Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ItloqbxcyQiPI6b42mAROjQvknM.roa
File:                     ItloqbxcyQiPI6b42mAROjQvknM.roa (raw, json)
Hash identifier:          M8VZS4mcXFvCsQhPgIL7Aa+unF63M61yRNBXkHcvhpo=
Subject key identifier:   22:D9:68:A9:BC:5C:C9:08:8F:23:A6:F8:DA:60:11:3A:34:2F:92:73
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019E932D76F94B8BC3799D84D9C5B7D70D27
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ItloqbxcyQiPI6b42mAROjQvknM.roa
Signing time:             Thu 04 Jun 2026 15:08:10 +0000
ROA not before:           Thu 04 Jun 2026 15:08:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198180
IP address blocks:        194.58.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:2d:76:f9:4b:8b:c3:79:9d:84:d9:c5:b7:d7:0d:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  4 15:08:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22d968a9bc5cc9088f23a6f8da60113a342f9273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:70:21:33:74:f7:82:b8:0d:97:b3:22:dc:f3:
                    cc:cd:93:bc:8e:4f:a4:92:96:cc:7c:af:b3:b4:0f:
                    9b:a3:3e:50:cd:63:82:7b:5e:0f:67:2b:f0:0f:05:
                    57:d0:1d:d4:f1:88:69:57:b3:d9:cf:3b:e0:18:94:
                    c1:23:57:6a:4a:c8:ed:46:f9:3b:9e:b7:b5:32:9f:
                    13:dc:f8:0c:ff:7f:d8:97:00:44:a4:db:fd:4a:fc:
                    ad:3e:6c:4f:0c:00:ca:d7:b4:74:b2:97:f5:82:02:
                    11:09:1a:3c:a8:35:5e:a7:2e:60:ce:4c:66:8e:c0:
                    83:08:a2:ff:db:db:33:29:0a:da:49:2c:d2:7f:97:
                    98:0b:df:28:cc:5e:08:1e:f1:47:e7:35:49:2f:db:
                    3c:b5:d1:9a:0d:ca:47:9c:86:f9:70:78:66:3c:74:
                    f4:37:2e:bd:9b:cb:e9:94:07:01:2c:47:00:28:73:
                    b6:f1:7d:9a:30:50:5f:35:8b:05:29:b9:2a:67:3d:
                    dd:82:75:c7:a0:ef:d5:8a:f6:95:6f:55:f4:45:43:
                    e8:f6:46:2c:47:f3:38:c3:83:09:86:44:8e:f8:5e:
                    8a:b5:49:97:ba:4f:e9:ea:a8:d7:5b:10:62:3f:e8:
                    3c:6d:6a:d7:da:a3:1e:99:ad:bc:09:a0:ce:6a:6c:
                    a0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D9:68:A9:BC:5C:C9:08:8F:23:A6:F8:DA:60:11:3A:34:2F:92:73
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ItloqbxcyQiPI6b42mAROjQvknM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:6a:db:89:f2:eb:4e:04:35:dd:58:0b:57:15:f0:d2:73:f8:
         1a:ee:7c:2b:bf:77:a9:b9:5c:ac:f9:b1:df:e8:de:12:10:86:
         0f:ad:a6:4e:b8:ae:4f:c6:6d:f0:4f:7a:06:ac:1a:09:9c:c6:
         4e:cc:3a:56:c3:ab:38:d3:d8:e3:02:20:f2:f8:f2:fa:c4:2c:
         7e:35:93:7c:91:7f:d6:13:0e:2c:3f:ca:59:06:e7:50:cb:a4:
         14:15:b0:10:1a:01:7d:29:8f:39:0c:4c:b3:b4:e3:f4:3a:90:
         1c:44:e0:65:ba:d6:48:a9:70:11:08:b9:dc:b9:f6:16:67:e1:
         4c:7b:d1:40:9e:50:87:18:0f:3c:f9:57:42:67:71:9f:6f:b3:
         57:e7:73:e1:4a:e4:04:63:56:f9:30:9c:af:b8:af:78:0c:be:
         97:ee:82:a3:78:bc:e7:27:36:32:e6:e0:d9:50:32:2a:ab:ee:
         83:e5:d4:aa:fd:2a:a1:32:2a:a1:28:4b:bf:73:69:49:eb:58:
         2b:b1:a3:1c:2c:46:ba:1d:5d:d3:38:2e:84:a0:2e:ef:b4:68:
         ee:a9:ea:99:27:98:44:35:bc:66:21:f8:f1:6d:e6:54:68:06:
         30:b8:59:8b:13:5a:bf:e3:58:35:3c:10:dc:b6:4a:19:df:c5:
         1d:7b:c2:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6TLXb5S4vDeZ2E2cW31w0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNjA0MTUwODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQ5NjhhOWJjNWNjOTA4OGYyM2E2ZjhkYTYwMTEzYTM0MmY5MjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XAhM3T3grgNl7Mi3PPMzZO8jk+k
kpbMfK+ztA+boz5QzWOCe14PZyvwDwVX0B3U8YhpV7PZzzvgGJTBI1dqSsjtRvk7
nre1Mp8T3PgM/3/YlwBEpNv9SvytPmxPDADK17R0spf1ggIRCRo8qDVepy5gzkxm
jsCDCKL/29szKQraSSzSf5eYC98ozF4IHvFH5zVJL9s8tdGaDcpHnIb5cHhmPHT0
Ny69m8vplAcBLEcAKHO28X2aMFBfNYsFKbkqZz3dgnXHoO/VivaVb1X0RUPo9kYs
R/M4w4MJhkSO+F6KtUmXuk/p6qjXWxBiP+g8bWrX2qMema28CaDOamyg7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLZaKm8XMkIjyOm+NpgETo0L5JzMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSXRsb3FieGN5UWlQSTZiNDJtQVJPalF2a25NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjreMA0G
CSqGSIb3DQEBCwUAA4IBAQA7atuJ8utOBDXdWAtXFfDSc/ga7nwrv3epuVys+bHf
6N4SEIYPraZOuK5Pxm3wT3oGrBoJnMZOzDpWw6s409jjAiDy+PL6xCx+NZN8kX/W
Ew4sP8pZBudQy6QUFbAQGgF9KY85DEyztOP0OpAcROBlutZIqXARCLncufYWZ+FM
e9FAnlCHGA88+VdCZ3Gfb7NX53PhSuQEY1b5MJyvuK94DL6X7oKjeLznJzYy5uDZ
UDIqq+6D5dSq/SqhMiqhKEu/c2lJ61grsaMcLEa6HV3TOC6EoC7vtGjuqeqZJ5hE
NbxmIfjxbeZUaAYwuFmLE1q/41g1PBDctkoZ38Ude8LA
-----END CERTIFICATE-----