Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/4vxZx7uBqQQ6FyEF2MVBFY1WSaQ.roa
File:                     4vxZx7uBqQQ6FyEF2MVBFY1WSaQ.roa (raw, json)
Hash identifier:          yT8MYmQtVQnTBHZPhbP/WPtpcUBRa3XEcKCSlPgpz98=
Subject key identifier:   E2:FC:59:C7:BB:81:A9:04:3A:17:21:05:D8:C5:41:15:8D:56:49:A4
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019D728D0EE7ACA7D89AB9508785C2D53FF9
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/4vxZx7uBqQQ6FyEF2MVBFY1WSaQ.roa
Signing time:             Thu 09 Apr 2026 14:02:20 +0000
ROA not before:           Thu 09 Apr 2026 14:02:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3258
IP address blocks:        85.149.192.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:8d:0e:e7:ac:a7:d8:9a:b9:50:87:85:c2:d5:3f:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Apr  9 14:02:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2fc59c7bb81a9043a172105d8c541158d5649a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c3:16:7d:46:e7:8a:52:86:5d:df:2b:76:73:
                    b8:6d:bc:40:e2:30:80:96:e0:cc:fe:91:e6:1f:0a:
                    a9:3d:aa:b0:ca:e4:a4:6e:c8:c5:23:f3:59:83:9b:
                    56:31:21:5e:25:84:11:c8:c0:7e:12:73:6a:3d:9b:
                    89:28:cb:b6:45:6f:a0:66:66:4a:ef:75:04:83:f8:
                    2d:07:93:79:e4:da:f7:01:9b:52:72:c2:fb:d2:88:
                    4d:3f:db:92:05:e7:a4:48:23:b8:84:e4:b9:2a:cd:
                    df:dc:20:d8:84:5c:28:6c:bf:0e:ad:49:d5:cd:4f:
                    9a:8d:1f:28:c0:ec:d3:24:46:71:8c:d2:1d:a0:09:
                    d0:50:2b:a0:c1:91:b1:e7:6c:a8:c1:ed:dc:fe:6e:
                    30:24:f8:3f:3d:50:c0:95:7b:70:24:7d:fd:13:d0:
                    8d:fc:dd:38:b8:40:73:17:55:40:8a:96:01:b3:7f:
                    7a:af:fe:d7:39:5f:7a:da:a6:7c:74:7d:66:ed:ce:
                    af:c7:9b:fb:0b:de:6f:9d:5d:a6:4c:81:55:c0:82:
                    76:d3:fc:ee:40:d7:8a:90:88:ad:8e:6b:12:51:48:
                    94:2e:b1:28:7c:29:bb:11:f1:81:69:9c:65:d8:0e:
                    98:e8:f0:8b:5e:c2:e8:de:b4:2c:15:da:ab:a9:18:
                    23:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:FC:59:C7:BB:81:A9:04:3A:17:21:05:D8:C5:41:15:8D:56:49:A4
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/4vxZx7uBqQQ6FyEF2MVBFY1WSaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         85:a5:88:ab:32:5b:bd:a8:c2:87:22:da:31:90:b8:f3:b1:10:
         75:10:76:0a:1e:57:94:09:41:79:a3:d3:93:cf:d9:2b:43:dc:
         61:67:f4:c3:24:0f:70:21:dc:7a:a8:2d:96:01:35:3e:02:37:
         bb:a5:95:98:2e:0d:dd:46:8f:f0:1d:5a:87:c8:93:e9:be:96:
         36:67:26:2e:ab:96:a6:d6:6c:6b:b6:d1:48:89:86:1a:35:d6:
         72:11:1a:9a:59:58:1b:ba:a3:50:27:32:10:ea:1e:cc:52:da:
         61:32:dd:76:9d:3c:af:86:4a:fc:6c:60:de:b8:e1:60:bf:03:
         0d:79:91:58:e4:3d:0e:1f:05:49:47:71:d0:aa:be:e5:eb:ec:
         25:16:99:07:3f:0b:53:0c:f5:97:b6:b3:eb:68:a3:4f:91:b1:
         63:1d:ac:16:7e:bc:7f:04:39:af:2e:77:ed:e1:cc:cf:12:c0:
         fc:12:d4:00:0a:ba:9b:16:93:46:37:7a:d7:05:6d:24:0a:7f:
         8e:f9:5a:18:41:ee:b7:f4:7d:6b:d2:3a:fa:1e:38:f9:e8:11:
         30:42:0e:4f:67:23:49:18:76:7e:83:5c:ed:16:36:da:75:a8:
         e1:2a:8a:cb:05:3b:d4:49:85:19:c5:8c:77:56:0c:ac:67:ff:
         49:6c:f1:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1yjQ7nrKfYmrlQh4XC1T/5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwNDA5MTQwMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmZjNTljN2JiODFhOTA0M2ExNzIxMDVkOGM1NDExNThkNTY0OWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MMWfUbnilKGXd8rdnO4bbxA4jCA
luDM/pHmHwqpPaqwyuSkbsjFI/NZg5tWMSFeJYQRyMB+EnNqPZuJKMu2RW+gZmZK
73UEg/gtB5N55Nr3AZtScsL70ohNP9uSBeekSCO4hOS5Ks3f3CDYhFwobL8OrUnV
zU+ajR8owOzTJEZxjNIdoAnQUCugwZGx52yowe3c/m4wJPg/PVDAlXtwJH39E9CN
/N04uEBzF1VAipYBs396r/7XOV962qZ8dH1m7c6vx5v7C95vnV2mTIFVwIJ20/zu
QNeKkIitjmsSUUiULrEofCm7EfGBaZxl2A6Y6PCLXsLo3rQsFdqrqRgjdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOL8Wce7gakEOhchBdjFQRWNVkmkMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvNHZ4Wng3dUJxUVE2RnlFRjJNVkJGWTFXU2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVZXAMA0G
CSqGSIb3DQEBCwUAA4IBAQCFpYirMlu9qMKHItoxkLjzsRB1EHYKHleUCUF5o9OT
z9krQ9xhZ/TDJA9wIdx6qC2WATU+Aje7pZWYLg3dRo/wHVqHyJPpvpY2ZyYuq5am
1mxrttFIiYYaNdZyERqaWVgbuqNQJzIQ6h7MUtphMt12nTyvhkr8bGDeuOFgvwMN
eZFY5D0OHwVJR3HQqr7l6+wlFpkHPwtTDPWXtrPraKNPkbFjHawWfrx/BDmvLnft
4czPEsD8EtQACrqbFpNGN3rXBW0kCn+O+VoYQe639H1r0jr6Hjj56BEwQg5PZyNJ
GHZ+g1ztFjbadajhKorLBTvUSYUZxYx3VgysZ/9JbPGj
-----END CERTIFICATE-----