Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/1ES3fiQd8YWXLLexWWmq-7bKLMo.roa
File:                     1ES3fiQd8YWXLLexWWmq-7bKLMo.roa (raw, json)
Hash identifier:          P9xCt7INJULcUJ2UZb9OGwLLBhIcvDIYMhS6nKTEDgA=
Subject key identifier:   D4:44:B7:7E:24:1D:F1:85:97:2C:B7:B1:59:69:AA:FB:B6:CA:2C:CA
Certificate issuer:       /CN=5283073076e673a32b7dd6bcdc0fbcc16f37b6a1
Certificate serial:       019A2B4B3FAE7523E7391A65F7988878C992
Authority key identifier: 52:83:07:30:76:E6:73:A3:2B:7D:D6:BC:DC:0F:BC:C1:6F:37:B6:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UoMHMHbmc6Mrfda83A-8wW83tqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/1ES3fiQd8YWXLLexWWmq-7bKLMo.roa
Signing time:             Tue 28 Oct 2025 14:49:03 +0000
ROA not before:           Tue 28 Oct 2025 14:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31027
IP address blocks:        46.32.128.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/UoMHMHbmc6Mrfda83A-8wW83tqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/UoMHMHbmc6Mrfda83A-8wW83tqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UoMHMHbmc6Mrfda83A-8wW83tqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2b:4b:3f:ae:75:23:e7:39:1a:65:f7:98:88:78:c9:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5283073076e673a32b7dd6bcdc0fbcc16f37b6a1
        Validity
            Not Before: Oct 28 14:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d444b77e241df185972cb7b15969aafbb6ca2cca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c1:1f:d2:47:7d:54:3b:35:ea:21:ed:ab:cd:
                    7e:3a:84:ea:9c:85:64:c3:a4:ec:e3:a9:40:d7:30:
                    4f:ea:c1:73:bd:2d:08:b0:2f:71:07:47:da:1d:03:
                    06:0e:b1:41:8f:71:13:d7:cb:c7:76:9a:ec:db:a6:
                    7e:cd:0c:46:2c:2d:c7:a3:15:d3:e7:62:ba:03:93:
                    2a:c5:7a:ba:2f:33:c5:3c:39:d9:52:c4:51:de:cb:
                    18:ff:c4:4c:a3:e2:6a:a0:65:ed:1b:70:87:28:a6:
                    31:39:1d:d9:36:c2:df:1f:cb:0f:6d:a9:31:be:86:
                    7d:13:48:2a:e8:b9:f8:1b:c4:6e:d3:f5:b9:f5:18:
                    9f:43:ce:cd:33:b6:bf:ac:1c:35:dc:75:36:a7:44:
                    b8:fc:f1:a1:1e:0f:5b:11:73:1f:f2:ea:b8:de:54:
                    e6:7d:b1:7c:83:63:c5:35:72:69:d8:d8:61:2d:03:
                    29:ad:e9:75:3c:54:53:0a:e5:4f:f4:51:79:b0:65:
                    60:8e:40:b5:ad:27:a6:01:55:18:8f:f8:37:13:fd:
                    3c:b4:ca:47:40:2c:fc:b9:80:77:ea:f4:5d:2d:db:
                    1c:bf:28:a8:5e:f2:9b:8e:c5:5a:46:0d:74:08:5e:
                    c7:c7:1b:56:63:be:c3:8c:dd:78:09:f7:ca:35:42:
                    28:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:44:B7:7E:24:1D:F1:85:97:2C:B7:B1:59:69:AA:FB:B6:CA:2C:CA
            X509v3 Authority Key Identifier:
