Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/4ZyYrxdMVPNrHL63nSmSHm7BJig.roa
File:                     4ZyYrxdMVPNrHL63nSmSHm7BJig.roa (raw, json)
Hash identifier:          tkJ2qyLJeQtQKbXkAggvDNTWa3p6+Xzk5AaNc5VgTbY=
Subject key identifier:   E1:9C:98:AF:17:4C:54:F3:6B:1C:BE:B7:9D:29:92:1E:6E:C1:26:28
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019D53851C9477C05CA9D8E0AA7B6FFB629E
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/4ZyYrxdMVPNrHL63nSmSHm7BJig.roa
Signing time:             Fri 03 Apr 2026 13:25:25 +0000
ROA not before:           Fri 03 Apr 2026 13:25:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        94.131.24.0/22 maxlen: 24
                          94.131.64.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:53:85:1c:94:77:c0:5c:a9:d8:e0:aa:7b:6f:fb:62:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Apr  3 13:25:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e19c98af174c54f36b1cbeb79d29921e6ec12628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:06:a3:d5:da:43:5f:32:3f:0f:c9:6b:51:aa:
                    48:12:6d:af:f8:0c:e0:92:54:81:84:56:5e:6e:5b:
                    95:b2:08:cc:20:c4:ed:fc:c1:f7:ee:ca:16:c0:63:
                    1c:f1:01:50:0b:83:00:5d:96:11:0e:de:27:32:93:
                    b8:65:8a:67:13:37:a9:31:9c:b8:91:3c:2f:2e:ac:
                    67:b3:93:64:a9:fe:2b:cc:8a:f5:32:3d:07:a5:9e:
                    2c:f1:e4:f9:a7:35:90:cc:96:60:86:27:41:5b:bc:
                    72:ed:b6:0d:a9:1f:06:30:ba:c3:87:4b:09:d0:d4:
                    f6:ba:16:ec:28:5d:54:49:14:60:8d:18:2a:dc:a5:
                    e4:4f:4e:71:0b:07:f7:d2:e5:cf:3b:f4:00:7a:15:
                    c3:aa:6e:01:b3:7a:73:e9:4d:f4:b7:ad:70:90:d7:
                    c9:ec:09:61:43:3c:c1:44:11:c8:c9:ac:27:c9:02:
                    aa:92:2d:c3:b7:6e:cc:5c:db:0f:a3:8d:d2:b6:97:
                    39:12:42:d6:c2:80:07:b7:26:00:f0:65:51:5d:ce:
                    08:92:e4:03:79:18:42:a1:a8:ce:c8:76:c2:16:f5:
                    1c:b6:9e:17:16:00:23:32:48:fa:09:f0:70:df:f9:
                    a2:8d:13:69:1e:e4:9b:de:6d:76:cf:5b:9e:f3:c6:
                    5f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:9C:98:AF:17:4C:54:F3:6B:1C:BE:B7:9D:29:92:1E:6E:C1:26:28
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/4ZyYrxdMVPNrHL63nSmSHm7BJig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.24.0/22
                  94.131.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         29:ae:be:ee:ac:c7:b7:58:4a:6d:4c:d4:8b:fc:14:96:25:d4:
         ab:e2:4e:00:e5:49:3f:0a:c6:58:64:bd:20:45:7f:42:18:2b:
         84:4e:01:91:ec:74:fc:16:11:06:1f:2a:43:97:aa:3d:49:01:
         e8:dc:35:78:af:fb:3f:f6:63:29:d3:04:e3:c6:28:4d:8a:02:
         49:ba:94:de:04:31:62:31:3f:4d:27:66:ed:21:79:6a:8b:8b:
         3a:af:e4:bc:72:20:1c:b6:79:6f:36:b8:09:e6:9b:16:03:d1:
         4e:03:0a:de:ca:23:96:69:36:4e:45:bb:98:e9:ee:84:d4:c5:
         a2:bf:62:a3:02:ed:da:47:f3:20:1f:11:0d:41:b1:c0:26:d8:
         65:85:02:4d:27:ef:11:07:ce:0e:b1:f1:2e:8a:c9:6b:60:a6:
         fb:53:9a:58:90:98:3f:10:05:f6:0c:a4:5f:f8:55:f7:a6:27:
         88:15:3a:c5:5a:bb:3f:0b:5f:8e:e6:8e:7c:10:8c:24:77:08:
         1e:65:5d:b8:d4:60:e2:f2:3c:09:fb:4d:56:33:0a:13:05:63:
         8f:37:00:75:4b:dd:71:4c:b9:02:c2:0e:a0:2c:b3:01:c7:c6:
         24:ea:01:5d:ff:ae:10:8f:80:2e:23:fc:4b:94:fe:04:52:36:
         9f:9c:1e:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1ThRyUd8Bcqdjgqntv+2KeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjYwNDAzMTMyNTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTljOThhZjE3NGM1NGYzNmIxY2JlYjc5ZDI5OTIxZTZlYzEyNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgaj1dpDXzI/D8lrUapIEm2v+Azg
klSBhFZebluVsgjMIMTt/MH37soWwGMc8QFQC4MAXZYRDt4nMpO4ZYpnEzepMZy4
kTwvLqxns5Nkqf4rzIr1Mj0HpZ4s8eT5pzWQzJZghidBW7xy7bYNqR8GMLrDh0sJ
0NT2uhbsKF1USRRgjRgq3KXkT05xCwf30uXPO/QAehXDqm4Bs3pz6U30t61wkNfJ
7AlhQzzBRBHIyawnyQKqki3Dt27MXNsPo43Stpc5EkLWwoAHtyYA8GVRXc4IkuQD
eRhCoajOyHbCFvUctp4XFgAjMkj6CfBw3/mijRNpHuSb3m12z1ue88Zf/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOGcmK8XTFTzaxy+t50pkh5uwSYoMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvNFp5WXJ4ZE1WUE5ySEw2M25TbVNIbTdCSmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXoMYAwQE
XoNAMA0GCSqGSIb3DQEBCwUAA4IBAQAprr7urMe3WEptTNSL/BSWJdSr4k4A5Uk/
CsZYZL0gRX9CGCuETgGR7HT8FhEGHypDl6o9SQHo3DV4r/s/9mMp0wTjxihNigJJ
upTeBDFiMT9NJ2btIXlqi4s6r+S8ciActnlvNrgJ5psWA9FOAwreyiOWaTZORbuY
6e6E1MWiv2KjAu3aR/MgHxENQbHAJthlhQJNJ+8RB84OsfEuislrYKb7U5pYkJg/
EAX2DKRf+FX3pieIFTrFWrs/C1+O5o58EIwkdwgeZV241GDi8jwJ+01WMwoTBWOP
NwB1S91xTLkCwg6gLLMBx8Yk6gFd/64Qj4AuI/xLlP4EUjafnB6M
-----END CERTIFICATE-----