Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/4ggS2ONBMXsUTTGG8dmc8AUu8Lg.roa
File:                     4ggS2ONBMXsUTTGG8dmc8AUu8Lg.roa (raw, json)
Hash identifier:          q2SWd9oKEi+bPBkWTJWv3RcDMHC3g4eWB/JrEjpX2iE=
Subject key identifier:   E2:08:12:D8:E3:41:31:7B:14:4D:31:86:F1:D9:9C:F0:05:2E:F0:B8
Certificate issuer:       /CN=17672556984415b78e9d15461784c8c4e691d010
Certificate serial:       019B7C10FFF3496E3F7D1D49075E51E6F1BD
Authority key identifier: 17:67:25:56:98:44:15:B7:8E:9D:15:46:17:84:C8:C4:E6:91:D0:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/4ggS2ONBMXsUTTGG8dmc8AUu8Lg.roa
Signing time:             Fri 02 Jan 2026 00:17:27 +0000
ROA not before:           Fri 02 Jan 2026 00:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12508
IP address blocks:        164.40.168.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:10:ff:f3:49:6e:3f:7d:1d:49:07:5e:51:e6:f1:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17672556984415b78e9d15461784c8c4e691d010
        Validity
            Not Before: Jan  2 00:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e20812d8e341317b144d3186f1d99cf0052ef0b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ce:c8:4b:9b:6e:bd:24:1e:7b:f0:1d:99:b9:
                    62:65:af:54:7b:07:e8:42:52:27:80:45:6a:00:5f:
                    26:ec:8c:61:41:73:67:da:5f:39:a2:0a:b5:6c:0c:
                    0a:85:ae:e7:0c:5c:1e:92:1b:85:e8:4b:ff:39:9a:
                    b2:db:76:ca:a2:cf:96:73:cd:8c:68:4b:27:b7:d4:
                    eb:70:2a:fc:59:f2:e7:d0:8b:3f:9e:42:a1:56:7e:
                    08:4c:50:7e:f8:08:cf:64:a5:ff:0d:4a:df:43:58:
                    79:93:31:78:86:0f:c5:a3:3f:52:86:de:2b:31:72:
                    e0:c3:74:1d:db:bd:28:62:e4:2e:48:b4:e3:4c:c3:
                    ea:74:55:81:b8:32:5c:6a:1b:42:be:b7:c3:84:13:
                    7b:b9:03:6c:1f:0d:a8:43:47:61:5a:e5:8c:af:3b:
                    7f:b7:ec:0c:6b:ce:c7:e7:68:31:1d:a2:2b:9e:21:
                    d1:8d:f4:a9:0d:51:eb:52:4c:e0:cb:76:4e:c4:57:
                    b2:8a:92:89:30:10:f0:67:1b:d3:1a:ae:07:37:5e:
                    2c:fd:af:ac:39:2f:cc:8e:9f:6b:cf:bd:ae:2a:0e:
                    81:31:65:5a:66:1e:b2:9e:37:cf:f1:07:a9:c3:56:
                    91:81:69:33:60:58:cf:1b:1d:3b:0e:27:96:39:10:
                    70:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:08:12:D8:E3:41:31:7B:14:4D:31:86:F1:D9:9C:F0:05:2E:F0:B8
            X509v3 Authority Key Identifier:
                keyid:17:67:25:56:98:44:15:B7:8E:9D:15:46:17:84:C8:C4:E6:91:D0:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/4ggS2ONBMXsUTTGG8dmc8AUu8Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.40.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:0e:cd:28:9d:39:93:8f:39:b2:8a:fe:a2:5e:b5:f5:6e:1a:
         95:69:66:ff:64:70:7d:1c:c8:fb:ef:88:59:7a:f1:56:b6:87:
         7f:48:8a:95:1b:1f:14:4a:30:bd:0f:c8:0d:7b:68:25:4f:2d:
         f9:bb:d7:b8:a1:be:d6:14:12:67:bf:aa:1b:6e:e0:82:6c:b4:
         ff:79:9b:c1:91:82:66:14:1e:2b:17:54:2d:5f:7d:38:dc:ff:
         92:b8:70:e6:2d:aa:a3:15:bb:9e:86:10:4b:7f:27:12:a9:cd:
         37:2e:53:6f:b5:a2:e0:8f:2c:ad:d5:db:9c:9f:88:af:37:4e:
         1e:b8:4e:2b:7a:13:8c:f6:19:b0:96:fa:29:4e:52:d6:29:75:
         2a:d9:1a:57:a7:58:da:67:cf:2d:d5:f4:62:77:d0:3b:e8:7b:
         44:8d:d1:2a:af:44:85:00:bc:3d:c7:ef:01:ae:8e:63:70:52:
         46:5d:56:d4:f9:8c:e0:47:d9:01:1e:12:80:d3:69:2d:c7:0c:
         03:a5:08:79:70:13:ff:03:11:2d:38:03:c3:0b:dd:97:1a:c5:
         17:65:d6:53:a4:97:e0:20:4d:74:16:d7:b2:74:b1:70:a3:5d:
         dd:fd:b4:41:ce:97:c5:36:6c:77:79:d4:6f:5d:5d:17:b6:7b:
         f1:9c:48:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EP/zSW4/fR1JB15R5vG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NjcyNTU2OTg0NDE1Yjc4ZTlkMTU0NjE3ODRjOGM0ZTY5
MWQwMTAwHhcNMjYwMTAyMDAxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjA4MTJkOGUzNDEzMTdiMTQ0ZDMxODZmMWQ5OWNmMDA1MmVmMGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM7IS5tuvSQee/AdmbliZa9Uewfo
QlIngEVqAF8m7IxhQXNn2l85ogq1bAwKha7nDFwekhuF6Ev/OZqy23bKos+Wc82M
aEsnt9TrcCr8WfLn0Is/nkKhVn4ITFB++AjPZKX/DUrfQ1h5kzF4hg/Foz9Sht4r
MXLgw3Qd270oYuQuSLTjTMPqdFWBuDJcahtCvrfDhBN7uQNsHw2oQ0dhWuWMrzt/
t+wMa87H52gxHaIrniHRjfSpDVHrUkzgy3ZOxFeyipKJMBDwZxvTGq4HN14s/a+s
OS/Mjp9rz72uKg6BMWVaZh6ynjfP8Qepw1aRgWkzYFjPGx07DieWORBwiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIIEtjjQTF7FE0xhvHZnPAFLvC4MB8GA1UdIwQY
MBaAFBdnJVaYRBW3jp0VRheEyMTmkdAQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjJjbFZwaEVGYmVPblJWR0Y0VEl4T2FSMEJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8xODg3ZmEtNDNjYy00NDk5LWFiNzQt
ZTI4ODMyMzIzZjZkLzEvNGdnUzJPTkJNWHNVVFRHRzhkbWM4QVV1OExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8xODg3ZmEtNDNjYy00NDk5LWFiNzQtZTI4ODMyMzIzZjZk
LzEvRjJjbFZwaEVGYmVPblJWR0Y0VEl4T2FSMEJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBpCioMA0G
CSqGSIb3DQEBCwUAA4IBAQBMDs0onTmTjzmyiv6iXrX1bhqVaWb/ZHB9HMj774hZ
evFWtod/SIqVGx8USjC9D8gNe2glTy35u9e4ob7WFBJnv6obbuCCbLT/eZvBkYJm
FB4rF1QtX3043P+SuHDmLaqjFbuehhBLfycSqc03LlNvtaLgjyyt1ducn4ivN04e
uE4rehOM9hmwlvopTlLWKXUq2RpXp1jaZ88t1fRid9A76HtEjdEqr0SFALw9x+8B
ro5jcFJGXVbU+YzgR9kBHhKA02ktxwwDpQh5cBP/AxEtOAPDC92XGsUXZdZTpJfg
IE10FteydLFwo13d/bRBzpfFNmx3edRvXV0XtnvxnEg6
-----END CERTIFICATE-----