Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/ta9QPHmvElN9LQbU3Ml0S8yt9cs.roa
File:                     ta9QPHmvElN9LQbU3Ml0S8yt9cs.roa (raw, json)
Hash identifier:          pWwk3bYPZv/2DLVIuX6tB76kOFRVtUjaqBNqlUqnu+g=
Subject key identifier:   B5:AF:50:3C:79:AF:12:53:7D:2D:06:D4:DC:C9:74:4B:CC:AD:F5:CB
Certificate issuer:       /CN=464952bc165441ec6e2e2010c933dc830f361731
Certificate serial:       019E684BC794325C69A4D4511009F913DDA8
Authority key identifier: 46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/ta9QPHmvElN9LQbU3Ml0S8yt9cs.roa
Signing time:             Wed 27 May 2026 07:17:37 +0000
ROA not before:           Wed 27 May 2026 07:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31313
IP address blocks:        185.118.4.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:4b:c7:94:32:5c:69:a4:d4:51:10:09:f9:13:dd:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464952bc165441ec6e2e2010c933dc830f361731
        Validity
            Not Before: May 27 07:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5af503c79af12537d2d06d4dcc9744bccadf5cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:48:5a:7e:d6:5c:a5:75:10:6e:73:86:e9:63:
                    8d:b3:9f:78:07:94:d3:8c:f9:2d:1d:33:d0:cb:2b:
                    6f:43:9e:f9:e0:9b:43:91:2d:1c:0e:0f:5d:2d:f0:
                    56:ea:55:dd:68:dd:27:86:e3:0f:f7:a8:89:12:db:
                    93:ed:05:93:c8:99:d6:08:6d:b0:5a:0b:e1:fe:75:
                    b6:87:ad:ee:49:94:73:51:da:d1:21:3e:d7:cd:d9:
                    5a:14:eb:34:1b:4f:e3:e9:cb:96:65:71:38:20:5c:
                    e1:88:6c:de:50:8b:9e:d2:a4:0f:e1:92:ca:d8:7b:
                    36:61:2e:16:dd:8f:22:15:70:17:9e:64:76:b1:54:
                    3b:1a:d4:91:36:4a:3c:97:c4:9f:41:77:d7:88:55:
                    00:16:a7:1a:8a:4b:38:e1:8d:2c:0e:88:13:6b:01:
                    63:b8:89:3c:84:2a:f4:4e:9d:46:74:e8:2c:66:b2:
                    98:14:0e:01:00:d3:81:8d:6d:70:59:f5:01:59:de:
                    d4:ee:7b:4d:3c:b6:b1:89:91:2d:50:6a:53:85:f8:
                    45:5f:ae:c8:a0:75:07:d0:c9:25:71:ff:16:87:22:
                    7c:a9:7d:43:a4:d2:61:a8:92:ce:48:8a:da:e1:c6:
                    67:19:d2:c3:bd:32:0b:33:b4:e4:16:9d:bb:95:18:
                    43:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:AF:50:3C:79:AF:12:53:7D:2D:06:D4:DC:C9:74:4B:CC:AD:F5:CB
            X509v3 Authority Key Identifier:
                keyid:46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/ta9QPHmvElN9LQbU3Ml0S8yt9cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:46:93:ac:ce:aa:87:a5:7e:fe:f7:76:0e:1b:dc:4d:32:1b:
         5a:a2:1d:46:f5:2a:35:39:37:ee:6f:a3:52:f5:ed:00:2b:18:
         41:bd:83:08:a8:b6:3f:8c:da:42:f7:b1:c7:ab:49:02:16:91:
         f0:0a:d4:c1:4f:12:90:8b:cd:2f:12:84:71:6d:4a:d3:41:bd:
         56:b3:17:5d:86:47:47:81:89:b7:b7:f1:a7:47:56:b5:45:50:
         a9:8b:29:f4:4e:e3:3f:d3:a9:c8:21:bd:b9:a7:39:fe:df:e9:
         23:9d:1e:49:41:0e:aa:30:fd:1e:68:1f:d0:64:9a:1d:7d:c5:
         18:59:ce:2a:4d:7a:fe:14:e1:2c:0d:bd:ff:11:1a:cd:76:c2:
         59:44:51:5a:ca:3c:b1:00:ea:14:44:ae:ca:e2:bb:d6:56:93:
         20:a6:b7:bf:56:dc:5e:e8:d1:4f:f9:67:d5:cd:cf:c9:f3:0f:
         bb:69:cf:1c:fd:5e:aa:5b:3b:ab:48:b0:eb:79:27:cc:1c:10:
         d6:05:ec:95:b1:b4:a5:b8:6c:8d:36:10:03:ac:78:82:16:08:
         75:b9:c1:c4:45:7c:5e:7a:ed:3b:58:5b:92:98:9e:dc:5f:fd:
         2b:c1:1b:06:e6:40:bb:d1:f2:b2:b5:9e:e5:35:27:5f:43:12:
         c0:0a:e3:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5oS8eUMlxppNRREAn5E92oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDk1MmJjMTY1NDQxZWM2ZTJlMjAxMGM5MzNkYzgzMGYz
NjE3MzEwHhcNMjYwNTI3MDcxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWFmNTAzYzc5YWYxMjUzN2QyZDA2ZDRkY2M5NzQ0YmNjYWRmNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEhaftZcpXUQbnOG6WONs594B5TT
jPktHTPQyytvQ5754JtDkS0cDg9dLfBW6lXdaN0nhuMP96iJEtuT7QWTyJnWCG2w
Wgvh/nW2h63uSZRzUdrRIT7XzdlaFOs0G0/j6cuWZXE4IFzhiGzeUIue0qQP4ZLK
2Hs2YS4W3Y8iFXAXnmR2sVQ7GtSRNko8l8SfQXfXiFUAFqcaiks44Y0sDogTawFj
uIk8hCr0Tp1GdOgsZrKYFA4BANOBjW1wWfUBWd7U7ntNPLaxiZEtUGpThfhFX67I
oHUH0Mklcf8WhyJ8qX1DpNJhqJLOSIra4cZnGdLDvTILM7TkFp27lRhDyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWvUDx5rxJTfS0G1NzJdEvMrfXLMB8GA1UdIwQY
MBaAFEZJUrwWVEHsbi4gEMkz3IMPNhcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQt
ODQyODU4MTIyYmJjLzEvdGE5UVBIbXZFbE45TFFiVTNNbDBTOHl0OWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQtODQyODU4MTIyYmJj
LzEvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXYEMA0G
CSqGSIb3DQEBCwUAA4IBAQB/RpOszqqHpX7+93YOG9xNMhtaoh1G9So1OTfub6NS
9e0AKxhBvYMIqLY/jNpC97HHq0kCFpHwCtTBTxKQi80vEoRxbUrTQb1WsxddhkdH
gYm3t/GnR1a1RVCpiyn0TuM/06nIIb25pzn+3+kjnR5JQQ6qMP0eaB/QZJodfcUY
Wc4qTXr+FOEsDb3/ERrNdsJZRFFayjyxAOoURK7K4rvWVpMgpre/Vtxe6NFP+WfV
zc/J8w+7ac8c/V6qWzurSLDreSfMHBDWBeyVsbSluGyNNhADrHiCFgh1ucHERXxe
eu07WFuSmJ7cX/0rwRsG5kC70fKytZ7lNSdfQxLACuPP
-----END CERTIFICATE-----