Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/_XpiWaBqL5cj6EScDkmzFX-RtaE.roa
File:                     _XpiWaBqL5cj6EScDkmzFX-RtaE.roa (raw, json)
Hash identifier:          ZNQwF+NRIfIvKu5cA90w0QKywG10reBbxUARljIXqqA=
Subject key identifier:   FD:7A:62:59:A0:6A:2F:97:23:E8:44:9C:0E:49:B3:15:7F:91:B5:A1
Certificate issuer:       /CN=32cb3c05d6a2c51c2ff52dd9dcb9e2b55c4048f9
Certificate serial:       019B78354A97F2F1BFA64C15ED90723930B5
Authority key identifier: 32:CB:3C:05:D6:A2:C5:1C:2F:F5:2D:D9:DC:B9:E2:B5:5C:40:48:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mss8BdaixRwv9S3Z3LnitVxASPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/_XpiWaBqL5cj6EScDkmzFX-RtaE.roa
Signing time:             Thu 01 Jan 2026 06:18:36 +0000
ROA not before:           Thu 01 Jan 2026 06:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202054
IP address blocks:        46.16.132.0/22 maxlen: 24
                          185.14.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/Mss8BdaixRwv9S3Z3LnitVxASPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/Mss8BdaixRwv9S3Z3LnitVxASPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mss8BdaixRwv9S3Z3LnitVxASPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:4a:97:f2:f1:bf:a6:4c:15:ed:90:72:39:30:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32cb3c05d6a2c51c2ff52dd9dcb9e2b55c4048f9
        Validity
            Not Before: Jan  1 06:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd7a6259a06a2f9723e8449c0e49b3157f91b5a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6d:df:ed:60:b3:d3:b9:78:b3:e5:4c:1f:8c:
                    c3:41:37:bc:3e:b6:b1:06:cd:97:88:79:36:45:57:
                    55:77:7c:f0:60:47:0d:8e:d2:74:fc:9b:ae:07:d2:
                    4b:f1:5a:c6:34:43:75:d5:78:b5:a8:1c:51:66:47:
                    12:da:94:da:16:f9:fd:8e:b1:5c:f2:e4:45:de:5b:
                    52:2a:dd:5c:be:5c:46:1c:94:5e:2a:b1:d1:a7:59:
                    6a:65:f5:83:ce:0e:7a:b5:fa:eb:1b:c4:32:12:b4:
                    b4:46:87:7f:74:2f:cd:dc:0d:7f:97:e0:28:57:40:
                    d1:a4:7b:7f:90:fe:f3:8d:d2:53:53:1a:cf:48:fd:
                    ea:50:9a:93:ce:6c:50:b5:55:1b:58:dd:76:6f:ba:
                    66:57:9d:cd:f7:7b:c9:c9:8f:d0:c9:00:5f:03:1d:
                    45:ef:6a:91:bb:60:31:01:80:b0:4a:4c:0c:f1:27:
                    21:f3:6e:5d:32:da:65:84:51:ca:89:14:87:47:e0:
                    a3:59:46:41:34:37:37:14:07:e7:5f:f4:15:d4:af:
                    93:e0:1a:65:63:5b:4b:22:46:79:1a:99:48:e1:90:
                    79:80:a8:d2:75:5c:5f:62:80:7c:53:58:b8:b6:86:
                    e4:a1:c2:dc:28:b2:93:27:77:b5:0c:97:e9:1a:50:
                    f1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:7A:62:59:A0:6A:2F:97:23:E8:44:9C:0E:49:B3:15:7F:91:B5:A1
            X509v3 Authority Key Identifier:
