Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/isGffWyPdmVXmpKDrfzyaBAD1rA.roa
File:                     isGffWyPdmVXmpKDrfzyaBAD1rA.roa (raw, json)
Hash identifier:          nyPnJ1uRApZLw5SvpnFE4ju065q6XR7x/ERAr7bB/JM=
Subject key identifier:   8A:C1:9F:7D:6C:8F:76:65:57:9A:92:83:AD:FC:F2:68:10:03:D6:B0
Certificate issuer:       /CN=42239fb9af128428f84fed9f358686717ed97601
Certificate serial:       019ECF89B03F47FDA111A22FAED8C4B517AD
Authority key identifier: 42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/isGffWyPdmVXmpKDrfzyaBAD1rA.roa
Signing time:             Tue 16 Jun 2026 08:26:07 +0000
ROA not before:           Tue 16 Jun 2026 08:26:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219429
IP address blocks:        153.52.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 03:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:89:b0:3f:47:fd:a1:11:a2:2f:ae:d8:c4:b5:17:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42239fb9af128428f84fed9f358686717ed97601
        Validity
            Not Before: Jun 16 08:26:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ac19f7d6c8f7665579a9283adfcf2681003d6b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:04:ac:78:84:c7:82:d0:57:0e:65:06:b7:d2:
                    1a:a9:9c:0c:de:4f:2e:78:27:2c:14:e3:cf:27:14:
                    6c:40:cd:7d:3a:48:89:a3:be:9a:2a:b5:54:17:6a:
                    ad:c5:cd:6d:63:f8:42:6e:d7:51:f8:8c:44:36:db:
                    3e:b7:36:82:a6:f3:2d:e7:e5:e4:f2:d1:6a:5b:2f:
                    26:4f:f2:18:93:a3:00:b7:4b:90:25:fc:e9:bf:0a:
                    3e:47:33:5c:2a:31:d0:a0:c1:5e:c1:06:45:4f:43:
                    83:d6:77:a5:24:e8:5b:41:70:17:73:62:6f:71:74:
                    5d:df:61:3e:69:3c:52:cc:33:e2:99:1d:aa:25:74:
                    9f:ad:34:9d:40:16:4d:d7:7c:4c:40:c6:aa:d2:a7:
                    8d:e8:b2:33:a1:f4:cb:2c:bc:8b:02:e1:81:5e:71:
                    d7:40:ad:b5:31:1c:36:30:05:3f:f6:8b:f0:4a:5a:
                    85:97:34:23:0e:b0:e3:bf:44:de:8d:bf:ba:23:7c:
                    eb:36:72:59:60:00:c1:ac:1c:f0:6e:6f:6a:f8:32:
                    f3:7f:9a:3c:0f:e8:2c:94:e8:9d:ee:50:3f:73:90:
                    4c:74:5f:02:44:5e:9d:2c:37:25:d8:e1:f3:1d:9b:
                    cf:91:fd:4c:c7:d5:d8:7b:8a:38:5c:62:22:5e:47:
                    88:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:C1:9F:7D:6C:8F:76:65:57:9A:92:83:AD:FC:F2:68:10:03:D6:B0
            X509v3 Authority Key Identifier:
                keyid:42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/isGffWyPdmVXmpKDrfzyaBAD1rA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.52.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:53:97:7d:ca:da:d2:27:4a:d7:e8:11:65:88:74:f6:02:8c:
         de:f8:4b:55:cf:16:5f:ce:6b:ba:b0:b4:60:94:81:67:b5:73:
         4f:b4:a2:02:94:17:dc:15:5d:3a:13:92:43:26:29:66:43:c6:
         01:16:32:f9:73:c2:da:79:75:ef:ea:50:6a:63:66:c4:f5:ab:
         34:46:61:4f:63:de:d5:99:fc:4d:da:91:3a:21:dc:8a:b6:d0:
         28:9a:60:85:c1:5f:78:dc:ca:60:c1:55:86:94:fb:dc:10:75:
         aa:d5:df:69:9c:a0:8c:29:09:bd:65:c9:e1:38:89:11:6a:a2:
         b9:a9:f1:fe:fc:38:1c:ac:e2:dd:2c:c4:5d:56:e4:ae:2f:03:
         b1:89:d0:1d:2f:3e:2e:46:a5:19:f5:37:52:4b:a7:ee:a3:e7:
         8c:3c:fc:7a:3c:59:d9:f2:6d:4c:0d:54:9c:00:b8:a2:a8:6a:
         aa:d6:ac:6c:73:8b:c0:2f:2a:0b:4b:95:9a:fa:6d:fc:0b:82:
         ad:fa:c6:6e:b3:17:64:78:a0:d2:f6:e6:d6:c4:92:aa:c6:a7:
         cc:56:d9:07:fb:91:ea:85:35:57:d4:2e:18:28:f5:76:eb:9a:
         51:9b:10:4b:c3:47:f2:40:8d:ad:d5:48:ee:a9:78:f6:20:57:
         a3:f7:cc:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7PibA/R/2hEaIvrtjEtRetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjM5ZmI5YWYxMjg0MjhmODRmZWQ5ZjM1ODY4NjcxN2Vk
OTc2MDEwHhcNMjYwNjE2MDgyNjA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWMxOWY3ZDZjOGY3NjY1NTc5YTkyODNhZGZjZjI2ODEwMDNkNmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQSseITHgtBXDmUGt9IaqZwM3k8u
eCcsFOPPJxRsQM19OkiJo76aKrVUF2qtxc1tY/hCbtdR+IxENts+tzaCpvMt5+Xk
8tFqWy8mT/IYk6MAt0uQJfzpvwo+RzNcKjHQoMFewQZFT0OD1nelJOhbQXAXc2Jv
cXRd32E+aTxSzDPimR2qJXSfrTSdQBZN13xMQMaq0qeN6LIzofTLLLyLAuGBXnHX
QK21MRw2MAU/9ovwSlqFlzQjDrDjv0Tejb+6I3zrNnJZYADBrBzwbm9q+DLzf5o8
D+gslOid7lA/c5BMdF8CRF6dLDcl2OHzHZvPkf1Mx9XYe4o4XGIiXkeI0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrBn31sj3ZlV5qSg6388mgQA9awMB8GA1UdIwQY
MBaAFEIjn7mvEoQo+E/tnzWGhnF+2XYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2Mt
YmM1NDAzYWMyYTk1LzEvaXNHZmZXeVBkbVZYbXBLRHJmenlhQkFEMXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2MtYmM1NDAzYWMyYTk1
LzEvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTRBMA0G
CSqGSIb3DQEBCwUAA4IBAQAfU5d9ytrSJ0rX6BFliHT2Aoze+EtVzxZfzmu6sLRg
lIFntXNPtKIClBfcFV06E5JDJilmQ8YBFjL5c8LaeXXv6lBqY2bE9as0RmFPY97V
mfxN2pE6IdyKttAommCFwV943MpgwVWGlPvcEHWq1d9pnKCMKQm9ZcnhOIkRaqK5
qfH+/DgcrOLdLMRdVuSuLwOxidAdLz4uRqUZ9TdSS6fuo+eMPPx6PFnZ8m1MDVSc
ALiiqGqq1qxsc4vALyoLS5Wa+m38C4Kt+sZusxdkeKDS9ubWxJKqxqfMVtkH+5Hq
hTVX1C4YKPV265pRmxBLw0fyQI2t1UjuqXj2IFej98zU
-----END CERTIFICATE-----