Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/4rLPq_TgJ9EI_tLb1VhHk45l3x0.roa
File:                     4rLPq_TgJ9EI_tLb1VhHk45l3x0.roa (raw, json)
Hash identifier:          hFOozb3KB1jUFC9gVkqUzG9rbgAjo7X66KzDUthY3po=
Subject key identifier:   E2:B2:CF:AB:F4:E0:27:D1:08:FE:D2:DB:D5:58:47:93:8E:65:DF:1D
Certificate issuer:       /CN=27d028470604336fdb9308e51ba53e951ae2e098
Certificate serial:       019B76EB002CC26026C9ACFEFEA8379A9A9B
Authority key identifier: 27:D0:28:47:06:04:33:6F:DB:93:08:E5:1B:A5:3E:95:1A:E2:E0:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J9AoRwYEM2_bkwjlG6U-lRri4Jg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/4rLPq_TgJ9EI_tLb1VhHk45l3x0.roa
Signing time:             Thu 01 Jan 2026 00:17:50 +0000
ROA not before:           Thu 01 Jan 2026 00:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201455
IP address blocks:        185.170.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/J9AoRwYEM2_bkwjlG6U-lRri4Jg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/J9AoRwYEM2_bkwjlG6U-lRri4Jg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J9AoRwYEM2_bkwjlG6U-lRri4Jg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:00:2c:c2:60:26:c9:ac:fe:fe:a8:37:9a:9a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27d028470604336fdb9308e51ba53e951ae2e098
        Validity
            Not Before: Jan  1 00:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2b2cfabf4e027d108fed2dbd55847938e65df1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4c:6b:80:9d:7f:6e:f8:2b:a6:c4:a2:b5:8c:
                    96:97:8a:f0:52:d2:b6:07:47:fb:d4:84:6e:02:f1:
                    f4:05:ae:8a:7a:13:47:bb:bd:2a:a4:56:c0:5b:6c:
                    68:0e:14:d8:8b:e8:0c:1d:9e:89:37:c4:77:07:d8:
                    5e:21:ce:3c:a6:63:85:87:72:db:6c:e6:95:e5:20:
                    d8:48:6f:95:5b:22:85:83:b6:91:d5:9b:67:77:7e:
                    50:63:e8:34:65:ce:87:be:af:48:a0:62:a0:30:1d:
                    30:1a:23:d0:fc:d5:09:a8:3b:4a:91:8a:e7:7d:bf:
                    7f:54:c2:60:d4:16:ff:ed:21:f5:fb:03:f3:4a:b0:
                    90:c9:e1:d6:f1:0e:d4:8f:ba:07:56:46:5a:9b:31:
                    66:ff:18:a6:57:18:e5:e8:61:90:79:38:fd:86:4d:
                    34:03:4d:9e:8a:f5:f8:ed:2f:40:68:d3:f0:56:28:
                    af:8a:a8:1a:a3:81:d2:5e:6e:a6:33:bf:ce:ad:30:
                    ff:f1:86:aa:3c:74:fe:db:88:55:d4:c5:50:ee:68:
                    af:96:7b:d0:75:60:fd:6b:6b:8c:2e:99:3f:75:1f:
                    28:a2:b1:b5:0a:5b:c1:ad:4f:f2:11:72:c2:de:bb:
                    89:c5:81:cc:5d:0b:21:01:3b:6f:a4:21:e8:9e:37:
                    03:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:B2:CF:AB:F4:E0:27:D1:08:FE:D2:DB:D5:58:47:93:8E:65:DF:1D
            X509v3 Authority Key Identifier:
