Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/3xzArYOAxgWc4aUVyuLW5cctBic.roa
File:                     3xzArYOAxgWc4aUVyuLW5cctBic.roa (raw, json)
Hash identifier:          1e/deWnq1m7f4YnRkd3T/eFSvZzxSX+ubkiEGm+dFs0=
Subject key identifier:   DF:1C:C0:AD:83:80:C6:05:9C:E1:A5:15:CA:E2:D6:E5:C7:2D:06:27
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019D9046028B8675C6773B07A79AFA87BBF9
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/3xzArYOAxgWc4aUVyuLW5cctBic.roa
Signing time:             Wed 15 Apr 2026 08:33:20 +0000
ROA not before:           Wed 15 Apr 2026 08:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200219
IP address blocks:        146.19.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:46:02:8b:86:75:c6:77:3b:07:a7:9a:fa:87:bb:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Apr 15 08:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df1cc0ad8380c6059ce1a515cae2d6e5c72d0627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d9:4e:55:7d:43:be:32:c9:44:83:4d:6c:82:
                    57:06:d4:47:85:8f:8f:11:38:34:9a:b7:d5:0a:6c:
                    b1:5e:cb:b4:0b:66:bd:2e:bf:5a:86:c1:c5:11:c3:
                    9c:c8:03:bd:76:a4:d8:f2:63:a5:8e:fa:02:61:d5:
                    9a:6a:9e:3d:2c:92:3d:06:61:b7:4b:3b:11:4b:dd:
                    96:83:a7:b4:7f:29:4c:78:43:fb:1b:d8:a2:70:72:
                    8b:7b:a0:93:a3:86:42:53:53:89:90:0e:7f:8b:92:
                    6c:13:74:23:7e:cc:79:74:e4:f5:ce:7d:2f:9c:cf:
                    fc:c3:c7:29:b7:56:f9:1f:a8:c7:22:7a:4f:12:e9:
                    f5:f1:dc:8f:56:86:2c:e2:b7:e3:97:ad:02:8d:c5:
                    55:ac:e7:cd:70:ec:af:81:d5:d6:b0:e8:7d:63:73:
                    a0:50:74:6c:82:17:2a:ac:81:30:5a:96:f9:a0:48:
                    72:36:e1:e8:cb:05:11:c8:6d:ed:8f:c7:79:33:ac:
                    3f:51:1d:d7:b0:0e:10:dc:9e:f4:31:d4:a1:5d:0a:
                    8a:94:5b:3b:c8:14:58:f6:d2:ba:09:69:8b:bb:cf:
                    b9:5a:67:d2:4b:78:3b:3b:e0:41:03:26:c5:47:5e:
                    2b:ab:51:8d:e8:be:78:9e:b0:2e:3b:4b:92:6f:fc:
                    93:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:1C:C0:AD:83:80:C6:05:9C:E1:A5:15:CA:E2:D6:E5:C7:2D:06:27
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/3xzArYOAxgWc4aUVyuLW5cctBic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:43:d3:05:e9:8e:41:fe:16:f6:8b:6c:33:71:e4:ff:60:01:
         b3:4a:60:63:2a:4d:12:64:4b:2e:8e:cc:17:77:c2:ba:74:c8:
         db:bb:04:51:24:ee:67:d4:62:71:56:60:e8:6e:65:b1:7b:9d:
         e1:04:95:97:83:30:ca:80:6d:1e:20:16:d8:5d:6f:db:66:6b:
         33:5c:18:cf:e2:ba:67:ca:39:4b:fe:2a:fe:17:37:1f:bb:af:
         ca:f2:82:9c:6e:c8:e1:09:00:f3:1b:2d:42:7e:24:e2:e0:44:
         1a:72:ff:d8:50:0c:d2:59:99:eb:36:b9:ca:d0:0c:84:3d:a2:
         84:55:50:8a:30:9e:6d:9b:f1:d2:d2:ae:8e:e1:7d:bf:a3:72:
         6e:37:9d:dd:41:13:8a:76:b4:65:cf:3b:43:31:1c:91:03:39:
         66:d6:d4:bb:a4:68:7d:d7:78:20:b8:e2:0e:19:ea:f9:cc:d7:
         65:35:2f:3b:b0:80:6b:06:df:f2:7f:86:ca:d6:65:78:6a:b3:
         1c:6c:f7:a4:08:cd:0c:b4:f8:ab:9a:b9:97:9f:81:f3:46:0a:
         34:a7:78:ac:fd:27:39:3f:f9:f2:3f:a7:25:70:cd:90:bc:ad:
         f9:64:07:e3:a6:04:7d:56:8a:9d:1c:32:63:dc:f9:25:02:cd:
         29:6f:3a:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2QRgKLhnXGdzsHp5r6h7v5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjYwNDE1MDgzMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjFjYzBhZDgzODBjNjA1OWNlMWE1MTVjYWUyZDZlNWM3MmQwNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNlOVX1DvjLJRINNbIJXBtRHhY+P
ETg0mrfVCmyxXsu0C2a9Lr9ahsHFEcOcyAO9dqTY8mOljvoCYdWaap49LJI9BmG3
SzsRS92Wg6e0fylMeEP7G9iicHKLe6CTo4ZCU1OJkA5/i5JsE3Qjfsx5dOT1zn0v
nM/8w8cpt1b5H6jHInpPEun18dyPVoYs4rfjl60CjcVVrOfNcOyvgdXWsOh9Y3Og
UHRsghcqrIEwWpb5oEhyNuHoywURyG3tj8d5M6w/UR3XsA4Q3J70MdShXQqKlFs7
yBRY9tK6CWmLu8+5WmfSS3g7O+BBAybFR14rq1GN6L54nrAuO0uSb/yTJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8cwK2DgMYFnOGlFcri1uXHLQYnMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvM3h6QXJZT0F4Z1djNGFVVnl1TFc1Y2N0QmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhN8MA0G
CSqGSIb3DQEBCwUAA4IBAQAlQ9MF6Y5B/hb2i2wzceT/YAGzSmBjKk0SZEsujswX
d8K6dMjbuwRRJO5n1GJxVmDobmWxe53hBJWXgzDKgG0eIBbYXW/bZmszXBjP4rpn
yjlL/ir+Fzcfu6/K8oKcbsjhCQDzGy1CfiTi4EQacv/YUAzSWZnrNrnK0AyEPaKE
VVCKMJ5tm/HS0q6O4X2/o3JuN53dQROKdrRlzztDMRyRAzlm1tS7pGh913gguOIO
Ger5zNdlNS87sIBrBt/yf4bK1mV4arMcbPekCM0MtPirmrmXn4HzRgo0p3is/Sc5
P/nyP6clcM2QvK35ZAfjpgR9VoqdHDJj3PklAs0pbzrI
-----END CERTIFICATE-----