Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/SNDrFYzQ_6omrGXvzr4zeRgTyAs.roa
File:                     SNDrFYzQ_6omrGXvzr4zeRgTyAs.roa (raw, json)
Hash identifier:          P5+CZBUZzgVbaSqwjyeIYT2WuVhCU79SQ4ihMsGjPXw=
Subject key identifier:   48:D0:EB:15:8C:D0:FF:AA:26:AC:65:EF:CE:BE:33:79:18:13:C8:0B
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019D8C0BDDD5282B0E3A78252816462BACA5
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/SNDrFYzQ_6omrGXvzr4zeRgTyAs.roa
Signing time:             Tue 14 Apr 2026 12:51:21 +0000
ROA not before:           Tue 14 Apr 2026 12:51:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9498
IP address blocks:        2.20.0.0/22 maxlen: 22
                          2.20.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8c:0b:dd:d5:28:2b:0e:3a:78:25:28:16:46:2b:ac:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Apr 14 12:51:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48d0eb158cd0ffaa26ac65efcebe33791813c80b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e9:13:b6:eb:ec:95:4f:c9:f8:7e:2b:44:45:
                    53:82:6f:19:fc:e9:2e:4e:4f:2d:d4:3b:9b:1b:85:
                    ec:4f:7c:38:5a:35:b4:86:a4:12:e1:55:c3:32:a7:
                    31:f1:8d:91:5a:c5:86:a9:15:eb:96:de:b2:0c:7a:
                    5e:8d:2f:d3:a8:2c:a8:b9:d6:2a:37:bf:34:be:71:
                    7a:e2:94:bb:b9:eb:3c:87:63:b8:70:1c:1d:6d:f3:
                    ea:5d:f7:e0:84:7b:1b:d2:37:bb:5a:dd:0e:d6:58:
                    14:42:5f:30:ea:f1:3b:c9:34:85:8a:28:9e:ad:a5:
                    07:61:55:a0:f8:99:fc:7c:32:f6:dc:07:39:e4:37:
                    86:38:56:3e:9d:1a:b1:80:39:f8:64:8d:43:2c:9a:
                    f4:43:b3:83:e4:6c:b6:53:fc:51:df:8e:5b:72:dd:
                    56:a1:ee:bd:d7:d8:62:56:55:7c:4c:e3:9c:d6:e1:
                    11:cc:df:2b:56:02:6a:9e:d2:e3:2c:04:2e:f8:7f:
                    49:90:24:ec:92:22:60:b6:91:f6:26:d2:bd:4a:44:
                    6b:84:d1:6e:f5:c9:f6:cd:70:44:31:98:d4:a8:5d:
                    c9:f2:5d:a8:ba:e0:e7:5b:75:b5:4e:96:14:fd:ca:
                    07:69:1c:0f:07:8f:ce:b6:59:0e:55:72:3e:ef:3e:
                    5f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:D0:EB:15:8C:D0:FF:AA:26:AC:65:EF:CE:BE:33:79:18:13:C8:0B
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/SNDrFYzQ_6omrGXvzr4zeRgTyAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.20.0.0/22
                  2.20.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:51:ad:72:95:a5:f6:c9:e5:6d:d6:aa:a6:77:3d:7d:3c:d8:
         ec:9a:1e:65:5e:b7:77:10:ba:54:1e:1e:3f:45:ed:e8:9a:f3:
         ec:7c:38:c7:d3:fe:a1:b1:45:46:f9:d7:2d:1d:e2:b7:b8:12:
         a0:15:7d:a7:f1:23:b9:b7:b3:eb:fc:73:9e:5e:bb:2e:c3:e8:
         89:62:f9:d5:51:3e:97:b9:10:02:c8:aa:f0:91:8c:e3:30:74:
         fe:c6:9c:8f:1c:3f:85:e9:5b:f9:a9:a6:a1:22:3d:f7:24:7b:
         80:a0:e9:a8:87:df:0a:62:a6:52:62:f3:a2:3e:01:2d:9d:6e:
         ba:59:42:dc:39:b5:b5:54:34:cf:2d:30:8f:bf:92:98:2c:66:
         b3:d0:a7:ab:7b:f6:4a:58:97:37:e1:ee:76:a7:f4:37:d4:b9:
         62:87:f6:5c:8c:b4:65:40:f8:e9:89:1e:11:1d:a2:06:e2:61:
         d9:fb:eb:23:db:09:e4:e0:98:ce:05:9f:e1:fd:2e:4b:d8:ca:
         01:a8:4c:ca:b1:6c:f1:59:7d:2d:06:19:83:e0:23:fd:f4:3c:
         8d:1d:e5:85:be:c7:8f:ef:eb:b6:6b:32:ff:2f:47:78:5b:b7:
         15:df:b9:81:1e:5d:6e:3b:5c:d3:5d:10:be:03:f8:85:f2:6d:
         73:92:99:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2MC93VKCsOOnglKBZGK6ylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwNDE0MTI1MTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGQwZWIxNThjZDBmZmFhMjZhYzY1ZWZjZWJlMzM3OTE4MTNjODBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoukTtuvslU/J+H4rREVTgm8Z/Oku
Tk8t1DubG4XsT3w4WjW0hqQS4VXDMqcx8Y2RWsWGqRXrlt6yDHpejS/TqCyoudYq
N780vnF64pS7ues8h2O4cBwdbfPqXffghHsb0je7Wt0O1lgUQl8w6vE7yTSFiiie
raUHYVWg+Jn8fDL23Ac55DeGOFY+nRqxgDn4ZI1DLJr0Q7OD5Gy2U/xR345bct1W
oe6919hiVlV8TOOc1uERzN8rVgJqntLjLAQu+H9JkCTskiJgtpH2JtK9SkRrhNFu
9cn2zXBEMZjUqF3J8l2ouuDnW3W1TpYU/coHaRwPB4/OtlkOVXI+7z5fUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEjQ6xWM0P+qJqxl786+M3kYE8gLMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvU05EckZZelFfNm9tckdYdnpyNHplUmdUeUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAhQAAwQC
AhScMA0GCSqGSIb3DQEBCwUAA4IBAQBoUa1ylaX2yeVt1qqmdz19PNjsmh5lXrd3
ELpUHh4/Re3omvPsfDjH0/6hsUVG+dctHeK3uBKgFX2n8SO5t7Pr/HOeXrsuw+iJ
YvnVUT6XuRACyKrwkYzjMHT+xpyPHD+F6Vv5qaahIj33JHuAoOmoh98KYqZSYvOi
PgEtnW66WULcObW1VDTPLTCPv5KYLGaz0Kere/ZKWJc34e52p/Q31Llih/ZcjLRl
QPjpiR4RHaIG4mHZ++sj2wnk4JjOBZ/h/S5L2MoBqEzKsWzxWX0tBhmD4CP99DyN
HeWFvseP7+u2azL/L0d4W7cV37mBHl1uO1zTXRC+A/iF8m1zkpnQ
-----END CERTIFICATE-----