Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/TRU3oQqpkjr58ESxJZ6f3EHSX4Y.roa
File:                     TRU3oQqpkjr58ESxJZ6f3EHSX4Y.roa (raw, json)
Hash identifier:          JvYp5n0uta0ISmYEZ3kJV/1bGb6OC7ChxoATcmbzaLk=
Subject key identifier:   4D:15:37:A1:0A:A9:92:3A:F9:F0:44:B1:25:9E:9F:DC:41:D2:5F:86
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019DB45D9B20691E13AA79702CFCF6F1EA98
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/TRU3oQqpkjr58ESxJZ6f3EHSX4Y.roa
Signing time:             Wed 22 Apr 2026 08:45:26 +0000
ROA not before:           Wed 22 Apr 2026 08:45:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        132.243.232.0/24 maxlen: 24
                          132.243.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 04:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:5d:9b:20:69:1e:13:aa:79:70:2c:fc:f6:f1:ea:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Apr 22 08:45:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d1537a10aa9923af9f044b1259e9fdc41d25f86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d6:96:67:68:36:2d:bc:4b:a8:99:50:92:3c:
                    21:0d:f4:6d:82:80:dd:60:70:ef:c0:47:cf:f9:83:
                    b7:93:7b:18:a2:ea:68:db:2b:b6:da:59:9d:b1:b0:
                    1e:7c:97:72:e1:dd:bb:e0:34:fb:6a:35:a4:53:4c:
                    21:e2:26:cf:89:d4:fc:96:f7:e6:99:9d:a5:bf:fa:
                    5a:3c:37:ec:47:da:6d:98:48:88:20:18:c4:76:4e:
                    93:b1:98:48:4a:3d:69:96:88:27:b3:ed:41:75:0a:
                    cb:85:78:bb:41:fb:6c:82:64:72:4f:0f:92:68:ca:
                    1e:20:fe:f8:d6:c4:00:12:38:e2:9b:59:ea:33:93:
                    b7:56:79:d1:e2:6a:8e:b8:b3:f5:0a:eb:a6:c3:c4:
                    4e:65:80:6f:43:a8:fb:9c:55:f0:60:18:72:69:af:
                    1b:4d:05:e6:fa:d4:8a:af:71:af:e3:1b:82:34:4a:
                    58:16:2a:b9:6e:97:ca:ab:de:f3:3f:ce:75:60:47:
                    ce:88:5a:64:49:fe:92:fa:ee:57:f7:01:a8:0d:e1:
                    9f:e5:77:d8:e6:09:fc:cd:14:04:2d:a0:b7:2f:a1:
                    a4:08:5c:2b:c7:e8:f6:94:17:15:b8:93:fa:25:4c:
                    a3:a9:36:d7:9d:39:08:17:4b:ec:f4:86:ab:c5:97:
                    9a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:15:37:A1:0A:A9:92:3A:F9:F0:44:B1:25:9E:9F:DC:41:D2:5F:86
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/TRU3oQqpkjr58ESxJZ6f3EHSX4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:65:4b:3c:10:fa:c3:1b:33:2d:fd:ce:2e:15:03:f8:77:19:
         14:cf:3a:68:1f:91:d7:85:a0:0e:a1:d6:0c:78:42:45:24:37:
         8f:9d:9d:ce:bc:4b:fc:89:04:34:7f:d2:f5:d5:25:1c:2d:12:
         55:53:95:f8:1d:a6:72:58:80:91:28:05:ef:35:54:b7:b7:ec:
         a8:9a:70:a0:63:f4:21:a0:34:d1:18:d6:e8:f8:49:fd:34:81:
         ce:e3:4f:d5:09:64:09:dd:be:66:48:c7:4b:ba:3c:fc:96:84:
         e0:76:9c:8c:55:96:fc:ca:fd:77:33:37:30:74:f8:1f:39:a7:
         8e:fd:d4:0b:ab:93:88:df:8d:b1:7e:83:8e:47:a4:7e:2b:ac:
         da:d7:5a:54:73:f8:13:29:90:97:f5:33:d0:ef:0f:18:e3:a1:
         4b:b1:0e:d5:2a:85:4f:52:01:89:58:84:20:e9:34:91:84:18:
         54:a0:1d:0f:f0:ae:3c:a1:44:37:c0:4e:f4:6e:ec:40:46:0e:
         33:63:99:14:dd:80:fa:1a:61:87:7c:fb:93:c9:be:d2:45:39:
         67:fe:6e:3b:ac:68:0b:f8:60:25:14:9d:0d:7f:04:81:4e:3d:
         0c:a0:de:9a:1b:fb:31:3a:74:be:01:bd:ab:3d:ef:8f:f9:dc:
         c2:3b:dc:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20XZsgaR4TqnlwLPz28eqYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNDIyMDg0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDE1MzdhMTBhYTk5MjNhZjlmMDQ0YjEyNTllOWZkYzQxZDI1Zjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9aWZ2g2LbxLqJlQkjwhDfRtgoDd
YHDvwEfP+YO3k3sYoupo2yu22lmdsbAefJdy4d274DT7ajWkU0wh4ibPidT8lvfm
mZ2lv/paPDfsR9ptmEiIIBjEdk6TsZhISj1plogns+1BdQrLhXi7QftsgmRyTw+S
aMoeIP741sQAEjjim1nqM5O3VnnR4mqOuLP1Cuumw8ROZYBvQ6j7nFXwYBhyaa8b
TQXm+tSKr3Gv4xuCNEpYFiq5bpfKq97zP851YEfOiFpkSf6S+u5X9wGoDeGf5XfY
5gn8zRQELaC3L6GkCFwrx+j2lBcVuJP6JUyjqTbXnTkIF0vs9IarxZeaAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0VN6EKqZI6+fBEsSWen9xB0l+GMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvVFJVM29RcXBranI1OEVTeEpaNmYzRUhTWDRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBhPPoMA0G
CSqGSIb3DQEBCwUAA4IBAQBhZUs8EPrDGzMt/c4uFQP4dxkUzzpoH5HXhaAOodYM
eEJFJDePnZ3OvEv8iQQ0f9L11SUcLRJVU5X4HaZyWICRKAXvNVS3t+yomnCgY/Qh
oDTRGNbo+En9NIHO40/VCWQJ3b5mSMdLujz8loTgdpyMVZb8yv13MzcwdPgfOaeO
/dQLq5OI342xfoOOR6R+K6za11pUc/gTKZCX9TPQ7w8Y46FLsQ7VKoVPUgGJWIQg
6TSRhBhUoB0P8K48oUQ3wE70buxARg4zY5kU3YD6GmGHfPuTyb7SRTln/m47rGgL
+GAlFJ0NfwSBTj0MoN6aG/sxOnS+Ab2rPe+P+dzCO9wk
-----END CERTIFICATE-----