Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/d6aef7-0a82-4963-9993-fc918f2e74ec/1/4n5Ua4aTaAunDOOW01P0fMrY7k0.roa
File:                     4n5Ua4aTaAunDOOW01P0fMrY7k0.roa (raw, json)
Hash identifier:          WNNgqxjBcUK1ZKvwmBjdbFYyCDwsWtboY/v6WqR+zss=
Subject key identifier:   E2:7E:54:6B:86:93:68:0B:A7:0C:E3:96:D3:53:F4:7C:CA:D8:EE:4D
Certificate issuer:       /CN=bebb370b1db20dfd908954247acb1e0a05240ac1
Certificate serial:       019B7759510BB003141A20BD5E0FCE70633A
Authority key identifier: BE:BB:37:0B:1D:B2:0D:FD:90:89:54:24:7A:CB:1E:0A:05:24:0A:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrs3Cx2yDf2QiVQkesseCgUkCsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/d6aef7-0a82-4963-9993-fc918f2e74ec/1/4n5Ua4aTaAunDOOW01P0fMrY7k0.roa
Signing time:             Thu 01 Jan 2026 02:18:20 +0000
ROA not before:           Thu 01 Jan 2026 02:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47178
IP address blocks:        93.188.112.0/21 maxlen: 24
                          185.99.224.0/22 maxlen: 24
                          2a05:ba80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/d6aef7-0a82-4963-9993-fc918f2e74ec/1/vrs3Cx2yDf2QiVQkesseCgUkCsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/d6aef7-0a82-4963-9993-fc918f2e74ec/1/vrs3Cx2yDf2QiVQkesseCgUkCsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrs3Cx2yDf2QiVQkesseCgUkCsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:51:0b:b0:03:14:1a:20:bd:5e:0f:ce:70:63:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bebb370b1db20dfd908954247acb1e0a05240ac1
        Validity
            Not Before: Jan  1 02:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e27e546b8693680ba70ce396d353f47ccad8ee4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c8:e8:a1:c4:7a:5a:3f:84:86:c4:7e:e5:00:
                    27:23:33:19:6c:87:5a:43:30:96:10:0a:92:5e:a3:
                    34:81:dd:dc:0c:ee:ab:0c:1e:96:12:e6:66:e1:28:
                    cd:79:23:53:ad:fb:d6:7a:bc:7d:d5:88:61:20:3d:
                    46:53:1a:0c:c2:5e:d3:5d:bd:3d:96:fc:38:b5:dd:
                    f7:24:2e:13:df:60:0b:72:43:32:44:5a:6d:cb:da:
                    3f:d1:22:09:26:31:af:ad:8f:cf:b4:55:87:b5:74:
                    0e:58:6c:16:de:65:2d:82:ef:fe:a8:3c:40:3b:c1:
                    a1:52:a3:e6:43:58:f6:a7:6c:c8:fa:43:4c:a0:ea:
                    13:f4:b4:ed:27:7e:08:24:e6:c4:91:75:9e:61:22:
                    7e:cb:fa:74:01:f7:c4:55:7d:2c:bc:f7:7b:47:72:
                    6d:bf:97:05:48:46:1a:55:56:c1:fb:af:b2:15:85:
                    59:3c:c3:06:0c:4b:a0:86:1f:8d:26:02:b9:0a:f6:
                    43:ee:2e:b1:ac:b1:35:e0:c4:50:65:ab:f9:b7:0d:
                    8f:62:bf:34:ac:95:9d:26:60:90:cf:96:ef:3d:1d:
                    68:2b:aa:5a:c6:94:f8:e3:f6:68:fd:75:77:0d:c6:
                    67:f7:7b:24:0d:bb:47:ad:b4:f4:0f:8a:5a:10:ef:
                    e0:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7E:54:6B:86:93:68:0B:A7:0C:E3:96:D3:53:F4:7C:CA:D8:EE:4D
            X509v3 Authority Key Identifier:
