Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/4nBKrQ7FuSHt16g-Jhb0HZHrVuA.roa
File:                     4nBKrQ7FuSHt16g-Jhb0HZHrVuA.roa (raw, json)
Hash identifier:          aYoLlFVD8YAsL0de7AE9DSkfD8QMKerYqlj+yg5iM34=
Subject key identifier:   E2:70:4A:AD:0E:C5:B9:21:ED:D7:A8:3E:26:16:F4:1D:91:EB:56:E0
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019CC740518C7FF4C74CA3C93F77B7B7EE5D
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/4nBKrQ7FuSHt16g-Jhb0HZHrVuA.roa
Signing time:             Sat 07 Mar 2026 07:43:26 +0000
ROA not before:           Sat 07 Mar 2026 07:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c7:40:51:8c:7f:f4:c7:4c:a3:c9:3f:77:b7:b7:ee:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Mar  7 07:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2704aad0ec5b921edd7a83e2616f41d91eb56e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:67:d3:26:f7:ff:c2:3f:59:f4:41:69:c5:34:
                    e8:29:4f:bb:38:6c:2e:2e:54:dd:49:9f:87:ea:a5:
                    66:66:61:59:cc:e8:b5:66:0d:54:66:6e:85:85:38:
                    2f:64:b2:41:ea:f7:bd:cb:ec:2a:f2:e1:20:8a:cc:
                    af:0b:15:b4:5e:8f:11:d3:17:73:f0:3d:ba:f9:36:
                    8b:23:2d:0c:c9:75:31:93:ff:72:3d:3f:cf:84:0f:
                    5b:44:8c:96:13:d5:b4:84:1e:8f:e5:2a:0a:f9:7c:
                    04:58:14:c3:70:eb:bb:2d:46:6e:b2:85:67:18:34:
                    05:05:fd:c5:6a:c2:64:20:bc:71:86:b4:64:3b:53:
                    28:e8:48:72:9a:57:24:3e:2b:df:17:ad:f3:8b:4e:
                    21:24:1c:0a:2e:84:58:e1:2a:c6:2c:61:66:83:f9:
                    04:e6:25:f9:69:3c:61:d3:aa:a4:22:f3:65:38:a2:
                    4a:4e:d0:37:09:99:d4:e8:c5:da:80:ba:ad:a5:b7:
                    34:a3:b7:3a:e8:6b:5b:b2:5c:47:ae:9d:17:37:a8:
                    b6:21:58:dc:e9:c6:bb:c8:8a:7e:bd:a1:f8:7b:b3:
                    5f:01:bc:83:e3:e2:6f:72:37:af:90:ce:f9:8f:10:
                    0f:3f:5e:55:2a:fc:38:f0:1c:d3:1d:53:52:36:bd:
                    20:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:70:4A:AD:0E:C5:B9:21:ED:D7:A8:3E:26:16:F4:1D:91:EB:56:E0
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/4nBKrQ7FuSHt16g-Jhb0HZHrVuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:6a:63:6f:d1:2f:19:61:8a:fd:40:26:f4:01:3a:ce:ac:cc:
         a0:a4:46:44:39:a7:b6:cd:b4:ff:8d:bf:6b:e0:c8:ba:ad:89:
         7f:e4:a0:70:87:4f:35:a1:7e:ca:86:b8:f9:e9:c7:5c:c2:94:
         9e:e4:a5:18:1e:f6:b0:d4:75:bc:f3:86:49:d5:73:1f:81:6a:
         9a:29:22:0d:61:bb:24:41:65:3e:25:db:53:6b:20:b0:d4:c7:
         60:c4:29:41:c9:98:b3:e8:58:c3:f5:f4:da:fd:f7:85:a1:6d:
         88:a8:91:e7:ce:8f:ce:fa:27:63:1a:fd:ea:9c:50:15:86:ad:
         cb:9e:c8:64:cf:b3:af:0b:6c:dd:df:dc:13:ab:de:b8:bb:70:
         cf:62:29:d0:2d:a5:a8:0d:b7:51:24:30:7b:23:93:83:d8:67:
         85:8b:7b:f8:1b:f5:42:f5:16:60:01:98:f9:40:ee:c2:33:c9:
         40:c8:52:e2:1f:00:da:a9:d6:4f:96:9e:97:36:12:86:b9:6a:
         43:ed:28:cd:79:7d:5b:32:51:17:38:36:6f:68:4b:38:5c:6f:
         94:eb:89:cd:c0:d1:64:7d:72:03:6a:8b:c0:68:26:25:61:9e:
         ae:17:dc:58:0d:8c:1d:1a:e3:88:92:d6:0c:3f:0f:a4:b4:76:
         0c:7a:ae:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzHQFGMf/THTKPJP3e3t+5dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwMzA3MDc0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjcwNGFhZDBlYzViOTIxZWRkN2E4M2UyNjE2ZjQxZDkxZWI1NmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mfTJvf/wj9Z9EFpxTToKU+7OGwu
LlTdSZ+H6qVmZmFZzOi1Zg1UZm6FhTgvZLJB6ve9y+wq8uEgisyvCxW0Xo8R0xdz
8D26+TaLIy0MyXUxk/9yPT/PhA9bRIyWE9W0hB6P5SoK+XwEWBTDcOu7LUZusoVn
GDQFBf3FasJkILxxhrRkO1Mo6EhymlckPivfF63zi04hJBwKLoRY4SrGLGFmg/kE
5iX5aTxh06qkIvNlOKJKTtA3CZnU6MXagLqtpbc0o7c66GtbslxHrp0XN6i2IVjc
6ca7yIp+vaH4e7NfAbyD4+JvcjevkM75jxAPP15VKvw48BzTHVNSNr0gXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJwSq0Oxbkh7deoPiYW9B2R61bgMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvNG5CS3JRN0Z1U0h0MTZnLUpoYjBIWkhyVnVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo6MA0G
CSqGSIb3DQEBCwUAA4IBAQC8amNv0S8ZYYr9QCb0ATrOrMygpEZEOae2zbT/jb9r
4Mi6rYl/5KBwh081oX7Khrj56cdcwpSe5KUYHvaw1HW884ZJ1XMfgWqaKSINYbsk
QWU+JdtTayCw1MdgxClByZiz6FjD9fTa/feFoW2IqJHnzo/O+idjGv3qnFAVhq3L
nshkz7OvC2zd39wTq964u3DPYinQLaWoDbdRJDB7I5OD2GeFi3v4G/VC9RZgAZj5
QO7CM8lAyFLiHwDaqdZPlp6XNhKGuWpD7SjNeX1bMlEXODZvaEs4XG+U64nNwNFk
fXIDaovAaCYlYZ6uF9xYDYwdGuOIktYMPw+ktHYMeq5Z
-----END CERTIFICATE-----