Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/4vO5G-wfZdVxm3yeJ3emVayU0WY.roa
File:                     4vO5G-wfZdVxm3yeJ3emVayU0WY.roa (raw, json)
Hash identifier:          VRz5kXiX9FtIqi13SIfCiqxoJtkx/09urxUblvekxP0=
Subject key identifier:   E2:F3:B9:1B:EC:1F:65:D5:71:9B:7C:9E:27:77:A6:55:AC:94:D1:66
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019E5540977B5F104B97BAC5B3B776D2137E
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/4vO5G-wfZdVxm3yeJ3emVayU0WY.roa
Signing time:             Sat 23 May 2026 14:32:36 +0000
ROA not before:           Sat 23 May 2026 14:32:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215496
IP address blocks:        85.133.206.0/24 maxlen: 24
                          85.133.227.0/24 maxlen: 24
                          85.133.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:55:40:97:7b:5f:10:4b:97:ba:c5:b3:b7:76:d2:13:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: May 23 14:32:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2f3b91bec1f65d5719b7c9e2777a655ac94d166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6c:56:55:16:36:85:2f:d6:4c:31:a2:7b:b0:
                    11:a7:0a:1e:e5:c1:ab:86:45:0b:e6:75:6b:88:42:
                    d9:08:89:44:3d:49:40:69:bd:e1:63:a1:cf:3c:82:
                    92:da:73:d0:5a:0b:60:e3:0e:9b:ea:e0:92:4a:56:
                    08:a6:d9:41:b1:91:da:df:9c:de:5b:9a:ad:88:4c:
                    f6:af:53:1e:2d:bf:eb:a6:84:db:d9:00:7f:3d:68:
                    47:60:14:e6:f0:66:09:ae:e5:10:dd:4b:2d:ea:d6:
                    a5:b1:0c:d6:de:4f:d4:ac:44:25:3b:67:7d:91:aa:
                    02:ad:f2:5d:94:98:45:40:d6:ad:28:4a:bd:dc:22:
                    fa:1c:2d:ac:03:07:fd:1b:84:66:8c:7a:d9:23:4b:
                    42:a6:93:90:45:ab:4c:a0:be:a3:6d:95:4a:91:33:
                    c9:62:07:24:d2:ee:ed:af:30:7f:87:67:3d:fa:56:
                    25:f5:81:98:6b:fa:08:9c:47:5c:1d:20:98:b3:4f:
                    d9:af:09:70:b8:a5:52:10:72:4b:90:3f:b0:5c:3c:
                    fa:56:c1:e4:12:8b:6f:ae:b5:b7:86:41:10:48:db:
                    1b:f6:96:63:84:3b:6a:f8:20:3a:67:8e:a0:00:f4:
                    57:fd:2d:46:4b:24:1f:9c:59:2b:de:03:ce:e4:94:
                    99:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:F3:B9:1B:EC:1F:65:D5:71:9B:7C:9E:27:77:A6:55:AC:94:D1:66
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/4vO5G-wfZdVxm3yeJ3emVayU0WY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.206.0/24
                  85.133.227.0/24
                  85.133.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:eb:f4:c0:1d:2e:7f:65:82:8d:68:4a:2e:07:d6:9e:bf:94:
         c2:6f:69:7f:1e:96:06:8b:64:4b:1c:19:8b:c6:1e:e4:5f:8d:
         56:a8:11:1f:fb:7f:6a:94:9e:67:80:23:48:2b:c0:6b:fc:bf:
         04:34:91:a1:f6:ec:11:c6:70:78:df:1d:0b:4b:6a:c5:84:09:
         94:58:ba:33:78:11:78:94:40:4d:11:eb:25:76:69:0d:1b:62:
         f5:34:43:94:b7:4e:58:c2:6f:23:f3:76:be:60:15:d0:c3:70:
         ca:91:87:58:f3:a5:0d:cd:b1:15:07:14:e6:e6:38:88:bc:30:
         17:56:21:86:25:19:1e:ea:de:79:ae:a8:b9:43:43:e8:33:2b:
         00:8d:4f:e3:fe:90:81:82:d0:b9:3a:ba:c6:13:da:58:78:7e:
         0b:c4:0e:72:18:ef:ef:83:c2:26:04:7f:42:48:f5:bb:83:5e:
         a3:24:14:28:50:22:54:8d:52:00:a8:a2:00:69:31:cb:c9:68:
         6a:47:2a:1e:d1:18:46:9c:56:04:4d:e8:44:c2:6a:7c:eb:fb:
         7b:5d:36:6f:12:22:22:b7:b6:a4:08:3e:77:41:60:17:1e:3e:
         67:ef:dc:d2:f7:35:6f:84:ae:e3:c8:e7:97:d0:76:84:8a:41:
         5b:2e:e5:52
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5VQJd7XxBLl7rFs7d20hN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwNTIzMTQzMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmYzYjkxYmVjMWY2NWQ1NzE5YjdjOWUyNzc3YTY1NWFjOTRkMTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWxWVRY2hS/WTDGie7ARpwoe5cGr
hkUL5nVriELZCIlEPUlAab3hY6HPPIKS2nPQWgtg4w6b6uCSSlYIptlBsZHa35ze
W5qtiEz2r1MeLb/rpoTb2QB/PWhHYBTm8GYJruUQ3Ust6talsQzW3k/UrEQlO2d9
kaoCrfJdlJhFQNatKEq93CL6HC2sAwf9G4RmjHrZI0tCppOQRatMoL6jbZVKkTPJ
Ygck0u7trzB/h2c9+lYl9YGYa/oInEdcHSCYs0/ZrwlwuKVSEHJLkD+wXDz6VsHk
EotvrrW3hkEQSNsb9pZjhDtq+CA6Z46gAPRX/S1GSyQfnFkr3gPO5JSZpQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOLzuRvsH2XVcZt8nid3plWslNFmMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvNHZPNUctd2ZaZFZ4bTN5ZUozZW1WYXlVMFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVYXOAwQA
VYXjAwQAVYX+MA0GCSqGSIb3DQEBCwUAA4IBAQCw6/TAHS5/ZYKNaEouB9aev5TC
b2l/HpYGi2RLHBmLxh7kX41WqBEf+39qlJ5ngCNIK8Br/L8ENJGh9uwRxnB43x0L
S2rFhAmUWLozeBF4lEBNEesldmkNG2L1NEOUt05Ywm8j83a+YBXQw3DKkYdY86UN
zbEVBxTm5jiIvDAXViGGJRke6t55rqi5Q0PoMysAjU/j/pCBgtC5OrrGE9pYeH4L
xA5yGO/vg8ImBH9CSPW7g16jJBQoUCJUjVIAqKIAaTHLyWhqRyoe0RhGnFYETehE
wmp86/t7XTZvEiIit7akCD53QWAXHj5n79zS9zVvhK7jyOeX0HaEikFbLuVS
-----END CERTIFICATE-----