Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/cYegkqTDRQkQYBG0QAGLC43ERoE.roa
File:                     cYegkqTDRQkQYBG0QAGLC43ERoE.roa (raw, json)
Hash identifier:          Jj0rGclcjFrkbXAtvfPBQZbVxQ41VQry0fjFc8pn/lw=
Subject key identifier:   71:87:A0:92:A4:C3:45:09:10:60:11:B4:40:01:8B:0B:8D:C4:46:81
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       019D535DC08005C019DE5A773F61D4D0CA8B
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/cYegkqTDRQkQYBG0QAGLC43ERoE.roa
Signing time:             Fri 03 Apr 2026 12:42:26 +0000
ROA not before:           Fri 03 Apr 2026 12:42:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198369
IP address blocks:        81.19.132.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:53:5d:c0:80:05:c0:19:de:5a:77:3f:61:d4:d0:ca:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Apr  3 12:42:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7187a092a4c34509106011b440018b0b8dc44681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:34:7b:57:52:14:35:00:1d:3d:92:29:0e:09:
                    a9:20:f5:14:d1:49:da:87:26:43:65:ec:49:97:3a:
                    89:ee:93:ff:a6:b3:f1:f3:8e:d3:e8:6e:60:6c:dd:
                    2e:24:f7:6d:b3:2a:7f:34:4b:21:e6:7a:a9:da:4a:
                    4a:d0:65:d1:a1:66:3c:f4:67:8c:eb:5c:c8:75:51:
                    69:29:60:73:4b:88:d5:a0:62:5c:de:82:10:20:42:
                    8d:89:bc:b2:26:10:12:73:c5:02:a7:07:98:6b:da:
                    dd:0f:48:ef:fe:0f:58:8f:53:e6:1a:eb:43:63:96:
                    40:8f:5c:be:75:29:fd:ae:ee:d5:39:06:f7:5b:8f:
                    12:4c:a9:73:c3:dd:e5:41:60:6f:73:76:00:44:35:
                    73:20:b0:b2:0b:03:eb:02:8b:4d:95:73:4a:4c:16:
                    f3:95:8d:8d:73:77:5b:de:69:05:c3:41:62:a7:23:
                    6c:19:83:43:e3:99:f9:02:e8:48:c7:c2:81:14:d0:
                    60:15:3b:80:9b:12:6b:98:1d:40:f0:8b:18:42:f2:
                    cc:d1:72:c4:e6:44:0b:ea:c4:27:d7:3c:4a:03:11:
                    85:1d:91:cb:7d:d6:81:53:10:cb:f4:20:d7:d1:1a:
                    07:48:6d:d2:1a:7b:e9:e9:52:31:63:7e:10:65:0e:
                    b9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:87:A0:92:A4:C3:45:09:10:60:11:B4:40:01:8B:0B:8D:C4:46:81
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/cYegkqTDRQkQYBG0QAGLC43ERoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:61:17:d3:e1:50:8a:24:f9:21:57:83:df:1b:ef:ef:04:bb:
         57:77:f5:ed:20:d4:d5:05:c8:68:57:f0:39:e4:7f:fe:d2:08:
         b9:70:cc:a0:90:06:13:89:3d:b7:b0:02:12:05:8a:11:e7:ea:
         88:d6:62:4b:5f:e2:3a:1b:a9:b0:10:9b:7a:0f:43:3e:4a:71:
         b1:14:fd:3a:6d:81:12:2c:a5:cb:3d:3e:ef:a9:1c:6f:c9:e1:
         16:6e:36:0f:02:11:c8:18:ee:14:4d:08:ee:21:b6:80:65:40:
         61:13:f1:47:e2:ae:b0:e2:41:b0:c1:82:d7:3c:ff:e9:0e:e8:
         b1:7f:17:50:a8:bb:6f:e0:3a:22:ef:84:e1:6e:fa:43:4f:d6:
         d4:43:1c:8c:f3:17:db:67:b1:64:17:f3:aa:75:06:c9:49:17:
         c4:f8:11:c0:7a:8d:bd:94:d2:33:45:5e:29:9f:1a:c8:ad:00:
         46:c0:8e:6f:d9:83:05:16:70:21:e4:f8:ed:b5:76:6c:13:07:
         5a:1f:50:2b:09:ca:ef:ab:c8:2a:7f:c3:70:11:32:0f:84:eb:
         69:1f:c3:5b:c4:5e:99:4e:3f:36:81:70:ea:f5:94:d7:2f:db:
         04:df:95:5b:0e:4a:d2:e9:fd:63:2a:57:40:7d:d9:e8:e3:61:
         0a:c3:8f:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1TXcCABcAZ3lp3P2HU0MqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjYwNDAzMTI0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTg3YTA5MmE0YzM0NTA5MTA2MDExYjQ0MDAxOGIwYjhkYzQ0NjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTR7V1IUNQAdPZIpDgmpIPUU0Una
hyZDZexJlzqJ7pP/prPx847T6G5gbN0uJPdtsyp/NEsh5nqp2kpK0GXRoWY89GeM
61zIdVFpKWBzS4jVoGJc3oIQIEKNibyyJhASc8UCpweYa9rdD0jv/g9Yj1PmGutD
Y5ZAj1y+dSn9ru7VOQb3W48STKlzw93lQWBvc3YARDVzILCyCwPrAotNlXNKTBbz
lY2Nc3db3mkFw0FipyNsGYND45n5AuhIx8KBFNBgFTuAmxJrmB1A8IsYQvLM0XLE
5kQL6sQn1zxKAxGFHZHLfdaBUxDL9CDX0RoHSG3SGnvp6VIxY34QZQ65TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGHoJKkw0UJEGARtEABiwuNxEaBMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvY1llZ2txVERSUWtRWUJHMFFBR0xDNDNFUm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUROEMA0G
CSqGSIb3DQEBCwUAA4IBAQBGYRfT4VCKJPkhV4PfG+/vBLtXd/XtINTVBchoV/A5
5H/+0gi5cMygkAYTiT23sAISBYoR5+qI1mJLX+I6G6mwEJt6D0M+SnGxFP06bYES
LKXLPT7vqRxvyeEWbjYPAhHIGO4UTQjuIbaAZUBhE/FH4q6w4kGwwYLXPP/pDuix
fxdQqLtv4Doi74ThbvpDT9bUQxyM8xfbZ7FkF/OqdQbJSRfE+BHAeo29lNIzRV4p
nxrIrQBGwI5v2YMFFnAh5PjttXZsEwdaH1ArCcrvq8gqf8NwETIPhOtpH8NbxF6Z
Tj82gXDq9ZTXL9sE35VbDkrS6f1jKldAfdno42EKw49y
-----END CERTIFICATE-----