                keyid:27:D0:28:47:06:04:33:6F:DB:93:08:E5:1B:A5:3E:95:1A:E2:E0:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J9AoRwYEM2_bkwjlG6U-lRri4Jg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/4rLPq_TgJ9EI_tLb1VhHk45l3x0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/J9AoRwYEM2_bkwjlG6U-lRri4Jg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:36:2c:76:b9:b3:ac:e6:25:95:4f:af:69:7d:18:22:82:fa:
         f2:77:68:39:e0:0d:8a:78:22:d2:53:0f:e9:ba:f8:ae:75:db:
         2b:c5:af:f4:66:7d:58:28:03:4b:aa:8c:c0:e6:f6:ac:25:b1:
         2f:71:40:23:79:84:83:31:7e:3a:b5:33:8f:95:e9:9e:95:dd:
         96:5d:a6:d3:f1:82:ba:fa:c6:c3:df:9d:47:11:c4:bf:88:26:
         72:35:e4:eb:5b:df:b6:ba:f3:51:d9:ac:50:8f:2d:8e:3e:e4:
         cf:26:09:31:17:d6:65:90:1a:c5:ef:6f:b6:dc:9d:72:d6:d9:
         15:8d:5f:f6:fb:76:55:c4:2d:e8:32:39:de:81:eb:85:1a:cd:
         bc:56:ca:33:06:99:46:a9:74:50:bf:a3:c2:c8:a5:c2:0c:0d:
         c2:84:da:64:fc:35:d5:f6:de:4e:39:49:b9:19:15:6a:b9:c6:
         e2:9e:b7:4f:27:d3:78:28:6d:4d:10:8e:f9:82:d4:5f:4f:a8:
         90:61:eb:2e:4d:e7:6c:47:1c:4d:0f:cb:dc:0b:07:53:ea:70:
         ba:7b:13:fc:6c:0f:2c:93:af:7a:e9:e7:bb:3d:9e:f6:2a:a3:
         8c:30:09:c3:b8:b4:40:e4:a7:41:93:16:17:d2:ec:4e:d4:2f:
         e6:5f:4e:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26wAswmAmyaz+/qg3mpqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZDAyODQ3MDYwNDMzNmZkYjkzMDhlNTFiYTUzZTk1MWFl
MmUwOTgwHhcNMjYwMTAxMDAxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmIyY2ZhYmY0ZTAyN2QxMDhmZWQyZGJkNTU4NDc5MzhlNjVkZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UxrgJ1/bvgrpsSitYyWl4rwUtK2
B0f71IRuAvH0Ba6KehNHu70qpFbAW2xoDhTYi+gMHZ6JN8R3B9heIc48pmOFh3Lb
bOaV5SDYSG+VWyKFg7aR1Ztnd35QY+g0Zc6Hvq9IoGKgMB0wGiPQ/NUJqDtKkYrn
fb9/VMJg1Bb/7SH1+wPzSrCQyeHW8Q7Uj7oHVkZamzFm/ximVxjl6GGQeTj9hk00
A02eivX47S9AaNPwViiviqgao4HSXm6mM7/OrTD/8YaqPHT+24hV1MVQ7mivlnvQ
dWD9a2uMLpk/dR8oorG1ClvBrU/yEXLC3ruJxYHMXQshATtvpCHonjcDOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKyz6v04CfRCP7S29VYR5OOZd8dMB8GA1UdIwQY
MBaAFCfQKEcGBDNv25MI5RulPpUa4uCYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjlBb1J3WUVNMl9ia3dqbEc2VS1sUnJpNEpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9iMzgwNWYtYmU2Zi00MTMzLWI1ZWMt
YTRlYmJmZTcxMGMzLzEvNHJMUHFfVGdKOUVJX3RMYjFWaEhrNDVsM3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9iMzgwNWYtYmU2Zi00MTMzLWI1ZWMtYTRlYmJmZTcxMGMz
LzEvSjlBb1J3WUVNMl9ia3dqbEc2VS1sUnJpNEpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaofMA0G
CSqGSIb3DQEBCwUAA4IBAQAaNix2ubOs5iWVT69pfRgigvryd2g54A2KeCLSUw/p
uviuddsrxa/0Zn1YKANLqozA5vasJbEvcUAjeYSDMX46tTOPlemeld2WXabT8YK6
+sbD351HEcS/iCZyNeTrW9+2uvNR2axQjy2OPuTPJgkxF9ZlkBrF72+23J1y1tkV
jV/2+3ZVxC3oMjnegeuFGs28VsozBplGqXRQv6PCyKXCDA3ChNpk/DXV9t5OOUm5
GRVqucbinrdPJ9N4KG1NEI75gtRfT6iQYesuTedsRxxND8vcCwdT6nC6exP8bA8s
k6966ee7PZ72KqOMMAnDuLRA5KdBkxYX0uxO1C/mX062
-----END CERTIFICATE-----