Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/rxWU64uIymxcylrDwE0dRiMhphA.roa
File:                     rxWU64uIymxcylrDwE0dRiMhphA.roa (raw, json)
Hash identifier:          lAe1McT7blRHL3U+XEwbdfz+LF8HZ2VspQCuJ+D9CcA=
Subject key identifier:   AF:15:94:EB:8B:88:CA:6C:5C:CA:5A:C3:C0:4D:1D:46:23:21:A6:10
Certificate issuer:       /CN=8d3402eae027abcd926090cc0ddeff80aab92c35
Certificate serial:       019D97DEEDF32D7C4DE3470D6114281E62E4
Authority key identifier: 8D:34:02:EA:E0:27:AB:CD:92:60:90:CC:0D:DE:FF:80:AA:B9:2C:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/rxWU64uIymxcylrDwE0dRiMhphA.roa
Signing time:             Thu 16 Apr 2026 19:57:42 +0000
ROA not before:           Thu 16 Apr 2026 19:57:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207809
IP address blocks:        168.222.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:97:de:ed:f3:2d:7c:4d:e3:47:0d:61:14:28:1e:62:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3402eae027abcd926090cc0ddeff80aab92c35
        Validity
            Not Before: Apr 16 19:57:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af1594eb8b88ca6c5cca5ac3c04d1d462321a610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b9:f8:24:84:41:a7:75:86:9f:2a:9f:da:d1:
                    60:f3:c2:d3:8a:23:4c:2a:d9:0f:80:86:b5:de:2c:
                    da:58:22:1d:d3:11:34:65:43:3d:2e:ba:23:a1:0b:
                    eb:61:25:94:ea:2c:91:2c:fd:6c:c0:26:c1:a3:fa:
                    51:ec:48:1a:03:a5:62:e2:fb:91:f4:df:01:a4:dc:
                    a2:4a:e8:c1:19:88:59:3d:14:6b:20:aa:5d:ab:c9:
                    02:23:1e:b1:e6:04:7a:c1:32:40:9b:59:9a:43:03:
                    63:40:dd:81:73:bc:6a:28:f7:68:ab:1f:e9:35:da:
                    84:eb:8a:c7:96:bb:e1:39:07:1c:18:f3:81:98:f2:
                    88:6f:ef:b5:41:5a:93:83:92:ce:03:d7:76:cb:1b:
                    5d:b5:12:40:1a:7e:5c:c2:95:d3:a2:18:fa:f6:95:
                    e1:21:be:d7:70:2d:0d:ad:b0:55:db:7e:52:28:71:
                    39:b1:62:90:99:c7:9f:25:d0:61:cc:eb:6a:2b:52:
                    32:a6:09:6f:d9:9a:a3:bc:0c:ba:91:05:01:58:7c:
                    3f:6a:cd:34:62:57:96:bc:2a:8a:b7:53:d7:c7:db:
                    8c:24:a7:73:5a:84:6d:04:a6:5c:1c:88:87:22:fa:
                    90:fd:44:1b:49:fe:57:98:2e:09:dd:4d:6d:3a:d9:
                    12:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:15:94:EB:8B:88:CA:6C:5C:CA:5A:C3:C0:4D:1D:46:23:21:A6:10
            X509v3 Authority Key Identifier:
                keyid:8D:34:02:EA:E0:27:AB:CD:92:60:90:CC:0D:DE:FF:80:AA:B9:2C:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/rxWU64uIymxcylrDwE0dRiMhphA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c9:00:b8:9e:f0:d1:7c:78:1e:4b:c3:e8:ff:61:4c:4a:62:
         43:8c:f0:e8:ef:55:f1:62:ce:50:c0:1d:18:8e:d3:77:38:28:
         ac:0e:70:bf:22:15:48:73:ee:c5:d5:9f:44:ae:3f:08:dd:db:
         4d:7e:08:38:a8:90:96:31:e5:7c:e6:5b:d4:57:a2:fa:02:63:
         29:8e:80:86:e2:a9:2c:e4:2b:18:f7:ff:ef:1d:ea:49:c8:24:
         25:6f:37:2f:1a:f1:6b:0c:20:1c:1c:dd:c2:fe:bb:b3:0a:fa:
         d7:05:f6:53:29:69:da:91:14:28:be:d6:ff:ab:8f:58:44:cd:
         7a:61:5f:43:b7:f5:26:73:c0:90:5b:65:ea:75:0b:44:78:9e:
         51:7c:3b:54:8b:3f:e6:0e:ab:22:3c:85:ad:ad:31:16:1e:2e:
         e1:6e:3a:50:ac:6e:70:68:e5:a8:50:35:e6:d7:3e:74:df:db:
         21:2c:05:31:5e:ba:59:76:3f:dd:fe:ad:3b:8b:a5:0b:cc:b1:
         85:cb:97:fc:24:f0:48:9a:49:aa:dc:87:2e:3d:6d:34:c9:9f:
         ae:ba:c2:d0:8a:d9:52:60:2e:83:d9:4e:46:e4:45:93:44:a3:
         fc:bc:46:64:2d:af:6a:1e:33:36:5e:ed:6e:fb:de:ad:72:07:
         b1:b9:12:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2X3u3zLXxN40cNYRQoHmLkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMzQwMmVhZTAyN2FiY2Q5MjYwOTBjYzBkZGVmZjgwYWFi
OTJjMzUwHhcNMjYwNDE2MTk1NzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjE1OTRlYjhiODhjYTZjNWNjYTVhYzNjMDRkMWQ0NjIzMjFhNjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7n4JIRBp3WGnyqf2tFg88LTiiNM
KtkPgIa13izaWCId0xE0ZUM9LrojoQvrYSWU6iyRLP1swCbBo/pR7EgaA6Vi4vuR
9N8BpNyiSujBGYhZPRRrIKpdq8kCIx6x5gR6wTJAm1maQwNjQN2Bc7xqKPdoqx/p
NdqE64rHlrvhOQccGPOBmPKIb++1QVqTg5LOA9d2yxtdtRJAGn5cwpXTohj69pXh
Ib7XcC0NrbBV235SKHE5sWKQmcefJdBhzOtqK1Iypglv2ZqjvAy6kQUBWHw/as00
YleWvCqKt1PXx9uMJKdzWoRtBKZcHIiHIvqQ/UQbSf5XmC4J3U1tOtkSQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8VlOuLiMpsXMpaw8BNHUYjIaYQMB8GA1UdIwQY
MBaAFI00AurgJ6vNkmCQzA3e/4CquSw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalRRQzZ1QW5xODJTWUpETURkN19nS3E1TERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81NTgzNDgtNDkxMi00YmMxLThlNTgt
ZjkyZDdkYzM3ZDJlLzEvcnhXVTY0dUl5bXhjeWxyRHdFMGRSaU1ocGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81NTgzNDgtNDkxMi00YmMxLThlNTgtZjkyZDdkYzM3ZDJl
LzEvalRRQzZ1QW5xODJTWUpETURkN19nS3E1TERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqN72MA0G
CSqGSIb3DQEBCwUAA4IBAQBXyQC4nvDRfHgeS8Po/2FMSmJDjPDo71XxYs5QwB0Y
jtN3OCisDnC/IhVIc+7F1Z9Erj8I3dtNfgg4qJCWMeV85lvUV6L6AmMpjoCG4qks
5CsY9//vHepJyCQlbzcvGvFrDCAcHN3C/ruzCvrXBfZTKWnakRQovtb/q49YRM16
YV9Dt/Umc8CQW2XqdQtEeJ5RfDtUiz/mDqsiPIWtrTEWHi7hbjpQrG5waOWoUDXm
1z5039shLAUxXrpZdj/d/q07i6ULzLGFy5f8JPBImkmq3IcuPW00yZ+uusLQitlS
YC6D2U5G5EWTRKP8vEZkLa9qHjM2Xu1u+96tcgexuRJu
-----END CERTIFICATE-----