                keyid:32:CB:3C:05:D6:A2:C5:1C:2F:F5:2D:D9:DC:B9:E2:B5:5C:40:48:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mss8BdaixRwv9S3Z3LnitVxASPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/_XpiWaBqL5cj6EScDkmzFX-RtaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/Mss8BdaixRwv9S3Z3LnitVxASPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.132.0/22
                  185.14.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:3c:ba:88:d7:7f:43:d6:80:64:52:8f:2d:7b:79:83:e3:ab:
         dc:9e:1e:1a:15:b4:d7:f6:47:70:b5:a9:de:b9:a4:b4:54:ef:
         ee:cd:ca:5f:47:ed:5e:43:5a:45:0b:f0:62:9b:b6:a7:13:70:
         29:1e:30:b4:41:e5:69:e0:0b:a4:74:c3:e8:63:b0:20:e9:a3:
         24:90:0e:3e:7c:0a:ac:7d:e4:78:c1:7c:aa:72:65:c4:f8:46:
         87:0c:79:1c:42:a9:2d:cf:23:27:14:b9:2c:fc:4c:07:fa:5c:
         89:e5:98:6f:d8:ea:57:47:97:2d:f5:14:c5:de:10:4b:db:b9:
         11:28:21:77:3f:52:72:fb:b2:87:0f:14:bf:2f:9c:20:2a:5f:
         50:3e:3b:41:f4:a8:6f:e2:67:bf:64:cc:8b:1f:ba:7b:e2:83:
         c8:ca:1b:99:ac:f6:c6:ba:a5:f0:c8:02:f1:71:d9:27:dd:05:
         87:23:67:c8:63:5a:45:12:20:d0:7d:ef:1f:9c:fa:5f:fc:71:
         13:57:b4:2b:dd:f9:3f:dc:4e:4a:80:d9:c8:4b:e9:5a:f3:2a:
         60:13:6e:09:59:e0:30:61:fb:83:b7:63:c9:73:d6:88:86:ed:
         5d:60:b1:ae:e4:ff:18:67:b1:93:68:ec:3f:51:2d:f7:f9:17:
         f9:9d:5e:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt4NUqX8vG/pkwV7ZByOTC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyY2IzYzA1ZDZhMmM1MWMyZmY1MmRkOWRjYjllMmI1NWM0
MDQ4ZjkwHhcNMjYwMTAxMDYxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDdhNjI1OWEwNmEyZjk3MjNlODQ0OWMwZTQ5YjMxNTdmOTFiNWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo23f7WCz07l4s+VMH4zDQTe8Prax
Bs2XiHk2RVdVd3zwYEcNjtJ0/JuuB9JL8VrGNEN11Xi1qBxRZkcS2pTaFvn9jrFc
8uRF3ltSKt1cvlxGHJReKrHRp1lqZfWDzg56tfrrG8QyErS0Rod/dC/N3A1/l+Ao
V0DRpHt/kP7zjdJTUxrPSP3qUJqTzmxQtVUbWN12b7pmV53N93vJyY/QyQBfAx1F
72qRu2AxAYCwSkwM8Sch825dMtplhFHKiRSHR+CjWUZBNDc3FAfnX/QV1K+T4Bpl
Y1tLIkZ5GplI4ZB5gKjSdVxfYoB8U1i4tobkocLcKLKTJ3e1DJfpGlDxwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP16Ylmgai+XI+hEnA5JsxV/kbWhMB8GA1UdIwQY
MBaAFDLLPAXWosUcL/Ut2dy54rVcQEj5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNzOEJkYWl4Und2OVMzWjNMbml0VnhBU1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy85MDYyZTItOTVhZS00NjU2LWIyZWUt
OTg0YThlYjUxZTQ1LzEvX1hwaVdhQnFMNWNqNkVTY0RrbXpGWC1SdGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy85MDYyZTItOTVhZS00NjU2LWIyZWUtOTg0YThlYjUxZTQ1
LzEvTXNzOEJkYWl4Und2OVMzWjNMbml0VnhBU1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLhCEAwQC
uQ44MA0GCSqGSIb3DQEBCwUAA4IBAQB5PLqI139D1oBkUo8te3mD46vcnh4aFbTX
9kdwtaneuaS0VO/uzcpfR+1eQ1pFC/Bim7anE3ApHjC0QeVp4AukdMPoY7Ag6aMk
kA4+fAqsfeR4wXyqcmXE+EaHDHkcQqktzyMnFLks/EwH+lyJ5Zhv2OpXR5ct9RTF
3hBL27kRKCF3P1Jy+7KHDxS/L5wgKl9QPjtB9Khv4me/ZMyLH7p74oPIyhuZrPbG
uqXwyALxcdkn3QWHI2fIY1pFEiDQfe8fnPpf/HETV7Qr3fk/3E5KgNnIS+la8ypg
E24JWeAwYfuDt2PJc9aIhu1dYLGu5P8YZ7GTaOw/US33+Rf5nV7+
-----END CERTIFICATE-----