Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/1d0c39-2555-468f-be66-ff9bab90af18/1/4rBeJt2gTE44sAknjaU9icbf798.roa
File:                     4rBeJt2gTE44sAknjaU9icbf798.roa (raw, json)
Hash identifier:          ZYDnszD6TdxQH5b/70FLacYtJ5dXx4AM/j4gatDDLJQ=
Subject key identifier:   E2:B0:5E:26:DD:A0:4C:4E:38:B0:09:27:8D:A5:3D:89:C6:DF:EF:DF
Certificate issuer:       /CN=b66c4985cd60643220e064a2e114d78f5b039c2b
Certificate serial:       019E47B1D2EB783FB8789FADF368885E56F7
Authority key identifier: B6:6C:49:85:CD:60:64:32:20:E0:64:A2:E1:14:D7:8F:5B:03:9C:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tmxJhc1gZDIg4GSi4RTXj1sDnCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/1d0c39-2555-468f-be66-ff9bab90af18/1/4rBeJt2gTE44sAknjaU9icbf798.roa
Signing time:             Wed 20 May 2026 23:21:36 +0000
ROA not before:           Wed 20 May 2026 23:21:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        91.220.158.0/24 maxlen: 24
                          193.8.216.0/22 maxlen: 22
                          193.8.218.0/24 maxlen: 24
                          193.8.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/1d0c39-2555-468f-be66-ff9bab90af18/1/tmxJhc1gZDIg4GSi4RTXj1sDnCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/1d0c39-2555-468f-be66-ff9bab90af18/1/tmxJhc1gZDIg4GSi4RTXj1sDnCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tmxJhc1gZDIg4GSi4RTXj1sDnCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:47:b1:d2:eb:78:3f:b8:78:9f:ad:f3:68:88:5e:56:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b66c4985cd60643220e064a2e114d78f5b039c2b
        Validity
            Not Before: May 20 23:21:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2b05e26dda04c4e38b009278da53d89c6dfefdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:81:73:e8:76:f5:38:d0:ff:bd:0e:65:d3:cd:
                    7f:8d:4a:c4:8e:08:bb:c5:be:71:be:2e:27:50:4e:
                    d6:c3:60:b2:aa:85:2b:4f:54:72:4e:09:dd:00:78:
                    ae:9d:17:95:b1:f0:7d:e5:fb:e3:2d:e3:ef:7a:b6:
                    e3:c3:34:24:97:88:61:96:40:ad:dc:db:c6:83:8f:
                    35:0e:fb:e6:be:2e:49:09:25:ef:13:f5:7c:48:8b:
                    b3:72:14:7f:2c:6c:dc:52:de:f5:90:9e:5e:0c:fb:
                    72:43:b2:e7:6a:13:da:81:f8:f3:f0:f4:be:5c:e4:
                    ad:83:3c:3e:21:ed:60:0c:2f:e6:d8:80:7d:b7:11:
                    b8:b8:f7:88:e5:ad:12:1e:d4:00:23:21:88:11:fb:
                    89:ee:61:29:43:51:dc:bb:1d:e6:b1:63:82:88:84:
                    89:5f:55:c9:82:33:bc:8c:95:23:04:50:7e:6a:f5:
                    1f:10:66:a5:6f:6d:fc:13:f0:2e:82:21:ef:6e:cd:
                    91:8f:94:6b:66:5b:79:25:ac:73:dc:d1:5c:15:b8:
                    2d:1d:91:b1:0c:90:1d:ac:c1:c3:5e:68:d6:6a:56:
                    48:e7:54:3c:64:58:2d:f0:01:d7:43:85:31:48:21:
                    da:52:46:d1:9f:23:7c:12:0f:79:b7:8b:54:13:32:
                    4b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:B0:5E:26:DD:A0:4C:4E:38:B0:09:27:8D:A5:3D:89:C6:DF:EF:DF
            X509v3 Authority Key Identifier:
