Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/4wEfVS4rTiSTwOslGWXOawbZpiQ.roa
File:                     4wEfVS4rTiSTwOslGWXOawbZpiQ.roa (raw, json)
Hash identifier:          hgrgw6EY9gOaJJyxu+zrlrM58qxQTukxe88BUnn2eX0=
Subject key identifier:   E3:01:1F:55:2E:2B:4E:24:93:C0:EB:25:19:65:CE:6B:06:D9:A6:24
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019E5E1E2F6EAEC4AD9C1B5A2FAE3FD6FEE0
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/4wEfVS4rTiSTwOslGWXOawbZpiQ.roa
Signing time:             Mon 25 May 2026 07:51:36 +0000
ROA not before:           Mon 25 May 2026 07:51:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56449
IP address blocks:        81.15.138.0/23 maxlen: 23
                          81.15.138.0/24 maxlen: 24
                          81.15.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:1e:2f:6e:ae:c4:ad:9c:1b:5a:2f:ae:3f:d6:fe:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: May 25 07:51:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3011f552e2b4e2493c0eb251965ce6b06d9a624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:6c:93:50:d3:94:19:56:22:a8:59:d6:a2:15:
                    e7:96:02:1d:eb:98:55:33:60:2a:f6:22:9f:f0:9c:
                    e9:08:af:44:6a:44:8b:fd:24:0d:15:30:d5:52:6f:
                    88:84:e6:b8:3a:13:65:3e:78:9f:10:77:36:2c:91:
                    55:c3:31:07:a2:65:41:01:ac:f4:bc:0b:09:03:5a:
                    04:d5:fe:59:90:7d:f1:10:95:cd:e6:6a:c8:66:c5:
                    31:c5:60:a8:01:1a:57:0e:cd:b2:8c:27:ad:5f:a3:
                    12:7f:d4:db:69:3d:fe:47:59:75:32:50:1c:d2:82:
                    d9:ff:82:88:bf:7a:4a:1a:bf:53:f1:7c:2c:ce:0c:
                    85:55:6e:34:64:b4:ef:fd:ed:73:46:f5:c8:17:52:
                    cf:c9:9a:2b:d7:fd:1e:02:32:38:6f:46:ac:a2:41:
                    6d:1e:4b:16:01:12:bb:c3:89:0f:38:dd:25:f5:c4:
                    00:1e:8c:41:db:b2:12:7a:b9:81:e9:cb:90:5d:ff:
                    1f:18:6f:8a:9c:d2:31:ee:eb:ba:39:70:97:d1:c6:
                    67:f3:51:a3:f2:32:fb:f5:10:e6:60:dd:35:c1:65:
                    f8:01:de:49:cd:e3:fa:9e:72:21:41:a7:2d:48:8e:
                    8c:08:00:66:8d:03:54:0a:d0:df:a1:1d:96:12:26:
                    b3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:01:1F:55:2E:2B:4E:24:93:C0:EB:25:19:65:CE:6B:06:D9:A6:24
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/4wEfVS4rTiSTwOslGWXOawbZpiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:23:e9:9b:8b:c0:7f:87:30:2f:b8:74:4e:a4:57:d6:4c:56:
         38:5a:62:98:96:a2:72:45:b3:d5:ea:e6:b0:d8:20:5c:a5:34:
         74:a4:77:3a:8d:e9:05:a4:5e:35:b3:9f:e6:fa:7f:8a:b6:fe:
         7c:67:d5:73:9b:44:bf:c7:e2:d5:a5:7e:1f:ef:e2:4a:f2:9d:
         87:4b:d5:29:be:94:ae:3c:f3:82:82:b1:e3:8b:2f:d1:8f:35:
         5d:29:ac:f9:64:80:09:d4:28:f2:d8:03:f4:cf:b9:7a:0b:19:
         1f:25:82:c7:12:e2:cc:f5:60:b9:db:9a:38:75:ce:92:51:47:
         63:ef:fa:c0:53:96:5d:47:8e:42:e4:b1:9f:73:c4:34:c2:6a:
         e9:43:0c:f4:9e:d0:e0:c1:3e:d6:d6:21:9d:cf:5c:ec:1d:2a:
         25:e1:55:b9:f6:bc:a5:53:14:0f:1f:1f:09:77:e5:7e:9c:ca:
         c2:26:df:f8:57:cc:58:d2:6a:1a:31:f4:31:ec:4b:05:72:aa:
         28:8b:a2:c9:5a:da:3e:ba:9b:a5:6e:95:d7:7d:98:fe:30:15:
         2f:85:8e:b9:ad:72:47:cf:9b:24:95:55:9d:f6:cd:07:03:8d:
         13:db:9f:9e:ef:22:16:cf:16:75:93:66:39:5d:95:91:d2:13:
         83:80:20:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5eHi9ursStnBtaL64/1v7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwNTI1MDc1MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzAxMWY1NTJlMmI0ZTI0OTNjMGViMjUxOTY1Y2U2YjA2ZDlhNjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4myTUNOUGVYiqFnWohXnlgId65hV
M2Aq9iKf8JzpCK9EakSL/SQNFTDVUm+IhOa4OhNlPnifEHc2LJFVwzEHomVBAaz0
vAsJA1oE1f5ZkH3xEJXN5mrIZsUxxWCoARpXDs2yjCetX6MSf9TbaT3+R1l1MlAc
0oLZ/4KIv3pKGr9T8XwszgyFVW40ZLTv/e1zRvXIF1LPyZor1/0eAjI4b0asokFt
HksWARK7w4kPON0l9cQAHoxB27ISermB6cuQXf8fGG+KnNIx7uu6OXCX0cZn81Gj
8jL79RDmYN01wWX4Ad5JzeP6nnIhQactSI6MCABmjQNUCtDfoR2WEiazMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMBH1UuK04kk8DrJRllzmsG2aYkMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvNHdFZlZTNHJUaVNUd09zbEdXWE9hd2JacGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUQ+KMA0G
CSqGSIb3DQEBCwUAA4IBAQCDI+mbi8B/hzAvuHROpFfWTFY4WmKYlqJyRbPV6uaw
2CBcpTR0pHc6jekFpF41s5/m+n+Ktv58Z9Vzm0S/x+LVpX4f7+JK8p2HS9UpvpSu
PPOCgrHjiy/RjzVdKaz5ZIAJ1Cjy2AP0z7l6CxkfJYLHEuLM9WC525o4dc6SUUdj
7/rAU5ZdR45C5LGfc8Q0wmrpQwz0ntDgwT7W1iGdz1zsHSol4VW59rylUxQPHx8J
d+V+nMrCJt/4V8xY0moaMfQx7EsFcqooi6LJWto+upulbpXXfZj+MBUvhY65rXJH
z5sklVWd9s0HA40T25+e7yIWzxZ1k2Y5XZWR0hODgCAo
-----END CERTIFICATE-----