Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/VegqeIb2Ue99pk2Mj-Hsak4tsjc.roa
File:                     VegqeIb2Ue99pk2Mj-Hsak4tsjc.roa (raw, json)
Hash identifier:          HOWcoXLSZ9qZQNTRKHr5hgDAOjfifn3qO2/BIser9rI=
Subject key identifier:   55:E8:2A:78:86:F6:51:EF:7D:A6:4D:8C:8F:E1:EC:6A:4E:2D:B2:37
Certificate issuer:       /CN=42239fb9af128428f84fed9f358686717ed97601
Certificate serial:       019ED1AADDFDC8995B72275FC68347082BCF
Authority key identifier: 42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/VegqeIb2Ue99pk2Mj-Hsak4tsjc.roa
Signing time:             Tue 16 Jun 2026 18:21:36 +0000
ROA not before:           Tue 16 Jun 2026 18:21:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213702
IP address blocks:        153.52.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 03:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d1:aa:dd:fd:c8:99:5b:72:27:5f:c6:83:47:08:2b:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42239fb9af128428f84fed9f358686717ed97601
        Validity
            Not Before: Jun 16 18:21:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55e82a7886f651ef7da64d8c8fe1ec6a4e2db237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f9:09:a6:d0:b4:d3:66:08:e4:eb:c9:de:ca:
                    b5:e0:33:29:39:e4:1b:1f:41:9a:df:be:15:f6:c9:
                    42:39:31:55:17:62:5f:32:06:58:ea:dc:94:b8:e1:
                    0c:ab:27:f1:5f:c3:f9:98:bc:cc:84:8e:5e:9e:80:
                    79:2a:10:92:27:f9:06:a3:a5:40:a0:c5:3c:4a:c8:
                    95:15:89:e5:63:d4:c1:79:cc:93:d6:7f:48:5a:b2:
                    0c:a4:d8:64:08:0d:88:01:06:0c:30:26:75:bb:5e:
                    ae:c8:f5:ab:17:0a:ce:51:24:d1:73:95:bd:d8:52:
                    38:93:6a:38:5a:db:ee:86:46:ec:20:2a:7d:fc:d0:
                    77:9f:15:8f:17:df:42:ca:8a:28:1f:86:80:48:dc:
                    e9:46:87:4a:5f:42:89:71:a5:f0:5f:88:22:ec:a1:
                    c5:e1:fd:d4:32:e1:29:b9:89:1a:26:64:7c:c9:fb:
                    de:44:af:7e:57:94:dd:48:e1:ee:da:ec:a8:0d:bf:
                    db:94:5e:24:6a:c3:de:6a:45:ff:75:3b:08:e4:bb:
                    78:4b:dc:d3:8f:ef:31:8d:ec:2d:d4:97:92:58:e6:
                    a2:c3:4c:e0:8e:da:ee:f4:e7:f1:29:54:bc:4b:35:
                    dd:6d:f2:20:34:27:30:70:2a:28:ff:75:fd:86:0c:
                    a8:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:E8:2A:78:86:F6:51:EF:7D:A6:4D:8C:8F:E1:EC:6A:4E:2D:B2:37
            X509v3 Authority Key Identifier:
                keyid:42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/VegqeIb2Ue99pk2Mj-Hsak4tsjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.52.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:b7:d6:67:2d:26:34:1e:dc:48:5f:7c:5a:52:87:c1:3c:c5:
         37:58:44:01:cb:7d:81:21:5b:0b:95:61:a5:f0:75:eb:e3:64:
         ce:bf:12:32:2e:be:b8:a6:b9:cb:95:c7:60:58:f2:3d:76:94:
         9d:79:db:a8:a7:1a:53:4e:78:8c:22:b1:85:0e:36:72:1c:dd:
         8f:fa:59:06:a7:24:8a:9a:a1:e0:d1:70:63:d7:be:92:f0:0b:
         cf:45:24:fc:15:84:cd:6c:65:d4:bd:ec:9d:63:91:bb:46:ee:
         1d:84:df:88:dc:22:38:b5:1d:3e:1e:39:ae:f9:70:93:3e:47:
         db:21:00:9d:67:8e:5c:35:bb:8f:d8:1c:bd:e7:94:ac:56:5f:
         ad:90:33:3d:4a:64:d5:53:bd:50:78:1b:dc:5f:f7:4e:90:09:
         78:3e:a2:f6:46:af:d8:af:3f:63:dc:98:38:ef:86:38:5b:9a:
         27:30:49:84:e3:49:e5:9e:56:eb:91:34:ed:2a:49:35:12:93:
         8a:b8:f2:ab:4c:af:b1:e3:81:7a:a0:ea:60:84:8a:81:f8:7a:
         e9:46:de:a3:2b:6f:2b:e1:94:6d:07:f3:7c:a6:65:b2:3c:a5:
         cb:71:f8:3d:b7:35:f9:ba:39:f2:ae:9e:3b:f8:31:6d:37:91:
         62:95:57:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Rqt39yJlbcidfxoNHCCvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjM5ZmI5YWYxMjg0MjhmODRmZWQ5ZjM1ODY4NjcxN2Vk
OTc2MDEwHhcNMjYwNjE2MTgyMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWU4MmE3ODg2ZjY1MWVmN2RhNjRkOGM4ZmUxZWM2YTRlMmRiMjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/kJptC002YI5OvJ3sq14DMpOeQb
H0Ga374V9slCOTFVF2JfMgZY6tyUuOEMqyfxX8P5mLzMhI5enoB5KhCSJ/kGo6VA
oMU8SsiVFYnlY9TBecyT1n9IWrIMpNhkCA2IAQYMMCZ1u16uyPWrFwrOUSTRc5W9
2FI4k2o4WtvuhkbsICp9/NB3nxWPF99CyoooH4aASNzpRodKX0KJcaXwX4gi7KHF
4f3UMuEpuYkaJmR8yfveRK9+V5TdSOHu2uyoDb/blF4kasPeakX/dTsI5Lt4S9zT
j+8xjewt1JeSWOaiw0zgjtru9OfxKVS8SzXdbfIgNCcwcCoo/3X9hgyotQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXoKniG9lHvfaZNjI/h7GpOLbI3MB8GA1UdIwQY
MBaAFEIjn7mvEoQo+E/tnzWGhnF+2XYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2Mt
YmM1NDAzYWMyYTk1LzEvVmVncWVJYjJVZTk5cGsyTWotSHNhazR0c2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2MtYmM1NDAzYWMyYTk1
LzEvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTRNMA0G
CSqGSIb3DQEBCwUAA4IBAQA5t9ZnLSY0HtxIX3xaUofBPMU3WEQBy32BIVsLlWGl
8HXr42TOvxIyLr64prnLlcdgWPI9dpSdeduopxpTTniMIrGFDjZyHN2P+lkGpySK
mqHg0XBj176S8AvPRST8FYTNbGXUveydY5G7Ru4dhN+I3CI4tR0+Hjmu+XCTPkfb
IQCdZ45cNbuP2By955SsVl+tkDM9SmTVU71QeBvcX/dOkAl4PqL2Rq/Yrz9j3Jg4
74Y4W5onMEmE40nlnlbrkTTtKkk1EpOKuPKrTK+x44F6oOpghIqB+HrpRt6jK28r
4ZRtB/N8pmWyPKXLcfg9tzX5ujnyrp47+DFtN5FilVfp
-----END CERTIFICATE-----