Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/Q6S6DEWeTdaNo4RLFHSga5G24TE.roa
File:                     Q6S6DEWeTdaNo4RLFHSga5G24TE.roa (raw, json)
Hash identifier:          /vqg99pETnOiWOT15E0Qy+efouY/dSqrRAnrIsKDpi8=
Subject key identifier:   43:A4:BA:0C:45:9E:4D:D6:8D:A3:84:4B:14:74:A0:6B:91:B6:E1:31
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019D82C7B936601614251CF32F66DFD965F6
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/Q6S6DEWeTdaNo4RLFHSga5G24TE.roa
Signing time:             Sun 12 Apr 2026 17:40:20 +0000
ROA not before:           Sun 12 Apr 2026 17:40:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211063
IP address blocks:        132.243.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:82:c7:b9:36:60:16:14:25:1c:f3:2f:66:df:d9:65:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Apr 12 17:40:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43a4ba0c459e4dd68da3844b1474a06b91b6e131
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:2a:a8:db:b7:09:ee:53:1c:49:01:0e:57:0e:
                    79:4e:e6:be:39:e8:a9:4e:ce:01:1a:9a:dc:5c:71:
                    48:a6:94:46:30:82:cf:52:01:bd:22:59:2b:68:d5:
                    71:60:94:71:66:07:00:71:5c:ca:f5:6b:38:98:16:
                    3f:57:7b:3d:b4:1c:f1:33:06:af:34:d5:6f:7d:b8:
                    83:04:52:83:04:ed:b4:74:55:ec:4a:a1:fa:9b:bd:
                    6c:e4:70:ca:32:88:89:31:0a:b3:44:c6:69:e6:61:
                    42:ef:70:f4:dc:2c:f3:38:f6:e6:b8:ae:e6:aa:df:
                    2b:0a:5a:13:23:3f:53:a7:05:cb:ef:50:51:8a:4b:
                    a7:6e:f1:64:c6:c2:48:d9:90:cd:cd:20:99:44:c6:
                    ab:f3:69:dd:e9:6a:3c:ce:a1:12:ce:12:2c:60:3f:
                    d7:28:a5:05:85:91:0a:50:a8:2e:b2:03:54:51:97:
                    ed:21:14:5b:e4:26:a2:ef:18:b8:3f:47:7a:86:3c:
                    5c:5b:05:d5:26:3c:ed:ef:cc:d1:58:48:33:40:45:
                    0a:10:2b:d9:da:d5:21:ac:7a:4f:8f:60:83:60:ef:
                    5c:fb:a4:97:25:c7:f1:97:9f:dd:54:fc:10:f5:00:
                    f2:58:9c:1e:0e:8c:c5:44:d5:a9:a0:2f:ac:9d:65:
                    b6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A4:BA:0C:45:9E:4D:D6:8D:A3:84:4B:14:74:A0:6B:91:B6:E1:31
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/Q6S6DEWeTdaNo4RLFHSga5G24TE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:c9:45:5c:93:cc:b3:e8:4f:8f:11:4a:b6:17:a0:62:09:2c:
         89:d3:22:20:a5:74:37:0b:ac:e6:1f:aa:33:97:d2:6c:21:50:
         da:56:85:16:11:8f:62:22:e9:f7:0e:1b:e0:fe:48:e2:94:3e:
         30:44:6d:0a:6a:61:25:43:a5:28:52:80:06:ea:47:4d:e6:f4:
         8f:14:e0:16:2b:5c:5a:15:74:6d:34:a4:0b:1d:f9:f0:b5:3a:
         9a:7e:72:ca:39:78:6c:e9:bf:7d:e8:f3:d4:0b:a2:02:51:05:
         3a:b6:79:b3:9d:59:20:10:f7:4d:c3:ca:0e:f0:90:cd:71:0f:
         87:96:93:c8:cf:d9:16:e1:93:69:cd:a7:b9:b3:59:b3:43:c7:
         f8:97:51:2b:f3:ce:70:a1:4c:88:30:d6:0a:59:01:2b:dd:e3:
         ce:a9:7f:3a:01:0c:41:50:2f:d2:9e:96:a7:4f:27:7a:eb:18:
         aa:a2:2d:f6:01:b0:87:a1:f3:aa:31:9f:d0:5d:2d:de:b9:a2:
         0c:45:52:1e:ad:fe:6c:21:0f:65:c4:c0:cc:da:da:29:00:fc:
         b0:45:d6:04:1f:82:ed:cc:7d:cb:43:7a:61:4a:7d:a7:af:d3:
         48:96:7a:21:2a:9f:47:be:0c:98:5c:27:70:01:09:ae:1a:4c:
         4a:d1:e5:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Cx7k2YBYUJRzzL2bf2WX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNDEyMTc0MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2E0YmEwYzQ1OWU0ZGQ2OGRhMzg0NGIxNDc0YTA2YjkxYjZlMTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Sqo27cJ7lMcSQEOVw55Tua+Oeip
Ts4BGprcXHFIppRGMILPUgG9IlkraNVxYJRxZgcAcVzK9Ws4mBY/V3s9tBzxMwav
NNVvfbiDBFKDBO20dFXsSqH6m71s5HDKMoiJMQqzRMZp5mFC73D03CzzOPbmuK7m
qt8rCloTIz9TpwXL71BRikunbvFkxsJI2ZDNzSCZRMar82nd6Wo8zqESzhIsYD/X
KKUFhZEKUKgusgNUUZftIRRb5Cai7xi4P0d6hjxcWwXVJjzt78zRWEgzQEUKECvZ
2tUhrHpPj2CDYO9c+6SXJcfxl5/dVPwQ9QDyWJweDozFRNWpoC+snWW2dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOkugxFnk3WjaOESxR0oGuRtuExMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvUTZTNkRFV2VUZGFObzRSTEZIU2dhNUcyNFRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhPPjMA0G
CSqGSIb3DQEBCwUAA4IBAQAdyUVck8yz6E+PEUq2F6BiCSyJ0yIgpXQ3C6zmH6oz
l9JsIVDaVoUWEY9iIun3Dhvg/kjilD4wRG0KamElQ6UoUoAG6kdN5vSPFOAWK1xa
FXRtNKQLHfnwtTqafnLKOXhs6b996PPUC6ICUQU6tnmznVkgEPdNw8oO8JDNcQ+H
lpPIz9kW4ZNpzae5s1mzQ8f4l1Er885woUyIMNYKWQEr3ePOqX86AQxBUC/Snpan
Tyd66xiqoi32AbCHofOqMZ/QXS3euaIMRVIerf5sIQ9lxMDM2topAPywRdYEH4Lt
zH3LQ3phSn2nr9NIlnohKp9HvgyYXCdwAQmuGkxK0eUz
-----END CERTIFICATE-----