Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/iDkxuZs58srqOeUdyBvDJqrsf6g.roa
File:                     iDkxuZs58srqOeUdyBvDJqrsf6g.roa (raw, json)
Hash identifier:          fvVkp516bISUUseiQSRuMvIc4e9qx8ent9yHd+ZyB3o=
Subject key identifier:   88:39:31:B9:9B:39:F2:CA:EA:39:E5:1D:C8:1B:C3:26:AA:EC:7F:A8
Certificate issuer:       /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial:       019E82658C7F2F7E8EA13E50BAD456769260
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/iDkxuZs58srqOeUdyBvDJqrsf6g.roa
Signing time:             Mon 01 Jun 2026 08:55:53 +0000
ROA not before:           Mon 01 Jun 2026 08:55:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201097
IP address blocks:        78.153.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:65:8c:7f:2f:7e:8e:a1:3e:50:ba:d4:56:76:92:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
        Validity
            Not Before: Jun  1 08:55:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=883931b99b39f2caea39e51dc81bc326aaec7fa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4d:5a:a8:bb:74:6e:e0:48:32:4a:b5:1e:a9:
                    7a:e2:62:1b:37:5a:c6:7b:72:aa:3b:e0:e6:c5:4b:
                    1c:4e:c9:61:0c:0a:15:1c:b2:a7:85:ac:b4:0d:5b:
                    df:b8:ff:e2:97:5c:9a:37:86:bc:b7:cf:d3:f1:06:
                    32:a6:26:9e:88:77:dc:b9:ac:a2:56:a5:47:a6:b2:
                    58:7e:01:a7:72:2f:84:c0:67:e7:c6:1d:8f:ea:6a:
                    b5:ab:40:3f:3b:3c:7c:b5:58:ca:d9:54:31:fc:e0:
                    ec:07:e5:0e:d4:76:66:be:75:ad:98:53:d2:36:fe:
                    ec:33:99:88:7f:c4:96:f4:ef:7d:77:98:6e:8e:fa:
                    c0:f8:cb:5d:23:0b:1f:1b:33:dd:dd:67:2a:ae:f8:
                    c9:7f:da:2e:52:d2:a3:77:41:6f:f2:d4:c4:bb:be:
                    ec:91:dc:9f:fe:80:d5:9b:5e:f1:a3:a5:13:92:ef:
                    d8:b6:88:5a:08:28:05:35:1d:e1:64:13:19:49:07:
                    2d:15:75:75:ad:f9:b4:5e:20:9a:0d:34:e0:10:54:
                    6b:bb:df:46:13:9f:f2:65:b0:4e:e3:1b:6b:13:6c:
                    70:7f:8f:6f:3c:4d:d2:f9:27:7f:88:cd:0c:73:9f:
                    96:63:6f:cf:6b:85:17:6a:97:cd:59:0f:9b:de:51:
                    14:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:39:31:B9:9B:39:F2:CA:EA:39:E5:1D:C8:1B:C3:26:AA:EC:7F:A8
            X509v3 Authority Key Identifier:
                keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/iDkxuZs58srqOeUdyBvDJqrsf6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:3d:32:39:dd:01:30:03:65:01:79:7d:86:a1:d4:c4:d0:ad:
         65:5b:63:fc:67:d1:4f:a1:a6:32:23:b2:f3:5c:50:d1:7a:49:
         84:2d:cf:60:36:14:6e:88:6d:bd:08:f4:7d:a4:b6:a7:79:f7:
         0a:de:74:b9:5f:4d:69:87:bf:28:fd:93:75:59:48:ec:e1:08:
         be:01:2d:70:81:59:21:48:ab:55:c7:7c:68:87:e4:30:e9:28:
         10:70:ab:0d:a6:98:d2:eb:0b:69:24:44:3c:00:96:17:9c:cb:
         41:af:31:f2:cb:8a:1b:c1:5d:c8:32:7f:69:54:62:9f:bf:3f:
         52:73:84:6e:28:7b:53:70:49:d6:7c:f3:3c:a8:04:01:9f:f7:
         ef:a4:f9:0a:24:82:b7:43:92:f4:a5:0a:10:6f:5e:2a:29:ac:
         a9:89:17:88:c5:6c:fe:c0:85:fc:55:24:11:f7:a8:00:02:f9:
         94:f9:b8:98:5c:55:13:aa:34:44:8a:ae:0a:52:e1:b1:bd:04:
         41:cf:c9:36:ff:21:b2:1d:d4:7d:7f:21:24:38:29:ae:b2:9e:
         08:4a:af:fa:e2:13:08:78:58:bf:65:a2:2c:19:25:fe:e6:d4:
         97:9c:1a:f3:eb:5d:6e:26:2e:f5:b2:56:d3:a0:3e:f2:9e:49:
         6a:6e:b4:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6CZYx/L36OoT5QutRWdpJgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjYwNjAxMDg1NTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODM5MzFiOTliMzlmMmNhZWEzOWU1MWRjODFiYzMyNmFhZWM3ZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU1aqLt0buBIMkq1Hql64mIbN1rG
e3KqO+DmxUscTslhDAoVHLKnhay0DVvfuP/il1yaN4a8t8/T8QYypiaeiHfcuayi
VqVHprJYfgGnci+EwGfnxh2P6mq1q0A/Ozx8tVjK2VQx/ODsB+UO1HZmvnWtmFPS
Nv7sM5mIf8SW9O99d5hujvrA+MtdIwsfGzPd3WcqrvjJf9ouUtKjd0Fv8tTEu77s
kdyf/oDVm17xo6UTku/YtohaCCgFNR3hZBMZSQctFXV1rfm0XiCaDTTgEFRru99G
E5/yZbBO4xtrE2xwf49vPE3S+Sd/iM0Mc5+WY2/Pa4UXapfNWQ+b3lEUjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIg5MbmbOfLK6jnlHcgbwyaq7H+oMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvaURreHVaczU4c3JxT2VVZHlCdkRKcXJzZjZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATpmIMA0G
CSqGSIb3DQEBCwUAA4IBAQBpPTI53QEwA2UBeX2GodTE0K1lW2P8Z9FPoaYyI7Lz
XFDRekmELc9gNhRuiG29CPR9pLanefcK3nS5X01ph78o/ZN1WUjs4Qi+AS1wgVkh
SKtVx3xoh+Qw6SgQcKsNppjS6wtpJEQ8AJYXnMtBrzHyy4obwV3IMn9pVGKfvz9S
c4RuKHtTcEnWfPM8qAQBn/fvpPkKJIK3Q5L0pQoQb14qKaypiReIxWz+wIX8VSQR
96gAAvmU+biYXFUTqjREiq4KUuGxvQRBz8k2/yGyHdR9fyEkOCmusp4ISq/64hMI
eFi/ZaIsGSX+5tSXnBrz611uJi71slbToD7ynklqbrQy
-----END CERTIFICATE-----