Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/CxwFpKnVRB1YipI_w1rOdL2Rr_0.roa
File:                     CxwFpKnVRB1YipI_w1rOdL2Rr_0.roa (raw, json)
Hash identifier:          Sqj7uyxBPWvN499fr3Zl2IE3H+X3USQ46cvMPtYbWbI=
Subject key identifier:   0B:1C:05:A4:A9:D5:44:1D:58:8A:92:3F:C3:5A:CE:74:BD:91:AF:FD
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       019CA8D12D940EACC8D59F628956AD622051
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/CxwFpKnVRB1YipI_w1rOdL2Rr_0.roa
Signing time:             Sun 01 Mar 2026 09:53:26 +0000
ROA not before:           Sun 01 Mar 2026 09:53:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48198
IP address blocks:        176.65.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a8:d1:2d:94:0e:ac:c8:d5:9f:62:89:56:ad:62:20:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: Mar  1 09:53:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b1c05a4a9d5441d588a923fc35ace74bd91affd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:72:33:1d:cf:52:b7:23:df:a0:bc:d8:48:ea:
                    9f:a5:78:96:ac:ad:f5:4e:84:a7:b7:5e:9a:41:34:
                    c6:66:71:d8:66:9c:ca:92:99:d3:81:c6:ea:26:50:
                    44:63:d9:a1:28:1d:f5:c1:68:71:67:24:d6:f5:5d:
                    bc:c5:fc:ae:f4:08:0c:36:38:9d:01:9a:17:1b:d1:
                    ca:ec:69:42:83:70:8f:5f:85:8d:f8:d1:3e:04:d2:
                    1f:ab:0c:b5:22:52:16:5e:8b:9d:be:fd:18:7f:d5:
                    ff:fe:ae:68:6a:f9:1a:2f:a8:39:1f:9d:e8:13:2d:
                    d6:f8:0b:67:f0:26:6f:08:99:ed:f0:79:44:1a:de:
                    36:ae:c9:de:7e:e1:d7:0e:fa:39:9a:28:f0:a4:39:
                    ab:11:7e:e4:9b:62:ba:e6:6b:43:6e:15:41:22:d0:
                    5d:73:b5:1d:7f:c2:be:29:8a:64:f7:7f:41:9f:e8:
                    94:fd:87:c5:5b:07:0e:fe:00:ad:e8:a1:56:61:cb:
                    12:7f:ec:f0:71:d7:bc:34:b3:3f:d4:cf:0f:4e:54:
                    37:7d:b2:bd:ab:4f:18:1e:8d:42:b9:b4:d3:cb:35:
                    a5:ca:4c:b3:3e:d2:a4:84:a1:04:2c:22:e9:3b:a7:
                    90:2c:2c:35:16:50:14:14:84:e1:9c:d8:7d:90:18:
                    3f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:1C:05:A4:A9:D5:44:1D:58:8A:92:3F:C3:5A:CE:74:BD:91:AF:FD
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/CxwFpKnVRB1YipI_w1rOdL2Rr_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:e4:41:4e:97:52:0e:c6:1e:f8:be:1d:69:f7:8b:8a:a9:12:
         a0:32:be:65:3c:79:3d:b8:9f:24:79:06:42:2d:f9:d5:05:05:
         f8:76:32:de:c5:ad:63:17:7e:43:7d:08:5c:f0:75:2c:e0:6b:
         85:79:ad:09:b2:eb:81:c3:35:ad:f0:94:c8:1b:4f:cb:aa:76:
         50:96:90:1a:ce:57:81:a7:6a:ef:0a:3b:fb:70:72:c6:89:40:
         7f:4f:fd:0a:dc:f5:93:1e:fd:9d:d9:4e:f0:8b:17:ef:91:7d:
         80:9e:45:1a:7c:01:c5:7f:8d:a7:90:5f:3e:24:09:ca:61:ce:
         f7:b8:3b:76:ac:81:cc:4a:48:e5:7b:50:5a:d2:d7:59:ba:46:
         20:97:5d:c1:b3:cd:11:e5:45:c6:16:d1:04:76:bb:a8:29:2b:
         58:6f:b4:ec:75:73:e7:a2:6f:9a:28:dc:c9:d7:0c:f4:a4:c8:
         4c:30:9e:4a:a6:50:4e:51:f9:40:62:e8:71:07:db:3e:58:48:
         a8:05:1d:01:6d:6e:47:70:fa:b7:7a:6f:e7:66:2c:42:78:c2:
         94:80:b2:bf:e8:7a:c9:94:e7:6e:b9:c1:b2:65:b2:43:0f:b6:
         e3:21:4d:93:a1:ed:e8:8a:17:48:4c:4a:2e:b7:2f:42:75:3b:
         a0:d7:7c:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyo0S2UDqzI1Z9iiVatYiBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjYwMzAxMDk1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjFjMDVhNGE5ZDU0NDFkNTg4YTkyM2ZjMzVhY2U3NGJkOTFhZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynIzHc9StyPfoLzYSOqfpXiWrK31
ToSnt16aQTTGZnHYZpzKkpnTgcbqJlBEY9mhKB31wWhxZyTW9V28xfyu9AgMNjid
AZoXG9HK7GlCg3CPX4WN+NE+BNIfqwy1IlIWXoudvv0Yf9X//q5oavkaL6g5H53o
Ey3W+Atn8CZvCJnt8HlEGt42rsnefuHXDvo5mijwpDmrEX7km2K65mtDbhVBItBd
c7Udf8K+KYpk939Bn+iU/YfFWwcO/gCt6KFWYcsSf+zwcde8NLM/1M8PTlQ3fbK9
q08YHo1CubTTyzWlykyzPtKkhKEELCLpO6eQLCw1FlAUFIThnNh9kBg/GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAscBaSp1UQdWIqSP8NaznS9ka/9MB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEvQ3h3RnBLblZSQjFZaXBJX3cxck9kTDJScl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEGYMA0G
CSqGSIb3DQEBCwUAA4IBAQCD5EFOl1IOxh74vh1p94uKqRKgMr5lPHk9uJ8keQZC
LfnVBQX4djLexa1jF35DfQhc8HUs4GuFea0JsuuBwzWt8JTIG0/LqnZQlpAazleB
p2rvCjv7cHLGiUB/T/0K3PWTHv2d2U7wixfvkX2AnkUafAHFf42nkF8+JAnKYc73
uDt2rIHMSkjle1Ba0tdZukYgl13Bs80R5UXGFtEEdruoKStYb7TsdXPnom+aKNzJ
1wz0pMhMMJ5KplBOUflAYuhxB9s+WEioBR0BbW5HcPq3em/nZixCeMKUgLK/6HrJ
lOduucGyZbJDD7bjIU2Toe3oihdITEouty9CdTug13zO
-----END CERTIFICATE-----