Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/H-cWC9ou8amcyDtm_Er5Ir2CAaY.roa
File:                     H-cWC9ou8amcyDtm_Er5Ir2CAaY.roa (raw, json)
Hash identifier:          qbj77jSjmLfyPcN2gS2PMgfbDV/QJ5wjcIJib5rjtjs=
Subject key identifier:   1F:E7:16:0B:DA:2E:F1:A9:9C:C8:3B:66:FC:4A:F9:22:BD:82:01:A6
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019E20B77E02AC5043770DAF6F3949EADDB5
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/H-cWC9ou8amcyDtm_Er5Ir2CAaY.roa
Signing time:             Wed 13 May 2026 09:42:36 +0000
ROA not before:           Wed 13 May 2026 09:42:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197791
IP address blocks:        132.243.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:27:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:b7:7e:02:ac:50:43:77:0d:af:6f:39:49:ea:dd:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: May 13 09:42:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1fe7160bda2ef1a99cc83b66fc4af922bd8201a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:2c:cc:96:2f:61:56:11:cf:61:d2:00:2f:4b:
                    fb:d5:84:ec:48:f8:99:88:25:74:cf:c1:17:15:56:
                    63:7d:14:f0:bd:c2:17:46:5d:1d:a7:f5:34:b2:7a:
                    53:24:f3:d5:37:1b:8e:ea:3a:ac:b8:fc:9f:a3:fc:
                    b5:46:d3:e6:c6:59:91:f3:21:b9:25:5f:27:93:dc:
                    96:fa:b0:6f:ec:7c:a6:f9:32:9e:32:24:f4:66:08:
                    ae:fa:c7:f5:0d:8c:b5:67:ae:b3:87:ee:e5:a0:0d:
                    b6:20:a7:65:6b:cf:be:4c:59:77:91:93:23:c3:4f:
                    a8:a0:cc:4d:f3:e4:d6:79:ba:66:29:49:11:9a:c8:
                    ef:37:31:06:e2:c5:ae:eb:96:a1:9f:9d:fd:93:85:
                    00:a5:47:d4:f1:ec:04:56:d6:50:63:fc:e4:db:4d:
                    0a:d9:55:77:59:08:8c:b6:1b:ec:2d:63:b5:d5:f1:
                    25:cc:d8:8a:44:47:34:7d:fe:95:84:5f:f4:82:b1:
                    d4:c9:4e:67:78:8b:a1:2f:fc:2c:5c:cc:9a:26:f8:
                    ef:5d:33:74:29:95:15:4c:a1:ce:28:c2:d9:2f:99:
                    b5:e8:c1:46:5e:1c:09:68:12:74:ce:b2:ed:34:79:
                    16:c4:14:4e:e3:bb:01:41:6f:72:d8:26:27:fe:37:
                    24:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E7:16:0B:DA:2E:F1:A9:9C:C8:3B:66:FC:4A:F9:22:BD:82:01:A6
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/H-cWC9ou8amcyDtm_Er5Ir2CAaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a8:4d:37:42:c9:48:dd:5c:7e:10:b3:79:a5:19:28:cb:e8:
         d9:6b:ff:ef:0e:80:bb:d6:fd:2d:f2:e3:97:a1:c3:4e:39:04:
         b9:8a:66:24:7e:f7:aa:32:fd:bf:c4:5c:b9:6b:f1:e2:63:cd:
         f0:4d:a4:46:85:44:cf:8a:c6:fa:9d:ee:b6:3e:37:b2:3a:2b:
         a8:ba:e0:4f:6a:7b:60:42:4e:b5:bf:aa:6e:1a:b7:da:99:2f:
         d1:71:6f:f1:cc:93:42:84:6a:de:f9:e7:5e:ee:89:ea:fb:48:
         33:de:14:72:93:45:53:fe:7a:84:5f:af:ac:98:52:45:e5:cf:
         97:ae:f9:15:fe:7d:e8:91:45:d7:ef:02:39:36:d8:26:99:e0:
         0d:7f:b8:c9:9a:44:ee:f6:32:90:78:2c:4f:20:5b:28:a9:e1:
         7c:8f:db:d0:72:3c:7d:e9:0c:0d:59:5f:23:54:ad:39:a1:91:
         2c:d4:47:ba:9c:d0:91:25:4f:a9:7f:f3:e2:19:a6:d5:f2:ee:
         9c:23:f2:08:e6:37:14:fb:64:ce:98:6a:c2:55:56:b4:15:12:
         5f:70:6c:22:00:aa:e7:d1:a6:ef:81:68:ef:f3:49:87:ff:2d:
         1c:3b:46:fa:13:ad:21:70:51:8c:4a:07:5c:9e:ea:17:69:78:
         be:03:ad:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4gt34CrFBDdw2vbzlJ6t21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNTEzMDk0MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmU3MTYwYmRhMmVmMWE5OWNjODNiNjZmYzRhZjkyMmJkODIwMWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyzMli9hVhHPYdIAL0v71YTsSPiZ
iCV0z8EXFVZjfRTwvcIXRl0dp/U0snpTJPPVNxuO6jqsuPyfo/y1RtPmxlmR8yG5
JV8nk9yW+rBv7Hym+TKeMiT0Zgiu+sf1DYy1Z66zh+7loA22IKdla8++TFl3kZMj
w0+ooMxN8+TWebpmKUkRmsjvNzEG4sWu65ahn539k4UApUfU8ewEVtZQY/zk200K
2VV3WQiMthvsLWO11fElzNiKREc0ff6VhF/0grHUyU5neIuhL/wsXMyaJvjvXTN0
KZUVTKHOKMLZL5m16MFGXhwJaBJ0zrLtNHkWxBRO47sBQW9y2CYn/jcklwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/nFgvaLvGpnMg7ZvxK+SK9ggGmMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvSC1jV0M5b3U4YW1jeUR0bV9FcjVJcjJDQWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhPPIMA0G
CSqGSIb3DQEBCwUAA4IBAQADqE03QslI3Vx+ELN5pRkoy+jZa//vDoC71v0t8uOX
ocNOOQS5imYkfveqMv2/xFy5a/HiY83wTaRGhUTPisb6ne62PjeyOiuouuBPantg
Qk61v6puGrfamS/RcW/xzJNChGre+ede7onq+0gz3hRyk0VT/nqEX6+smFJF5c+X
rvkV/n3okUXX7wI5NtgmmeANf7jJmkTu9jKQeCxPIFsoqeF8j9vQcjx96QwNWV8j
VK05oZEs1Ee6nNCRJU+pf/PiGabV8u6cI/II5jcU+2TOmGrCVVa0FRJfcGwiAKrn
0abvgWjv80mH/y0cO0b6E60hcFGMSgdcnuoXaXi+A62j
-----END CERTIFICATE-----