Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/XfkL7_PpVycbprVLaH4OE4tT8zw.roa
File:                     XfkL7_PpVycbprVLaH4OE4tT8zw.roa (raw, json)
Hash identifier:          Oii2pbC7CFv3HCPeNrmN9q1EffMqA0bBjcOQLdxIuL0=
Subject key identifier:   5D:F9:0B:EF:F3:E9:57:27:1B:A6:B5:4B:68:7E:0E:13:8B:53:F3:3C
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       019DB0E1E398595C4C94053A2D816BECF775
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/XfkL7_PpVycbprVLaH4OE4tT8zw.roa
Signing time:             Tue 21 Apr 2026 16:31:26 +0000
ROA not before:           Tue 21 Apr 2026 16:31:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        193.118.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 07:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:e1:e3:98:59:5c:4c:94:05:3a:2d:81:6b:ec:f7:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Apr 21 16:31:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5df90beff3e957271ba6b54b687e0e138b53f33c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:09:2c:66:d7:2c:4c:01:55:83:4a:07:95:0c:
                    e9:f4:26:f6:2f:7d:39:45:e2:38:02:a2:32:5e:32:
                    cf:86:9a:e5:9a:b4:a4:e1:ab:46:21:0b:0e:b2:0f:
                    9f:be:8e:f5:f2:d1:b4:3a:5a:d6:f0:7a:71:8f:a1:
                    a0:f7:44:f3:26:a6:fb:38:75:ac:65:ae:c5:f7:08:
                    66:f1:7d:24:cd:e6:bf:25:a8:5d:47:0a:06:62:a1:
                    59:34:d2:33:97:21:b1:e3:8a:ea:89:70:1c:9f:f2:
                    91:38:52:34:d3:c4:a2:58:9c:92:18:07:be:be:bf:
                    70:e9:ff:15:f0:d9:19:62:b2:ef:97:e4:22:87:98:
                    42:45:c0:b8:2d:7e:95:1f:d9:80:6f:24:5d:6e:cb:
                    d9:d3:4b:66:42:13:68:e1:93:87:19:62:11:60:c4:
                    a2:12:61:6f:8f:d6:52:74:94:08:b3:77:48:5a:39:
                    73:c7:f3:66:bc:1d:2f:55:ec:b9:f1:4f:92:c0:02:
                    72:dd:87:15:29:bb:a8:b6:78:dc:21:62:44:03:e4:
                    65:a9:f6:a3:73:3d:cb:33:c7:5f:3a:69:59:ff:1d:
                    8a:9b:a0:6f:00:ba:78:ec:d7:0d:47:a8:46:ea:c6:
                    a7:2c:1d:cf:24:84:cb:93:50:41:c0:be:93:d2:92:
                    c2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:F9:0B:EF:F3:E9:57:27:1B:A6:B5:4B:68:7E:0E:13:8B:53:F3:3C
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/XfkL7_PpVycbprVLaH4OE4tT8zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.118.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:b2:1c:8d:6a:76:a7:cb:94:d0:af:5e:f3:6e:3d:ac:f7:a6:
         53:dd:85:bc:a4:94:b3:bc:5e:23:b0:56:7f:01:ba:94:7e:0a:
         c0:02:31:fa:bc:04:51:88:9d:5b:5e:df:88:6a:78:85:35:8d:
         01:2a:6e:4a:e1:ee:ec:65:f4:db:1d:c8:68:2f:93:e8:95:4b:
         53:b4:13:5e:da:2e:94:ab:d6:ea:b8:cb:be:e4:8a:0f:4a:85:
         8e:80:a9:bd:90:05:f2:6c:17:a2:c5:22:00:a0:90:ba:80:78:
         10:19:7d:ea:07:f1:e6:6d:ba:9d:16:cb:62:81:01:95:2f:ed:
         8e:3b:aa:a9:41:1a:02:fb:3c:57:2b:ca:c4:cc:ec:80:e4:00:
         f1:5b:38:53:15:38:f5:b5:4d:41:fa:ba:67:65:76:da:04:ab:
         9d:8a:3b:01:f0:26:6c:e9:f7:d8:b2:4d:d8:97:ca:2d:ca:6d:
         3a:26:0a:a3:32:a1:42:8f:46:25:e1:4c:82:be:ca:df:33:6e:
         ec:90:fe:44:8d:01:11:ae:95:03:29:55:e9:04:02:17:94:12:
         4a:45:5b:06:7c:c1:36:d1:7b:ab:d3:90:a8:21:71:71:e8:b2:
         28:c8:20:eb:c3:85:0d:4a:ea:88:36:16:1b:a3:3d:73:6d:0e:
         fa:65:64:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2w4eOYWVxMlAU6LYFr7Pd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjYwNDIxMTYzMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGY5MGJlZmYzZTk1NzI3MWJhNmI1NGI2ODdlMGUxMzhiNTNmMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugksZtcsTAFVg0oHlQzp9Cb2L305
ReI4AqIyXjLPhprlmrSk4atGIQsOsg+fvo718tG0OlrW8Hpxj6Gg90TzJqb7OHWs
Za7F9whm8X0kzea/JahdRwoGYqFZNNIzlyGx44rqiXAcn/KROFI008SiWJySGAe+
vr9w6f8V8NkZYrLvl+Qih5hCRcC4LX6VH9mAbyRdbsvZ00tmQhNo4ZOHGWIRYMSi
EmFvj9ZSdJQIs3dIWjlzx/NmvB0vVey58U+SwAJy3YcVKbuotnjcIWJEA+Rlqfaj
cz3LM8dfOmlZ/x2Km6BvALp47NcNR6hG6sanLB3PJITLk1BBwL6T0pLCpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF35C+/z6VcnG6a1S2h+DhOLU/M8MB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvWGZrTDdfUHBWeWNicHJWTGFINE9FNHRUOHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXarMA0G
CSqGSIb3DQEBCwUAA4IBAQBAshyNanany5TQr17zbj2s96ZT3YW8pJSzvF4jsFZ/
AbqUfgrAAjH6vARRiJ1bXt+IaniFNY0BKm5K4e7sZfTbHchoL5PolUtTtBNe2i6U
q9bquMu+5IoPSoWOgKm9kAXybBeixSIAoJC6gHgQGX3qB/HmbbqdFstigQGVL+2O
O6qpQRoC+zxXK8rEzOyA5ADxWzhTFTj1tU1B+rpnZXbaBKudijsB8CZs6ffYsk3Y
l8otym06JgqjMqFCj0Yl4UyCvsrfM27skP5EjQERrpUDKVXpBAIXlBJKRVsGfME2
0Xur05CoIXFx6LIoyCDrw4UNSuqINhYboz1zbQ76ZWRH
-----END CERTIFICATE-----