                keyid:B6:6C:49:85:CD:60:64:32:20:E0:64:A2:E1:14:D7:8F:5B:03:9C:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tmxJhc1gZDIg4GSi4RTXj1sDnCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1d0c39-2555-468f-be66-ff9bab90af18/1/4rBeJt2gTE44sAknjaU9icbf798.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1d0c39-2555-468f-be66-ff9bab90af18/1/tmxJhc1gZDIg4GSi4RTXj1sDnCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.158.0/24
                  193.8.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:fe:79:44:3f:e2:ed:e2:03:60:e8:9d:3c:eb:0b:0d:5f:4b:
         fd:bc:a8:4e:63:03:dc:28:ba:24:a2:f6:58:5b:77:9b:88:47:
         c3:51:13:58:2b:fa:9e:e1:b4:6b:d0:c5:9f:17:f8:1c:d8:cb:
         e4:eb:0b:b7:63:eb:0e:18:ea:cc:40:fb:45:1d:46:24:ca:d5:
         c3:b8:18:34:57:dc:ad:cd:23:5d:a4:bf:55:13:8e:a6:9c:ce:
         9e:b0:b8:08:c9:7b:02:76:54:a0:f7:ae:c7:97:26:48:4f:bc:
         dc:74:1d:b6:88:3e:7c:93:c1:da:59:52:cb:0b:70:78:3b:dc:
         16:e2:8a:1e:a6:3e:94:fa:94:3e:aa:84:c4:fe:b9:55:d5:be:
         b1:7b:1c:d5:3d:1f:f9:1e:5a:ff:2b:c9:9b:85:a0:d5:82:f7:
         78:52:74:b3:43:bc:fe:33:7f:b9:02:29:8a:6b:d7:32:cf:1f:
         ab:69:2f:85:de:02:73:f8:43:dd:1f:72:12:cc:47:4f:c8:f2:
         fa:61:d8:e5:43:e1:51:18:51:30:5e:ad:a8:27:09:f8:04:a1:
         ab:42:01:b4:7d:16:b3:f4:e3:17:6b:d0:0a:39:20:27:1f:27:
         b8:8a:76:af:cd:22:34:5f:9f:5b:eb:2d:07:f8:7e:83:f7:9e:
         cf:39:84:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5HsdLreD+4eJ+t82iIXlb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2NmM0OTg1Y2Q2MDY0MzIyMGUwNjRhMmUxMTRkNzhmNWIw
MzljMmIwHhcNMjYwNTIwMjMyMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmIwNWUyNmRkYTA0YzRlMzhiMDA5Mjc4ZGE1M2Q4OWM2ZGZlZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIFz6Hb1OND/vQ5l081/jUrEjgi7
xb5xvi4nUE7Ww2CyqoUrT1RyTgndAHiunReVsfB95fvjLePverbjwzQkl4hhlkCt
3NvGg481Dvvmvi5JCSXvE/V8SIuzchR/LGzcUt71kJ5eDPtyQ7LnahPagfjz8PS+
XOStgzw+Ie1gDC/m2IB9txG4uPeI5a0SHtQAIyGIEfuJ7mEpQ1Hcux3msWOCiISJ
X1XJgjO8jJUjBFB+avUfEGalb238E/AugiHvbs2Rj5RrZlt5Jaxz3NFcFbgtHZGx
DJAdrMHDXmjWalZI51Q8ZFgt8AHXQ4UxSCHaUkbRnyN8Eg95t4tUEzJLQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOKwXibdoExOOLAJJ42lPYnG3+/fMB8GA1UdIwQY
MBaAFLZsSYXNYGQyIOBkouEU149bA5wrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG14SmhjMWdaRElnNEdTaTRSVFhqMXNEbkNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8xZDBjMzktMjU1NS00NjhmLWJlNjYt
ZmY5YmFiOTBhZjE4LzEvNHJCZUp0MmdURTQ0c0FrbmphVTlpY2JmNzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8xZDBjMzktMjU1NS00NjhmLWJlNjYtZmY5YmFiOTBhZjE4
LzEvdG14SmhjMWdaRElnNEdTaTRSVFhqMXNEbkNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9yeAwQC
wQjYMA0GCSqGSIb3DQEBCwUAA4IBAQCY/nlEP+Lt4gNg6J086wsNX0v9vKhOYwPc
KLokovZYW3ebiEfDURNYK/qe4bRr0MWfF/gc2Mvk6wu3Y+sOGOrMQPtFHUYkytXD
uBg0V9ytzSNdpL9VE46mnM6esLgIyXsCdlSg967HlyZIT7zcdB22iD58k8HaWVLL
C3B4O9wW4ooepj6U+pQ+qoTE/rlV1b6xexzVPR/5Hlr/K8mbhaDVgvd4UnSzQ7z+
M3+5AimKa9cyzx+raS+F3gJz+EPdH3ISzEdPyPL6YdjlQ+FRGFEwXq2oJwn4BKGr
QgG0fRaz9OMXa9AKOSAnHye4inavzSI0X59b6y0H+H6D957POYQm
-----END CERTIFICATE-----