Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/4BgA-ABWSArgHx-ygbshx6JYrTY.roa
File:                     4BgA-ABWSArgHx-ygbshx6JYrTY.roa (raw, json)
Hash identifier:          bvv8kgY0ZVnm7qvnIwLD4R0xE7EezfYihSBw0uGEums=
Subject key identifier:   E0:18:00:F8:00:56:48:0A:E0:1F:1F:B2:81:BB:21:C7:A2:58:AD:36
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019D83167682B60FEC19F2F2C8D7AB413DD3
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/4BgA-ABWSArgHx-ygbshx6JYrTY.roa
Signing time:             Sun 12 Apr 2026 19:06:20 +0000
ROA not before:           Sun 12 Apr 2026 19:06:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     139205
IP address blocks:        89.28.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:83:16:76:82:b6:0f:ec:19:f2:f2:c8:d7:ab:41:3d:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Apr 12 19:06:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e01800f80056480ae01f1fb281bb21c7a258ad36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:26:33:43:3b:ed:3a:3d:cc:4b:e8:a2:20:76:
                    f8:42:ba:61:07:fe:1c:26:61:2c:18:ff:a6:34:5f:
                    d0:14:58:51:9a:df:0a:7d:ef:fb:10:85:13:2d:c0:
                    9c:7c:92:d2:47:c6:24:33:d8:4d:cc:e7:00:b8:f2:
                    d6:73:10:65:0d:2b:06:bb:d0:0d:ca:46:bc:fb:9b:
                    dc:b6:0d:e9:6f:7b:46:d3:8a:cc:fe:a0:cb:77:bf:
                    c8:b6:a0:d5:06:cb:02:09:31:a2:0d:8c:2a:67:77:
                    af:70:36:9e:3a:c2:8c:7b:59:41:fc:82:27:da:bc:
                    d9:43:09:45:5d:80:b8:25:fd:4b:29:14:82:b3:71:
                    ba:44:b8:a9:37:a5:ba:94:e9:a6:e3:d7:63:7a:05:
                    89:e5:65:b8:ea:34:61:ef:18:53:de:7e:72:68:b9:
                    df:5c:11:95:41:fe:bf:65:1f:db:1f:3b:e0:ca:1b:
                    fd:3c:88:31:bd:5b:8a:3d:a3:fd:e4:9e:c5:2a:43:
                    94:b2:6d:e2:fe:95:a0:df:46:32:79:af:37:77:a1:
                    9d:d6:f4:b8:05:4d:e7:0c:d5:d4:60:6f:65:80:d5:
                    47:ff:5c:62:e5:94:0e:24:55:24:1c:83:e2:67:68:
                    21:fd:7b:81:8e:71:38:11:b1:6d:c5:d1:c0:3f:6f:
                    40:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:18:00:F8:00:56:48:0A:E0:1F:1F:B2:81:BB:21:C7:A2:58:AD:36
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/4BgA-ABWSArgHx-ygbshx6JYrTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:de:3c:66:04:30:04:ba:ba:cb:d4:da:91:59:77:63:27:92:
         38:18:da:e8:93:9e:8d:f8:1b:83:38:fe:5d:e5:04:8b:74:b1:
         dd:42:6c:39:50:77:29:97:09:43:cd:a4:ed:ae:dc:ce:79:e7:
         83:e9:96:5d:88:fd:46:c6:d9:bd:e3:ab:fa:2f:35:7b:c7:2e:
         c3:02:1c:fb:93:fb:e6:d9:fb:31:78:fe:4d:03:b9:67:31:9e:
         16:ae:b7:59:11:7c:a7:61:bc:f2:2c:aa:ed:b6:e0:90:37:f2:
         f3:3e:87:d6:c8:e8:e8:fe:ae:16:1b:be:27:7b:67:f2:2d:9d:
         13:91:40:7b:fd:18:75:b5:59:2d:63:87:e7:c7:ae:5e:a7:32:
         b8:6a:6d:cb:b2:29:22:5f:b3:c2:fe:0a:55:ee:41:99:7f:0e:
         5b:d8:ad:8f:d8:36:87:bc:93:fb:19:18:59:d0:2e:a3:d9:ba:
         ee:cf:84:10:1c:b3:8c:58:d4:45:75:e1:20:d7:08:02:c9:ae:
         e7:70:9b:13:b7:8c:d1:09:d9:f3:f6:cc:b8:7e:e9:55:88:d9:
         a7:b6:85:99:e0:1e:14:5d:6f:ba:e8:57:14:fc:61:fb:be:52:
         67:b9:ea:37:24:ee:bc:57:da:2d:2b:21:3e:17:7a:47:22:51:
         59:ca:fc:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2DFnaCtg/sGfLyyNerQT3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwNDEyMTkwNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDE4MDBmODAwNTY0ODBhZTAxZjFmYjI4MWJiMjFjN2EyNThhZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCYzQzvtOj3MS+iiIHb4QrphB/4c
JmEsGP+mNF/QFFhRmt8Kfe/7EIUTLcCcfJLSR8YkM9hNzOcAuPLWcxBlDSsGu9AN
yka8+5vctg3pb3tG04rM/qDLd7/ItqDVBssCCTGiDYwqZ3evcDaeOsKMe1lB/IIn
2rzZQwlFXYC4Jf1LKRSCs3G6RLipN6W6lOmm49djegWJ5WW46jRh7xhT3n5yaLnf
XBGVQf6/ZR/bHzvgyhv9PIgxvVuKPaP95J7FKkOUsm3i/pWg30Yyea83d6Gd1vS4
BU3nDNXUYG9lgNVH/1xi5ZQOJFUkHIPiZ2gh/XuBjnE4EbFtxdHAP29AQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAYAPgAVkgK4B8fsoG7IceiWK02MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvNEJnQS1BQldTQXJnSHgteWdic2h4NkpZclRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzLMA0G
CSqGSIb3DQEBCwUAA4IBAQBl3jxmBDAEurrL1NqRWXdjJ5I4GNrok56N+BuDOP5d
5QSLdLHdQmw5UHcplwlDzaTtrtzOeeeD6ZZdiP1Gxtm946v6LzV7xy7DAhz7k/vm
2fsxeP5NA7lnMZ4WrrdZEXynYbzyLKrttuCQN/LzPofWyOjo/q4WG74ne2fyLZ0T
kUB7/Rh1tVktY4fnx65epzK4am3LsikiX7PC/gpV7kGZfw5b2K2P2DaHvJP7GRhZ
0C6j2bruz4QQHLOMWNRFdeEg1wgCya7ncJsTt4zRCdnz9sy4fulViNmntoWZ4B4U
XW+66FcU/GH7vlJnueo3JO68V9otKyE+F3pHIlFZyvxu
-----END CERTIFICATE-----