Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/0Va2x4Qd63us7kRWmkpIgs4VavE.roa
File:                     0Va2x4Qd63us7kRWmkpIgs4VavE.roa (raw, json)
Hash identifier:          mlH17TsTBWEMs6AwiTvf9MSqSgOdSNOB7ebIvjxdVCU=
Subject key identifier:   D1:56:B6:C7:84:1D:EB:7B:AC:EE:44:56:9A:4A:48:82:CE:15:6A:F1
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       019EFE2280BB7A27C341F59575D6635B3E85
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/0Va2x4Qd63us7kRWmkpIgs4VavE.roa
Signing time:             Thu 25 Jun 2026 09:35:34 +0000
ROA not before:           Thu 25 Jun 2026 09:35:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197170
IP address blocks:        176.65.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 17:15:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fe:22:80:bb:7a:27:c3:41:f5:95:75:d6:63:5b:3e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: Jun 25 09:35:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d156b6c7841deb7bacee44569a4a4882ce156af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c1:b4:4c:5a:ab:dc:6e:0e:4d:22:b8:43:3c:
                    af:e0:eb:50:bf:7a:d0:aa:82:4a:08:92:d0:a6:25:
                    9c:64:65:6c:e6:60:a4:a4:71:24:a2:f7:12:57:ab:
                    2c:e8:52:27:56:b4:63:ab:40:f7:aa:40:d3:43:71:
                    9c:f4:18:26:93:84:49:98:6b:c4:68:4b:8c:0a:bb:
                    af:12:94:46:c5:ac:86:ec:79:36:ee:5d:c9:a5:cf:
                    1f:85:23:e5:a1:41:39:68:d0:7a:1d:da:9f:48:b1:
                    8c:9b:db:8a:74:ef:71:2a:81:b6:1c:1b:51:cb:f5:
                    dd:f9:84:48:5e:b8:d2:ec:45:0b:93:42:04:80:b1:
                    26:08:52:e5:05:9f:41:e9:19:48:bc:1e:6a:d0:76:
                    54:99:9a:1c:6e:90:9b:74:70:58:4a:d0:c1:fd:a1:
                    db:20:e1:d1:5b:45:5c:9e:56:9f:01:c0:b5:18:ba:
                    68:c8:2f:54:19:53:74:96:2c:19:dc:5d:92:33:4a:
                    af:88:79:8e:9a:a4:5a:9e:cd:dd:fa:c4:d5:90:82:
                    85:69:cc:bf:84:76:94:cd:91:64:e1:76:57:d0:cf:
                    c0:fe:ff:c5:df:bd:bf:15:41:ce:83:59:19:47:c2:
                    a2:27:d6:33:85:3f:53:bd:97:5b:85:e7:d2:6a:e8:
                    7d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:56:B6:C7:84:1D:EB:7B:AC:EE:44:56:9A:4A:48:82:CE:15:6A:F1
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/0Va2x4Qd63us7kRWmkpIgs4VavE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:fb:18:1f:1c:7b:7b:82:6e:14:17:f8:c9:76:9c:0c:97:39:
         a6:11:71:f2:82:06:6c:af:2a:28:08:4b:c2:b6:f4:14:c6:6c:
         54:6b:f6:6a:8e:a1:49:c4:b8:f5:4b:73:18:e7:be:f1:43:ce:
         64:37:5a:2b:70:08:e5:cb:cc:84:aa:b6:a0:27:fc:44:c1:84:
         37:bf:3d:80:55:6e:75:30:02:c0:d1:b4:ff:13:35:0a:50:3e:
         82:03:8d:dd:31:a2:d2:99:56:90:55:0e:15:4d:2c:e9:de:e3:
         b9:ab:44:12:ca:a6:af:8a:fa:99:9d:ae:45:4f:ea:9a:c9:3b:
         03:e9:5b:28:98:73:57:64:27:db:ba:82:f2:25:47:99:88:b9:
         9c:64:f7:26:c7:c7:37:a1:4e:c6:70:47:1b:93:0e:7e:ee:49:
         dc:2c:6b:82:e3:4c:02:bc:82:f2:fa:4d:f9:4d:b1:9a:e3:f8:
         98:18:88:d8:25:33:b7:86:eb:37:48:07:49:5e:9d:f5:6a:7a:
         22:7f:2c:8c:99:13:14:42:95:1c:84:11:37:13:f1:c5:cc:9a:
         b1:7e:9c:e8:5a:80:bb:49:e9:2d:fa:9d:e0:70:0e:80:5e:b2:
         47:00:f0:6b:96:f8:79:c4:fd:d4:e1:c0:92:51:0f:62:d3:dd:
         c0:96:08:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7+IoC7eifDQfWVddZjWz6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjYwNjI1MDkzNTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTU2YjZjNzg0MWRlYjdiYWNlZTQ0NTY5YTRhNDg4MmNlMTU2YWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcG0TFqr3G4OTSK4Qzyv4OtQv3rQ
qoJKCJLQpiWcZGVs5mCkpHEkovcSV6ss6FInVrRjq0D3qkDTQ3Gc9Bgmk4RJmGvE
aEuMCruvEpRGxayG7Hk27l3Jpc8fhSPloUE5aNB6HdqfSLGMm9uKdO9xKoG2HBtR
y/Xd+YRIXrjS7EULk0IEgLEmCFLlBZ9B6RlIvB5q0HZUmZocbpCbdHBYStDB/aHb
IOHRW0VcnlafAcC1GLpoyC9UGVN0liwZ3F2SM0qviHmOmqRans3d+sTVkIKFacy/
hHaUzZFk4XZX0M/A/v/F372/FUHOg1kZR8KiJ9YzhT9TvZdbhefSauh9hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFWtseEHet7rO5EVppKSILOFWrxMB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEvMFZhMng0UWQ2M3VzN2tSV21rcElnczRWYXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEGEMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ+xgfHHt7gm4UF/jJdpwMlzmmEXHyggZsryooCEvC
tvQUxmxUa/ZqjqFJxLj1S3MY577xQ85kN1orcAjly8yEqragJ/xEwYQ3vz2AVW51
MALA0bT/EzUKUD6CA43dMaLSmVaQVQ4VTSzp3uO5q0QSyqavivqZna5FT+qayTsD
6VsomHNXZCfbuoLyJUeZiLmcZPcmx8c3oU7GcEcbkw5+7kncLGuC40wCvILy+k35
TbGa4/iYGIjYJTO3hus3SAdJXp31anoifyyMmRMUQpUchBE3E/HFzJqxfpzoWoC7
Sekt+p3gcA6AXrJHAPBrlvh5xP3U4cCSUQ9i093Alggr
-----END CERTIFICATE-----