Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/A04NEEmR-b8Xoh0d4OKy5U0cXcw.roa
File:                     A04NEEmR-b8Xoh0d4OKy5U0cXcw.roa (raw, json)
Hash identifier:          tMLU1+o5/LddVWNgQ5lko/f9lGooQJP4uTiuXhUHRkg=
Subject key identifier:   03:4E:0D:10:49:91:F9:BF:17:A2:1D:1D:E0:E2:B2:E5:4D:1C:5D:CC
Certificate issuer:       /CN=9a5e76f929d21b586f42e30f7d9b00399b3dcbf0
Certificate serial:       019E6DA299C642B9ECCC5DA5D95231476700
Authority key identifier: 9A:5E:76:F9:29:D2:1B:58:6F:42:E3:0F:7D:9B:00:39:9B:3D:CB:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/A04NEEmR-b8Xoh0d4OKy5U0cXcw.roa
Signing time:             Thu 28 May 2026 08:10:33 +0000
ROA not before:           Thu 28 May 2026 08:10:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12989
IP address blocks:        194.54.180.0/24 maxlen: 24
                          194.54.181.0/24 maxlen: 24
                          194.54.182.0/24 maxlen: 24
                          194.54.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 31 May 2026 05:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6d:a2:99:c6:42:b9:ec:cc:5d:a5:d9:52:31:47:67:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a5e76f929d21b586f42e30f7d9b00399b3dcbf0
        Validity
            Not Before: May 28 08:10:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=034e0d104991f9bf17a21d1de0e2b2e54d1c5dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:dd:5f:f7:6a:df:d6:d1:b8:1c:92:02:ed:ed:
                    d7:02:33:66:99:10:84:4e:d3:56:d3:fc:ac:a7:e8:
                    59:57:9d:85:40:10:d1:e4:3f:ec:66:75:6c:16:53:
                    54:05:e2:9e:ef:88:59:e1:5a:42:7f:f1:55:d5:a6:
                    e3:13:08:44:d4:48:c4:3f:e6:2f:75:df:86:73:5c:
                    34:aa:fb:c1:48:c9:f0:ac:ab:be:ae:fb:75:98:81:
                    a0:46:b6:c7:ad:7d:9d:e0:f8:82:9e:1e:e3:4a:9b:
                    2d:bb:dc:8d:a5:39:82:83:8e:3d:90:5a:99:71:89:
                    85:df:fb:7a:30:0b:80:f9:f5:e4:c4:08:05:4a:85:
                    d5:56:e1:df:95:08:60:bd:60:ed:88:c9:19:23:36:
                    e4:08:92:46:78:fa:cc:3f:74:4b:32:4e:f1:21:2c:
                    c4:14:f6:3c:40:8e:3d:81:65:56:4d:47:77:db:1c:
                    03:5f:77:cb:42:0a:99:45:b0:e5:e1:f0:f1:12:3a:
                    1e:3f:7c:bf:bf:5b:fc:ee:03:cc:ca:21:84:f2:87:
                    62:d5:47:eb:07:c5:ff:5e:0d:1a:6f:f6:0a:6d:6d:
                    27:c3:d4:af:cc:29:aa:eb:25:94:a2:26:95:56:90:
                    ee:55:64:1a:8b:b2:a3:30:72:fb:ac:6f:37:22:53:
                    1e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4E:0D:10:49:91:F9:BF:17:A2:1D:1D:E0:E2:B2:E5:4D:1C:5D:CC
            X509v3 Authority Key Identifier:
                keyid:9A:5E:76:F9:29:D2:1B:58:6F:42:E3:0F:7D:9B:00:39:9B:3D:CB:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/A04NEEmR-b8Xoh0d4OKy5U0cXcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:f3:bf:d1:39:86:0c:b3:38:0a:f0:cf:ac:b0:5d:f7:5e:3d:
         8f:8f:e9:88:4c:01:d4:93:da:fa:2c:b7:ac:c9:69:eb:79:fd:
         5a:ba:36:10:67:d0:78:5a:e0:1f:5a:65:77:1c:27:6c:87:8e:
         3b:71:6c:93:97:cb:4d:c7:16:e1:92:9d:9b:f6:02:dc:df:51:
         d5:a2:dd:89:df:cf:50:38:d8:90:c0:4b:da:99:9b:08:71:f7:
         69:2b:0b:92:95:34:ae:48:82:ad:b8:7d:71:2c:ee:06:ab:e1:
         68:7f:e4:d2:db:44:e4:3d:60:e8:ae:8a:84:e9:af:38:1e:83:
         06:4a:cc:38:18:be:37:33:fc:80:87:45:6a:5a:cf:5e:9b:05:
         bc:07:3c:7f:f6:e4:5a:da:73:de:0b:05:a9:cb:d0:af:1d:ea:
         06:37:7f:3a:30:07:e8:20:62:43:10:65:e7:be:3f:67:41:81:
         e1:9b:78:c9:c6:a4:b1:c3:83:9c:4e:e8:7e:05:d2:44:a4:9e:
         ae:3a:bb:12:72:90:0d:40:2f:f7:d5:78:1e:ed:df:fa:db:ec:
         27:53:a3:dc:4f:46:11:e2:75:bd:9f:01:ba:a7:ae:4d:27:c2:
         5f:9b:c6:7a:31:08:80:3a:d5:44:d7:bc:7e:e5:57:ac:03:d8:
         75:d3:43:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5topnGQrnszF2l2VIxR2cAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNWU3NmY5MjlkMjFiNTg2ZjQyZTMwZjdkOWIwMDM5OWIz
ZGNiZjAwHhcNMjYwNTI4MDgxMDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzRlMGQxMDQ5OTFmOWJmMTdhMjFkMWRlMGUyYjJlNTRkMWM1ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN1f92rf1tG4HJIC7e3XAjNmmRCE
TtNW0/ysp+hZV52FQBDR5D/sZnVsFlNUBeKe74hZ4VpCf/FV1abjEwhE1EjEP+Yv
dd+Gc1w0qvvBSMnwrKu+rvt1mIGgRrbHrX2d4PiCnh7jSpstu9yNpTmCg449kFqZ
cYmF3/t6MAuA+fXkxAgFSoXVVuHflQhgvWDtiMkZIzbkCJJGePrMP3RLMk7xISzE
FPY8QI49gWVWTUd32xwDX3fLQgqZRbDl4fDxEjoeP3y/v1v87gPMyiGE8odi1Ufr
B8X/Xg0ab/YKbW0nw9SvzCmq6yWUoiaVVpDuVWQai7KjMHL7rG83IlMetQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANODRBJkfm/F6IdHeDisuVNHF3MMB8GA1UdIwQY
MBaAFJpedvkp0htYb0LjD32bADmbPcvwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWw1Mi1TblNHMWh2UXVNUGZac0FPWnM5eV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS83NjdkNmQtMzZjOC00MDNiLTgxYjAt
YjRhYWEyM2ZkYWE5LzEvQTA0TkVFbVItYjhYb2gwZDRPS3k1VTBjWGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS83NjdkNmQtMzZjOC00MDNiLTgxYjAtYjRhYWEyM2ZkYWE5
LzEvbWw1Mi1TblNHMWh2UXVNUGZac0FPWnM5eV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwja0MA0G
CSqGSIb3DQEBCwUAA4IBAQAm87/ROYYMszgK8M+ssF33Xj2Pj+mITAHUk9r6LLes
yWnref1aujYQZ9B4WuAfWmV3HCdsh447cWyTl8tNxxbhkp2b9gLc31HVot2J389Q
ONiQwEvamZsIcfdpKwuSlTSuSIKtuH1xLO4Gq+Fof+TS20TkPWDoroqE6a84HoMG
Ssw4GL43M/yAh0VqWs9emwW8Bzx/9uRa2nPeCwWpy9CvHeoGN386MAfoIGJDEGXn
vj9nQYHhm3jJxqSxw4OcTuh+BdJEpJ6uOrsScpANQC/31Xge7d/62+wnU6PcT0YR
4nW9nwG6p65NJ8Jfm8Z6MQiAOtVE17x+5VesA9h100PT
-----END CERTIFICATE-----