Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/oMsYsNxkf5LA_nHbQmx88zUFLnA.roa
File:                     oMsYsNxkf5LA_nHbQmx88zUFLnA.roa (raw, json)
Hash identifier:          6VptuEAPm1XDEOcGV+IhpdT3wxdgJa+FrKbXbpaM5nY=
Subject key identifier:   A0:CB:18:B0:DC:64:7F:92:C0:FE:71:DB:42:6C:7C:F3:35:05:2E:70
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       019D73776F0A8850B12E8608CF94DCE42866
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/oMsYsNxkf5LA_nHbQmx88zUFLnA.roa
Signing time:             Thu 09 Apr 2026 18:18:20 +0000
ROA not before:           Thu 09 Apr 2026 18:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50113
IP address blocks:        132.243.27.0/24 maxlen: 24
                          2a0c:5d00:1001::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:73:77:6f:0a:88:50:b1:2e:86:08:cf:94:dc:e4:28:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Apr  9 18:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0cb18b0dc647f92c0fe71db426c7cf335052e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f6:b1:ec:e5:67:c8:4a:8c:e3:a7:71:00:1f:
                    e7:12:12:5c:3b:b6:ae:6c:a9:f1:e6:94:76:6b:2a:
                    71:46:42:6f:27:5b:87:ac:50:71:43:35:ec:63:38:
                    5b:b8:cb:f1:27:f4:20:2f:7f:da:7d:00:4a:0e:ea:
                    e3:ec:13:be:cd:65:14:cb:e8:17:d9:7f:09:02:98:
                    b8:09:69:5e:b8:fa:c4:13:93:09:a6:09:1f:d1:7c:
                    22:8b:12:16:17:88:26:1c:e5:74:99:fe:7f:36:10:
                    45:3f:7a:d6:19:fd:35:5a:f7:6c:d4:23:47:fe:22:
                    5a:7a:39:cf:62:27:6e:0f:ed:94:1c:23:ba:d4:c1:
                    f0:30:96:d3:19:76:65:f8:16:02:cd:80:f9:2e:df:
                    cf:d0:a1:6d:10:2a:50:91:31:ca:f7:a9:ac:7f:46:
                    ef:3c:08:d4:ae:27:36:31:1b:b3:20:d6:21:cd:13:
                    97:56:37:47:3f:df:e5:0a:46:14:25:51:89:b5:e2:
                    2b:5d:c6:4c:be:7d:7f:4f:05:2f:7d:15:cc:57:7c:
                    7b:db:6e:56:9e:5e:81:11:af:0e:62:82:75:af:03:
                    0e:b5:2a:1b:d2:d7:99:c7:e6:ff:e8:f4:c8:e2:15:
                    ce:13:fa:2e:d0:75:7f:e8:a5:d0:92:8b:3c:50:0b:
                    33:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:CB:18:B0:DC:64:7F:92:C0:FE:71:DB:42:6C:7C:F3:35:05:2E:70
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/oMsYsNxkf5LA_nHbQmx88zUFLnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.27.0/24
                IPv6:
                  2a0c:5d00:1001::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:68:7e:4e:58:1b:97:d0:b3:ae:67:36:b9:45:a1:18:07:7e:
         d6:10:45:d8:26:6a:1d:ad:e6:06:df:8c:e1:be:03:f6:50:72:
         50:92:47:5b:31:b4:a0:97:19:c3:ef:c4:4a:6a:85:5b:93:10:
         a2:62:11:32:be:df:9d:0d:1c:91:32:6b:7a:bd:51:30:ab:d4:
         8e:ed:cd:f1:a2:5e:e9:36:eb:97:fa:d8:84:c0:ce:01:54:46:
         96:cc:84:b3:cf:32:fc:09:fc:8d:37:87:ac:45:ad:98:87:10:
         ee:5f:ef:e5:52:53:fd:08:92:2a:51:a1:08:59:74:0b:c9:ed:
         aa:12:c4:16:b7:70:9a:0a:cf:7f:c3:33:96:e3:0f:fd:de:b4:
         be:f1:8c:cf:b5:da:35:78:8b:22:f7:09:30:2e:a3:81:b8:c0:
         af:11:2c:ef:de:a5:a9:6a:2b:9d:df:44:e3:2d:05:30:91:08:
         30:2c:aa:c8:cb:0b:e7:30:d1:fb:9a:cc:d8:51:10:7c:60:02:
         e5:38:ff:e5:92:53:0b:4f:d0:17:1c:5d:70:a0:20:23:98:ab:
         e8:ef:d4:44:45:fd:ed:c4:ae:42:ec:d5:5e:9a:d8:51:b5:61:
         ce:15:b8:ef:b2:66:eb:14:e7:39:00:30:9f:16:3d:1f:e7:4e:
         4b:95:7d:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ1zd28KiFCxLoYIz5Tc5ChmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjYwNDA5MTgxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGNiMThiMGRjNjQ3ZjkyYzBmZTcxZGI0MjZjN2NmMzM1MDUyZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/ax7OVnyEqM46dxAB/nEhJcO7au
bKnx5pR2aypxRkJvJ1uHrFBxQzXsYzhbuMvxJ/QgL3/afQBKDurj7BO+zWUUy+gX
2X8JApi4CWleuPrEE5MJpgkf0XwiixIWF4gmHOV0mf5/NhBFP3rWGf01Wvds1CNH
/iJaejnPYiduD+2UHCO61MHwMJbTGXZl+BYCzYD5Lt/P0KFtECpQkTHK96msf0bv
PAjUric2MRuzINYhzROXVjdHP9/lCkYUJVGJteIrXcZMvn1/TwUvfRXMV3x7225W
nl6BEa8OYoJ1rwMOtSob0teZx+b/6PTI4hXOE/ou0HV/6KXQkos8UAsz5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKDLGLDcZH+SwP5x20JsfPM1BS5wMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvb01zWXNOeGtmNUxBX25IYlFteDg4elVGTG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAhPMbMA8E
AgACMAkDBwAqDF0AEAEwDQYJKoZIhvcNAQELBQADggEBAEBofk5YG5fQs65nNrlF
oRgHftYQRdgmah2t5gbfjOG+A/ZQclCSR1sxtKCXGcPvxEpqhVuTEKJiETK+350N
HJEya3q9UTCr1I7tzfGiXuk265f62ITAzgFURpbMhLPPMvwJ/I03h6xFrZiHEO5f
7+VSU/0IkipRoQhZdAvJ7aoSxBa3cJoKz3/DM5bjD/3etL7xjM+12jV4iyL3CTAu
o4G4wK8RLO/epalqK53fROMtBTCRCDAsqsjLC+cw0fuazNhREHxgAuU4/+WSUwtP
0BccXXCgICOYq+jv1ERF/e3ErkLs1V6a2FG1Yc4VuO+yZusU5zkAMJ8WPR/nTkuV
faU=
-----END CERTIFICATE-----