Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/csxH9N8tVIrkBDMI7J2H9oHB5ts.roa
File:                     csxH9N8tVIrkBDMI7J2H9oHB5ts.roa (raw, json)
Hash identifier:          YnDsKZSvVyafr0VpozmsvhXFno1wOxr2STYbFQyZa38=
Subject key identifier:   72:CC:47:F4:DF:2D:54:8A:E4:04:33:08:EC:9D:87:F6:81:C1:E6:DB
Certificate issuer:       /CN=d58214cfa326611e9d494135a12ce8276f0f1784
Certificate serial:       019B79ED01B9A19BBA1F85BA3A1C977D8553
Authority key identifier: D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/csxH9N8tVIrkBDMI7J2H9oHB5ts.roa
Signing time:             Thu 01 Jan 2026 14:18:54 +0000
ROA not before:           Thu 01 Jan 2026 14:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216264
IP address blocks:        194.150.174.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:01:b9:a1:9b:ba:1f:85:ba:3a:1c:97:7d:85:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58214cfa326611e9d494135a12ce8276f0f1784
        Validity
            Not Before: Jan  1 14:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72cc47f4df2d548ae4043308ec9d87f681c1e6db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4a:c8:2b:77:ac:01:d2:b5:6d:3a:7f:80:54:
                    71:7a:18:9e:3d:81:b5:74:eb:1c:5a:8d:c1:4d:bd:
                    48:4c:fa:fc:c1:9e:46:24:d3:52:b8:88:2e:5a:08:
                    47:03:71:9a:29:7d:db:15:0c:a4:7f:18:20:68:a2:
                    3a:f4:d0:82:a7:76:ab:fb:2e:24:87:9d:d6:39:65:
                    fb:19:79:86:ac:7d:8d:7e:0a:e4:60:19:17:87:a2:
                    21:a5:66:59:d8:48:ca:32:8f:14:2c:00:25:5c:de:
                    2b:ab:80:56:56:9e:fa:8f:1e:10:aa:0e:ab:72:f9:
                    59:fa:a0:23:ed:a0:42:94:90:4c:a0:fe:9c:2c:7e:
                    f9:bd:db:b4:c6:c1:fa:67:96:b8:1c:21:11:06:d3:
                    03:fa:59:f4:c1:84:ca:12:e8:59:da:9d:bb:ec:39:
                    ea:d5:e4:6b:bc:e7:e8:59:cd:91:c2:b0:d3:79:63:
                    94:b5:f3:cd:1e:c0:1e:15:c6:cc:cb:81:92:1a:d1:
                    06:18:85:50:5b:d7:ba:d8:c8:21:72:81:c6:bf:bd:
                    04:2b:f7:2a:dc:18:46:00:7f:06:64:ef:63:a2:00:
                    ca:9c:ff:9c:7d:0c:41:7e:b6:35:e7:2b:60:ca:99:
                    39:29:5c:c3:db:9d:dd:10:a5:a2:cf:63:96:b1:3a:
                    35:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:CC:47:F4:DF:2D:54:8A:E4:04:33:08:EC:9D:87:F6:81:C1:E6:DB
            X509v3 Authority Key Identifier:
                keyid:D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/csxH9N8tVIrkBDMI7J2H9oHB5ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:b0:82:f9:61:17:27:a7:a9:ae:55:f2:bb:ff:6d:7e:ec:45:
         04:7a:04:bf:33:bc:5d:4f:03:1f:1f:af:f7:c1:ff:2c:78:43:
         b2:05:95:02:d3:05:bc:8a:57:e4:5a:ce:27:1f:85:41:80:c2:
         84:a6:d0:af:8c:1c:82:dc:4d:be:08:e4:8b:84:4b:36:c2:80:
         24:0f:10:f9:af:27:02:96:e4:5e:4a:15:82:6c:e9:81:d6:d4:
         a4:7c:06:14:14:5c:8d:31:03:68:cd:a4:8e:f0:6b:75:6e:a4:
         c0:ba:69:46:2c:71:09:f7:32:74:e7:c1:7e:f2:96:89:a8:2d:
         e7:a9:78:b8:a1:08:29:02:8a:13:7b:a9:5b:ab:44:e6:0b:c2:
         7b:af:7e:34:00:47:4b:c5:5c:63:10:a5:00:53:90:6f:74:79:
         d3:00:32:d5:21:d8:b4:c6:1b:25:c8:ad:08:59:16:b3:2a:52:
         99:9c:eb:4b:32:0f:9d:af:23:ce:6a:7f:48:26:d0:66:cf:34:
         3b:32:4a:d3:70:a4:c5:24:81:86:5a:e2:fb:e0:97:af:0c:e6:
         84:9f:e8:3a:5c:68:16:3e:df:ec:0a:c7:a6:1c:52:5e:68:13:
         0a:28:20:13:5f:a1:42:8a:f9:15:25:cb:55:0a:c7:29:92:be:
         fe:d9:e4:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57QG5oZu6H4W6OhyXfYVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ODIxNGNmYTMyNjYxMWU5ZDQ5NDEzNWExMmNlODI3NmYw
ZjE3ODQwHhcNMjYwMTAxMTQxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmNjNDdmNGRmMmQ1NDhhZTQwNDMzMDhlYzlkODdmNjgxYzFlNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4krIK3esAdK1bTp/gFRxehiePYG1
dOscWo3BTb1ITPr8wZ5GJNNSuIguWghHA3GaKX3bFQykfxggaKI69NCCp3ar+y4k
h53WOWX7GXmGrH2NfgrkYBkXh6IhpWZZ2EjKMo8ULAAlXN4rq4BWVp76jx4Qqg6r
cvlZ+qAj7aBClJBMoP6cLH75vdu0xsH6Z5a4HCERBtMD+ln0wYTKEuhZ2p277Dnq
1eRrvOfoWc2RwrDTeWOUtfPNHsAeFcbMy4GSGtEGGIVQW9e62MghcoHGv70EK/cq
3BhGAH8GZO9jogDKnP+cfQxBfrY15ytgypk5KVzD253dEKWiz2OWsTo1xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLMR/TfLVSK5AQzCOydh/aBwebbMB8GA1UdIwQY
MBaAFNWCFM+jJmEenUlBNaEs6CdvDxeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQt
MTA3OWQ1NWFlZTkxLzEvY3N4SDlOOHRWSXJrQkRNSTdKMkg5b0hCNXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQtMTA3OWQ1NWFlZTkx
LzEvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpauMA0G
CSqGSIb3DQEBCwUAA4IBAQAGsIL5YRcnp6muVfK7/21+7EUEegS/M7xdTwMfH6/3
wf8seEOyBZUC0wW8ilfkWs4nH4VBgMKEptCvjByC3E2+COSLhEs2woAkDxD5rycC
luReShWCbOmB1tSkfAYUFFyNMQNozaSO8Gt1bqTAumlGLHEJ9zJ058F+8paJqC3n
qXi4oQgpAooTe6lbq0TmC8J7r340AEdLxVxjEKUAU5BvdHnTADLVIdi0xhslyK0I
WRazKlKZnOtLMg+dryPOan9IJtBmzzQ7MkrTcKTFJIGGWuL74JevDOaEn+g6XGgW
Pt/sCsemHFJeaBMKKCATX6FCivkVJctVCscpkr7+2eQk
-----END CERTIFICATE-----