Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/4VL55TR7n8zY5sjEwyy-tDqTfgs.roa
File:                     4VL55TR7n8zY5sjEwyy-tDqTfgs.roa (raw, json)
Hash identifier:          7BDvUnPmZt5rM/QuBJhcT4U2nlJB/FKzg2OukOPZ9uQ=
Subject key identifier:   E1:52:F9:E5:34:7B:9F:CC:D8:E6:C8:C4:C3:2C:BE:B4:3A:93:7E:0B
Certificate issuer:       /CN=287e1c97f71f355867e3fb877f21aa5130b6cf5d
Certificate serial:       019B79EC2F11C071C99A586D1A4EB3C32789
Authority key identifier: 28:7E:1C:97:F7:1F:35:58:67:E3:FB:87:7F:21:AA:51:30:B6:CF:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/4VL55TR7n8zY5sjEwyy-tDqTfgs.roa
Signing time:             Thu 01 Jan 2026 14:18:00 +0000
ROA not before:           Thu 01 Jan 2026 14:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205110
IP address blocks:        185.226.88.0/24 maxlen: 24
                          185.226.90.0/23 maxlen: 23
                          185.226.90.0/24 maxlen: 24
                          185.226.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:2f:11:c0:71:c9:9a:58:6d:1a:4e:b3:c3:27:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=287e1c97f71f355867e3fb877f21aa5130b6cf5d
        Validity
            Not Before: Jan  1 14:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e152f9e5347b9fccd8e6c8c4c32cbeb43a937e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ea:35:91:4c:3f:0e:52:5b:e7:54:97:93:a9:
                    83:c5:73:8d:2f:c5:dc:de:06:b9:14:f1:be:d2:f1:
                    a7:ce:21:a8:48:37:b9:0a:b3:6b:64:a9:b4:34:26:
                    a8:82:9e:f5:7c:b5:f1:5c:b3:00:10:1d:c9:b2:66:
                    ad:70:d1:21:30:46:a2:a7:56:38:e8:0e:bb:f1:0e:
                    37:1f:d9:38:5a:9d:9b:ae:f6:18:2a:a0:85:3a:bb:
                    a3:bd:08:38:78:15:16:67:6e:82:e6:69:e6:c6:ab:
                    75:d7:01:7b:86:b6:ca:e5:74:8e:d7:ed:1f:bc:ad:
                    71:2e:fb:79:0b:ba:e1:84:1c:de:68:58:6d:1d:60:
                    17:2f:3a:94:31:ea:15:d6:e7:2e:fb:ad:88:e0:b7:
                    a0:e9:e6:ca:6d:1f:1c:90:58:dd:6b:d1:ab:c5:a2:
                    fe:10:c0:fe:4b:3a:25:d9:ef:25:54:0a:82:ce:af:
                    84:a5:87:81:20:c3:a7:6b:ad:ef:5a:b9:70:07:8c:
                    0a:8d:92:c2:6d:7d:89:44:f4:d7:ee:37:3a:d3:f0:
                    02:96:40:f3:21:68:09:05:1f:dc:3e:29:ab:39:3a:
                    ab:9a:c4:8f:91:67:79:97:1d:e3:19:20:4f:2e:bb:
                    41:31:66:f8:75:2a:08:b0:9b:ab:08:5c:f1:c4:8e:
                    65:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:52:F9:E5:34:7B:9F:CC:D8:E6:C8:C4:C3:2C:BE:B4:3A:93:7E:0B
            X509v3 Authority Key Identifier:
                keyid:28:7E:1C:97:F7:1F:35:58:67:E3:FB:87:7F:21:AA:51:30:B6:CF:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/4VL55TR7n8zY5sjEwyy-tDqTfgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.88.0/24
