Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/95d956-88d9-48ca-9294-5accb8c3d646/1/vx-dMynrTlhRGBj5W4xOg8tXzq4.roa
File:                     vx-dMynrTlhRGBj5W4xOg8tXzq4.roa (raw, json)
Hash identifier:          dSwPN9gEJQKBHApKqv16FHfQnir8v/0ooHnc1vPcEnk=
Subject key identifier:   BF:1F:9D:33:29:EB:4E:58:51:18:18:F9:5B:8C:4E:83:CB:57:CE:AE
Certificate issuer:       /CN=5c865c8e92bf1de2d80dc3ec68d61d1761c4624b
Certificate serial:       019D9A346F5EAD006AF63C94F8917D14CDCA
Authority key identifier: 5C:86:5C:8E:92:BF:1D:E2:D8:0D:C3:EC:68:D6:1D:17:61:C4:62:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIZcjpK_HeLYDcPsaNYdF2HEYks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/95d956-88d9-48ca-9294-5accb8c3d646/1/vx-dMynrTlhRGBj5W4xOg8tXzq4.roa
Signing time:             Fri 17 Apr 2026 06:50:20 +0000
ROA not before:           Fri 17 Apr 2026 06:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41632
IP address blocks:        195.138.215.0/24 maxlen: 24
                          2a10:11c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/95d956-88d9-48ca-9294-5accb8c3d646/1/XIZcjpK_HeLYDcPsaNYdF2HEYks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/95d956-88d9-48ca-9294-5accb8c3d646/1/XIZcjpK_HeLYDcPsaNYdF2HEYks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIZcjpK_HeLYDcPsaNYdF2HEYks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:50:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:34:6f:5e:ad:00:6a:f6:3c:94:f8:91:7d:14:cd:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c865c8e92bf1de2d80dc3ec68d61d1761c4624b
        Validity
            Not Before: Apr 17 06:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf1f9d3329eb4e58511818f95b8c4e83cb57ceae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:07:52:7f:cc:80:1d:db:41:a0:0b:08:de:0d:
                    b5:de:b7:70:7d:5a:92:c3:b0:d0:d2:d9:b1:1f:43:
                    ff:a0:85:23:d9:91:aa:05:cc:54:25:83:87:09:e5:
                    bd:68:58:25:cc:3b:14:13:ca:b7:27:ed:a6:c0:f0:
                    40:d6:26:84:7d:cb:35:9a:59:06:89:47:77:c7:aa:
                    3c:ff:e3:22:db:73:54:6b:6a:95:57:f5:2b:d2:68:
                    05:97:96:8b:59:74:c9:ca:8e:75:f7:18:56:56:e5:
                    25:84:60:7a:4b:16:99:ea:1f:80:09:12:35:b5:51:
                    a5:23:4c:67:fb:4d:5e:a6:8d:a4:9b:c8:9b:4b:af:
                    08:a9:0c:9c:aa:36:c3:66:22:61:6b:c4:b0:f5:f9:
                    8c:4e:ce:73:67:a1:f6:e6:ac:a9:39:40:06:e2:7b:
                    60:6c:ed:8c:a0:bd:0e:79:3c:51:7b:8e:17:ad:8b:
                    eb:53:db:a0:c9:cd:26:5c:3c:2d:09:e8:2c:25:f8:
                    d2:38:c2:1a:eb:f4:79:82:30:83:de:4b:70:6f:bf:
                    24:ab:bc:9f:ee:7d:b6:b2:06:29:90:5f:77:68:2e:
                    96:92:bd:d3:32:af:cb:e6:e0:f6:df:b2:37:03:0d:
                    a4:b1:1a:41:4f:cb:89:f9:4a:44:20:bf:d2:7b:c5:
                    70:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:1F:9D:33:29:EB:4E:58:51:18:18:F9:5B:8C:4E:83:CB:57:CE:AE
            X509v3 Authority Key Identifier:
                keyid:5C:86:5C:8E:92:BF:1D:E2:D8:0D:C3:EC:68:D6:1D:17:61:C4:62:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIZcjpK_HeLYDcPsaNYdF2HEYks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/95d956-88d9-48ca-9294-5accb8c3d646/1/vx-dMynrTlhRGBj5W4xOg8tXzq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/95d956-88d9-48ca-9294-5accb8c3d646/1/XIZcjpK_HeLYDcPsaNYdF2HEYks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.215.0/24
                IPv6:
                  2a10:11c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         53:7a:a8:b1:69:35:47:c6:82:a4:49:ae:8b:39:c7:0b:ed:72:
         cc:24:cb:9c:93:f4:7a:3a:f5:d1:97:5b:7d:6f:8c:20:12:cb:
         de:bf:3d:44:2f:23:3d:f7:38:d5:c5:c0:ba:f8:2c:09:f4:6b:
         05:00:8f:18:eb:4b:2a:bb:7d:67:2c:99:dd:29:f7:a6:f2:e1:
         ab:57:af:af:47:26:db:cf:69:6f:93:fb:0a:bb:d1:4f:a1:b1:
         a0:b3:f0:f3:eb:51:ee:40:e6:e7:a5:a5:39:a3:1d:ba:4c:09:
         73:10:39:2a:15:4f:83:6c:24:1e:42:64:10:f3:6e:be:cc:58:
         0f:57:b4:4f:cf:88:76:76:88:fc:d3:cb:a8:54:ca:38:ea:ab:
         a3:42:d0:55:65:a6:05:8f:a3:a3:c0:39:18:7c:c3:20:fb:ce:
         83:0f:68:6d:2e:64:c9:ee:3d:39:a8:0c:32:76:31:34:6a:03:
         87:83:d9:19:c5:19:e4:f7:e8:05:59:9e:5c:d0:40:35:0f:b2:
         ee:a6:7f:2b:ae:29:29:eb:54:3c:f2:29:55:b6:89:59:9e:78:
         bf:ec:29:74:37:55:74:a1:2e:45:47:c1:45:28:e9:4d:a5:60:
         a2:45:8d:53:ea:9a:ad:f0:da:bb:00:4a:b9:ac:d5:42:18:c0:
         20:8f:1e:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2aNG9erQBq9jyU+JF9FM3KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODY1YzhlOTJiZjFkZTJkODBkYzNlYzY4ZDYxZDE3NjFj
NDYyNGIwHhcNMjYwNDE3MDY1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjFmOWQzMzI5ZWI0ZTU4NTExODE4Zjk1YjhjNGU4M2NiNTdjZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygdSf8yAHdtBoAsI3g213rdwfVqS
w7DQ0tmxH0P/oIUj2ZGqBcxUJYOHCeW9aFglzDsUE8q3J+2mwPBA1iaEfcs1mlkG
iUd3x6o8/+Mi23NUa2qVV/Ur0mgFl5aLWXTJyo519xhWVuUlhGB6SxaZ6h+ACRI1
tVGlI0xn+01epo2km8ibS68IqQycqjbDZiJha8Sw9fmMTs5zZ6H25qypOUAG4ntg
bO2MoL0OeTxRe44XrYvrU9ugyc0mXDwtCegsJfjSOMIa6/R5gjCD3ktwb78kq7yf
7n22sgYpkF93aC6Wkr3TMq/L5uD237I3Aw2ksRpBT8uJ+UpEIL/Se8VwyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL8fnTMp605YURgY+VuMToPLV86uMB8GA1UdIwQY
MBaAFFyGXI6Svx3i2A3D7GjWHRdhxGJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElaY2pwS19IZUxZRGNQc2FOWWRGMkhFWWtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC85NWQ5NTYtODhkOS00OGNhLTkyOTQt
NWFjY2I4YzNkNjQ2LzEvdngtZE15bnJUbGhSR0JqNVc0eE9nOHRYenE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC85NWQ5NTYtODhkOS00OGNhLTkyOTQtNWFjY2I4YzNkNjQ2
LzEvWElaY2pwS19IZUxZRGNQc2FOWWRGMkhFWWtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw4rXMA0E
AgACMAcDBQMqEBHAMA0GCSqGSIb3DQEBCwUAA4IBAQBTeqixaTVHxoKkSa6LOccL
7XLMJMuck/R6OvXRl1t9b4wgEsvevz1ELyM99zjVxcC6+CwJ9GsFAI8Y60squ31n
LJndKfem8uGrV6+vRybbz2lvk/sKu9FPobGgs/Dz61HuQObnpaU5ox26TAlzEDkq
FU+DbCQeQmQQ826+zFgPV7RPz4h2doj808uoVMo46qujQtBVZaYFj6OjwDkYfMMg
+86DD2htLmTJ7j05qAwydjE0agOHg9kZxRnk9+gFWZ5c0EA1D7Lupn8rrikp61Q8
8ilVtolZnni/7Cl0N1V0oS5FR8FFKOlNpWCiRY1T6pqt8Nq7AEq5rNVCGMAgjx7a
-----END CERTIFICATE-----