Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/SDFl-dcGqJ4rviFvDKNjX5FqVRQ.roa
File:                     SDFl-dcGqJ4rviFvDKNjX5FqVRQ.roa (raw, json)
Hash identifier:          D7VcT2WmquQVyow8pUPB/uhRTsYZ9Gv0ho2KzxuRPWg=
Subject key identifier:   48:31:65:F9:D7:06:A8:9E:2B:BE:21:6F:0C:A3:63:5F:91:6A:55:14
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019C08A0F92F0191E02AFC64A0E8F7B7054D
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/SDFl-dcGqJ4rviFvDKNjX5FqVRQ.roa
Signing time:             Thu 29 Jan 2026 07:21:33 +0000
ROA not before:           Thu 29 Jan 2026 07:21:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64457
IP address blocks:        178.211.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:08:a0:f9:2f:01:91:e0:2a:fc:64:a0:e8:f7:b7:05:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jan 29 07:21:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=483165f9d706a89e2bbe216f0ca3635f916a5514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1f:7b:88:ab:c0:07:3b:c8:ed:7f:6d:6c:07:
                    40:a1:d9:5a:4b:c9:53:41:d9:23:08:f3:60:ff:2d:
                    5b:21:f2:8f:fe:d9:35:ae:23:20:a4:f6:50:68:79:
                    76:70:64:79:3f:ea:cc:f0:06:22:20:42:51:02:93:
                    e6:62:1a:3c:38:c1:6d:7b:92:68:25:0a:7d:38:1d:
                    6d:98:68:7c:b5:50:7a:15:11:86:a7:b0:d1:e0:12:
                    7d:65:e1:a5:c0:f0:99:2f:69:26:23:ea:67:4b:5a:
                    ad:30:c0:6d:51:94:01:16:ed:54:3a:ad:52:f7:0a:
                    ab:15:94:74:84:b2:69:cb:ef:c1:23:31:d5:31:c6:
                    0c:43:79:e7:a2:30:bf:02:eb:e8:b6:36:61:b7:53:
                    b4:96:f1:69:66:f7:42:0f:cd:12:69:55:55:4c:c1:
                    61:bc:80:de:84:49:ce:fd:ff:0b:fa:e3:bb:3a:02:
                    22:cd:7e:d4:c2:28:cd:83:1b:4a:a3:67:ab:19:b6:
                    b2:a3:e5:be:ff:1f:40:9b:c0:22:3e:fb:3d:07:16:
                    51:29:da:10:22:56:b2:7f:13:3c:fa:8e:37:89:3f:
                    14:58:cb:60:f2:98:ab:02:58:6f:6c:f0:be:a9:cc:
                    dd:2c:ef:f4:9c:76:5d:00:63:3d:39:9a:75:1b:e4:
                    25:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:31:65:F9:D7:06:A8:9E:2B:BE:21:6F:0C:A3:63:5F:91:6A:55:14
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/SDFl-dcGqJ4rviFvDKNjX5FqVRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:68:9d:51:ea:60:94:d4:d7:43:db:5f:f6:89:46:e9:f7:84:
         90:17:7c:57:9c:d6:91:14:5c:1a:d3:26:9a:15:bf:f8:b0:b0:
         e0:00:44:d7:ce:50:31:de:e2:24:a0:c2:dc:9f:e2:54:11:fc:
         1a:9e:be:ff:35:63:04:bc:62:33:f3:89:79:a7:69:e8:06:b1:
         3f:31:d7:46:f6:f1:f9:c3:20:c3:59:d2:a7:7e:72:6b:51:38:
         74:c8:17:62:b1:f1:45:5a:7d:71:15:d0:5a:74:ae:68:8e:bd:
         d5:7b:12:cd:63:fc:7e:eb:ca:9b:f8:36:5d:d6:b7:4d:65:fb:
         b9:a3:f4:02:81:f4:78:a6:94:41:58:45:2c:99:4f:a1:9c:76:
         66:51:95:4a:5e:52:32:2b:be:91:4d:eb:83:33:de:41:c6:cc:
         a0:9a:84:7a:e3:6d:ba:5b:27:dd:a5:1d:3f:4e:52:da:6a:ab:
         53:01:e6:cb:f5:6e:88:de:c5:a5:53:af:44:cf:c7:34:c0:b7:
         03:80:12:69:81:d9:e3:ae:60:19:fa:40:63:7d:19:8a:fb:84:
         5c:11:23:73:2d:87:aa:01:37:10:ac:d7:b5:af:e3:d2:68:10:
         d0:89:c0:39:7e:f7:b6:37:49:39:45:8b:38:e4:f1:03:89:57:
         e4:4e:b6:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwIoPkvAZHgKvxkoOj3twVNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwMTI5MDcyMTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODMxNjVmOWQ3MDZhODllMmJiZTIxNmYwY2EzNjM1ZjkxNmE1NTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArR97iKvABzvI7X9tbAdAodlaS8lT
QdkjCPNg/y1bIfKP/tk1riMgpPZQaHl2cGR5P+rM8AYiIEJRApPmYho8OMFte5Jo
JQp9OB1tmGh8tVB6FRGGp7DR4BJ9ZeGlwPCZL2kmI+pnS1qtMMBtUZQBFu1UOq1S
9wqrFZR0hLJpy+/BIzHVMcYMQ3nnojC/AuvotjZht1O0lvFpZvdCD80SaVVVTMFh
vIDehEnO/f8L+uO7OgIizX7UwijNgxtKo2erGbayo+W+/x9Am8AiPvs9BxZRKdoQ
IlayfxM8+o43iT8UWMtg8pirAlhvbPC+qczdLO/0nHZdAGM9OZp1G+QlzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgxZfnXBqieK74hbwyjY1+RalUUMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvU0RGbC1kY0dxSjRydmlGdkRLTmpYNUZxVlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOfMA0G
CSqGSIb3DQEBCwUAA4IBAQCuaJ1R6mCU1NdD21/2iUbp94SQF3xXnNaRFFwa0yaa
Fb/4sLDgAETXzlAx3uIkoMLcn+JUEfwanr7/NWMEvGIz84l5p2noBrE/MddG9vH5
wyDDWdKnfnJrUTh0yBdisfFFWn1xFdBadK5ojr3VexLNY/x+68qb+DZd1rdNZfu5
o/QCgfR4ppRBWEUsmU+hnHZmUZVKXlIyK76RTeuDM95BxsygmoR64226WyfdpR0/
TlLaaqtTAebL9W6I3sWlU69Ez8c0wLcDgBJpgdnjrmAZ+kBjfRmK+4RcESNzLYeq
ATcQrNe1r+PSaBDQicA5fve2N0k5RYs45PEDiVfkTrav
-----END CERTIFICATE-----