Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/X_6bIPHUjcft5RSNrpu-xAL46Gw.roa
File:                     X_6bIPHUjcft5RSNrpu-xAL46Gw.roa (raw, json)
Hash identifier:          1Ewh/IIUkGsZDwdeBTqMnliDPxZTB0K5G9TY45ehyJU=
Subject key identifier:   5F:FE:9B:20:F1:D4:8D:C7:ED:E5:14:8D:AE:9B:BE:C4:02:F8:E8:6C
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       019D73A7F6016DAC0EA16F0DDB26B611F1FD
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/X_6bIPHUjcft5RSNrpu-xAL46Gw.roa
Signing time:             Thu 09 Apr 2026 19:11:20 +0000
ROA not before:           Thu 09 Apr 2026 19:11:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49592
IP address blocks:        193.135.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:73:a7:f6:01:6d:ac:0e:a1:6f:0d:db:26:b6:11:f1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Apr  9 19:11:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ffe9b20f1d48dc7ede5148dae9bbec402f8e86c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5c:54:7d:1d:5d:81:e6:59:9f:6a:e6:9f:c2:
                    a8:fc:34:fa:55:75:1d:69:52:d4:b5:0f:42:ee:da:
                    c0:a8:b9:4f:10:17:b0:e1:14:6a:90:b5:3c:47:b5:
                    05:bc:48:bc:7e:ca:f4:53:26:56:a5:b4:c9:29:77:
                    8c:5a:a3:af:f9:94:17:40:5d:06:60:9d:d0:8d:b2:
                    ce:dc:c3:bb:6d:95:6c:5d:37:bf:3d:1f:e1:25:f3:
                    dc:77:10:15:23:05:59:5a:78:2f:b0:5f:20:af:cc:
                    6c:81:10:18:d8:b7:16:ac:61:86:f8:d1:3a:28:e8:
                    69:73:48:33:ee:78:5c:16:cc:d5:91:5c:00:bf:68:
                    82:18:38:84:15:8b:5a:02:ef:ef:c9:78:c6:b3:b0:
                    58:ea:72:1d:94:01:88:94:1d:c0:83:e0:74:b2:87:
                    54:ba:2d:1e:7e:7d:c8:92:ef:3c:c6:2c:5d:e7:49:
                    94:bb:bb:eb:a6:5a:7b:7e:38:b6:2b:2a:1a:ed:0d:
                    32:81:87:4b:79:f2:3c:9c:e8:18:76:a3:c6:e3:61:
                    81:63:bb:61:fc:fa:55:06:ea:7c:29:a6:74:92:32:
                    bd:73:d0:95:cc:03:d6:22:2b:9b:c2:2b:ce:b1:da:
                    a8:58:2b:f7:a9:84:59:cb:32:1a:d5:f8:ff:9d:ff:
                    c2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:FE:9B:20:F1:D4:8D:C7:ED:E5:14:8D:AE:9B:BE:C4:02:F8:E8:6C
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/X_6bIPHUjcft5RSNrpu-xAL46Gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:fc:06:c3:be:0a:0b:12:71:9b:5a:ac:e7:54:c8:1a:ac:9f:
         fa:3c:39:77:3a:49:f2:bf:8f:55:f2:24:42:f9:59:5a:e3:66:
         b9:20:dc:20:07:ad:4c:25:e6:bb:81:3b:59:da:7c:c8:eb:30:
         bd:61:c4:eb:45:29:c4:8e:a8:50:47:1d:05:60:49:c8:cc:22:
         93:3e:f4:8f:3d:3b:eb:69:7b:8d:1d:0f:78:a4:a0:b9:69:88:
         f0:4a:90:1c:38:15:60:1d:6d:4a:e2:d5:98:db:b5:e5:a3:6f:
         a2:d4:40:a6:b7:31:e5:63:5e:b4:e1:fc:82:5c:10:7b:33:da:
         5a:b7:43:4a:20:42:68:33:07:e0:5b:89:9f:4b:74:11:b0:fa:
         6e:e8:9f:89:fb:b3:37:a6:55:b5:1e:a6:cd:a5:6a:e9:73:4e:
         97:40:eb:23:6c:43:33:24:56:7d:6d:d2:de:b0:45:6e:c2:61:
         70:a1:a0:39:93:9c:21:14:fa:9e:2b:06:d5:a2:8c:53:b9:c4:
         3c:4f:22:b4:57:03:cc:3e:fa:fd:4c:68:4a:34:74:59:0e:ee:
         10:59:30:34:fb:5e:56:e2:18:4a:ef:62:19:1c:1a:46:79:ac:
         fd:a6:4d:62:5a:5e:c3:0f:c0:ab:3b:38:d7:34:10:cd:c4:05:
         8d:d3:80:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1zp/YBbawOoW8N2ya2EfH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjYwNDA5MTkxMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmZlOWIyMGYxZDQ4ZGM3ZWRlNTE0OGRhZTliYmVjNDAyZjhlODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlxUfR1dgeZZn2rmn8Ko/DT6VXUd
aVLUtQ9C7trAqLlPEBew4RRqkLU8R7UFvEi8fsr0UyZWpbTJKXeMWqOv+ZQXQF0G
YJ3QjbLO3MO7bZVsXTe/PR/hJfPcdxAVIwVZWngvsF8gr8xsgRAY2LcWrGGG+NE6
KOhpc0gz7nhcFszVkVwAv2iCGDiEFYtaAu/vyXjGs7BY6nIdlAGIlB3Ag+B0sodU
ui0efn3Iku88xixd50mUu7vrplp7fji2Kyoa7Q0ygYdLefI8nOgYdqPG42GBY7th
/PpVBup8KaZ0kjK9c9CVzAPWIiubwivOsdqoWCv3qYRZyzIa1fj/nf/CRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/+myDx1I3H7eUUja6bvsQC+OhsMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvWF82YklQSFVqY2Z0NVJTTnJwdS14QUw0Nkd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYedMA0G
CSqGSIb3DQEBCwUAA4IBAQAv/AbDvgoLEnGbWqznVMgarJ/6PDl3Oknyv49V8iRC
+Vla42a5INwgB61MJea7gTtZ2nzI6zC9YcTrRSnEjqhQRx0FYEnIzCKTPvSPPTvr
aXuNHQ94pKC5aYjwSpAcOBVgHW1K4tWY27Xlo2+i1ECmtzHlY1604fyCXBB7M9pa
t0NKIEJoMwfgW4mfS3QRsPpu6J+J+7M3plW1HqbNpWrpc06XQOsjbEMzJFZ9bdLe
sEVuwmFwoaA5k5whFPqeKwbVooxTucQ8TyK0VwPMPvr9TGhKNHRZDu4QWTA0+15W
4hhK72IZHBpGeaz9pk1iWl7DD8CrOzjXNBDNxAWN04Cw
-----END CERTIFICATE-----