Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/ehxVaEtRSgmtXWibehJFSg2UxQg.roa
File:                     ehxVaEtRSgmtXWibehJFSg2UxQg.roa (raw, json)
Hash identifier:          t9f5OTDkYl9rwnvOFT12TZ8YPdY0wwMwMgp6Xvr9xCo=
Subject key identifier:   7A:1C:55:68:4B:51:4A:09:AD:5D:68:9B:7A:12:45:4A:0D:94:C5:08
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       019D9A632048D0B8BD7EFE351E1FAA8D0BDF
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/ehxVaEtRSgmtXWibehJFSg2UxQg.roa
Signing time:             Fri 17 Apr 2026 07:41:20 +0000
ROA not before:           Fri 17 Apr 2026 07:41:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203248
IP address blocks:        167.160.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:63:20:48:d0:b8:bd:7e:fe:35:1e:1f:aa:8d:0b:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Apr 17 07:41:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a1c55684b514a09ad5d689b7a12454a0d94c508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cd:a4:0c:46:fb:4a:bd:74:e7:be:39:8c:56:
                    73:38:77:c1:bb:05:7e:91:02:75:11:c9:8b:ab:89:
                    49:30:65:ae:7b:e5:60:be:34:2b:e6:fe:e8:4b:c2:
                    4f:f2:71:34:d2:bc:43:8c:cc:13:1f:23:ac:77:a6:
                    06:8c:2a:f0:8e:76:f8:b8:d9:96:18:85:a7:60:29:
                    9e:09:ee:d7:40:a5:7a:59:8a:67:d4:43:83:64:de:
                    86:09:28:1a:94:9d:42:92:04:4b:74:20:81:76:9d:
                    ae:28:9d:07:a0:8b:ef:ea:ad:db:29:86:d1:d3:63:
                    71:bd:b7:9c:ac:59:ed:f8:95:4f:6a:57:28:de:74:
                    aa:7a:eb:a7:9b:d2:7a:ca:08:93:eb:82:29:ba:9f:
                    9f:a4:ab:5b:41:4e:54:77:41:f0:07:b9:f7:3a:14:
                    af:77:29:72:6f:fe:e2:b5:46:87:ec:9c:a6:08:67:
                    41:37:c8:5f:10:a1:2a:67:e7:a4:b8:ce:6a:7b:35:
                    1a:ff:ae:ff:7e:dd:39:29:94:bc:84:81:40:db:04:
                    ab:61:dd:f9:6e:af:5c:a6:24:e6:fd:e9:92:ab:11:
                    ad:11:f4:4a:6e:bd:ce:40:54:47:bd:89:ee:74:79:
                    49:6d:38:f0:ce:3c:13:bd:8d:80:f8:9f:fe:a9:18:
                    55:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:1C:55:68:4B:51:4A:09:AD:5D:68:9B:7A:12:45:4A:0D:94:C5:08
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/ehxVaEtRSgmtXWibehJFSg2UxQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.160.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:f5:c5:ea:00:95:5f:76:f8:c1:22:60:3f:51:d3:7f:0d:25:
         b9:88:15:d9:f8:38:8e:73:b0:90:38:ae:1d:d8:26:e3:b7:c1:
         d6:b7:c0:53:8d:0b:0d:51:40:47:9c:bb:ca:6e:1d:c6:b3:1d:
         56:c6:fe:25:1a:77:1a:14:9c:af:90:3c:69:1a:fe:68:93:19:
         f7:ec:4c:75:d9:d8:46:a1:46:1a:a0:a0:b5:b0:43:ab:3a:e2:
         de:9c:26:6b:32:4a:7a:3d:9f:22:36:e6:47:a8:e4:03:7a:25:
         31:4a:4a:8c:05:50:0a:c2:a4:bc:21:12:4d:89:29:f0:e9:11:
         0f:e5:d8:43:c9:83:b1:de:e1:76:7a:75:89:06:59:d8:f1:d1:
         6d:c2:dd:ba:4c:02:9a:23:5b:06:03:fa:28:2c:5d:11:f1:51:
         92:12:b8:d1:1e:22:57:d5:bc:91:12:85:d5:a0:ef:5a:cf:fd:
         dc:2d:d6:4d:e6:36:ab:90:f8:a4:6a:94:e4:eb:b0:75:cb:f4:
         16:c0:12:90:ff:bc:f4:ed:99:90:db:4a:66:ec:a8:9a:a5:c4:
         4f:ee:1e:5c:2f:51:97:6a:a2:a9:ac:f4:57:d8:4c:93:f3:82:
         bc:9a:8b:b6:b8:40:7e:ab:92:ca:79:f9:7c:e7:04:e7:59:80:
         32:fe:3d:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2aYyBI0Li9fv41Hh+qjQvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjYwNDE3MDc0MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTFjNTU2ODRiNTE0YTA5YWQ1ZDY4OWI3YTEyNDU0YTBkOTRjNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms2kDEb7Sr105745jFZzOHfBuwV+
kQJ1EcmLq4lJMGWue+VgvjQr5v7oS8JP8nE00rxDjMwTHyOsd6YGjCrwjnb4uNmW
GIWnYCmeCe7XQKV6WYpn1EODZN6GCSgalJ1CkgRLdCCBdp2uKJ0HoIvv6q3bKYbR
02NxvbecrFnt+JVPalco3nSqeuunm9J6ygiT64Ipup+fpKtbQU5Ud0HwB7n3OhSv
dylyb/7itUaH7JymCGdBN8hfEKEqZ+ekuM5qezUa/67/ft05KZS8hIFA2wSrYd35
bq9cpiTm/emSqxGtEfRKbr3OQFRHvYnudHlJbTjwzjwTvY2A+J/+qRhVvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHocVWhLUUoJrV1om3oSRUoNlMUIMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvZWh4VmFFdFJTZ210WFdpYmVoSkZTZzJVeFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp6AEMA0G
CSqGSIb3DQEBCwUAA4IBAQBx9cXqAJVfdvjBImA/UdN/DSW5iBXZ+DiOc7CQOK4d
2Cbjt8HWt8BTjQsNUUBHnLvKbh3Gsx1Wxv4lGncaFJyvkDxpGv5okxn37Ex12dhG
oUYaoKC1sEOrOuLenCZrMkp6PZ8iNuZHqOQDeiUxSkqMBVAKwqS8IRJNiSnw6REP
5dhDyYOx3uF2enWJBlnY8dFtwt26TAKaI1sGA/ooLF0R8VGSErjRHiJX1byREoXV
oO9az/3cLdZN5jarkPikapTk67B1y/QWwBKQ/7z07ZmQ20pm7KiapcRP7h5cL1GX
aqKprPRX2EyT84K8mou2uEB+q5LKefl85wTnWYAy/j0e
-----END CERTIFICATE-----