Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/xJtd6oV5ZqraxKP9KlmSajw3B4g.roa
File:                     xJtd6oV5ZqraxKP9KlmSajw3B4g.roa (raw, json)
Hash identifier:          8nHIcjJSJEAtrnPPSApMuwb73MIZAgPpBtYAZczLHcE=
Subject key identifier:   C4:9B:5D:EA:85:79:66:AA:DA:C4:A3:FD:2A:59:92:6A:3C:37:07:88
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D97A058584C4B80FF4001B81E2B63578D
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/xJtd6oV5ZqraxKP9KlmSajw3B4g.roa
Signing time:             Thu 16 Apr 2026 18:49:20 +0000
ROA not before:           Thu 16 Apr 2026 18:49:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        186.246.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 18:49:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:97:a0:58:58:4c:4b:80:ff:40:01:b8:1e:2b:63:57:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 16 18:49:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c49b5dea857966aadac4a3fd2a59926a3c370788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ac:34:21:1a:f3:7e:de:fe:b2:2c:55:df:5d:
                    1e:4f:f2:8c:52:0c:a7:e3:83:bf:a6:46:9f:76:18:
                    a4:40:ba:a2:c7:6c:44:21:20:0c:14:40:b8:6b:4b:
                    c7:a9:32:a6:89:7b:37:1f:46:c1:45:24:9d:87:18:
                    29:a4:37:e8:4a:de:b1:92:58:3e:b1:96:86:d0:fa:
                    49:f4:5c:05:13:34:8d:c1:67:b1:b4:ca:46:7a:aa:
                    21:95:a8:06:8d:f5:55:52:26:84:87:03:86:cb:ac:
                    dc:27:0a:c7:7d:dd:01:b2:6c:a2:c9:bb:1b:d6:f2:
                    11:e6:30:5e:c0:b1:b0:3a:e2:d2:f1:13:91:78:7b:
                    1d:ba:87:3b:b8:a1:2b:d5:c1:c9:f5:db:2d:3b:fd:
                    b7:1f:ed:fe:f6:88:1b:10:12:23:dd:b8:3a:32:d1:
                    29:d9:cf:00:6a:d2:91:2f:20:bb:28:7c:e2:1b:e6:
                    5a:bd:f4:7e:7d:4b:64:63:2e:e1:87:ea:8f:e7:8d:
                    6b:c8:e2:eb:cb:7c:44:35:08:91:cd:0e:e4:37:59:
                    bd:de:cf:d5:26:7c:43:81:bc:98:c2:94:5f:b5:da:
                    32:c4:34:6d:3b:e0:51:6f:0f:37:27:62:15:02:6d:
                    bf:8e:a6:53:9e:cf:99:71:69:ce:94:49:04:27:5b:
                    b6:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:9B:5D:EA:85:79:66:AA:DA:C4:A3:FD:2A:59:92:6A:3C:37:07:88
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/xJtd6oV5ZqraxKP9KlmSajw3B4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  186.246.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:64:ee:95:4d:0f:65:cc:60:85:ba:be:d0:b5:b8:d7:50:79:
         8d:ce:4b:99:8c:53:c6:63:55:d6:d0:09:ff:e4:2b:e8:49:d5:
         a8:8f:b2:32:e7:7a:22:ab:3a:f5:95:76:f1:fe:d3:1a:3c:42:
         20:4e:eb:d3:c8:fb:2a:89:76:74:48:96:79:72:07:02:8e:c8:
         5e:72:7a:0d:b9:eb:07:c3:80:2c:95:2c:cd:ca:de:10:1a:77:
         4d:db:5d:4e:d5:64:52:84:0e:37:bf:f6:cb:06:34:2f:36:fd:
         99:c1:cc:52:2a:a7:46:1b:c2:2d:b1:d3:42:d9:ef:2e:78:b1:
         c9:fe:cf:d4:10:cc:1f:2e:9b:0e:43:01:21:a0:db:fa:04:16:
         28:67:0b:b3:33:49:5d:a0:8f:fd:ba:18:e4:40:b9:85:36:19:
         4b:e3:70:c1:42:f1:a4:94:15:96:a3:c1:42:b4:fe:b3:f1:5e:
         c4:6b:32:d4:2d:72:fc:31:25:a1:54:3e:c4:88:a7:e7:40:73:
         1c:26:a8:33:d0:4f:5a:e3:6a:0d:df:50:2f:b9:51:9c:ae:a3:
         d2:c0:fc:ac:cb:e7:4c:96:86:cc:0a:31:92:c5:e4:ff:70:97:
         6d:a6:04:d6:02:15:28:fa:17:3b:6b:fd:e1:8a:15:e5:e0:2c:
         40:30:90:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2XoFhYTEuA/0ABuB4rY1eNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNDE2MTg0OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDliNWRlYTg1Nzk2NmFhZGFjNGEzZmQyYTU5OTI2YTNjMzcwNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKw0IRrzft7+sixV310eT/KMUgyn
44O/pkafdhikQLqix2xEISAMFEC4a0vHqTKmiXs3H0bBRSSdhxgppDfoSt6xklg+
sZaG0PpJ9FwFEzSNwWextMpGeqohlagGjfVVUiaEhwOGy6zcJwrHfd0Bsmyiybsb
1vIR5jBewLGwOuLS8ROReHsduoc7uKEr1cHJ9dstO/23H+3+9ogbEBIj3bg6MtEp
2c8AatKRLyC7KHziG+ZavfR+fUtkYy7hh+qP541ryOLry3xENQiRzQ7kN1m93s/V
JnxDgbyYwpRftdoyxDRtO+BRbw83J2IVAm2/jqZTns+ZcWnOlEkEJ1u2lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSbXeqFeWaq2sSj/SpZkmo8NweIMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEveEp0ZDZvVjVacXJheEtQOUtsbVNhanczQjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuvYlMA0G
CSqGSIb3DQEBCwUAA4IBAQBZZO6VTQ9lzGCFur7QtbjXUHmNzkuZjFPGY1XW0An/
5CvoSdWoj7Iy53oiqzr1lXbx/tMaPEIgTuvTyPsqiXZ0SJZ5cgcCjshecnoNuesH
w4AslSzNyt4QGndN211O1WRShA43v/bLBjQvNv2ZwcxSKqdGG8ItsdNC2e8ueLHJ
/s/UEMwfLpsOQwEhoNv6BBYoZwuzM0ldoI/9uhjkQLmFNhlL43DBQvGklBWWo8FC
tP6z8V7EazLULXL8MSWhVD7EiKfnQHMcJqgz0E9a42oN31AvuVGcrqPSwPysy+dM
lobMCjGSxeT/cJdtpgTWAhUo+hc7a/3hihXl4CxAMJBP
-----END CERTIFICATE-----