                keyid:BE:BB:37:0B:1D:B2:0D:FD:90:89:54:24:7A:CB:1E:0A:05:24:0A:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrs3Cx2yDf2QiVQkesseCgUkCsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/d6aef7-0a82-4963-9993-fc918f2e74ec/1/4n5Ua4aTaAunDOOW01P0fMrY7k0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/d6aef7-0a82-4963-9993-fc918f2e74ec/1/vrs3Cx2yDf2QiVQkesseCgUkCsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.188.112.0/21
                  185.99.224.0/22
                IPv6:
                  2a05:ba80::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:56:23:33:f3:53:31:e6:b9:f5:78:ec:0d:cf:0a:30:7b:4e:
         46:ad:00:a9:74:fe:9e:26:69:bd:6a:2d:60:f2:a4:35:40:9c:
         7b:f4:9b:9d:cf:34:30:f4:fe:d4:f4:95:82:46:0f:77:8f:0b:
         ad:50:1b:a2:44:bf:4e:72:8b:81:cc:24:3d:e3:cc:47:2d:45:
         30:6f:67:08:d4:f2:5f:b2:23:80:39:4a:e3:42:63:44:86:97:
         5d:74:b2:04:b4:a9:63:d3:ef:72:c2:c5:13:24:7a:41:88:15:
         46:41:7b:31:91:ce:9c:cd:6f:0e:09:87:f7:83:70:2b:75:9d:
         2a:d9:f2:33:fe:7e:dc:4c:84:74:c2:d7:02:52:c7:f2:13:73:
         2d:a0:1a:5d:d6:9a:87:ef:26:42:13:76:0c:10:fc:11:5c:48:
         86:ad:d2:c8:88:bf:95:0f:8c:7c:02:34:a5:d2:cf:20:84:4a:
         8c:ac:f4:5a:12:bf:4a:6e:6a:82:82:ef:50:21:df:3f:13:6f:
         45:64:5f:30:e3:6d:07:b5:a6:3d:40:ac:96:1f:63:08:3c:69:
         e0:ec:f5:28:5e:c0:b6:2d:2b:35:89:be:d1:56:00:8e:c8:7a:
         9c:5f:eb:7d:df:55:6e:52:24:d7:88:55:89:5f:e5:03:09:61:
         9d:2c:eb:94
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt3WVELsAMUGiC9Xg/OcGM6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmIzNzBiMWRiMjBkZmQ5MDg5NTQyNDdhY2IxZTBhMDUy
NDBhYzEwHhcNMjYwMTAxMDIxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjdlNTQ2Yjg2OTM2ODBiYTcwY2UzOTZkMzUzZjQ3Y2NhZDhlZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucjoocR6Wj+EhsR+5QAnIzMZbIda
QzCWEAqSXqM0gd3cDO6rDB6WEuZm4SjNeSNTrfvWerx91YhhID1GUxoMwl7TXb09
lvw4td33JC4T32ALckMyRFpty9o/0SIJJjGvrY/PtFWHtXQOWGwW3mUtgu/+qDxA
O8GhUqPmQ1j2p2zI+kNMoOoT9LTtJ34IJObEkXWeYSJ+y/p0AffEVX0svPd7R3Jt
v5cFSEYaVVbB+6+yFYVZPMMGDEughh+NJgK5CvZD7i6xrLE14MRQZav5tw2PYr80
rJWdJmCQz5bvPR1oK6paxpT44/Zo/XV3DcZn93skDbtHrbT0D4paEO/gRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOJ+VGuGk2gLpwzjltNT9HzK2O5NMB8GA1UdIwQY
MBaAFL67Nwsdsg39kIlUJHrLHgoFJArBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJzM0N4MnlEZjJRaVZRa2Vzc2VDZ1VrQ3NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9kNmFlZjctMGE4Mi00OTYzLTk5OTMt
ZmM5MThmMmU3NGVjLzEvNG41VWE0YVRhQXVuRE9PVzAxUDBmTXJZN2swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9kNmFlZjctMGE4Mi00OTYzLTk5OTMtZmM5MThmMmU3NGVj
LzEvdnJzM0N4MnlEZjJRaVZRa2Vzc2VDZ1VrQ3NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXbxwAwQC
uWPgMA0EAgACMAcDBQMqBbqAMA0GCSqGSIb3DQEBCwUAA4IBAQAhViMz81Mx5rn1
eOwNzwowe05GrQCpdP6eJmm9ai1g8qQ1QJx79JudzzQw9P7U9JWCRg93jwutUBui
RL9OcouBzCQ948xHLUUwb2cI1PJfsiOAOUrjQmNEhpdddLIEtKlj0+9ywsUTJHpB
iBVGQXsxkc6czW8OCYf3g3ArdZ0q2fIz/n7cTIR0wtcCUsfyE3MtoBpd1pqH7yZC
E3YMEPwRXEiGrdLIiL+VD4x8AjSl0s8ghEqMrPRaEr9KbmqCgu9QId8/E29FZF8w
420HtaY9QKyWH2MIPGng7PUoXsC2LSs1ib7RVgCOyHqcX+t931VuUiTXiFWJX+UD
CWGdLOuU
-----END CERTIFICATE-----