Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/kEPNlrKv9PFSISICuZi7jWl1rcI.roa
File:                     kEPNlrKv9PFSISICuZi7jWl1rcI.roa (raw, json)
Hash identifier:          8hThMhId1cGvL3/GDEFCrpTOphy3jXFlFz6HT3SnBow=
Subject key identifier:   90:43:CD:96:B2:AF:F4:F1:52:21:22:02:B9:98:BB:8D:69:75:AD:C2
Certificate issuer:       /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial:       019DAAF04731403A8559CC3E5E8C05119B6A
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/kEPNlrKv9PFSISICuZi7jWl1rcI.roa
Signing time:             Mon 20 Apr 2026 12:49:26 +0000
ROA not before:           Mon 20 Apr 2026 12:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201097
IP address blocks:        78.153.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 06:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:f0:47:31:40:3a:85:59:cc:3e:5e:8c:05:11:9b:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
        Validity
            Not Before: Apr 20 12:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9043cd96b2aff4f152212202b998bb8d6975adc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:01:9a:50:b3:64:59:52:95:c6:8d:cd:ff:d1:
                    1e:b1:4d:76:73:de:61:1b:f8:f0:a9:69:df:c7:74:
                    30:47:87:f7:65:48:bc:b5:73:e3:eb:33:31:6c:38:
                    e2:09:0c:08:e1:d9:32:40:25:27:08:02:0b:40:2b:
                    47:09:71:28:08:e0:ab:e7:4c:9a:d6:fc:cb:52:68:
                    fb:e1:66:98:c0:f1:ff:15:95:3b:54:00:94:50:23:
                    30:a8:27:c3:67:9e:13:f0:4d:bf:c2:eb:a0:0f:1e:
                    f4:50:db:37:11:c5:72:e0:2d:58:57:2e:5a:09:77:
                    6a:40:04:c4:97:2e:82:c1:40:33:f1:28:f0:a9:ea:
                    d4:88:d4:c3:12:62:8a:f7:40:b3:6d:f3:b6:2a:df:
                    af:e1:b7:ee:e8:4e:cb:16:79:fd:3e:d2:bd:15:ba:
                    df:79:bc:7a:b0:96:30:33:6b:64:fe:03:4f:97:92:
                    0a:47:30:41:30:ec:64:49:48:12:e7:2a:ec:ec:b6:
                    e7:84:d0:81:6e:0c:84:b5:42:8d:84:89:e8:18:04:
                    cb:30:04:f4:d6:47:02:30:cd:d2:4d:ba:82:3d:b9:
                    ba:b4:ad:e8:8b:2d:be:cc:1b:1c:d2:da:ff:76:fb:
                    9d:6a:0f:9e:42:ea:9a:c3:af:43:c1:68:07:04:32:
                    f5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:43:CD:96:B2:AF:F4:F1:52:21:22:02:B9:98:BB:8D:69:75:AD:C2
            X509v3 Authority Key Identifier:
                keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/kEPNlrKv9PFSISICuZi7jWl1rcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:4f:af:6c:f4:d2:ba:0f:55:fd:51:6e:79:5a:15:2f:fd:e7:
         ba:75:fb:cc:f4:48:0d:1c:80:d8:61:ea:50:49:c2:16:56:42:
         7d:3f:df:6f:bc:b8:cf:f7:94:57:c7:5f:98:d4:4d:56:9a:cb:
         e1:67:52:98:d4:9e:93:3c:47:0c:76:e1:18:0a:37:ac:e3:90:
         40:45:8c:fe:89:38:74:a5:db:4f:0e:f1:1b:92:b0:9b:99:e1:
         be:f5:93:2c:46:1a:41:99:1d:24:e7:d6:f0:4e:b6:a8:ce:b8:
         81:a6:c1:18:70:6e:6a:20:a7:1e:73:2f:5f:de:3f:2e:ab:94:
         a8:37:dd:35:7b:74:75:21:c5:dc:37:d4:b4:60:c0:5c:8c:e3:
         90:74:11:45:7e:a7:5d:99:20:b9:69:84:48:7f:bf:07:ff:da:
         d8:e1:e1:e0:72:ee:4a:6d:37:83:b7:cb:16:1c:a5:21:f4:d2:
         35:bf:99:12:a9:cc:13:5a:b3:9f:8a:69:9e:48:a1:b0:f0:69:
         eb:98:92:7b:61:f3:4e:59:65:de:04:65:81:cd:56:7e:c5:12:
         2d:e3:48:26:cb:2d:00:96:5e:c3:bb:b0:e4:f7:13:30:9e:3d:
         88:8a:c9:17:69:db:f9:c2:73:15:70:50:29:8b:06:89:96:47:
         ad:d6:ac:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2q8EcxQDqFWcw+XowFEZtqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjYwNDIwMTI0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDQzY2Q5NmIyYWZmNGYxNTIyMTIyMDJiOTk4YmI4ZDY5NzVhZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAGaULNkWVKVxo3N/9EesU12c95h
G/jwqWnfx3QwR4f3ZUi8tXPj6zMxbDjiCQwI4dkyQCUnCAILQCtHCXEoCOCr50ya
1vzLUmj74WaYwPH/FZU7VACUUCMwqCfDZ54T8E2/wuugDx70UNs3EcVy4C1YVy5a
CXdqQATEly6CwUAz8SjwqerUiNTDEmKK90CzbfO2Kt+v4bfu6E7LFnn9PtK9Fbrf
ebx6sJYwM2tk/gNPl5IKRzBBMOxkSUgS5yrs7LbnhNCBbgyEtUKNhInoGATLMAT0
1kcCMM3STbqCPbm6tK3oiy2+zBsc0tr/dvudag+eQuqaw69DwWgHBDL1dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBDzZayr/TxUiEiArmYu41pda3CMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEva0VQTmxyS3Y5UEZTSVNJQ3VaaTdqV2wxcmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATpmIMA0G
CSqGSIb3DQEBCwUAA4IBAQBIT69s9NK6D1X9UW55WhUv/ee6dfvM9EgNHIDYYepQ
ScIWVkJ9P99vvLjP95RXx1+Y1E1WmsvhZ1KY1J6TPEcMduEYCjes45BARYz+iTh0
pdtPDvEbkrCbmeG+9ZMsRhpBmR0k59bwTraozriBpsEYcG5qIKcecy9f3j8uq5So
N901e3R1IcXcN9S0YMBcjOOQdBFFfqddmSC5aYRIf78H/9rY4eHgcu5KbTeDt8sW
HKUh9NI1v5kSqcwTWrOfimmeSKGw8GnrmJJ7YfNOWWXeBGWBzVZ+xRIt40gmyy0A
ll7Du7Dk9xMwnj2IiskXadv5wnMVcFApiwaJlket1qxO
-----END CERTIFICATE-----