Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/RA43K4xHLg-UdXvnE5BBpylAcLE.roa
File:                     RA43K4xHLg-UdXvnE5BBpylAcLE.roa (raw, json)
Hash identifier:          fhI37DL7Mkohtwdyy2ionkNQqG8nPhswdJI9hVbypAg=
Subject key identifier:   44:0E:37:2B:8C:47:2E:0F:94:75:7B:E7:13:90:41:A7:29:40:70:B1
Certificate issuer:       /CN=93e272611139f15d037d7a4be545696cd2853867
Certificate serial:       019EBADA573DB870C34374CC070087B4ACA0
Authority key identifier: 93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/RA43K4xHLg-UdXvnE5BBpylAcLE.roa
Signing time:             Fri 12 Jun 2026 08:02:11 +0000
ROA not before:           Fri 12 Jun 2026 08:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26768
IP address blocks:        209.248.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:da:57:3d:b8:70:c3:43:74:cc:07:00:87:b4:ac:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e272611139f15d037d7a4be545696cd2853867
        Validity
            Not Before: Jun 12 08:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=440e372b8c472e0f94757be7139041a7294070b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:41:5b:e1:a3:c5:62:e5:c4:4e:14:00:84:7f:
                    da:b3:a1:94:03:f3:5d:b9:9c:a6:40:a5:88:4d:c1:
                    cb:11:ad:81:b1:12:f9:97:10:61:09:de:74:1f:96:
                    59:c4:ca:5a:84:49:0c:8a:45:1e:1a:9f:01:92:7e:
                    7d:18:c7:55:17:f5:69:a0:0c:a2:2f:3f:70:da:b7:
                    f4:15:f7:46:3d:66:92:7c:b7:eb:bb:5e:1a:8b:5b:
                    04:f4:37:74:b4:67:87:43:02:c4:5f:4c:e5:0f:9d:
                    28:f0:7e:2d:05:38:28:30:92:41:cc:dc:76:b2:9e:
                    49:1f:40:b3:aa:b5:dd:f0:13:84:44:bc:12:0b:51:
                    77:b8:2c:42:a7:f2:ea:2e:24:40:59:85:a3:c8:29:
                    fb:ed:d1:5a:40:f0:55:b8:2b:5b:6b:b5:bb:6c:3c:
                    24:25:b0:5f:0a:07:ea:d9:af:e7:2f:8f:02:93:80:
                    08:ce:e4:4d:4b:4f:9b:86:9e:c5:02:82:f7:e5:53:
                    1b:00:7e:bd:11:f0:3f:b6:6d:51:9a:2c:05:2b:e8:
                    d7:16:00:4d:bc:d2:a2:d4:ac:da:b5:af:0e:ca:34:
                    b9:c6:f8:4d:2e:6c:8c:7d:9a:76:65:51:1e:f2:60:
                    c1:87:dc:50:c0:35:18:12:4d:d3:b1:06:b7:c8:01:
                    04:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:0E:37:2B:8C:47:2E:0F:94:75:7B:E7:13:90:41:A7:29:40:70:B1
            X509v3 Authority Key Identifier:
                keyid:93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/RA43K4xHLg-UdXvnE5BBpylAcLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.248.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         38:44:0f:86:3e:f0:63:74:1c:59:56:b5:cf:ad:bb:be:04:f6:
         c0:96:7e:8d:c7:76:ea:10:14:19:1c:f0:39:66:f9:8e:10:7d:
         00:79:e4:72:4c:c8:01:fa:eb:ef:f2:43:e5:fc:d3:ec:b4:e3:
         cc:f9:0f:39:a8:22:72:76:ee:4c:3d:71:be:47:fb:9b:3c:4b:
         a1:ca:b4:f4:14:95:5c:8c:49:2d:e2:d6:c0:b5:93:a4:65:4d:
         bd:82:bb:3f:c8:6b:76:0b:4d:cc:e0:65:fc:54:6a:05:6e:eb:
         85:48:60:8f:f8:5e:52:1e:47:40:73:4e:ee:f8:3d:cf:01:a7:
         a0:0b:00:92:92:95:da:a0:5c:aa:d2:7a:06:6a:d6:bc:53:d1:
         6d:97:17:f1:7e:70:9d:f2:6c:6e:10:03:57:00:53:9b:5c:42:
         4f:0f:4c:47:72:f8:fa:39:23:1b:b1:b9:ee:54:34:ba:d5:3a:
         41:c9:a0:11:14:45:2f:e6:da:6f:5d:4f:9e:00:1f:5f:5f:8b:
         ba:78:96:8b:30:b8:fc:1a:ef:7b:83:75:d4:3a:01:b9:73:44:
         28:a7:14:c1:22:6e:8e:31:a8:98:5b:84:a4:5d:00:9b:df:c7:
         7b:d3:3c:3b:26:6e:99:5c:7f:27:6a:47:95:42:d2:f2:b9:91:
         c5:f6:bb:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ662lc9uHDDQ3TMBwCHtKygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZTI3MjYxMTEzOWYxNWQwMzdkN2E0YmU1NDU2OTZjZDI4
NTM4NjcwHhcNMjYwNjEyMDgwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDBlMzcyYjhjNDcyZTBmOTQ3NTdiZTcxMzkwNDFhNzI5NDA3MGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokFb4aPFYuXEThQAhH/as6GUA/Nd
uZymQKWITcHLEa2BsRL5lxBhCd50H5ZZxMpahEkMikUeGp8Bkn59GMdVF/VpoAyi
Lz9w2rf0FfdGPWaSfLfru14ai1sE9Dd0tGeHQwLEX0zlD50o8H4tBTgoMJJBzNx2
sp5JH0CzqrXd8BOERLwSC1F3uCxCp/LqLiRAWYWjyCn77dFaQPBVuCtba7W7bDwk
JbBfCgfq2a/nL48Ck4AIzuRNS0+bhp7FAoL35VMbAH69EfA/tm1RmiwFK+jXFgBN
vNKi1Kzata8OyjS5xvhNLmyMfZp2ZVEe8mDBh9xQwDUYEk3TsQa3yAEEwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQONyuMRy4PlHV75xOQQacpQHCxMB8GA1UdIwQY
MBaAFJPicmEROfFdA316S+VFaWzShThnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2Et
NDdhMmMyNTBlNWFhLzEvUkE0M0s0eEhMZy1VZFh2bkU1QkJweWxBY0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2EtNDdhMmMyNTBlNWFh
LzEvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF0fggMA0G
CSqGSIb3DQEBCwUAA4IBAQA4RA+GPvBjdBxZVrXPrbu+BPbAln6Nx3bqEBQZHPA5
ZvmOEH0AeeRyTMgB+uvv8kPl/NPstOPM+Q85qCJydu5MPXG+R/ubPEuhyrT0FJVc
jEkt4tbAtZOkZU29grs/yGt2C03M4GX8VGoFbuuFSGCP+F5SHkdAc07u+D3PAaeg
CwCSkpXaoFyq0noGata8U9FtlxfxfnCd8mxuEANXAFObXEJPD0xHcvj6OSMbsbnu
VDS61TpByaARFEUv5tpvXU+eAB9fX4u6eJaLMLj8Gu97g3XUOgG5c0QopxTBIm6O
MaiYW4SkXQCb38d70zw7Jm6ZXH8nakeVQtLyuZHF9rs7
-----END CERTIFICATE-----