Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/vnkmS2G_XYCi80w1Sr7ywmgbu1Y.roa
File:                     vnkmS2G_XYCi80w1Sr7ywmgbu1Y.roa (raw, json)
Hash identifier:          dBNbnWiw8BVlXWylx+XagNAgGS9u8s9A6cAkgGNVF5I=
Subject key identifier:   BE:79:26:4B:61:BF:5D:80:A2:F3:4C:35:4A:BE:F2:C2:68:1B:BB:56
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019EB593F13F1528E88B19CC9926A6ED94E4
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/vnkmS2G_XYCi80w1Sr7ywmgbu1Y.roa
Signing time:             Thu 11 Jun 2026 07:27:11 +0000
ROA not before:           Thu 11 Jun 2026 07:27:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198487
IP address blocks:        158.173.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 16:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:93:f1:3f:15:28:e8:8b:19:cc:99:26:a6:ed:94:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun 11 07:27:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be79264b61bf5d80a2f34c354abef2c2681bbb56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6b:bb:74:48:ed:37:df:7d:6e:f8:1b:ab:8d:
                    44:e4:91:66:d3:82:d1:d9:a3:fc:7f:29:ef:99:77:
                    a0:9b:d7:7f:a7:bb:35:a7:ee:ca:77:85:d8:61:2b:
                    5d:51:82:b4:2b:29:99:92:03:0a:09:b8:ef:82:b4:
                    b1:62:9f:1f:5e:c5:f3:e4:c1:59:21:6a:35:bc:e0:
                    18:47:0d:bb:73:80:1b:e3:ec:6d:48:1d:d5:88:56:
                    d2:00:ac:f4:62:a5:43:c4:93:4b:24:73:35:dd:5c:
                    b2:36:62:05:26:22:8c:65:19:75:a7:83:e5:f2:75:
                    3b:e7:bb:9b:5a:7d:dd:b1:bb:39:07:d2:7f:c9:a6:
                    94:15:72:cf:4e:3f:89:2b:10:76:84:6e:fd:aa:89:
                    2d:5f:48:b1:51:7c:90:5c:f5:15:d9:70:f8:f9:61:
                    c7:14:de:6c:35:ab:5d:a6:ef:31:0c:d1:5b:12:61:
                    5e:22:2e:df:5d:f2:0f:b4:84:fe:28:81:ea:69:6d:
                    70:a0:e5:00:92:f8:e1:62:9e:87:7b:7b:38:60:90:
                    e0:78:89:e5:96:48:c0:73:f9:69:14:1b:10:68:09:
                    6a:af:3e:a1:52:8c:c4:5b:d9:df:a0:85:8a:5f:1a:
                    66:6e:d6:33:90:33:91:2c:c3:f3:a2:e1:c7:f7:8e:
                    a5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:79:26:4B:61:BF:5D:80:A2:F3:4C:35:4A:BE:F2:C2:68:1B:BB:56
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/vnkmS2G_XYCi80w1Sr7ywmgbu1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:1a:56:61:3b:5b:9e:1f:ff:49:d5:1d:d9:f2:5f:d8:d3:3a:
         8a:98:30:a6:40:ae:a4:78:be:1a:7b:16:ef:2b:29:de:2d:8d:
         60:69:8e:f5:a2:35:66:dc:fd:58:d7:19:32:d9:86:89:e2:9c:
         89:00:0d:f8:36:a4:59:14:96:c1:74:6f:38:9e:c6:6c:c8:3a:
         34:9b:ce:4f:bf:b4:a8:df:83:3c:54:55:67:bf:5c:b1:8e:b9:
         cf:de:9c:27:94:fb:5b:f0:f7:86:e1:94:e2:6f:49:80:1b:0a:
         05:9e:e9:3b:25:b1:fb:1b:1a:9d:a9:30:9c:9a:74:16:a5:81:
         0c:94:92:e1:71:b2:51:4f:5a:54:aa:83:c3:91:db:e0:a9:a6:
         2d:04:3a:39:4b:de:07:7d:52:69:65:d9:1b:0a:b3:f9:5b:a0:
         df:be:c8:f0:d2:c3:c9:36:69:54:42:93:72:f2:16:6e:d6:ad:
         38:bd:a0:c3:c4:da:98:a1:0b:d4:58:fa:26:ab:62:6f:79:67:
         20:c8:3c:0b:19:b3:48:25:d6:88:41:d8:e1:8d:4e:53:cb:d8:
         dd:b4:6c:b4:71:da:b6:0a:c4:be:50:2e:a1:01:37:27:bf:a5:
         c9:4d:2d:44:47:bd:6a:3e:e1:2a:24:a0:40:43:5f:54:8d:96:
         b9:67:6b:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ61k/E/FSjoixnMmSam7ZTkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjExMDcyNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTc5MjY0YjYxYmY1ZDgwYTJmMzRjMzU0YWJlZjJjMjY4MWJiYjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGu7dEjtN999bvgbq41E5JFm04LR
2aP8fynvmXegm9d/p7s1p+7Kd4XYYStdUYK0KymZkgMKCbjvgrSxYp8fXsXz5MFZ
IWo1vOAYRw27c4Ab4+xtSB3ViFbSAKz0YqVDxJNLJHM13VyyNmIFJiKMZRl1p4Pl
8nU757ubWn3dsbs5B9J/yaaUFXLPTj+JKxB2hG79qoktX0ixUXyQXPUV2XD4+WHH
FN5sNatdpu8xDNFbEmFeIi7fXfIPtIT+KIHqaW1woOUAkvjhYp6He3s4YJDgeInl
lkjAc/lpFBsQaAlqrz6hUozEW9nfoIWKXxpmbtYzkDORLMPzouHH946lZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL55Jkthv12AovNMNUq+8sJoG7tWMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdm5rbVMyR19YWUNpODB3MVNyN3l3bWdidTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3YMA0G
CSqGSIb3DQEBCwUAA4IBAQCsGlZhO1ueH/9J1R3Z8l/Y0zqKmDCmQK6keL4aexbv
KyneLY1gaY71ojVm3P1Y1xky2YaJ4pyJAA34NqRZFJbBdG84nsZsyDo0m85Pv7So
34M8VFVnv1yxjrnP3pwnlPtb8PeG4ZTib0mAGwoFnuk7JbH7GxqdqTCcmnQWpYEM
lJLhcbJRT1pUqoPDkdvgqaYtBDo5S94HfVJpZdkbCrP5W6Dfvsjw0sPJNmlUQpNy
8hZu1q04vaDDxNqYoQvUWPomq2JveWcgyDwLGbNIJdaIQdjhjU5Ty9jdtGy0cdq2
CsS+UC6hATcnv6XJTS1ER71qPuEqJKBAQ19UjZa5Z2tO
-----END CERTIFICATE-----