Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/n2ZF5cAx1CeIFehLBD4RpxdQQ4s.roa
File:                     n2ZF5cAx1CeIFehLBD4RpxdQQ4s.roa (raw, json)
Hash identifier:          drOuVovqjTQ3MtZI5pQnOkBm3Y0EU7S3LpG+uvnx03I=
Subject key identifier:   9F:66:45:E5:C0:31:D4:27:88:15:E8:4B:04:3E:11:A7:17:50:43:8B
Certificate issuer:       /CN=63883a79789d9f65815292f18d4980ba9c5ed221
Certificate serial:       019D96ECE4C10CD0E82C8E10570F5864445A
Authority key identifier: 63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/n2ZF5cAx1CeIFehLBD4RpxdQQ4s.roa
Signing time:             Thu 16 Apr 2026 15:33:20 +0000
ROA not before:           Thu 16 Apr 2026 15:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     262287
IP address blocks:        152.236.10.0/24 maxlen: 24
                          152.236.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:ec:e4:c1:0c:d0:e8:2c:8e:10:57:0f:58:64:44:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63883a79789d9f65815292f18d4980ba9c5ed221
        Validity
            Not Before: Apr 16 15:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f6645e5c031d4278815e84b043e11a71750438b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d9:a2:c6:8a:73:4e:a9:9c:b3:90:2d:c5:81:
                    62:11:58:8f:5e:55:47:51:38:8f:af:94:f6:e4:93:
                    5a:bc:d6:d6:ad:b1:db:23:a9:ac:08:4e:07:34:cc:
                    97:d7:f6:b1:09:0a:b5:ce:60:d2:6b:12:69:60:55:
                    b8:c3:73:a8:f2:f1:2f:63:ac:08:b1:75:dd:0b:f2:
                    9e:cf:1a:09:55:99:94:ff:be:cf:ac:b4:dc:6e:c8:
                    35:67:18:e7:63:a1:b1:2b:d2:e0:e2:dd:3f:84:e5:
                    c5:54:a9:bb:36:21:9d:70:89:36:d6:7d:e9:00:26:
                    33:52:64:b1:be:33:cc:cc:f8:c2:87:e2:c4:17:84:
                    d1:b7:69:39:8f:c1:02:cb:6b:4f:10:d6:27:42:67:
                    f5:eb:a6:f2:77:43:7c:d6:cf:01:72:86:03:84:f8:
                    3b:42:4b:16:6a:ae:79:6b:3b:6e:18:98:c3:c1:32:
                    f6:5d:b1:93:f9:fd:11:69:df:91:dd:8f:76:3c:71:
                    ee:8c:cd:5c:e8:5b:09:e6:76:98:e9:e1:4e:9a:8d:
                    82:4c:5f:ab:95:3b:27:fc:0f:c1:4a:86:2d:62:79:
                    d8:e4:b2:72:8e:8b:9d:15:95:4f:1c:bf:89:dd:83:
                    c5:d8:6e:14:82:48:78:ba:e2:b9:65:0b:bf:a2:52:
                    d3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:66:45:E5:C0:31:D4:27:88:15:E8:4B:04:3E:11:A7:17:50:43:8B
            X509v3 Authority Key Identifier:
                keyid:63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/n2ZF5cAx1CeIFehLBD4RpxdQQ4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.236.10.0/24
                  152.236.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:ee:7c:eb:25:0b:1a:d6:8a:cb:94:24:a5:4c:b5:1c:d1:b0:
         10:e7:89:14:20:1f:b1:32:cd:bc:c2:2f:d6:86:1b:d6:a7:1a:
         6e:42:49:21:5e:66:87:58:13:64:a6:60:c2:e4:65:91:e9:56:
         ad:81:06:59:e7:e6:0d:22:8f:da:4e:ba:84:41:bd:c7:6c:89:
         d7:3f:a5:3c:b8:62:01:57:be:83:d3:4c:1f:b4:4a:42:a5:5f:
         51:90:f9:5d:3d:e7:bc:1c:b7:3f:ad:4e:66:2b:8f:36:9a:f3:
         30:8f:e9:ac:cd:2d:82:d1:bb:1b:43:14:3b:45:cd:c0:fe:87:
         9c:f9:b1:5f:5b:16:8a:87:f3:96:3e:9c:e0:6d:e8:26:76:5c:
         23:07:22:ca:4b:ff:5a:f0:f0:30:7f:ec:b7:cc:18:20:62:c9:
         e1:f6:f6:07:e0:61:54:3c:fb:17:d8:b6:fc:af:90:b9:d4:f4:
         8e:5e:33:a1:39:30:80:d7:13:1b:3d:ca:31:12:64:d4:3a:58:
         cc:e2:eb:d2:da:fa:ef:6c:3a:d8:2e:98:e2:fb:58:16:6a:b4:
         6f:a0:8c:89:8a:d3:0c:b2:92:32:35:8c:94:af:83:d8:40:d1:
         76:68:61:48:1d:03:98:a2:84:2a:9c:69:3c:34:65:af:ae:57:
         4d:30:15:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2W7OTBDNDoLI4QVw9YZERaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODgzYTc5Nzg5ZDlmNjU4MTUyOTJmMThkNDk4MGJhOWM1
ZWQyMjEwHhcNMjYwNDE2MTUzMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjY2NDVlNWMwMzFkNDI3ODgxNWU4NGIwNDNlMTFhNzE3NTA0MzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNmixopzTqmcs5AtxYFiEViPXlVH
UTiPr5T25JNavNbWrbHbI6msCE4HNMyX1/axCQq1zmDSaxJpYFW4w3Oo8vEvY6wI
sXXdC/KezxoJVZmU/77PrLTcbsg1ZxjnY6GxK9Lg4t0/hOXFVKm7NiGdcIk21n3p
ACYzUmSxvjPMzPjCh+LEF4TRt2k5j8ECy2tPENYnQmf166byd0N81s8BcoYDhPg7
QksWaq55aztuGJjDwTL2XbGT+f0Rad+R3Y92PHHujM1c6FsJ5naY6eFOmo2CTF+r
lTsn/A/BSoYtYnnY5LJyjoudFZVPHL+J3YPF2G4Ugkh4uuK5ZQu/olLT8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ9mReXAMdQniBXoSwQ+EacXUEOLMB8GA1UdIwQY
MBaAFGOIOnl4nZ9lgVKS8Y1JgLqcXtIhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYt
MzVkMDU5NWUxMmYwLzEvbjJaRjVjQXgxQ2VJRmVoTEJENFJweGRRUTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYtMzVkMDU5NWUxMmYw
LzEvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmOwKAwQA
mOwNMA0GCSqGSIb3DQEBCwUAA4IBAQBf7nzrJQsa1orLlCSlTLUc0bAQ54kUIB+x
Ms28wi/WhhvWpxpuQkkhXmaHWBNkpmDC5GWR6VatgQZZ5+YNIo/aTrqEQb3HbInX
P6U8uGIBV76D00wftEpCpV9RkPldPee8HLc/rU5mK482mvMwj+mszS2C0bsbQxQ7
Rc3A/oec+bFfWxaKh/OWPpzgbegmdlwjByLKS/9a8PAwf+y3zBggYsnh9vYH4GFU
PPsX2Lb8r5C51PSOXjOhOTCA1xMbPcoxEmTUOljM4uvS2vrvbDrYLpji+1gWarRv
oIyJitMMspIyNYyUr4PYQNF2aGFIHQOYooQqnGk8NGWvrldNMBVD
-----END CERTIFICATE-----