Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/9pxQryKB7-OGwAXFhJkPHxMTQ7U.roa
File:                     9pxQryKB7-OGwAXFhJkPHxMTQ7U.roa (raw, json)
Hash identifier:          LaU9wAoPLEVyPbiNPfNuiL4UkPIf6M+Y7nzkcS2LF6A=
Subject key identifier:   F6:9C:50:AF:22:81:EF:E3:86:C0:05:C5:84:99:0F:1F:13:13:43:B5
Certificate issuer:       /CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
Certificate serial:       019CAE08EF770C39821C5804134A47F48EA7
Authority key identifier: 55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/9pxQryKB7-OGwAXFhJkPHxMTQ7U.roa
Signing time:             Mon 02 Mar 2026 10:12:26 +0000
ROA not before:           Mon 02 Mar 2026 10:12:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213607
IP address blocks:        168.222.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 19:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:08:ef:77:0c:39:82:1c:58:04:13:4a:47:f4:8e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
        Validity
            Not Before: Mar  2 10:12:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f69c50af2281efe386c005c584990f1f131343b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ce:0a:70:64:07:70:4a:fd:3a:49:2c:a1:32:
                    4b:b2:be:eb:b5:84:71:78:be:c2:05:71:e8:5f:e9:
                    ab:04:62:68:87:d7:90:89:a2:78:47:c8:30:e6:1d:
                    83:1f:c4:8f:bb:af:a1:75:29:9e:61:de:0a:ce:0a:
                    fc:25:53:c2:4a:80:4c:95:d2:d5:b6:3f:0c:06:d5:
                    f4:9e:32:74:92:ac:c8:71:11:f0:f9:bb:75:a6:55:
                    e2:4b:f4:7d:97:70:ea:97:74:38:f1:bf:8c:af:9f:
                    13:85:19:a9:16:81:9f:ea:68:d0:d4:be:47:26:b3:
                    5d:b7:6e:73:6f:25:b0:d0:df:06:c3:d6:e0:e3:da:
                    24:5e:93:60:65:af:d5:1e:5e:6a:8f:16:52:45:c1:
                    e2:cd:24:4a:3b:15:19:29:d6:61:b9:15:ca:59:20:
                    cd:82:4a:2d:e2:ef:c0:d2:9c:e7:ab:cd:3a:99:0d:
                    15:66:99:8a:5b:77:9f:c3:f1:38:33:fa:af:4a:c4:
                    9d:96:3a:2e:67:c3:ed:d3:21:3c:0e:47:75:9d:59:
                    23:5d:02:22:10:95:f1:08:03:9d:3e:c6:ac:fb:dd:
                    8a:0d:0f:e2:29:a4:cb:ba:e3:cd:79:57:6c:1e:a0:
                    b4:f8:97:0b:5e:b2:9e:5a:fb:a7:16:f5:26:36:d9:
                    bd:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:9C:50:AF:22:81:EF:E3:86:C0:05:C5:84:99:0F:1F:13:13:43:B5
            X509v3 Authority Key Identifier:
                keyid:55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/9pxQryKB7-OGwAXFhJkPHxMTQ7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ee:b9:eb:54:08:cd:d6:c6:12:ed:ff:4e:f2:2a:c3:cc:72:69:
         dc:39:91:17:b8:ad:24:d1:0b:7c:0c:83:66:0a:ac:4e:a5:0c:
         d0:2e:dd:fc:77:f5:c4:db:3d:85:e0:6b:32:48:99:81:81:ca:
         ad:2b:57:ca:65:eb:f8:45:10:a8:8d:2c:84:e4:26:93:c2:a1:
         59:d6:b5:64:74:eb:11:85:8e:51:27:1f:4d:a6:42:3a:65:5a:
         a7:a1:d4:33:c2:64:c1:7c:9f:5a:22:01:b8:ee:a3:e0:8b:98:
         21:bf:14:e6:1c:52:0c:ee:87:63:dd:a2:92:9c:4f:0d:d5:9e:
         e3:33:05:0e:bf:f9:65:3a:2b:60:60:a6:13:24:d3:a7:f6:12:
         2b:38:0a:89:97:70:2d:9f:7b:49:4a:c1:4d:c7:90:66:12:20:
         90:2d:c0:9d:d3:02:51:40:e5:bf:b4:f8:17:49:16:6c:ae:21:
         24:40:3f:02:dd:f2:83:0a:46:b5:43:41:48:28:a6:6d:ec:f9:
         34:96:c6:4b:97:bc:a3:e1:24:44:d2:50:45:15:9f:4d:c7:71:
         54:f1:39:5b:22:1b:d1:a8:ac:e1:45:6d:4d:94:7e:50:1b:98:
         96:1c:79:7e:05:81:2e:1f:b7:dd:ff:d4:c7:1f:e0:7b:84:73:
         3e:b4:83:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyuCO93DDmCHFgEE0pH9I6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YzliMjAyNWUwZTY5NTgwOGY2YjYxZWUyNzZhZWQ0ZmI1
NjgwY2QwHhcNMjYwMzAyMTAxMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjljNTBhZjIyODFlZmUzODZjMDA1YzU4NDk5MGYxZjEzMTM0M2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM4KcGQHcEr9OkksoTJLsr7rtYRx
eL7CBXHoX+mrBGJoh9eQiaJ4R8gw5h2DH8SPu6+hdSmeYd4Kzgr8JVPCSoBMldLV
tj8MBtX0njJ0kqzIcRHw+bt1plXiS/R9l3Dql3Q48b+Mr58ThRmpFoGf6mjQ1L5H
JrNdt25zbyWw0N8Gw9bg49okXpNgZa/VHl5qjxZSRcHizSRKOxUZKdZhuRXKWSDN
gkot4u/A0pznq806mQ0VZpmKW3efw/E4M/qvSsSdljouZ8Pt0yE8Dkd1nVkjXQIi
EJXxCAOdPsas+92KDQ/iKaTLuuPNeVdsHqC0+JcLXrKeWvunFvUmNtm9xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPacUK8ige/jhsAFxYSZDx8TE0O1MB8GA1UdIwQY
MBaAFFXJsgJeDmlYCPa2HuJ2rtT7VoDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUt
NzFiZTBkNTE5MTlkLzEvOXB4UXJ5S0I3LU9Hd0FYRmhKa1BIeE1UUTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUtNzFiZTBkNTE5MTlk
LzEvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqN61MA0G
CSqGSIb3DQEBCwUAA4IBAQDuuetUCM3WxhLt/07yKsPMcmncOZEXuK0k0Qt8DINm
CqxOpQzQLt38d/XE2z2F4GsySJmBgcqtK1fKZev4RRCojSyE5CaTwqFZ1rVkdOsR
hY5RJx9NpkI6ZVqnodQzwmTBfJ9aIgG47qPgi5ghvxTmHFIM7odj3aKSnE8N1Z7j
MwUOv/llOitgYKYTJNOn9hIrOAqJl3Atn3tJSsFNx5BmEiCQLcCd0wJRQOW/tPgX
SRZsriEkQD8C3fKDCka1Q0FIKKZt7Pk0lsZLl7yj4SRE0lBFFZ9Nx3FU8TlbIhvR
qKzhRW1NlH5QG5iWHHl+BYEuH7fd/9THH+B7hHM+tIOx
-----END CERTIFICATE-----