Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/tTaupIop28K5RdNZMK_gINyOJ0g.roa
File:                     tTaupIop28K5RdNZMK_gINyOJ0g.roa (raw, json)
Hash identifier:          cOb1c5uSUQmkeKzJpnJ993BQIfIMvcc7g+THJoUIFao=
Subject key identifier:   B5:36:AE:A4:8A:29:DB:C2:B9:45:D3:59:30:AF:E0:20:DC:8E:27:48
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D9B704C774B1E7985CFC9E6DB009B902D
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/tTaupIop28K5RdNZMK_gINyOJ0g.roa
Signing time:             Fri 17 Apr 2026 12:35:21 +0000
ROA not before:           Fri 17 Apr 2026 12:35:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62040
IP address blocks:        186.246.42.0/24 maxlen: 24
                          186.246.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:35:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:70:4c:77:4b:1e:79:85:cf:c9:e6:db:00:9b:90:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 17 12:35:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b536aea48a29dbc2b945d35930afe020dc8e2748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:63:3e:74:27:2c:cb:e1:9a:e3:4a:eb:ef:7f:
                    de:df:48:f3:f8:29:2d:da:e8:e4:ad:44:c9:d6:4b:
                    c6:ec:c0:31:71:d5:03:6c:6f:ad:d0:28:f4:54:fa:
                    48:c3:92:1e:f7:43:68:4f:db:5c:cc:5e:94:69:3a:
                    24:a3:11:4b:eb:0f:5c:b2:2b:ec:14:29:c8:07:3a:
                    00:b8:85:1e:74:09:f1:65:fc:e2:49:76:24:79:a3:
                    25:1a:51:10:93:e3:b0:f3:5d:fc:46:c5:ce:45:b9:
                    d3:31:73:46:39:08:a5:82:7d:21:fd:7a:81:0b:c5:
                    7b:7c:d5:52:b9:e9:4c:95:7e:91:2c:a8:3b:48:60:
                    8b:4a:4f:fb:23:51:95:df:83:cd:1d:3e:e4:1a:15:
                    e0:fa:e3:4e:74:21:b2:93:83:e6:c7:71:6c:80:b0:
                    8e:a6:d0:94:3d:6e:1c:d0:b0:35:71:ee:0b:6c:51:
                    cc:df:ab:03:9f:4f:de:e9:03:61:59:0e:9f:66:77:
                    0f:5f:3f:9e:f7:0c:fd:c9:43:08:c9:96:48:02:d5:
                    1c:72:c5:49:b7:cb:89:f1:df:f6:e7:86:b7:e7:b2:
                    1b:07:a2:73:69:54:3e:cc:8c:e5:ba:96:9e:a6:e9:
                    75:4f:d6:2a:ab:7a:b1:d3:63:90:1c:0c:95:be:d5:
                    db:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:36:AE:A4:8A:29:DB:C2:B9:45:D3:59:30:AF:E0:20:DC:8E:27:48
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/tTaupIop28K5RdNZMK_gINyOJ0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  186.246.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:1d:1a:dd:3b:61:e1:78:44:bb:be:c0:24:92:92:3a:a9:01:
         95:c5:81:a1:72:40:3b:b4:3c:57:60:63:64:73:f6:99:67:93:
         da:e2:d2:88:37:63:5c:21:02:a1:e8:5e:67:bf:80:33:ea:76:
         43:cc:25:77:58:7b:d5:43:5c:a1:ef:cf:f5:31:67:00:4d:70:
         09:63:4c:37:ae:07:3f:95:82:44:e1:15:62:3c:b8:00:f9:4f:
         83:2b:b4:b9:e5:a9:4f:cf:7d:85:2f:65:51:b1:15:9d:8e:a4:
         99:2a:00:69:07:44:dc:bf:b2:34:12:9e:1e:e5:6e:6e:45:2a:
         cc:3f:d0:f7:a2:55:43:0c:6a:41:ee:62:de:34:41:fd:c2:b8:
         89:7e:78:56:fa:f7:3e:6d:b1:08:d6:7f:7f:fc:4a:82:85:a5:
         a4:e0:05:12:42:81:09:ae:04:3d:fb:cc:d4:08:80:87:11:dc:
         cd:69:97:dd:3a:18:30:fa:8c:a4:e9:25:37:5b:b6:b7:ce:74:
         a7:b2:f7:38:f8:47:a3:bc:14:5e:97:1c:f6:e3:ad:fa:2c:f1:
         7d:dc:60:bf:b7:f0:e4:43:02:ba:4c:2a:58:4a:44:34:7d:b5:
         ce:58:1d:15:95:d8:ec:c6:c1:db:17:1f:6f:d8:21:fc:5a:c7:
         10:5a:4d:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2bcEx3Sx55hc/J5tsAm5AtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNDE3MTIzNTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM2YWVhNDhhMjlkYmMyYjk0NWQzNTkzMGFmZTAyMGRjOGUyNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5GM+dCcsy+Ga40rr73/e30jz+Ckt
2ujkrUTJ1kvG7MAxcdUDbG+t0Cj0VPpIw5Ie90NoT9tczF6UaTokoxFL6w9csivs
FCnIBzoAuIUedAnxZfziSXYkeaMlGlEQk+Ow8138RsXORbnTMXNGOQilgn0h/XqB
C8V7fNVSuelMlX6RLKg7SGCLSk/7I1GV34PNHT7kGhXg+uNOdCGyk4Pmx3FsgLCO
ptCUPW4c0LA1ce4LbFHM36sDn0/e6QNhWQ6fZncPXz+e9wz9yUMIyZZIAtUccsVJ
t8uJ8d/254a357IbB6JzaVQ+zIzlupaepul1T9Yqq3qx02OQHAyVvtXbRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLU2rqSKKdvCuUXTWTCv4CDcjidIMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvdFRhdXBJb3AyOEs1UmROWk1LX2dJTnlPSjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuvYqMA0G
CSqGSIb3DQEBCwUAA4IBAQAKHRrdO2HheES7vsAkkpI6qQGVxYGhckA7tDxXYGNk
c/aZZ5Pa4tKIN2NcIQKh6F5nv4Az6nZDzCV3WHvVQ1yh78/1MWcATXAJY0w3rgc/
lYJE4RViPLgA+U+DK7S55alPz32FL2VRsRWdjqSZKgBpB0Tcv7I0Ep4e5W5uRSrM
P9D3olVDDGpB7mLeNEH9wriJfnhW+vc+bbEI1n9//EqChaWk4AUSQoEJrgQ9+8zU
CICHEdzNaZfdOhgw+oyk6SU3W7a3znSnsvc4+EejvBRelxz24636LPF93GC/t/Dk
QwK6TCpYSkQ0fbXOWB0VldjsxsHbFx9v2CH8WscQWk2z
-----END CERTIFICATE-----