Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/xIDnHkqk5ICDS0gl0VWhdCJr7Hg.roa
File:                     xIDnHkqk5ICDS0gl0VWhdCJr7Hg.roa (raw, json)
Hash identifier:          EQ9HijdpTxO2kAoLT/bweQHgJglx7ASGEwv6f4lEQAg=
Subject key identifier:   C4:80:E7:1E:4A:A4:E4:80:83:4B:48:25:D1:55:A1:74:22:6B:EC:78
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019D96BB759AB5FCF7AF329A515E7C294F55
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/xIDnHkqk5ICDS0gl0VWhdCJr7Hg.roa
Signing time:             Thu 16 Apr 2026 14:39:20 +0000
ROA not before:           Thu 16 Apr 2026 14:39:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208912
IP address blocks:        46.8.118.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:bb:75:9a:b5:fc:f7:af:32:9a:51:5e:7c:29:4f:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Apr 16 14:39:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c480e71e4aa4e480834b4825d155a174226bec78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:01:63:31:ee:47:93:43:c4:34:d9:bc:4d:ce:
                    0e:2e:a4:21:36:24:9a:f0:2a:39:2a:3c:95:8a:0c:
                    70:61:ac:13:08:82:61:6f:0a:94:ef:c5:51:0c:61:
                    ae:6f:a6:be:30:cc:15:54:5c:3a:a1:fc:aa:43:e1:
                    8c:e0:0c:29:52:59:16:d8:e9:b4:b2:f4:a1:75:06:
                    c0:ea:fa:84:a9:1b:5e:1f:b9:5d:23:73:94:9b:99:
                    19:40:ee:86:13:6e:98:78:8a:81:84:02:59:63:ac:
                    ed:bc:c4:30:ed:2e:5a:a6:89:32:17:e0:58:5e:96:
                    e7:16:f2:fd:69:11:1d:89:6a:92:14:ec:a4:aa:ad:
                    77:49:eb:50:4e:a2:6e:0d:14:c9:85:73:2e:38:ec:
                    87:e6:32:22:b5:44:18:d7:53:cc:c2:f2:9f:dc:ee:
                    09:8d:05:0d:09:1e:40:7c:09:28:7b:f9:4d:f9:30:
                    0f:3a:bd:1e:a6:ad:39:82:8b:64:d3:5b:7a:58:dc:
                    ef:ed:1f:bb:e9:92:84:37:a4:3c:40:f4:ff:b7:ae:
                    40:13:ae:13:44:ff:5d:bb:f0:b3:ed:2e:94:48:7c:
                    5a:4c:42:93:df:c9:02:f6:44:3f:15:3e:06:5d:dd:
                    69:0e:65:6f:63:65:be:fe:76:03:a7:1e:e9:70:01:
                    40:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:80:E7:1E:4A:A4:E4:80:83:4B:48:25:D1:55:A1:74:22:6B:EC:78
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/xIDnHkqk5ICDS0gl0VWhdCJr7Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:8f:da:79:45:c8:48:1c:a3:70:3e:29:78:fe:8d:35:4e:e7:
         cc:0f:6f:ba:2b:12:c1:7d:e5:c7:74:f1:95:1a:1b:4d:bd:cc:
         93:a9:15:c0:58:b2:86:3c:fc:f0:b4:25:14:01:b1:c0:9d:aa:
         ef:e1:79:81:97:b2:23:40:d0:8d:67:f6:41:9e:d0:46:44:21:
         9e:22:3e:f4:a8:be:51:89:f5:63:6d:e5:1b:8a:8e:e6:0e:bc:
         a9:94:28:9d:72:10:3b:d7:fc:98:bb:11:43:5c:96:71:34:25:
         52:b5:eb:9a:32:48:09:42:10:37:82:f9:8b:f2:29:47:db:48:
         2c:19:47:c6:a1:fa:be:84:84:98:ca:2c:6e:4f:63:38:e0:f6:
         15:4a:3f:54:d1:a7:be:fa:24:6c:84:b7:01:33:1d:51:5e:0d:
         bf:b2:af:80:e3:58:c7:52:8d:34:93:4e:c1:47:e4:71:26:eb:
         92:60:5f:27:69:7a:05:51:7f:54:02:37:30:fa:4b:2a:f7:e0:
         af:f6:0f:d3:8e:c2:f5:86:82:3f:c4:fc:71:b2:c8:ec:ec:01:
         49:cf:ea:35:9f:dd:c6:9a:b4:79:a9:45:c5:80:6e:86:75:7f:
         52:93:1d:f6:8e:53:69:e8:f6:78:e5:8b:9d:28:e7:29:e8:6f:
         fb:47:85:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Wu3Watfz3rzKaUV58KU9VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwNDE2MTQzOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDgwZTcxZTRhYTRlNDgwODM0YjQ4MjVkMTU1YTE3NDIyNmJlYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQFjMe5Hk0PENNm8Tc4OLqQhNiSa
8Co5KjyVigxwYawTCIJhbwqU78VRDGGub6a+MMwVVFw6ofyqQ+GM4AwpUlkW2Om0
svShdQbA6vqEqRteH7ldI3OUm5kZQO6GE26YeIqBhAJZY6ztvMQw7S5apokyF+BY
XpbnFvL9aREdiWqSFOykqq13SetQTqJuDRTJhXMuOOyH5jIitUQY11PMwvKf3O4J
jQUNCR5AfAkoe/lN+TAPOr0epq05gotk01t6WNzv7R+76ZKEN6Q8QPT/t65AE64T
RP9du/Cz7S6USHxaTEKT38kC9kQ/FT4GXd1pDmVvY2W+/nYDpx7pcAFAPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSA5x5KpOSAg0tIJdFVoXQia+x4MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEveElEbkhrcWs1SUNEUzBnbDBWV2hkQ0pyN0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLgh2MA0G
CSqGSIb3DQEBCwUAA4IBAQANj9p5RchIHKNwPil4/o01TufMD2+6KxLBfeXHdPGV
GhtNvcyTqRXAWLKGPPzwtCUUAbHAnarv4XmBl7IjQNCNZ/ZBntBGRCGeIj70qL5R
ifVjbeUbio7mDryplCidchA71/yYuxFDXJZxNCVSteuaMkgJQhA3gvmL8ilH20gs
GUfGofq+hISYyixuT2M44PYVSj9U0ae++iRshLcBMx1RXg2/sq+A41jHUo00k07B
R+RxJuuSYF8naXoFUX9UAjcw+ksq9+Cv9g/TjsL1hoI/xPxxssjs7AFJz+o1n93G
mrR5qUXFgG6GdX9Skx32jlNp6PZ45YudKOcp6G/7R4Ue
-----END CERTIFICATE-----