Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/4Wz2uDf0Qptc_6761SPVoQf4bBM.roa
File:                     4Wz2uDf0Qptc_6761SPVoQf4bBM.roa (raw, json)
Hash identifier:          8U2wx/Qo2zif5q2rWFNOBYLftMHsh4GSECh0wZFGfBA=
Subject key identifier:   E1:6C:F6:B8:37:F4:42:9B:5C:FF:AE:FA:D5:23:D5:A1:07:F8:6C:13
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019D3EF3CAC211D623E86BEE831896C352BB
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/4Wz2uDf0Qptc_6761SPVoQf4bBM.roa
Signing time:             Mon 30 Mar 2026 13:34:17 +0000
ROA not before:           Mon 30 Mar 2026 13:34:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200679
IP address blocks:        85.143.101.0/24 maxlen: 24
                          2001:b08:200::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:f3:ca:c2:11:d6:23:e8:6b:ee:83:18:96:c3:52:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Mar 30 13:34:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e16cf6b837f4429b5cffaefad523d5a107f86c13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:28:26:a8:cc:29:1f:3d:5e:af:dc:c8:8a:1a:
                    14:5f:66:a6:6e:57:8f:8f:58:ef:c6:22:97:50:99:
                    6b:c8:26:fe:40:5a:42:3d:de:8c:da:ce:fc:14:f9:
                    76:bc:cc:7a:7c:ac:c6:9b:96:23:9f:80:6b:32:41:
                    23:b0:5d:f4:1a:bf:f9:2f:ef:1e:f4:d8:59:6b:20:
                    32:4d:ec:64:03:2e:bb:b1:f5:06:53:86:41:1c:e7:
                    78:41:83:11:ff:e3:cb:4f:20:1e:32:bb:b5:14:22:
                    2f:36:05:7d:49:fe:1e:b6:68:94:46:1e:39:82:00:
                    48:83:67:56:eb:b3:34:5f:9c:a5:a2:91:2b:2c:ba:
                    e1:3c:bb:b0:d3:9a:f0:ed:89:f3:64:48:99:13:e6:
                    8a:21:47:c3:14:94:39:4d:fc:6d:2a:b6:7c:98:55:
                    9f:15:b3:d1:03:76:9a:0a:98:ff:18:bd:85:2b:19:
                    f7:f5:53:38:5a:e3:33:14:2d:1a:d0:08:52:3b:3d:
                    53:31:ae:7f:c7:bc:b9:55:15:58:41:eb:cb:c9:81:
                    f9:28:85:9b:83:c8:ed:58:fc:68:02:d5:a5:63:26:
                    2c:11:6d:4a:f9:81:c6:ce:3f:8f:f2:cb:84:9d:ab:
                    64:3d:78:51:eb:2d:be:c4:82:39:27:5b:3f:bf:b1:
                    74:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6C:F6:B8:37:F4:42:9B:5C:FF:AE:FA:D5:23:D5:A1:07:F8:6C:13
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/4Wz2uDf0Qptc_6761SPVoQf4bBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.101.0/24
                IPv6:
                  2001:b08:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:ac:5d:41:53:b1:cf:75:eb:22:20:80:d3:81:92:7d:c3:35:
         ca:d0:ea:1c:5a:f9:86:ca:12:e3:fc:f6:80:ed:2b:eb:2e:3e:
         28:b4:c9:60:79:65:f1:2e:7d:af:6b:54:4b:87:37:4b:98:cc:
         58:17:cb:91:40:2f:5d:7f:cc:61:eb:61:72:81:30:cb:26:bc:
         65:bd:c8:7e:68:36:89:42:ed:82:4f:3d:c7:95:3f:c9:48:d5:
         47:db:ed:53:c8:36:d5:cd:17:cf:42:98:b6:56:35:96:30:bd:
         fc:ff:83:ca:49:30:f8:b3:ef:33:7c:ce:10:c9:0b:e5:96:1a:
         c4:23:31:8d:8d:9c:6d:f8:19:1a:bd:cf:c4:9b:b2:5e:68:4e:
         71:45:7b:3f:01:b0:fb:d9:dc:16:dc:f2:1a:a2:15:ab:46:b1:
         38:64:79:5a:f1:9c:87:4c:f4:49:98:9e:8e:19:06:a1:d4:fb:
         07:eb:45:a2:d6:2b:73:be:b6:d0:a9:73:6b:b6:45:59:31:17:
         66:55:aa:69:48:74:7c:c5:58:e3:48:c1:b2:35:5f:31:83:97:
         e5:23:a9:45:8a:2d:b2:9f:35:77:ac:c7:d4:d1:f5:db:cf:33:
         94:ec:f6:29:fb:c1:21:11:31:cb:65:ee:e0:4e:82:e8:48:a5:
         16:dc:27:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ0+88rCEdYj6GvugxiWw1K7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjYwMzMwMTMzNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTZjZjZiODM3ZjQ0MjliNWNmZmFlZmFkNTIzZDVhMTA3Zjg2YzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwygmqMwpHz1er9zIihoUX2ambleP
j1jvxiKXUJlryCb+QFpCPd6M2s78FPl2vMx6fKzGm5Yjn4BrMkEjsF30Gr/5L+8e
9NhZayAyTexkAy67sfUGU4ZBHOd4QYMR/+PLTyAeMru1FCIvNgV9Sf4etmiURh45
ggBIg2dW67M0X5ylopErLLrhPLuw05rw7YnzZEiZE+aKIUfDFJQ5TfxtKrZ8mFWf
FbPRA3aaCpj/GL2FKxn39VM4WuMzFC0a0AhSOz1TMa5/x7y5VRVYQevLyYH5KIWb
g8jtWPxoAtWlYyYsEW1K+YHGzj+P8suEnatkPXhR6y2+xII5J1s/v7F0fwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOFs9rg39EKbXP+u+tUj1aEH+GwTMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvNFd6MnVEZjBRcHRjXzY3NjFTUFZvUWY0YkJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAVY9lMA8E
AgACMAkDBwAgAQsIAgAwDQYJKoZIhvcNAQELBQADggEBABusXUFTsc916yIggNOB
kn3DNcrQ6hxa+YbKEuP89oDtK+suPii0yWB5ZfEufa9rVEuHN0uYzFgXy5FAL11/
zGHrYXKBMMsmvGW9yH5oNolC7YJPPceVP8lI1Ufb7VPINtXNF89CmLZWNZYwvfz/
g8pJMPiz7zN8zhDJC+WWGsQjMY2NnG34GRq9z8Sbsl5oTnFFez8BsPvZ3Bbc8hqi
FatGsThkeVrxnIdM9EmYno4ZBqHU+wfrRaLWK3O+ttCpc2u2RVkxF2ZVqmlIdHzF
WONIwbI1XzGDl+UjqUWKLbKfNXesx9TR9dvPM5Ts9in7wSERMctl7uBOguhIpRbc
Jwg=
-----END CERTIFICATE-----