Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/8GxpqzFkgC5Hy_akXhw29hXcvRQ.roa
File:                     8GxpqzFkgC5Hy_akXhw29hXcvRQ.roa (raw, json)
Hash identifier:          Aev5WlLyBeoo/iwLCZCFl1FrbyeMZhKq6RcvTv7DoY0=
Subject key identifier:   F0:6C:69:AB:31:64:80:2E:47:CB:F6:A4:5E:1C:36:F6:15:DC:BD:14
Certificate issuer:       /CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
Certificate serial:       019DCF0E305010B5A7ABCF1FF237A0640544
Authority key identifier: 6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/8GxpqzFkgC5Hy_akXhw29hXcvRQ.roa
Signing time:             Mon 27 Apr 2026 13:08:26 +0000
ROA not before:           Mon 27 Apr 2026 13:08:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402133
IP address blocks:        153.51.164.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:0e:30:50:10:b5:a7:ab:cf:1f:f2:37:a0:64:05:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
        Validity
            Not Before: Apr 27 13:08:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f06c69ab3164802e47cbf6a45e1c36f615dcbd14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:bd:72:d8:5d:95:9b:98:18:20:b4:f6:05:ad:
                    80:93:07:b1:15:8a:4f:13:18:3c:b1:89:26:ff:50:
                    58:9c:46:2c:9d:08:57:de:0e:0a:90:90:07:de:b7:
                    2b:b9:fc:ec:13:dc:64:ed:43:46:e4:96:0e:ae:53:
                    7a:bb:08:eb:35:c0:9c:18:78:75:5a:d4:72:25:60:
                    be:8d:0d:6c:3d:af:24:2a:78:13:1c:55:a3:bf:26:
                    0e:4e:dc:14:bc:84:5c:cb:5b:d9:43:2f:e2:d2:4b:
                    44:cc:65:0e:87:81:c2:2c:3b:89:4f:21:30:ac:24:
                    e1:6a:0a:58:ca:de:99:b1:36:db:e8:fc:eb:fd:bc:
                    57:23:2f:c4:a8:ce:65:33:a1:33:37:86:0d:ce:62:
                    45:ab:36:e2:0d:b6:66:bd:8f:bf:8e:22:4b:35:56:
                    6b:c0:a7:a2:c8:97:2a:23:9f:a1:95:16:cd:76:ba:
                    0c:73:3c:8b:6c:6c:7b:bb:02:df:2d:3a:3a:79:25:
                    d5:7e:d0:04:e3:8a:5d:85:dd:94:7d:82:ca:b4:fb:
                    3a:27:93:52:6f:7b:61:52:43:ec:33:f7:eb:f3:54:
                    85:2d:2e:65:7a:9a:2a:7b:48:83:5f:51:21:b6:b3:
                    7a:ba:0c:23:cf:5f:2e:bc:3b:4e:11:54:9f:4d:78:
                    64:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:6C:69:AB:31:64:80:2E:47:CB:F6:A4:5E:1C:36:F6:15:DC:BD:14
            X509v3 Authority Key Identifier:
                keyid:6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/8GxpqzFkgC5Hy_akXhw29hXcvRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.51.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:c0:69:c8:75:21:2b:94:f0:fd:d3:81:5b:16:30:a3:bb:ca:
         fb:32:65:18:d7:41:48:b2:ea:1e:65:aa:bf:ac:74:2b:4d:8b:
         98:d4:a8:f4:ab:1b:37:75:96:1f:f5:35:48:af:ba:af:0d:be:
         79:64:14:2f:f1:8c:4e:35:0c:7c:1b:70:e9:7c:6d:c0:7e:5a:
         9b:ec:62:94:a9:67:76:0b:22:b9:ab:54:1f:ee:8d:85:e9:c0:
         26:66:fb:bc:20:b3:83:22:8d:85:ee:8f:33:b6:59:fe:74:d3:
         3a:dc:5e:ff:40:06:d3:0f:05:62:3b:ba:54:e3:ed:11:a4:46:
         09:3d:04:18:96:2e:bf:b8:64:3c:b6:57:d8:d1:fa:22:9e:c5:
         e4:c3:63:04:b6:da:04:81:ac:e5:4f:a0:fd:86:ad:0d:a8:73:
         9f:c7:ff:18:5b:73:e0:c7:a0:43:f9:7d:e8:20:16:45:9e:6c:
         65:6c:90:c1:8a:24:6c:0c:47:a5:a5:8a:bc:8c:fb:62:0b:32:
         02:4f:1e:07:bb:b1:38:af:36:68:46:24:18:5e:2e:8f:ac:5c:
         3a:37:63:6d:ec:75:29:40:71:b9:8a:aa:ae:ac:a6:59:4a:16:
         f9:2a:c9:b5:80:82:6e:21:61:e4:55:86:fe:d1:c4:4a:d9:0f:
         95:b7:cf:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3PDjBQELWnq88f8jegZAVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMTA0ZjFlNGFiYWVjMWVmZjgwZjI2MmM2MmY5NmMyNTQz
OGM4ZTEwHhcNMjYwNDI3MTMwODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDZjNjlhYjMxNjQ4MDJlNDdjYmY2YTQ1ZTFjMzZmNjE1ZGNiZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkb1y2F2Vm5gYILT2Ba2AkwexFYpP
Exg8sYkm/1BYnEYsnQhX3g4KkJAH3rcrufzsE9xk7UNG5JYOrlN6uwjrNcCcGHh1
WtRyJWC+jQ1sPa8kKngTHFWjvyYOTtwUvIRcy1vZQy/i0ktEzGUOh4HCLDuJTyEw
rCThagpYyt6ZsTbb6Pzr/bxXIy/EqM5lM6EzN4YNzmJFqzbiDbZmvY+/jiJLNVZr
wKeiyJcqI5+hlRbNdroMczyLbGx7uwLfLTo6eSXVftAE44pdhd2UfYLKtPs6J5NS
b3thUkPsM/fr81SFLS5lepoqe0iDX1EhtrN6ugwjz18uvDtOEVSfTXhkOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBsaasxZIAuR8v2pF4cNvYV3L0UMB8GA1UdIwQY
MBaAFGsQTx5Kuuwe/4DyYsYvlsJUOMjhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMt
MzBjOWRlMjA1YWZjLzEvOEd4cHF6RmtnQzVIeV9ha1hodzI5aFhjdlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMtMzBjOWRlMjA1YWZj
LzEvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmTOkMA0G
CSqGSIb3DQEBCwUAA4IBAQBNwGnIdSErlPD904FbFjCju8r7MmUY10FIsuoeZaq/
rHQrTYuY1Kj0qxs3dZYf9TVIr7qvDb55ZBQv8YxONQx8G3DpfG3Aflqb7GKUqWd2
CyK5q1Qf7o2F6cAmZvu8ILODIo2F7o8ztln+dNM63F7/QAbTDwViO7pU4+0RpEYJ
PQQYli6/uGQ8tlfY0foinsXkw2MEttoEgazlT6D9hq0NqHOfx/8YW3Pgx6BD+X3o
IBZFnmxlbJDBiiRsDEelpYq8jPtiCzICTx4Hu7E4rzZoRiQYXi6PrFw6N2Nt7HUp
QHG5iqqurKZZShb5Ksm1gIJuIWHkVYb+0cRK2Q+Vt8+G
-----END CERTIFICATE-----