Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/1a0790-f332-4a83-9fc9-018360cc0ba9/1/llmMHNqMSoDUXRxE5hAlr6D6GAE.roa
File:                     llmMHNqMSoDUXRxE5hAlr6D6GAE.roa (raw, json)
Hash identifier:          R5kL9/aM+FrgRUOf+AsKqKfQFvEpHbyhgcOmGd1LC1o=
Subject key identifier:   96:59:8C:1C:DA:8C:4A:80:D4:5D:1C:44:E6:10:25:AF:A0:FA:18:01
Certificate issuer:       /CN=0fb7cdb05282b089b476759f69ed4a436b456362
Certificate serial:       019E973E68908DCA5E308989E9D0369E0634
Authority key identifier: 0F:B7:CD:B0:52:82:B0:89:B4:76:75:9F:69:ED:4A:43:6B:45:63:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D7fNsFKCsIm0dnWfae1KQ2tFY2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/1a0790-f332-4a83-9fc9-018360cc0ba9/1/llmMHNqMSoDUXRxE5hAlr6D6GAE.roa
Signing time:             Fri 05 Jun 2026 10:05:09 +0000
ROA not before:           Fri 05 Jun 2026 10:05:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        178.210.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/1a0790-f332-4a83-9fc9-018360cc0ba9/1/D7fNsFKCsIm0dnWfae1KQ2tFY2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/1a0790-f332-4a83-9fc9-018360cc0ba9/1/D7fNsFKCsIm0dnWfae1KQ2tFY2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D7fNsFKCsIm0dnWfae1KQ2tFY2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:3e:68:90:8d:ca:5e:30:89:89:e9:d0:36:9e:06:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fb7cdb05282b089b476759f69ed4a436b456362
        Validity
            Not Before: Jun  5 10:05:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96598c1cda8c4a80d45d1c44e61025afa0fa1801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:77:5f:d2:8a:62:0f:37:6b:b9:bf:60:5b:af:
                    ac:54:49:aa:b5:1d:f3:a9:37:bb:3c:69:60:0b:ee:
                    df:03:3f:cb:9f:9d:13:ce:1b:0b:9d:a4:f0:04:60:
                    e9:39:ef:ee:af:68:3b:84:7d:a6:7a:ee:f2:af:9d:
                    3a:d1:7c:22:d9:99:36:17:0a:50:5c:54:0a:cb:ad:
                    55:a1:58:a5:29:7e:7a:45:9e:70:86:63:bd:93:51:
                    48:19:4d:a8:01:31:b5:3f:d4:98:89:ee:6d:e9:a1:
                    19:86:a6:35:98:89:cb:95:64:e5:af:21:a2:ee:f5:
                    4d:6c:9c:76:c6:37:85:fb:cc:9c:f4:8d:06:8f:be:
                    5b:ce:ef:42:f7:49:3f:64:39:6d:8f:f8:c2:8d:43:
                    22:3b:e8:ba:31:f5:16:42:70:43:38:a4:b0:ab:7e:
                    2f:93:ae:21:84:ab:31:75:5d:9f:17:e4:39:f4:23:
                    7d:e8:80:d0:60:43:39:9b:b3:9b:37:f7:f7:2d:8b:
                    49:15:1e:ab:29:06:f0:b8:d4:1a:93:1f:fb:10:b6:
                    c7:bb:27:5b:f7:76:8d:9c:c0:51:3c:36:a6:88:8c:
                    45:9f:66:70:a1:05:fd:93:38:29:02:74:44:c6:12:
                    9d:68:25:13:0e:15:bd:fd:f9:4d:99:d3:61:a1:30:
                    a9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:59:8C:1C:DA:8C:4A:80:D4:5D:1C:44:E6:10:25:AF:A0:FA:18:01
            X509v3 Authority Key Identifier:
                keyid:0F:B7:CD:B0:52:82:B0:89:B4:76:75:9F:69:ED:4A:43:6B:45:63:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D7fNsFKCsIm0dnWfae1KQ2tFY2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1a0790-f332-4a83-9fc9-018360cc0ba9/1/llmMHNqMSoDUXRxE5hAlr6D6GAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1a0790-f332-4a83-9fc9-018360cc0ba9/1/D7fNsFKCsIm0dnWfae1KQ2tFY2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.210.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:fa:28:1d:e1:62:81:22:f5:b5:e2:7b:08:76:df:fb:1f:69:
         52:51:7c:44:94:48:21:7b:1d:cd:e0:fd:a9:a0:38:34:a2:40:
         23:27:77:af:82:df:5f:85:cc:82:d5:3c:dd:64:4b:63:14:c5:
         64:24:53:c7:f7:0d:6a:85:92:af:d7:ba:60:9d:28:eb:56:f3:
         a6:36:95:27:6c:e2:7f:d9:2a:35:af:2e:ab:10:a0:45:a3:15:
         7c:5f:c0:70:30:05:b3:aa:f2:37:94:51:92:90:75:2a:fd:2e:
         a6:2f:6c:32:2e:28:20:37:ac:05:f6:f8:e2:cc:ee:ad:fb:65:
         34:93:d0:a5:4e:d4:dc:f0:0a:be:72:58:1a:63:44:d1:fa:f3:
         48:cb:ea:3a:18:cf:af:e6:d8:08:7e:69:0e:c2:03:9b:5b:76:
         dc:7c:f5:f3:24:c0:df:a8:6c:85:c2:c0:ad:25:a4:e8:51:9c:
         65:f9:ee:40:b4:5c:a5:4b:2e:86:d7:29:07:91:4d:7f:14:74:
         c0:f6:10:92:8f:1f:31:f2:fa:9e:43:a1:41:2e:f7:be:f7:3f:
         98:cc:7d:3b:6d:8d:8b:9b:aa:e0:7b:92:92:7c:a0:a0:a6:9c:
         b2:39:34:a2:59:b2:96:d8:fb:1e:16:34:56:a6:d1:ff:f0:28:
         00:d0:ea:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6XPmiQjcpeMImJ6dA2ngY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmYjdjZGIwNTI4MmIwODliNDc2NzU5ZjY5ZWQ0YTQzNmI0
NTYzNjIwHhcNMjYwNjA1MTAwNTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjU5OGMxY2RhOGM0YTgwZDQ1ZDFjNDRlNjEwMjVhZmEwZmExODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3df0opiDzdrub9gW6+sVEmqtR3z
qTe7PGlgC+7fAz/Ln50TzhsLnaTwBGDpOe/ur2g7hH2meu7yr5060Xwi2Zk2FwpQ
XFQKy61VoVilKX56RZ5whmO9k1FIGU2oATG1P9SYie5t6aEZhqY1mInLlWTlryGi
7vVNbJx2xjeF+8yc9I0Gj75bzu9C90k/ZDltj/jCjUMiO+i6MfUWQnBDOKSwq34v
k64hhKsxdV2fF+Q59CN96IDQYEM5m7ObN/f3LYtJFR6rKQbwuNQakx/7ELbHuydb
93aNnMBRPDamiIxFn2ZwoQX9kzgpAnRExhKdaCUTDhW9/flNmdNhoTCpQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZZjBzajEqA1F0cROYQJa+g+hgBMB8GA1UdIwQY
MBaAFA+3zbBSgrCJtHZ1n2ntSkNrRWNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDdmTnNGS0NzSW0wZG5XZmFlMUtRMnRGWTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8xYTA3OTAtZjMzMi00YTgzLTlmYzkt
MDE4MzYwY2MwYmE5LzEvbGxtTUhOcU1Tb0RVWFJ4RTVoQWxyNkQ2R0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8xYTA3OTAtZjMzMi00YTgzLTlmYzktMDE4MzYwY2MwYmE5
LzEvRDdmTnNGS0NzSW0wZG5XZmFlMUtRMnRGWTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstKjMA0G
CSqGSIb3DQEBCwUAA4IBAQCq+igd4WKBIvW14nsIdt/7H2lSUXxElEghex3N4P2p
oDg0okAjJ3evgt9fhcyC1TzdZEtjFMVkJFPH9w1qhZKv17pgnSjrVvOmNpUnbOJ/
2So1ry6rEKBFoxV8X8BwMAWzqvI3lFGSkHUq/S6mL2wyLiggN6wF9vjizO6t+2U0
k9ClTtTc8Aq+clgaY0TR+vNIy+o6GM+v5tgIfmkOwgObW3bcfPXzJMDfqGyFwsCt
JaToUZxl+e5AtFylSy6G1ykHkU1/FHTA9hCSjx8x8vqeQ6FBLve+9z+YzH07bY2L
m6rge5KSfKCgppyyOTSiWbKW2PseFjRWptH/8CgA0OpB
-----END CERTIFICATE-----