Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/d9otYmPwhUQA0xtvf3E_u2UU2Nw.roa
File:                     d9otYmPwhUQA0xtvf3E_u2UU2Nw.roa (raw, json)
Hash identifier:          djWp1ML+HCRt2FC3F9uetrJlA3rOIZU/w0MNDxUDVQA=
Subject key identifier:   77:DA:2D:62:63:F0:85:44:00:D3:1B:6F:7F:71:3F:BB:65:14:D8:DC
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D9B6B4C3019FCD2D698DBFC9B5A929F5B
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/d9otYmPwhUQA0xtvf3E_u2UU2Nw.roa
Signing time:             Fri 17 Apr 2026 12:29:53 +0000
ROA not before:           Fri 17 Apr 2026 12:29:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395470
IP address blocks:        158.173.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:6b:4c:30:19:fc:d2:d6:98:db:fc:9b:5a:92:9f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 17 12:29:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=77da2d6263f0854400d31b6f7f713fbb6514d8dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:80:44:38:1d:50:a2:72:ed:35:3e:95:49:61:
                    76:fc:87:56:8d:17:d7:06:1d:5a:14:81:cf:71:28:
                    8b:4c:4d:03:5a:fc:53:a6:a7:55:85:96:e7:d4:d4:
                    a9:c7:07:dc:e8:df:4a:4d:aa:ec:99:b4:18:cf:38:
                    12:c7:88:4f:69:3b:74:bc:d4:ae:ea:52:52:b7:61:
                    a9:8e:15:eb:4c:da:7a:bc:08:00:b5:38:77:fa:47:
                    c6:aa:2a:18:8a:77:70:01:50:25:95:c9:e9:d4:24:
                    78:d4:52:ea:47:9d:7d:29:82:65:94:6b:09:2d:4e:
                    f0:4f:40:a6:1a:16:40:b8:b5:4c:6d:aa:e5:09:f1:
                    07:4d:07:f1:43:ab:ce:1c:c1:51:b1:0f:45:b8:32:
                    3b:58:40:0c:47:68:ac:58:67:3e:78:53:75:be:af:
                    51:44:6c:9c:79:36:c8:b1:f6:15:f9:2b:7b:58:cc:
                    4b:b1:bd:b7:cd:38:51:a1:6c:f0:20:09:cb:a2:f3:
                    74:61:97:97:e0:69:ec:92:e2:9c:9c:52:45:2a:30:
                    8e:94:df:03:24:40:6a:41:79:68:5b:f1:fb:06:34:
                    b4:53:b5:6f:59:ac:43:61:87:17:22:4d:2d:c8:dc:
                    58:3d:69:23:45:73:42:1d:e4:db:c4:ae:ef:af:d6:
                    09:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:DA:2D:62:63:F0:85:44:00:D3:1B:6F:7F:71:3F:BB:65:14:D8:DC
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/d9otYmPwhUQA0xtvf3E_u2UU2Nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:24:c5:49:95:44:52:27:b4:a7:01:90:97:ea:2b:9a:4d:d1:
         42:ac:f9:4b:81:78:2b:52:5a:cd:46:87:11:7f:06:86:5f:86:
         cc:b1:10:c4:a6:99:7b:a9:36:11:8e:86:f6:8a:2c:59:da:d2:
         d3:55:6b:79:41:e6:4f:7f:f2:ad:e6:60:14:ea:fb:b7:0e:00:
         da:bb:b0:7a:71:ee:d5:cd:d5:5b:be:26:70:8f:bc:e7:6a:1f:
         5c:c1:d5:30:59:db:05:76:c4:21:65:d2:37:9e:45:d8:87:31:
         7b:1d:40:2d:90:56:cf:26:73:5f:e2:71:88:51:50:04:54:8a:
         d2:18:e4:c8:bf:e8:ff:a3:4d:cb:cd:3e:bd:96:21:b3:ba:50:
         62:8e:a2:94:bf:4a:f9:e4:32:ac:66:81:83:f8:3a:f7:d4:17:
         30:64:5c:4b:46:67:ee:28:9e:0d:02:fd:7a:b5:26:da:01:94:
         0d:59:ad:a3:99:26:19:ab:1a:5b:c1:97:62:49:5f:df:b6:b9:
         f2:e8:86:1d:75:50:25:0b:ed:d7:5e:9d:c0:6b:e4:5f:ec:20:
         17:21:86:31:c9:64:66:39:6f:ba:4d:bf:9f:e7:0b:2a:fb:4a:
         24:34:8c:35:0e:75:69:3e:87:ed:dc:a9:16:65:e2:33:25:49:
         57:e1:2c:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2ba0wwGfzS1pjb/Jtakp9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDE3MTIyOTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2RhMmQ2MjYzZjA4NTQ0MDBkMzFiNmY3ZjcxM2ZiYjY1MTRkOGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4BEOB1QonLtNT6VSWF2/IdWjRfX
Bh1aFIHPcSiLTE0DWvxTpqdVhZbn1NSpxwfc6N9KTarsmbQYzzgSx4hPaTt0vNSu
6lJSt2GpjhXrTNp6vAgAtTh3+kfGqioYindwAVAllcnp1CR41FLqR519KYJllGsJ
LU7wT0CmGhZAuLVMbarlCfEHTQfxQ6vOHMFRsQ9FuDI7WEAMR2isWGc+eFN1vq9R
RGyceTbIsfYV+St7WMxLsb23zThRoWzwIAnLovN0YZeX4GnskuKcnFJFKjCOlN8D
JEBqQXloW/H7BjS0U7VvWaxDYYcXIk0tyNxYPWkjRXNCHeTbxK7vr9YJlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfaLWJj8IVEANMbb39xP7tlFNjcMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvZDlvdFltUHdoVVFBMHh0dmYzRV91MlVVMk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3OMA0G
CSqGSIb3DQEBCwUAA4IBAQDfJMVJlURSJ7SnAZCX6iuaTdFCrPlLgXgrUlrNRocR
fwaGX4bMsRDEppl7qTYRjob2iixZ2tLTVWt5QeZPf/Kt5mAU6vu3DgDau7B6ce7V
zdVbviZwj7znah9cwdUwWdsFdsQhZdI3nkXYhzF7HUAtkFbPJnNf4nGIUVAEVIrS
GOTIv+j/o03LzT69liGzulBijqKUv0r55DKsZoGD+Dr31BcwZFxLRmfuKJ4NAv16
tSbaAZQNWa2jmSYZqxpbwZdiSV/ftrny6IYddVAlC+3XXp3Aa+Rf7CAXIYYxyWRm
OW+6Tb+f5wsq+0okNIw1DnVpPoft3KkWZeIzJUlX4Szw
-----END CERTIFICATE-----