Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/VxlMtp46aGtX4_VrPgDQ6HvQbdE.roa
File:                     VxlMtp46aGtX4_VrPgDQ6HvQbdE.roa (raw, json)
Hash identifier:          W9RNPArWYdSPLq6QU2Lw7aPUbOCgd4YoDKP5U/vqtdY=
Subject key identifier:   57:19:4C:B6:9E:3A:68:6B:57:E3:F5:6B:3E:00:D0:E8:7B:D0:6D:D1
Certificate issuer:       /CN=11125404c6dd472f1001ed9ffdf726762ac7701d
Certificate serial:       019D4584B35940BC85C7203ADDDDFBFCDC00
Authority key identifier: 11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/VxlMtp46aGtX4_VrPgDQ6HvQbdE.roa
Signing time:             Tue 31 Mar 2026 20:10:17 +0000
ROA not before:           Tue 31 Mar 2026 20:10:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199929
IP address blocks:        92.242.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:45:84:b3:59:40:bc:85:c7:20:3a:dd:dd:fb:fc:dc:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11125404c6dd472f1001ed9ffdf726762ac7701d
        Validity
            Not Before: Mar 31 20:10:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=57194cb69e3a686b57e3f56b3e00d0e87bd06dd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:32:90:c9:dd:69:91:2e:ad:00:d1:37:a5:ce:
                    b0:68:b0:ae:94:f8:7b:b7:93:16:01:57:c5:ce:d4:
                    27:dd:b1:b8:d3:48:2a:ae:d0:6d:46:62:75:29:dd:
                    59:a9:68:2e:65:4d:41:bf:f8:cc:1a:21:13:80:49:
                    11:06:a1:94:db:c0:9d:1d:0c:2d:ee:49:e7:0e:ce:
                    bd:9b:2a:79:06:95:6a:c2:37:45:fe:38:8e:3b:bf:
                    b3:59:b9:f1:bf:7a:be:44:2e:2b:51:cf:5f:c0:fb:
                    d4:16:b3:7a:21:fe:a4:d3:14:50:69:30:c8:a5:0b:
                    40:0c:16:a2:c6:9e:b5:2d:c9:2a:ef:87:b8:b1:8f:
                    7b:b8:22:11:97:8a:68:df:fe:c7:66:3f:00:58:19:
                    fe:52:0b:ec:68:bc:23:1c:8e:4e:ba:fe:06:9c:03:
                    cb:01:47:ff:d6:07:50:b7:27:55:e8:75:51:4f:ae:
                    a4:7b:71:7e:17:dd:cd:35:f4:92:00:aa:6e:17:96:
                    b3:83:2c:0b:cf:77:31:9f:f2:71:b5:a1:82:2d:d7:
                    cd:0c:15:ae:5c:0b:e1:01:56:f6:0a:77:7c:d8:e0:
                    01:f7:33:79:73:93:49:91:91:f0:79:cf:ba:8d:e9:
                    20:bb:a4:16:7e:e6:5e:e1:a0:2e:c5:96:63:d6:f1:
                    25:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:19:4C:B6:9E:3A:68:6B:57:E3:F5:6B:3E:00:D0:E8:7B:D0:6D:D1
            X509v3 Authority Key Identifier:
                keyid:11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/VxlMtp46aGtX4_VrPgDQ6HvQbdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.242.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:46:96:0c:73:30:c3:a9:04:6e:c7:2c:9a:a0:a4:f5:57:9e:
         34:31:a3:35:10:06:66:0e:7e:85:3d:dc:57:ab:99:3d:70:48:
         f8:d3:ea:89:23:ce:0e:9b:c5:da:a2:fa:67:c2:eb:c2:7c:19:
         04:fa:45:8b:4d:8a:6c:d7:fb:35:69:e4:fb:b9:d8:c4:97:0a:
         29:22:f9:36:ba:09:a2:35:f8:86:60:ed:26:e5:3b:d5:21:3a:
         bd:1d:e3:ea:68:d1:88:66:8b:df:3d:3b:4e:f4:ea:77:2b:16:
         e4:75:bc:34:d8:53:ab:97:81:38:8c:5d:76:93:26:77:79:94:
         c3:2a:d0:62:2d:1e:b0:d1:7d:21:5b:ea:e6:4d:f4:34:e0:ae:
         07:00:9c:5d:8d:4a:36:97:1d:81:ad:48:fe:0f:1d:40:d5:23:
         f7:24:f7:15:ad:6c:ee:f2:c2:48:c1:fd:af:8e:10:ea:e6:11:
         96:36:2a:f4:2f:60:4c:48:73:f2:9b:a1:30:24:dc:3a:5a:1d:
         ea:71:9e:1f:85:c8:d8:53:ab:a8:3b:03:97:28:ff:45:8b:ba:
         3f:6f:a2:62:99:05:9e:fb:40:4f:89:c4:6d:c9:0a:43:05:48:
         17:bf:c9:ed:0d:6e:37:c7:cf:de:c4:77:fd:f8:e7:1b:90:28:
         7c:23:93:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1FhLNZQLyFxyA63d37/NwAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTI1NDA0YzZkZDQ3MmYxMDAxZWQ5ZmZkZjcyNjc2MmFj
NzcwMWQwHhcNMjYwMzMxMjAxMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE5NGNiNjllM2E2ODZiNTdlM2Y1NmIzZTAwZDBlODdiZDA2ZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTKQyd1pkS6tANE3pc6waLCulPh7
t5MWAVfFztQn3bG400gqrtBtRmJ1Kd1ZqWguZU1Bv/jMGiETgEkRBqGU28CdHQwt
7knnDs69myp5BpVqwjdF/jiOO7+zWbnxv3q+RC4rUc9fwPvUFrN6If6k0xRQaTDI
pQtADBaixp61Lckq74e4sY97uCIRl4po3/7HZj8AWBn+UgvsaLwjHI5Ouv4GnAPL
AUf/1gdQtydV6HVRT66ke3F+F93NNfSSAKpuF5azgywLz3cxn/JxtaGCLdfNDBWu
XAvhAVb2Cnd82OAB9zN5c5NJkZHwec+6jekgu6QWfuZe4aAuxZZj1vEluwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcZTLaeOmhrV+P1az4A0Oh70G3RMB8GA1UdIwQY
MBaAFBESVATG3UcvEAHtn/33JnYqx3AdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYt
NmRmZTBmN2Q1M2JkLzEvVnhsTXRwNDZhR3RYNF9WclBnRFE2SHZRYmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYtNmRmZTBmN2Q1M2Jk
LzEvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPKnMA0G
CSqGSIb3DQEBCwUAA4IBAQDARpYMczDDqQRuxyyaoKT1V540MaM1EAZmDn6FPdxX
q5k9cEj40+qJI84Om8XaovpnwuvCfBkE+kWLTYps1/s1aeT7udjElwopIvk2ugmi
NfiGYO0m5TvVITq9HePqaNGIZovfPTtO9Op3Kxbkdbw02FOrl4E4jF12kyZ3eZTD
KtBiLR6w0X0hW+rmTfQ04K4HAJxdjUo2lx2BrUj+Dx1A1SP3JPcVrWzu8sJIwf2v
jhDq5hGWNir0L2BMSHPym6EwJNw6Wh3qcZ4fhcjYU6uoOwOXKP9Fi7o/b6JimQWe
+0BPicRtyQpDBUgXv8ntDW43x8/exHf9+OcbkCh8I5Ow
-----END CERTIFICATE-----