Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/XFPToVSUlv62f9K0b9srt7u7Z5Y.roa
File:                     XFPToVSUlv62f9K0b9srt7u7Z5Y.roa (raw, json)
Hash identifier:          2u0P8wyoxZxVI2Nw/zWrFTVPT5zEtVjj2FYXvvb8nV8=
Subject key identifier:   5C:53:D3:A1:54:94:96:FE:B6:7F:D2:B4:6F:DB:2B:B7:BB:BB:67:96
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019DECB701ED9F651EE8F63932741A1C106A
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/XFPToVSUlv62f9K0b9srt7u7Z5Y.roa
Signing time:             Sun 03 May 2026 07:21:49 +0000
ROA not before:           Sun 03 May 2026 07:21:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        178.253.226.0/24 maxlen: 24
                          188.255.196.0/24 maxlen: 24
                          212.69.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 13:57:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ec:b7:01:ed:9f:65:1e:e8:f6:39:32:74:1a:1c:10:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May  3 07:21:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c53d3a1549496feb67fd2b46fdb2bb7bbbb6796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5f:2f:ba:af:01:15:56:c9:a8:48:4a:00:6e:
                    11:e7:4a:3e:b4:94:a2:77:7c:39:bc:4f:e1:63:ac:
                    47:b6:99:ee:1d:42:b4:1e:e5:24:75:1b:09:97:c9:
                    36:2f:ff:14:56:7d:c8:5f:a0:d4:e6:07:b5:b3:6e:
                    d0:a3:59:26:0c:7b:07:c1:9c:2a:65:e0:ef:8b:bb:
                    af:ad:7b:70:71:1d:c1:4c:7c:e8:b8:c3:3f:b7:ea:
                    16:2e:50:71:70:cc:40:1d:80:54:18:3f:17:97:1f:
                    e9:f8:e8:b2:f9:87:23:38:55:5f:4c:e1:0c:55:18:
                    21:24:05:1b:66:da:44:89:cc:87:12:a2:ba:2b:f4:
                    06:fb:df:7a:d4:87:a3:d0:be:94:68:78:91:0b:13:
                    56:aa:c9:bc:5c:c4:38:5d:5d:b1:87:ce:6c:fd:f1:
                    85:b5:ad:80:66:b8:26:a0:39:4b:be:22:18:c2:25:
                    c3:e0:9a:35:a9:77:5d:ec:84:9c:e5:f5:8e:9c:23:
                    4f:49:3c:0c:1f:7a:2e:7e:26:e4:ae:41:45:1b:c5:
                    9c:43:7a:d7:6f:4d:8b:15:45:20:b5:c0:9a:e8:d3:
                    87:07:1f:f5:9a:ae:62:2d:4d:e4:26:e2:d9:ad:cb:
                    e1:70:d1:30:5d:97:8e:07:5a:28:ef:39:56:77:3e:
                    ef:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:53:D3:A1:54:94:96:FE:B6:7F:D2:B4:6F:DB:2B:B7:BB:BB:67:96
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/XFPToVSUlv62f9K0b9srt7u7Z5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.226.0/24
                  188.255.196.0/24
                  212.69.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:24:4b:b2:b7:b7:35:1c:8d:12:25:b3:16:f4:97:92:08:08:
         e9:8e:fe:ca:ca:32:20:e0:6a:4b:fd:01:2f:e5:ec:e4:72:f2:
         8e:db:98:79:46:92:f0:6f:7c:37:7b:f8:03:51:b2:d8:76:4e:
         6a:b0:30:1c:84:f1:e8:f3:5b:5d:43:a4:e0:0d:3e:d4:12:11:
         ce:44:f2:6a:d1:a0:e8:ab:da:8b:ef:14:75:ab:52:36:ec:8a:
         b2:8d:da:3b:16:cc:d5:3f:f2:69:b5:a3:6b:f4:6d:6f:9b:cf:
         e5:38:c5:69:8f:69:8e:81:1c:bc:49:09:84:47:83:f7:6a:f4:
         45:9a:23:66:68:72:28:6d:51:75:40:4b:22:3f:82:82:96:69:
         74:be:64:5c:e3:31:cb:d8:9f:6a:29:74:98:86:68:5e:5b:d1:
         8b:ec:df:ac:91:ae:0c:8c:d7:02:bb:ae:21:eb:92:2c:20:6a:
         49:bb:b1:20:65:1a:9f:ea:78:a6:42:fd:00:40:bf:6c:00:30:
         12:c6:84:be:d8:c5:e5:07:d9:e8:b9:68:f7:10:65:17:b6:0f:
         84:2e:97:08:94:68:a7:4a:79:e3:32:79:b2:83:8b:6d:14:cd:
         d2:1d:58:1b:92:38:f7:0f:ac:f9:b6:5c:02:f6:d6:74:1c:49:
         79:76:c6:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3stwHtn2Ue6PY5MnQaHBBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTAzMDcyMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzUzZDNhMTU0OTQ5NmZlYjY3ZmQyYjQ2ZmRiMmJiN2JiYmI2Nzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzV8vuq8BFVbJqEhKAG4R50o+tJSi
d3w5vE/hY6xHtpnuHUK0HuUkdRsJl8k2L/8UVn3IX6DU5ge1s27Qo1kmDHsHwZwq
ZeDvi7uvrXtwcR3BTHzouMM/t+oWLlBxcMxAHYBUGD8Xlx/p+Oiy+YcjOFVfTOEM
VRghJAUbZtpEicyHEqK6K/QG+9961Iej0L6UaHiRCxNWqsm8XMQ4XV2xh85s/fGF
ta2AZrgmoDlLviIYwiXD4Jo1qXdd7ISc5fWOnCNPSTwMH3oufibkrkFFG8WcQ3rX
b02LFUUgtcCa6NOHBx/1mq5iLU3kJuLZrcvhcNEwXZeOB1oo7zlWdz7vywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFxT06FUlJb+tn/StG/bK7e7u2eWMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvWEZQVG9WU1VsdjYyZjlLMGI5c3J0N3U3WjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsv3iAwQA
vP/EAwQA1EUJMA0GCSqGSIb3DQEBCwUAA4IBAQANJEuyt7c1HI0SJbMW9JeSCAjp
jv7KyjIg4GpL/QEv5ezkcvKO25h5RpLwb3w3e/gDUbLYdk5qsDAchPHo81tdQ6Tg
DT7UEhHORPJq0aDoq9qL7xR1q1I27Iqyjdo7FszVP/JptaNr9G1vm8/lOMVpj2mO
gRy8SQmER4P3avRFmiNmaHIobVF1QEsiP4KClml0vmRc4zHL2J9qKXSYhmheW9GL
7N+ska4MjNcCu64h65IsIGpJu7EgZRqf6nimQv0AQL9sADASxoS+2MXlB9nouWj3
EGUXtg+ELpcIlGinSnnjMnmyg4ttFM3SHVgbkjj3D6z5tlwC9tZ0HEl5dsZD
-----END CERTIFICATE-----