Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/oa1g3ktNX4K7mp_Br7eoXIxGsbA.roa
File:                     oa1g3ktNX4K7mp_Br7eoXIxGsbA.roa (raw, json)
Hash identifier:          vcXUPTsZXYoXJi0CFAVUhhZah02o7Zn+vOkwA8OCtpM=
Subject key identifier:   A1:AD:60:DE:4B:4D:5F:82:BB:9A:9F:C1:AF:B7:A8:5C:8C:46:B1:B0
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019E835996AE3D603814BD13C674CCA76F72
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/oa1g3ktNX4K7mp_Br7eoXIxGsbA.roa
Signing time:             Mon 01 Jun 2026 13:22:27 +0000
ROA not before:           Mon 01 Jun 2026 13:22:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198178
IP address blocks:        132.243.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:27:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:59:96:ae:3d:60:38:14:bd:13:c6:74:cc:a7:6f:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jun  1 13:22:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1ad60de4b4d5f82bb9a9fc1afb7a85c8c46b1b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:23:bb:08:e5:df:0a:ad:92:05:20:56:49:23:
                    05:7e:42:42:cc:57:91:a5:de:d6:ee:98:08:81:13:
                    3e:6f:96:f6:8f:f1:1c:f1:35:1e:1a:14:c7:78:e2:
                    a7:d0:1b:f6:42:bc:fa:6b:96:3c:1c:9c:fe:f7:22:
                    c4:e9:2e:a9:73:50:b3:5a:a5:3a:8e:44:3b:68:53:
                    04:87:6a:26:de:b1:a4:4a:0e:ac:18:f6:f6:7d:36:
                    89:5c:66:3b:55:e7:ed:6b:a0:31:35:96:88:be:1f:
                    8a:9f:92:84:1b:89:45:09:ef:b7:f7:23:02:74:21:
                    2e:8d:ba:ce:b6:24:b2:64:55:f2:3f:00:0c:c3:45:
                    ee:cf:98:d1:21:8f:f0:a2:63:a9:07:32:49:ea:72:
                    7c:17:5c:b9:52:4b:db:f8:74:ed:78:c7:90:ed:f3:
                    1e:40:31:84:bf:8a:b0:cd:1c:3c:0c:d9:3f:e8:93:
                    d6:ed:f1:f2:4a:3f:6b:d9:62:fb:90:4e:dd:0b:bf:
                    82:fb:76:c7:db:f1:7d:6b:0b:33:7b:45:85:43:7e:
                    1c:9f:43:0e:d7:46:83:93:27:12:52:b8:25:17:7b:
                    cc:89:70:a5:64:d1:12:5c:f2:af:9c:65:20:6a:64:
                    75:74:2e:05:03:f0:8f:53:d9:1a:4b:46:b6:2a:b3:
                    ed:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:AD:60:DE:4B:4D:5F:82:BB:9A:9F:C1:AF:B7:A8:5C:8C:46:B1:B0
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/oa1g3ktNX4K7mp_Br7eoXIxGsbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:30:13:51:3d:e8:d4:ca:9a:4c:04:1b:6a:e2:bf:7b:ab:48:
         4d:0c:61:71:66:8f:93:ec:6e:f5:4b:a7:f1:89:d4:ab:a4:52:
         41:80:4e:c3:4f:f8:34:47:2b:9c:0f:66:a6:c8:1b:4c:56:94:
         21:a5:b0:31:4f:0e:83:ef:4f:22:10:0a:7c:37:b2:b3:e7:ae:
         9f:7e:e6:3d:eb:d0:bb:7d:ba:32:c8:d9:43:e8:3b:a1:12:04:
         af:e1:5a:43:80:9d:b3:fb:e7:6a:51:9f:a2:b7:fb:80:84:c9:
         a2:bb:d1:5f:9c:2f:ed:d6:f1:22:fc:48:a0:7b:96:18:b9:24:
         3c:de:a7:f7:d4:c5:b4:05:82:1a:a4:86:6f:7b:fa:1d:93:96:
         a3:9a:95:4e:fe:49:87:96:5b:65:6c:15:35:6c:a9:cf:23:e4:
         53:26:48:12:b5:4d:e1:97:0d:01:23:fe:52:c0:ed:be:cf:0b:
         90:21:b1:a7:9e:2b:c2:14:8a:96:8d:56:ad:1a:82:cd:e5:cc:
         58:c4:bf:5c:a8:2d:ec:39:d9:e1:40:cd:44:28:0a:f3:74:98:
         f3:7c:13:38:de:0c:98:38:f4:35:d4:93:5c:e5:37:54:be:93:
         14:49:a1:a8:8a:78:2f:b2:b5:12:45:bb:98:ae:69:42:5b:eb:
         b3:b1:86:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DWZauPWA4FL0TxnTMp29yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNjAxMTMyMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWFkNjBkZTRiNGQ1ZjgyYmI5YTlmYzFhZmI3YTg1YzhjNDZiMWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCO7COXfCq2SBSBWSSMFfkJCzFeR
pd7W7pgIgRM+b5b2j/Ec8TUeGhTHeOKn0Bv2Qrz6a5Y8HJz+9yLE6S6pc1CzWqU6
jkQ7aFMEh2om3rGkSg6sGPb2fTaJXGY7Vefta6AxNZaIvh+Kn5KEG4lFCe+39yMC
dCEujbrOtiSyZFXyPwAMw0Xuz5jRIY/womOpBzJJ6nJ8F1y5Ukvb+HTteMeQ7fMe
QDGEv4qwzRw8DNk/6JPW7fHySj9r2WL7kE7dC7+C+3bH2/F9awsze0WFQ34cn0MO
10aDkycSUrglF3vMiXClZNESXPKvnGUgamR1dC4FA/CPU9kaS0a2KrPtoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGtYN5LTV+Cu5qfwa+3qFyMRrGwMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvb2ExZzNrdE5YNEs3bXBfQnI3ZW9YSXhHc2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhPPMMA0G
CSqGSIb3DQEBCwUAA4IBAQDFMBNRPejUyppMBBtq4r97q0hNDGFxZo+T7G71S6fx
idSrpFJBgE7DT/g0RyucD2amyBtMVpQhpbAxTw6D708iEAp8N7Kz566ffuY969C7
fboyyNlD6DuhEgSv4VpDgJ2z++dqUZ+it/uAhMmiu9FfnC/t1vEi/Eige5YYuSQ8
3qf31MW0BYIapIZve/odk5ajmpVO/kmHlltlbBU1bKnPI+RTJkgStU3hlw0BI/5S
wO2+zwuQIbGnnivCFIqWjVatGoLN5cxYxL9cqC3sOdnhQM1EKArzdJjzfBM43gyY
OPQ11JNc5TdUvpMUSaGoingvsrUSRbuYrmlCW+uzsYa8
-----END CERTIFICATE-----