Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cPV75ux-i8xcSwhpEO8fZPz_9Kw.roa
File:                     cPV75ux-i8xcSwhpEO8fZPz_9Kw.roa (raw, json)
Hash identifier:          ORA20fOuunSAQS4t4nydtF0eCVhayk8+DidpLEcut6Q=
Subject key identifier:   70:F5:7B:E6:EC:7E:8B:CC:5C:4B:08:69:10:EF:1F:64:FC:FF:F4:AC
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D6C5428E2E9119111884892FEE0F29CB0
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cPV75ux-i8xcSwhpEO8fZPz_9Kw.roa
Signing time:             Wed 08 Apr 2026 09:02:27 +0000
ROA not before:           Wed 08 Apr 2026 09:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        158.173.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6c:54:28:e2:e9:11:91:11:88:48:92:fe:e0:f2:9c:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr  8 09:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70f57be6ec7e8bcc5c4b086910ef1f64fcfff4ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b4:20:15:fb:03:9c:57:6e:c7:30:74:65:95:
                    fb:8f:b9:4a:92:5f:b8:b3:dc:9d:36:02:dc:65:6e:
                    00:cd:aa:67:1e:b0:f0:6c:37:67:48:d7:0f:c1:05:
                    04:b2:12:6f:3e:cf:10:9d:70:35:94:63:cf:47:f7:
                    b6:12:c0:cf:5e:6b:d3:0d:d3:fb:e3:ec:d4:4e:34:
                    75:62:38:d6:dd:5d:e8:02:c9:55:c8:2e:8e:36:ff:
                    25:0f:68:e8:f2:27:5e:2b:57:c0:fa:72:d4:75:3b:
                    4a:b3:6d:aa:df:b6:a4:83:d9:1c:2b:00:1f:bd:5c:
                    32:cb:f0:60:90:80:c6:fe:df:ad:f3:48:16:66:4b:
                    58:d8:bf:62:49:fb:6e:b8:5d:72:2b:32:05:e8:e7:
                    db:08:f1:4e:0d:ee:f6:6e:d5:57:a5:3c:6c:0a:0a:
                    d2:fe:5e:d6:85:2c:85:37:c1:4e:8e:e1:0e:2e:88:
                    b3:96:6d:1e:13:8d:96:cc:02:5d:9d:51:b7:0c:4f:
                    65:a9:7d:3c:2f:b1:aa:50:65:c9:09:a1:08:bd:12:
                    07:80:37:2a:98:f7:18:0f:46:af:e6:3e:65:c1:ee:
                    a8:3e:ca:9a:9b:6a:54:22:c8:ab:f5:ff:15:1f:c0:
                    f8:98:90:42:28:ec:10:71:27:27:50:4a:a4:d5:05:
                    60:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F5:7B:E6:EC:7E:8B:CC:5C:4B:08:69:10:EF:1F:64:FC:FF:F4:AC
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cPV75ux-i8xcSwhpEO8fZPz_9Kw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:0c:89:fa:b1:6b:79:01:65:72:dd:ee:03:49:96:d0:0c:76:
         55:42:f6:3e:cd:3e:a5:35:7b:3e:01:ce:8c:d5:04:ce:0f:48:
         10:b6:99:c2:22:54:54:ec:7a:7f:46:01:b6:31:67:90:90:c0:
         dc:eb:11:14:2d:43:e8:ce:a1:96:c3:20:99:f0:8b:31:88:2b:
         cb:77:74:20:ee:e9:5f:5f:0e:a1:12:e0:94:52:74:91:14:65:
         3d:cd:5b:b8:87:88:c4:76:0b:66:eb:4f:af:14:be:59:aa:a0:
         5b:af:85:98:3a:48:8a:0c:36:a3:9a:70:cd:6e:3f:23:2e:f4:
         2e:1c:ec:ce:e4:38:e5:70:64:5e:89:5b:a3:41:51:b2:ad:d7:
         94:23:57:2b:3c:8f:1d:a7:c9:a9:78:5b:3d:16:c1:38:60:e7:
         e9:f7:e6:85:ed:a4:48:59:12:d7:b8:4f:d5:47:f4:a0:d5:5c:
         f8:20:d8:da:81:25:6f:59:35:6d:da:6e:1e:5f:ac:85:1c:9c:
         89:6a:c5:48:36:c7:e2:05:15:e4:74:d2:ed:87:11:29:ff:e0:
         25:da:0b:94:75:af:79:5b:cc:55:28:2c:ad:ee:3a:66:b5:c5:
         51:c6:f4:42:24:a0:db:19:3b:37:e5:59:75:e5:ad:39:33:9a:
         ca:a4:7b:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1sVCji6RGREYhIkv7g8pywMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDA4MDkwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGY1N2JlNmVjN2U4YmNjNWM0YjA4NjkxMGVmMWY2NGZjZmZmNGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7QgFfsDnFduxzB0ZZX7j7lKkl+4
s9ydNgLcZW4AzapnHrDwbDdnSNcPwQUEshJvPs8QnXA1lGPPR/e2EsDPXmvTDdP7
4+zUTjR1YjjW3V3oAslVyC6ONv8lD2jo8ideK1fA+nLUdTtKs22q37akg9kcKwAf
vVwyy/BgkIDG/t+t80gWZktY2L9iSftuuF1yKzIF6OfbCPFODe72btVXpTxsCgrS
/l7WhSyFN8FOjuEOLoizlm0eE42WzAJdnVG3DE9lqX08L7GqUGXJCaEIvRIHgDcq
mPcYD0av5j5lwe6oPsqam2pUIsir9f8VH8D4mJBCKOwQcScnUEqk1QVgAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHD1e+bsfovMXEsIaRDvH2T8//SsMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvY1BWNzV1eC1pOHhjU3docEVPOGZaUHpfOUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3AMA0G
CSqGSIb3DQEBCwUAA4IBAQAaDIn6sWt5AWVy3e4DSZbQDHZVQvY+zT6lNXs+Ac6M
1QTOD0gQtpnCIlRU7Hp/RgG2MWeQkMDc6xEULUPozqGWwyCZ8IsxiCvLd3Qg7ulf
Xw6hEuCUUnSRFGU9zVu4h4jEdgtm60+vFL5ZqqBbr4WYOkiKDDajmnDNbj8jLvQu
HOzO5DjlcGReiVujQVGyrdeUI1crPI8dp8mpeFs9FsE4YOfp9+aF7aRIWRLXuE/V
R/Sg1Vz4INjagSVvWTVt2m4eX6yFHJyJasVINsfiBRXkdNLthxEp/+Al2guUda95
W8xVKCyt7jpmtcVRxvRCJKDbGTs35Vl15a05M5rKpHsd
-----END CERTIFICATE-----