4:cd:3c:84:5c:26:
         11:40:7a:73:0c:ea:65:6a:e9:4c:46:cc:78:09:18:28:48:a4:
         87:45:bc:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7WOIKjOUluG8Q2po1898znMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwNjE3MTUzNDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTIxZDEwZTAwZGFmMjc0NDgzMmM5Yzg2ZTJmYmQ5N2YyMjgwZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjarTxLESeGhRAqN5SwiWKDqhpmTT
QTldgzWYlR+pKdis/mT7ZGluczdKJJiT0JQdpvdKWc3VJoth1YbGYhUQmkT1bUgE
BQrGj6W/vz5Ys0TzPRtElwoHyULAleySCZV9qQX0E/o1UY8T0SGH0vRUwXBQGBnG
XmfkIm2iZI1/UMec0pV+dk/XwoLm9mNklOf020BVHRc3P39YR6bGXxqoQ3fjWC3d
CeYDPdcsxU4IiWrUI+YnQSCWRPiEwEgp9i3c4w8vwkSJ6pa8oD1e1epXhaghsZOY
FIQbILRi+GKpx9y6il7dIqC275czp64n/jvY0Sqohh9wTHOoQU3yezEn7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOEh0Q4A2vJ0SDLJyG4vvZfyKA1uMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvNFNIUkRnRGE4blJJTXNuSWJpLTlsX0lvRFc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAzD57AwQA
2KIvMA0GCSqGSIb3DQEBCwUAA4IBAQAnMkRNLTfKXl/SK3fhKej8fCpU5Sq9wyO1
cslTylHp7MlHCd4qICoB8Pq0iRksEEAfiWuuC7DQ73XupVUXnkY/z65QdEid/jxV
3JdIs1ey+Wca/qOCUhjl/E/mV/giZcxn/JqReBA8RKpkRcHc2H2jTHsWwMP0pHFJ
VnL1KdWNP6GPhiFW2+THrqcMBKkJkzYVygO4ke+pPa77YqOUfKS4twFwtKOtIwa1
2WALr5jNx+Kj5smy0M1sw/MRRJ5+7jXp9EAZeeqU7IGub/2spUHQq67dhPhD+Nh0
PjqOV+JzvqAdr6e0zTyEXCYRQHpzDOplaulMRsx4CRgoSKSHRbwt
-----END CERTIFICATE-----