                keyid:52:83:07:30:76:E6:73:A3:2B:7D:D6:BC:DC:0F:BC:C1:6F:37:B6:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UoMHMHbmc6Mrfda83A-8wW83tqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/1ES3fiQd8YWXLLexWWmq-7bKLMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/UoMHMHbmc6Mrfda83A-8wW83tqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         16:36:41:7f:8f:1c:10:a1:b7:88:0b:7e:82:b9:56:eb:15:fb:
         89:75:f1:e2:0f:b8:82:c3:a2:45:39:e5:26:b5:56:35:de:75:
         a1:41:cb:56:df:17:40:8b:2d:af:ca:1c:f2:be:19:37:d6:4d:
         33:dc:3c:aa:2d:96:27:1c:77:72:e8:f7:fd:0f:70:4d:fe:c1:
         7f:00:62:a2:50:ed:10:0b:8b:2d:1b:b1:c9:bf:5f:33:0e:f8:
         f0:3c:82:70:ad:2f:a5:87:c9:e9:2b:84:ec:48:38:18:b7:7b:
         1c:d9:ed:83:66:25:f4:f2:be:5d:0d:64:72:64:8d:f2:d1:5b:
         94:d2:1f:ce:d3:5f:cd:29:e7:a1:1f:87:08:51:a8:c1:12:24:
         4b:d8:a5:9a:63:73:77:95:8d:61:98:dc:3b:2f:1e:b0:5f:cd:
         b9:f4:3a:fc:3f:81:45:b5:b1:d5:96:ee:37:9e:e4:5c:ac:12:
         88:68:3e:11:bc:11:4b:b3:27:36:6b:87:04:3a:26:a4:fe:9a:
         58:11:4d:47:1f:87:63:53:39:1b:23:88:79:f9:12:2b:ee:c1:
         37:10:24:35:a5:42:f3:19:45:28:b6:db:b1:02:a6:a9:c6:6a:
         c6:ee:d0:44:d7:c3:45:b7:81:77:53:3d:f0:e8:40:a2:da:89:
         9c:23:21:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZorSz+udSPnORpl95iIeMmSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyODMwNzMwNzZlNjczYTMyYjdkZDZiY2RjMGZiY2MxNmYz
N2I2YTEwHhcNMjUxMDI4MTQ0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDQ0Yjc3ZTI0MWRmMTg1OTcyY2I3YjE1OTY5YWFmYmI2Y2EyY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8Ef0kd9VDs16iHtq81+OoTqnIVk
w6Ts46lA1zBP6sFzvS0IsC9xB0faHQMGDrFBj3ET18vHdprs26Z+zQxGLC3HoxXT
52K6A5MqxXq6LzPFPDnZUsRR3ssY/8RMo+JqoGXtG3CHKKYxOR3ZNsLfH8sPbakx
voZ9E0gq6Ln4G8Ru0/W59RifQ87NM7a/rBw13HU2p0S4/PGhHg9bEXMf8uq43lTm
fbF8g2PFNXJp2NhhLQMprel1PFRTCuVP9FF5sGVgjkC1rSemAVUYj/g3E/08tMpH
QCz8uYB36vRdLdscvyioXvKbjsVaRg10CF7HxxtWY77DjN14CffKNUIobQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNREt34kHfGFlyy3sVlpqvu2yizKMB8GA1UdIwQY
MBaAFFKDBzB25nOjK33WvNwPvMFvN7ahMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW9NSE1IYm1jNk1yZmRhODNBLTh3VzgzdHFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8yN2U1MjctZTAyZS00YzMwLWE4NmIt
M2MzNTRkNjE4YjNhLzEvMUVTM2ZpUWQ4WVdYTExleFdXbXEtN2JLTE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8yN2U1MjctZTAyZS00YzMwLWE4NmItM2MzNTRkNjE4YjNh
LzEvVW9NSE1IYm1jNk1yZmRhODNBLTh3VzgzdHFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELiCAMA0G
CSqGSIb3DQEBCwUAA4IBAQAWNkF/jxwQobeIC36CuVbrFfuJdfHiD7iCw6JFOeUm
tVY13nWhQctW3xdAiy2vyhzyvhk31k0z3DyqLZYnHHdy6Pf9D3BN/sF/AGKiUO0Q
C4stG7HJv18zDvjwPIJwrS+lh8npK4TsSDgYt3sc2e2DZiX08r5dDWRyZI3y0VuU
0h/O01/NKeehH4cIUajBEiRL2KWaY3N3lY1hmNw7Lx6wX8259Dr8P4FFtbHVlu43
nuRcrBKIaD4RvBFLsyc2a4cEOiak/ppYEU1HH4djUzkbI4h5+RIr7sE3ECQ1pULz
GUUottuxAqapxmrG7tBE18NFt4F3Uz3w6ECi2omcIyHZ
-----END CERTIFICATE-----