Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/73805b-9bff-4d04-bdc4-1a5ba3bb70ab/1/vskKnMst18EVmBm6lBj0YzIpNuk.roa
File:                     vskKnMst18EVmBm6lBj0YzIpNuk.roa (raw, json)
Hash identifier:          jTxDQ4a1vled+k24Z+iZwB1mJUNUMg7H5qSldRSueFA=
Subject key identifier:   BE:C9:0A:9C:CB:2D:D7:C1:15:98:19:BA:94:18:F4:63:32:29:36:E9
Certificate issuer:       /CN=5a5c7c08d74901b7b810937ec63e85563d36786a
Certificate serial:       019B7F8182386A8C2AABC9FEFDCEA0226F27
Authority key identifier: 5A:5C:7C:08:D7:49:01:B7:B8:10:93:7E:C6:3E:85:56:3D:36:78:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wlx8CNdJAbe4EJN-xj6FVj02eGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/73805b-9bff-4d04-bdc4-1a5ba3bb70ab/1/vskKnMst18EVmBm6lBj0YzIpNuk.roa
Signing time:             Fri 02 Jan 2026 16:19:12 +0000
ROA not before:           Fri 02 Jan 2026 16:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215398
IP address blocks:        192.109.176.0/24 maxlen: 24
                          2001:67c:e1c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/73805b-9bff-4d04-bdc4-1a5ba3bb70ab/1/Wlx8CNdJAbe4EJN-xj6FVj02eGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/73805b-9bff-4d04-bdc4-1a5ba3bb70ab/1/Wlx8CNdJAbe4EJN-xj6FVj02eGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wlx8CNdJAbe4EJN-xj6FVj02eGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:82:38:6a:8c:2a:ab:c9:fe:fd:ce:a0:22:6f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a5c7c08d74901b7b810937ec63e85563d36786a
        Validity
            Not Before: Jan  2 16:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bec90a9ccb2dd7c1159819ba9418f463322936e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b2:a8:32:76:24:18:f3:3c:3a:c9:e1:95:00:
                    ab:c7:8b:11:5a:6b:dd:f5:5c:30:be:45:c4:c0:39:
                    fd:b7:80:d1:b9:1e:ce:f8:1b:dc:50:a8:fc:bb:5f:
                    2c:21:a6:24:1e:1f:64:65:73:de:cf:b4:6a:dc:88:
                    2d:15:b7:a9:e9:ba:a0:86:0e:a0:eb:e9:3f:67:c1:
                    97:a7:cb:d7:37:d1:0f:a1:32:be:33:71:42:ce:06:
                    33:0e:f5:f7:9f:20:a3:23:a9:62:d3:db:c7:d8:4d:
                    47:35:9b:de:9a:6c:8c:29:08:80:f9:f2:ed:cf:3d:
                    fc:b0:10:c7:b5:6b:59:07:77:04:b2:cd:c5:a9:65:
                    fd:a2:a9:7f:ef:e4:d1:15:84:9e:90:d7:1e:b0:b1:
                    a3:de:63:48:a0:33:5a:58:d2:36:49:68:3b:18:e5:
                    41:b1:71:49:a1:37:79:06:b4:f0:13:03:84:86:98:
                    a2:48:fa:83:85:ee:3f:9b:9c:b3:51:a1:dc:c1:79:
                    81:51:a0:1b:57:14:62:b4:3f:02:e3:b2:35:93:c2:
                    a1:04:61:c3:2e:2b:86:d7:45:3d:4c:0d:aa:ee:3d:
                    d0:e0:3c:0a:24:55:88:0a:39:53:f6:9d:f5:4d:e6:
                    a6:91:1a:50:18:5d:df:ad:ab:57:10:01:17:ac:ca:
                    70:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C9:0A:9C:CB:2D:D7:C1:15:98:19:BA:94:18:F4:63:32:29:36:E9
            X509v3 Authority Key Identifier:
                keyid:5A:5C:7C:08:D7:49:01:B7:B8:10:93:7E:C6:3E:85:56:3D:36:78:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wlx8CNdJAbe4EJN-xj6FVj02eGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/73805b-9bff-4d04-bdc4-1a5ba3bb70ab/1/vskKnMst18EVmBm6lBj0YzIpNuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/73805b-9bff-4d04-bdc4-1a5ba3bb70ab/1/Wlx8CNdJAbe4EJN-xj6FVj02eGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.176.0/24
                IPv6:
                  2001:67c:e1c::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:91:df:81:dd:c8:25:01:32:83:27:50:c6:59:27:95:e3:7f:
         41:90:a0:e4:e8:0c:e8:0d:8e:ea:e8:9d:37:a3:4e:b7:9c:a7:
         95:11:f9:2e:e9:7b:8f:a3:10:8d:48:f5:4a:bb:73:2d:13:ac:
         d2:e1:3c:81:de:17:a0:55:f9:82:85:fb:19:53:b9:e2:d1:43:
         22:57:08:bb:05:26:f7:74:82:f2:e6:e5:81:d3:a8:60:86:22:
         16:09:05:13:af:ba:ea:f3:65:26:19:2b:07:54:8c:7b:7a:12:
         78:8a:e1:40:12:b4:57:3c:a4:4f:38:9b:91:c5:fa:c8:a1:e2:
         9c:82:22:38:75:9d:72:bb:2e:02:61:1c:48:c9:a1:84:c0:77:
         05:58:19:00:4b:c4:44:9e:ff:8c:5c:7f:fe:e6:4c:cc:3e:41:
         97:b1:7c:c6:98:8c:31:82:32:b4:4b:dd:3d:6f:87:c1:57:53:
         71:bb:9f:04:5d:19:db:32:02:08:ab:16:9a:74:f1:cc:08:72:
         9f:7a:f2:a2:ba:35:1d:53:09:93:2d:90:75:a6:38:7c:01:ca:
         ca:55:ae:19:e5:a8:79:4a:b3:4f:26:9c:ef:d1:95:c5:48:b3:
         57:a7:a8:69:8a:61:06:cc:63:62:a6:f0:87:48:c3:7d:c8:17:
         f3:69:8e:ce
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt/gYI4aowqq8n+/c6gIm8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNWM3YzA4ZDc0OTAxYjdiODEwOTM3ZWM2M2U4NTU2M2Qz
Njc4NmEwHhcNMjYwMTAyMTYxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWM5MGE5Y2NiMmRkN2MxMTU5ODE5YmE5NDE4ZjQ2MzMyMjkzNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7KoMnYkGPM8OsnhlQCrx4sRWmvd
9VwwvkXEwDn9t4DRuR7O+BvcUKj8u18sIaYkHh9kZXPez7Rq3IgtFbep6bqghg6g
6+k/Z8GXp8vXN9EPoTK+M3FCzgYzDvX3nyCjI6li09vH2E1HNZvemmyMKQiA+fLt
zz38sBDHtWtZB3cEss3FqWX9oql/7+TRFYSekNcesLGj3mNIoDNaWNI2SWg7GOVB
sXFJoTd5BrTwEwOEhpiiSPqDhe4/m5yzUaHcwXmBUaAbVxRitD8C47I1k8KhBGHD
LiuG10U9TA2q7j3Q4DwKJFWICjlT9p31TeamkRpQGF3fratXEAEXrMpwmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL7JCpzLLdfBFZgZupQY9GMyKTbpMB8GA1UdIwQY
MBaAFFpcfAjXSQG3uBCTfsY+hVY9NnhqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2x4OENOZEpBYmU0RUpOLXhqNkZWajAyZUdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy83MzgwNWItOWJmZi00ZDA0LWJkYzQt
MWE1YmEzYmI3MGFiLzEvdnNrS25Nc3QxOEVWbUJtNmxCajBZeklwTnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy83MzgwNWItOWJmZi00ZDA0LWJkYzQtMWE1YmEzYmI3MGFi
LzEvV2x4OENOZEpBYmU0RUpOLXhqNkZWajAyZUdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwG2wMA8E
AgACMAkDBwAgAQZ8DhwwDQYJKoZIhvcNAQELBQADggEBACmR34HdyCUBMoMnUMZZ
J5Xjf0GQoOToDOgNjuronTejTrecp5UR+S7pe4+jEI1I9Uq7cy0TrNLhPIHeF6BV
+YKF+xlTueLRQyJXCLsFJvd0gvLm5YHTqGCGIhYJBROvuurzZSYZKwdUjHt6EniK
4UAStFc8pE84m5HF+sih4pyCIjh1nXK7LgJhHEjJoYTAdwVYGQBLxESe/4xcf/7m
TMw+QZexfMaYjDGCMrRL3T1vh8FXU3G7nwRdGdsyAgirFpp08cwIcp968qK6NR1T
CZMtkHWmOHwByspVrhnlqHlKs08mnO/RlcVIs1enqGmKYQbMY2Km8IdIw33IF/Np
js4=
-----END CERTIFICATE-----