Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/x2SB1b6SxM7_yxmfLNs-y8ZRKog.roa
File:                     x2SB1b6SxM7_yxmfLNs-y8ZRKog.roa (raw, json)
Hash identifier:          J77x2580OOeywoDnEhnXIp6cx5meujGn1RHSTXxJMNs=
Subject key identifier:   C7:64:81:D5:BE:92:C4:CE:FF:CB:19:9F:2C:DB:3E:CB:C6:51:2A:88
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019D91A3BD817CC594D6EFB383BB277D5ADB
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/x2SB1b6SxM7_yxmfLNs-y8ZRKog.roa
Signing time:             Wed 15 Apr 2026 14:55:20 +0000
ROA not before:           Wed 15 Apr 2026 14:55:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20698
IP address blocks:        62.233.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Apr 2026 23:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:a3:bd:81:7c:c5:94:d6:ef:b3:83:bb:27:7d:5a:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Apr 15 14:55:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c76481d5be92c4ceffcb199f2cdb3ecbc6512a88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:96:33:76:b1:1d:85:d8:ea:ea:26:6e:1d:95:
                    3d:3d:9f:65:f4:7e:b6:75:73:f4:14:4f:42:14:fe:
                    93:08:b1:34:4d:5f:69:67:36:c0:52:d7:6c:9f:44:
                    1d:54:82:19:70:2f:f8:08:2f:52:c4:69:b2:1d:e9:
                    7a:66:e6:b6:7b:0a:43:4a:77:6a:7a:66:a0:f3:62:
                    ba:55:36:e5:e2:a2:50:fc:1b:73:5b:98:cf:b7:af:
                    c2:20:1f:81:43:e2:1a:ca:45:b9:10:36:8c:46:ea:
                    a9:5e:45:52:3d:81:66:0e:5a:73:9b:43:83:7b:e6:
                    27:e9:e8:90:00:3c:f4:4b:c9:9c:c1:f9:89:1b:ba:
                    5c:63:67:f1:84:c8:27:80:67:6f:88:24:57:7c:c3:
                    21:3f:58:c8:27:3b:82:6a:d0:9b:de:9c:14:78:c1:
                    bd:67:44:ea:ed:93:30:5c:ab:a6:da:4c:d9:b1:a3:
                    7f:82:e2:4d:4f:1d:e2:c8:ed:7c:85:05:09:a6:6c:
                    50:23:82:13:2d:d2:b9:be:90:2a:d5:ce:49:20:75:
                    66:c5:b9:c4:44:33:1d:c7:e2:01:18:0f:b7:a5:f7:
                    ee:e3:84:14:f8:ce:c6:6d:f3:23:cd:a4:bf:ed:d2:
                    4e:a2:b6:2c:bb:9a:7e:09:2f:03:c8:94:ee:df:65:
                    cd:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:64:81:D5:BE:92:C4:CE:FF:CB:19:9F:2C:DB:3E:CB:C6:51:2A:88
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/x2SB1b6SxM7_yxmfLNs-y8ZRKog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:bf:f8:b5:54:ec:f8:20:e7:ff:44:fa:10:97:7d:e0:63:29:
         6b:dc:87:5e:3c:de:d8:07:33:b5:8d:c6:90:aa:ae:dd:75:61:
         9a:28:c3:69:f3:f4:6e:02:50:af:41:69:07:a9:1a:7f:3e:0e:
         7e:a6:2e:75:15:04:aa:01:f8:a9:f7:fc:80:56:aa:5d:73:ff:
         9a:56:e5:86:58:8a:e8:b5:88:98:7b:de:2d:2e:9f:18:55:f2:
         02:b5:a1:55:2f:96:96:54:0b:32:23:32:87:5d:1c:6e:a1:0b:
         4e:1f:dd:be:de:0c:ed:98:40:c3:f6:3c:a8:98:db:f1:3b:9d:
         57:24:56:84:ea:21:79:23:0d:c6:ae:cc:95:56:b8:86:96:38:
         d5:0c:da:23:7a:2e:eb:a7:37:23:ed:54:b4:2c:b1:2a:46:59:
         14:48:14:55:25:78:fd:d5:f8:81:10:b6:94:8a:11:ec:11:98:
         cb:d7:f7:3b:f2:af:97:e4:4f:ec:5d:2a:34:27:9e:8a:b1:bb:
         b8:5a:68:86:7b:e5:28:9d:81:d6:07:65:eb:fa:9c:86:15:96:
         c0:20:bb:6b:6a:2f:45:ec:04:98:31:e2:f3:a5:b7:fb:2d:90:
         48:9c:bd:eb:e6:34:47:89:17:65:28:74:8f:b4:ea:98:8d:e3:
         a9:13:19:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Ro72BfMWU1u+zg7snfVrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwNDE1MTQ1NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzY0ODFkNWJlOTJjNGNlZmZjYjE5OWYyY2RiM2VjYmM2NTEyYTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZYzdrEdhdjq6iZuHZU9PZ9l9H62
dXP0FE9CFP6TCLE0TV9pZzbAUtdsn0QdVIIZcC/4CC9SxGmyHel6Zua2ewpDSndq
emag82K6VTbl4qJQ/BtzW5jPt6/CIB+BQ+IaykW5EDaMRuqpXkVSPYFmDlpzm0OD
e+Yn6eiQADz0S8mcwfmJG7pcY2fxhMgngGdviCRXfMMhP1jIJzuCatCb3pwUeMG9
Z0Tq7ZMwXKum2kzZsaN/guJNTx3iyO18hQUJpmxQI4ITLdK5vpAq1c5JIHVmxbnE
RDMdx+IBGA+3pffu44QU+M7GbfMjzaS/7dJOorYsu5p+CS8DyJTu32XNXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdkgdW+ksTO/8sZnyzbPsvGUSqIMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEveDJTQjFiNlN4TTdfeXhtZkxOcy15OFpSS29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPukvMA0G
CSqGSIb3DQEBCwUAA4IBAQAJv/i1VOz4IOf/RPoQl33gYylr3IdePN7YBzO1jcaQ
qq7ddWGaKMNp8/RuAlCvQWkHqRp/Pg5+pi51FQSqAfip9/yAVqpdc/+aVuWGWIro
tYiYe94tLp8YVfICtaFVL5aWVAsyIzKHXRxuoQtOH92+3gztmEDD9jyomNvxO51X
JFaE6iF5Iw3GrsyVVriGljjVDNojei7rpzcj7VS0LLEqRlkUSBRVJXj91fiBELaU
ihHsEZjL1/c78q+X5E/sXSo0J56Ksbu4WmiGe+UonYHWB2Xr+pyGFZbAILtrai9F
7ASYMeLzpbf7LZBInL3r5jRHiRdlKHSPtOqYjeOpExnQ
-----END CERTIFICATE-----