Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/E3-_fXrx3WJEz1xqKZqUxJBmM-Q.roa
File:                     E3-_fXrx3WJEz1xqKZqUxJBmM-Q.roa (raw, json)
Hash identifier:          aSCX2XxnC/aSPKRCNlxxflXs9icajrveCo9SBL09YdY=
Subject key identifier:   13:7F:BF:7D:7A:F1:DD:62:44:CF:5C:6A:29:9A:94:C4:90:66:33:E4
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019D4D109655F639CD26F6B76772CE6FD753
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/E3-_fXrx3WJEz1xqKZqUxJBmM-Q.roa
Signing time:             Thu 02 Apr 2026 07:20:25 +0000
ROA not before:           Thu 02 Apr 2026 07:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215294
IP address blocks:        94.103.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4d:10:96:55:f6:39:cd:26:f6:b7:67:72:ce:6f:d7:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Apr  2 07:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=137fbf7d7af1dd6244cf5c6a299a94c4906633e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:02:64:09:72:54:56:bc:da:15:56:d8:87:2b:
                    f1:36:2e:7c:4d:9f:00:b8:5d:79:e8:92:1d:7a:36:
                    a7:31:32:19:4f:ed:32:c1:9d:36:66:7a:07:b2:73:
                    38:eb:59:a3:4a:8b:46:0c:ee:c2:60:2a:1f:1c:e3:
                    03:ed:02:8f:21:6b:61:0b:8f:97:bd:21:7d:c6:25:
                    27:02:53:a0:5d:52:76:b3:63:e0:b3:57:16:b5:e0:
                    d3:4c:f1:d7:63:93:f4:81:66:c1:c2:63:c8:ac:cd:
                    e4:0c:0b:fa:a1:67:25:bc:b5:c8:aa:53:ed:00:31:
                    90:fd:af:db:33:4e:b3:dc:48:d7:b1:3d:ae:88:9b:
                    73:86:b0:8c:70:fe:0d:90:5e:7f:ed:99:03:99:90:
                    e0:95:1e:12:1a:b9:56:cc:fb:fe:83:f9:d3:ed:16:
                    9a:b8:d9:a2:9f:21:5b:ab:da:0b:59:76:61:d1:02:
                    77:5a:a9:a1:f7:e2:a9:7d:7c:49:b7:a3:be:2b:ba:
                    a8:c1:96:7d:9f:58:6a:2b:ec:3d:cb:4f:ca:8a:31:
                    91:49:79:0a:a9:55:ea:67:af:dd:6d:6e:0f:da:82:
                    ec:8b:c9:6f:0a:ad:c8:94:96:12:de:1c:7c:64:ae:
                    57:53:1b:0f:77:62:2f:7d:53:9d:e7:cf:5d:3f:d9:
                    77:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:7F:BF:7D:7A:F1:DD:62:44:CF:5C:6A:29:9A:94:C4:90:66:33:E4
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/E3-_fXrx3WJEz1xqKZqUxJBmM-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:2b:78:0e:ff:68:72:7e:3d:91:f2:5c:ef:a4:9c:7b:6f:91:
         10:83:68:b4:d8:0e:6f:6a:11:8e:f7:0c:d6:b7:70:49:70:b2:
         08:6d:73:bb:43:d6:bb:60:ae:33:59:66:22:61:98:91:d4:58:
         2b:94:95:35:79:2e:6e:96:0d:07:96:3a:80:c7:d8:fe:db:76:
         54:d8:45:2b:5c:2e:18:d5:7a:5a:bc:8b:c8:40:ee:cf:2e:d3:
         9c:4c:fe:bf:29:ae:9b:e9:0d:43:56:06:07:9b:39:59:75:f2:
         3c:6c:9a:63:de:76:26:0f:0e:da:e1:dc:85:a3:cf:fd:52:70:
         4e:a1:d6:47:a0:53:40:ec:af:74:1d:cd:0a:b7:ee:e8:dd:77:
         58:b0:4d:66:7e:c9:82:1b:b7:b0:b2:75:d9:42:25:43:61:b7:
         b4:62:19:4b:c5:cd:07:86:ad:73:cb:77:40:c1:9a:db:97:70:
         77:bd:a9:23:14:8e:9d:35:5d:2c:dd:c5:06:2d:5b:86:15:f9:
         0e:a8:3e:6f:ef:01:1e:c8:38:03:8e:c5:46:d3:ba:c7:5c:db:
         15:4f:91:91:1e:9a:75:0c:c1:b4:a6:cf:7a:62:dd:3b:fb:99:
         87:f8:15:e8:17:d0:04:3a:db:58:2a:72:a3:18:b6:ee:4b:e1:
         d4:c5:e4:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1NEJZV9jnNJva3Z3LOb9dTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNDAyMDcyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzdmYmY3ZDdhZjFkZDYyNDRjZjVjNmEyOTlhOTRjNDkwNjYzM2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQJkCXJUVrzaFVbYhyvxNi58TZ8A
uF156JIdejanMTIZT+0ywZ02ZnoHsnM461mjSotGDO7CYCofHOMD7QKPIWthC4+X
vSF9xiUnAlOgXVJ2s2Pgs1cWteDTTPHXY5P0gWbBwmPIrM3kDAv6oWclvLXIqlPt
ADGQ/a/bM06z3EjXsT2uiJtzhrCMcP4NkF5/7ZkDmZDglR4SGrlWzPv+g/nT7Raa
uNminyFbq9oLWXZh0QJ3Wqmh9+KpfXxJt6O+K7qowZZ9n1hqK+w9y0/KijGRSXkK
qVXqZ6/dbW4P2oLsi8lvCq3IlJYS3hx8ZK5XUxsPd2IvfVOd589dP9l3UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBN/v3168d1iRM9caimalMSQZjPkMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvRTMtX2ZYcngzV0pFejF4cUtacVV4SkJtTS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXmc4MA0G
CSqGSIb3DQEBCwUAA4IBAQBNK3gO/2hyfj2R8lzvpJx7b5EQg2i02A5vahGO9wzW
t3BJcLIIbXO7Q9a7YK4zWWYiYZiR1FgrlJU1eS5ulg0HljqAx9j+23ZU2EUrXC4Y
1XpavIvIQO7PLtOcTP6/Ka6b6Q1DVgYHmzlZdfI8bJpj3nYmDw7a4dyFo8/9UnBO
odZHoFNA7K90Hc0Kt+7o3XdYsE1mfsmCG7ewsnXZQiVDYbe0YhlLxc0Hhq1zy3dA
wZrbl3B3vakjFI6dNV0s3cUGLVuGFfkOqD5v7wEeyDgDjsVG07rHXNsVT5GRHpp1
DMG0ps96Yt07+5mH+BXoF9AEOttYKnKjGLbuS+HUxeTA
-----END CERTIFICATE-----