                  185.226.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:7d:09:16:cc:38:c9:bb:ce:b5:46:90:0d:4e:19:c7:f1:5b:
         88:8e:04:f1:d0:08:aa:79:af:ee:91:8a:ed:3b:19:3f:1a:35:
         7e:35:43:6c:37:16:2b:7f:11:e6:90:03:b3:2e:4b:1d:df:ce:
         02:ef:ba:13:50:36:77:b3:6f:78:11:87:89:b3:cc:89:56:04:
         4f:59:6d:17:64:5a:bc:28:e1:cb:42:2d:fc:d1:3a:e0:bd:36:
         4f:ee:9a:c9:99:28:31:54:3a:1b:d3:49:78:78:9f:29:e9:b4:
         22:e8:e8:8a:56:96:14:c4:a1:62:ed:56:07:40:2f:78:a8:b6:
         e7:80:a4:74:b9:46:da:6c:78:9e:11:01:dd:db:3e:1e:1a:95:
         0f:4b:0b:01:d5:55:28:32:60:9a:d6:89:cb:f4:75:65:8f:44:
         f4:d8:de:d7:12:f1:7a:e1:2d:58:b1:62:8f:21:e2:c5:ab:84:
         3b:18:ed:c8:c7:45:de:79:fd:d1:ee:0f:db:96:cf:24:29:13:
         f9:9a:df:02:48:a8:2b:21:39:56:e2:ad:52:02:8a:e9:b0:f2:
         3d:5c:05:cc:37:16:3b:77:46:02:81:72:72:d8:89:72:5b:72:
         e1:f4:47:1f:af:e7:73:98:3d:ca:4a:d7:f1:19:a1:69:62:60:
         ed:83:48:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt57C8RwHHJmlhtGk6zwyeJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4N2UxYzk3ZjcxZjM1NTg2N2UzZmI4NzdmMjFhYTUxMzBi
NmNmNWQwHhcNMjYwMTAxMTQxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTUyZjllNTM0N2I5ZmNjZDhlNmM4YzRjMzJjYmViNDNhOTM3ZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweo1kUw/DlJb51SXk6mDxXONL8Xc
3ga5FPG+0vGnziGoSDe5CrNrZKm0NCaogp71fLXxXLMAEB3JsmatcNEhMEaip1Y4
6A678Q43H9k4Wp2brvYYKqCFOrujvQg4eBUWZ26C5mnmxqt11wF7hrbK5XSO1+0f
vK1xLvt5C7rhhBzeaFhtHWAXLzqUMeoV1ucu+62I4Leg6ebKbR8ckFjda9GrxaL+
EMD+Szol2e8lVAqCzq+EpYeBIMOna63vWrlwB4wKjZLCbX2JRPTX7jc60/AClkDz
IWgJBR/cPimrOTqrmsSPkWd5lx3jGSBPLrtBMWb4dSoIsJurCFzxxI5lOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOFS+eU0e5/M2ObIxMMsvrQ6k34LMB8GA1UdIwQY
MBaAFCh+HJf3HzVYZ+P7h38hqlEwts9dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0g0Y2xfY2ZOVmhuNF91SGZ5R3FVVEMyejEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hZjE2MWItZWY1MS00NGJkLThlMGEt
OWViM2M2ODJiMDA5LzEvNFZMNTVUUjduOHpZNXNqRXd5eS10RHFUZmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hZjE2MWItZWY1MS00NGJkLThlMGEtOWViM2M2ODJiMDA5
LzEvS0g0Y2xfY2ZOVmhuNF91SGZ5R3FVVEMyejEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueJYAwQB
ueJaMA0GCSqGSIb3DQEBCwUAA4IBAQBkfQkWzDjJu861RpANThnH8VuIjgTx0Aiq
ea/ukYrtOxk/GjV+NUNsNxYrfxHmkAOzLksd384C77oTUDZ3s294EYeJs8yJVgRP
WW0XZFq8KOHLQi380TrgvTZP7prJmSgxVDob00l4eJ8p6bQi6OiKVpYUxKFi7VYH
QC94qLbngKR0uUbabHieEQHd2z4eGpUPSwsB1VUoMmCa1onL9HVlj0T02N7XEvF6
4S1YsWKPIeLFq4Q7GO3Ix0Xeef3R7g/bls8kKRP5mt8CSKgrITlW4q1SAorpsPI9
XAXMNxY7d0YCgXJy2IlyW3Lh9Ecfr+dzmD3KStfxGaFpYmDtg0hF
-----END CERTIFICATE-----