Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/cNKxmExWX8H4nxPM1m3EkprlzIg.roa
File:                     cNKxmExWX8H4nxPM1m3EkprlzIg.roa (raw, json)
Hash identifier:          Rk8jdz4fiEuWv1D3c4wvY3yZbx53grU16la/CU7eoT8=
Subject key identifier:   70:D2:B1:98:4C:56:5F:C1:F8:9F:13:CC:D6:6D:C4:92:9A:E5:CC:88
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019D63CC9861AC25B3DAF0891781E6778289
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/cNKxmExWX8H4nxPM1m3EkprlzIg.roa
Signing time:             Mon 06 Apr 2026 17:17:25 +0000
ROA not before:           Mon 06 Apr 2026 17:17:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199398
IP address blocks:        87.232.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 20:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:cc:98:61:ac:25:b3:da:f0:89:17:81:e6:77:82:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr  6 17:17:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70d2b1984c565fc1f89f13ccd66dc4929ae5cc88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7e:50:ad:9a:1b:5a:19:26:c9:56:87:d2:42:
                    4f:e6:b2:25:5d:e4:e6:c2:01:34:d6:63:f6:81:af:
                    5a:9c:0a:6a:61:6a:d3:8e:79:dc:26:dd:09:fa:28:
                    0e:f1:72:da:db:c4:05:b1:6d:46:03:ef:5c:7e:0a:
                    81:27:0c:49:de:95:f9:da:24:76:9d:bd:bf:d9:3a:
                    b4:18:27:f3:9e:cd:2d:51:8c:25:cc:bb:3c:ea:18:
                    9c:a9:02:ad:54:c5:e1:2b:37:a3:11:9a:6f:3f:13:
                    bd:ff:ff:ea:08:0c:a9:ea:d0:1a:76:ba:fa:7e:e6:
                    5f:ce:ba:2e:91:99:18:2a:31:98:51:d3:07:14:42:
                    40:f3:07:b0:36:e2:a5:55:1a:8a:66:ac:ed:9b:ff:
                    2a:8b:a5:c3:7d:91:b7:9f:51:03:f2:ad:e6:e3:d9:
                    3e:6e:99:89:11:6d:03:a5:2e:87:f3:9f:ac:4e:02:
                    89:aa:15:39:95:70:ea:f5:c0:23:f8:c4:c3:01:fb:
                    6c:a8:ae:32:de:63:d7:60:fa:9f:65:1c:73:d5:53:
                    1b:df:85:0c:1f:75:28:06:f7:43:7a:45:a3:6a:55:
                    a9:aa:9a:b0:a9:d1:f6:35:1d:1e:11:42:7a:cb:fb:
                    4f:d2:76:23:86:28:1e:1d:11:37:82:4c:4e:07:da:
                    98:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:D2:B1:98:4C:56:5F:C1:F8:9F:13:CC:D6:6D:C4:92:9A:E5:CC:88
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/cNKxmExWX8H4nxPM1m3EkprlzIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:cb:07:0a:22:e5:df:34:c8:17:22:8d:c7:63:72:24:6b:1d:
         80:0e:4b:11:ee:f0:aa:49:65:92:5d:66:a4:93:ff:83:0c:02:
         13:cc:17:fd:15:a0:09:cb:45:7c:c0:48:21:de:8c:53:dd:5d:
         21:01:1e:45:a9:21:5f:a7:79:80:a9:8d:d4:5d:a4:bc:6c:49:
         3a:94:1b:dc:74:84:21:60:5a:e0:ff:0b:ec:4d:94:5b:fb:53:
         13:64:ea:4f:8b:5a:08:15:0c:85:c7:79:84:8c:3b:ec:65:84:
         8f:79:cd:e3:57:e7:f7:89:4e:2b:f1:f1:6d:32:81:1a:9e:7d:
         da:c0:a3:fa:67:23:87:9f:7e:61:ac:a8:81:61:f7:3b:65:73:
         84:c4:6c:39:dd:d9:ca:a8:ba:42:47:a1:3f:cc:32:39:d0:a4:
         fd:2c:f5:b5:d8:ef:37:fe:0e:df:e1:eb:8d:81:37:9b:0e:77:
         58:85:21:ad:15:d0:64:5c:c8:36:54:80:e3:18:4e:46:27:de:
         82:43:c5:b3:ba:83:35:fc:6f:28:6d:01:10:0a:cd:79:62:6d:
         f1:f9:ba:82:3e:e4:95:ad:66:26:c6:a4:ab:24:29:06:13:05:
         a2:3f:b9:e7:83:0c:83:f4:57:65:dd:e6:24:62:78:4e:a4:1d:
         3c:06:92:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1jzJhhrCWz2vCJF4Hmd4KJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDA2MTcxNzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGQyYjE5ODRjNTY1ZmMxZjg5ZjEzY2NkNjZkYzQ5MjlhZTVjYzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnn5QrZobWhkmyVaH0kJP5rIlXeTm
wgE01mP2ga9anApqYWrTjnncJt0J+igO8XLa28QFsW1GA+9cfgqBJwxJ3pX52iR2
nb2/2Tq0GCfzns0tUYwlzLs86hicqQKtVMXhKzejEZpvPxO9///qCAyp6tAadrr6
fuZfzroukZkYKjGYUdMHFEJA8wewNuKlVRqKZqztm/8qi6XDfZG3n1ED8q3m49k+
bpmJEW0DpS6H85+sTgKJqhU5lXDq9cAj+MTDAftsqK4y3mPXYPqfZRxz1VMb34UM
H3UoBvdDekWjalWpqpqwqdH2NR0eEUJ6y/tP0nYjhigeHRE3gkxOB9qYiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDSsZhMVl/B+J8TzNZtxJKa5cyIMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvY05LeG1FeFdYOEg0bnhQTTFtM0VrcHJseklnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+h6MA0G
CSqGSIb3DQEBCwUAA4IBAQCnywcKIuXfNMgXIo3HY3Ikax2ADksR7vCqSWWSXWak
k/+DDAITzBf9FaAJy0V8wEgh3oxT3V0hAR5FqSFfp3mAqY3UXaS8bEk6lBvcdIQh
YFrg/wvsTZRb+1MTZOpPi1oIFQyFx3mEjDvsZYSPec3jV+f3iU4r8fFtMoEann3a
wKP6ZyOHn35hrKiBYfc7ZXOExGw53dnKqLpCR6E/zDI50KT9LPW12O83/g7f4euN
gTebDndYhSGtFdBkXMg2VIDjGE5GJ96CQ8WzuoM1/G8obQEQCs15Ym3x+bqCPuSV
rWYmxqSrJCkGEwWiP7nngwyD9Fdl3eYkYnhOpB08BpJk
-----END CERTIFICATE-----