Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/aWCxb4njzol9w0AGm7j7xxv4zKk.roa
File:                     aWCxb4njzol9w0AGm7j7xxv4zKk.roa (raw, json)
Hash identifier:          qWfznotMHyGsF2ARhLEJ/G3tASaWYyc23ZWS5NlnGGg=
Subject key identifier:   69:60:B1:6F:89:E3:CE:89:7D:C3:40:06:9B:B8:FB:C7:1B:F8:CC:A9
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019E96B4658624B32118CB7E305131B4573C
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/aWCxb4njzol9w0AGm7j7xxv4zKk.roa
Signing time:             Fri 05 Jun 2026 07:34:25 +0000
ROA not before:           Fri 05 Jun 2026 07:34:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153656
IP address blocks:        45.135.237.0/24 maxlen: 24
                          202.71.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:b4:65:86:24:b3:21:18:cb:7e:30:51:31:b4:57:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jun  5 07:34:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6960b16f89e3ce897dc340069bb8fbc71bf8cca9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:56:65:93:cc:f4:09:a1:ef:57:1c:96:57:7c:
                    d9:44:7a:fb:1d:ca:fc:c0:92:a0:13:56:87:67:a1:
                    47:69:c0:d5:35:5a:da:1b:22:81:66:26:c1:1b:52:
                    e5:8a:39:8f:86:db:0d:1f:c5:d7:56:89:19:5d:2c:
                    b7:15:2b:9c:33:8e:25:62:2f:fa:83:6f:f3:9e:f6:
                    86:46:01:e7:4f:2d:ac:a1:2d:ad:26:1d:1c:e2:eb:
                    cc:ce:e2:02:99:8c:1c:fd:35:93:2f:5b:7f:33:da:
                    97:3f:27:d3:0b:d6:1d:6d:68:c2:75:c9:ab:fe:a7:
                    54:6a:fb:57:cf:39:ac:f2:02:fd:cb:a4:a0:e7:21:
                    53:28:6b:28:69:2a:82:67:cd:cb:a8:b6:90:b2:4b:
                    55:3b:a3:e3:fc:ad:d0:99:0f:36:ab:b1:44:aa:41:
                    a8:92:69:40:da:13:36:ce:8c:50:30:92:91:0a:d1:
                    d7:bf:59:9c:df:bc:b2:e9:8f:7d:b3:07:ba:f5:43:
                    51:c9:47:d7:60:66:d6:ce:9f:7f:20:05:fa:6a:c1:
                    c7:d1:64:0f:ed:af:d4:08:bb:11:72:59:68:bd:e3:
                    89:7a:ac:eb:30:5d:f4:2d:eb:56:68:7c:38:91:56:
                    b0:49:15:ab:b5:3d:69:54:4d:57:c6:08:f5:c8:5a:
                    af:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:60:B1:6F:89:E3:CE:89:7D:C3:40:06:9B:B8:FB:C7:1B:F8:CC:A9
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/aWCxb4njzol9w0AGm7j7xxv4zKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.237.0/24
                  202.71.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:4f:19:ff:63:8e:33:bf:d4:82:9b:03:47:d7:66:dd:e7:ae:
         9b:11:cc:00:2e:06:06:3b:61:29:11:19:5f:26:bd:c8:43:58:
         71:90:a5:76:b4:72:9d:30:ad:b5:10:ab:43:db:1f:21:12:8b:
         94:2e:f6:87:51:a3:72:ad:2c:b5:9c:d3:21:75:39:b4:c2:b8:
         ce:ae:9a:c5:e8:28:d0:9b:a8:da:61:9b:47:40:9f:39:29:4a:
         62:82:ae:5d:12:bd:06:0a:6c:b8:e2:51:47:7c:d3:c0:2d:2f:
         5c:2f:5f:e1:34:26:08:49:c8:6c:61:0b:02:34:99:5c:dd:ce:
         3e:75:42:cf:21:07:93:21:2c:21:97:e2:51:c3:48:b0:56:70:
         b6:d9:e0:89:cf:28:28:0e:e9:46:ed:73:bb:27:b5:75:85:b6:
         b3:06:b9:bb:19:74:f1:94:85:61:b4:b5:4f:5c:52:9c:95:f0:
         14:38:1b:fc:4e:45:0f:9d:df:30:c6:52:66:74:82:ee:c3:93:
         18:bd:53:25:23:e8:e2:f6:c2:51:c4:8f:e6:8a:f2:5c:c2:2e:
         2c:dc:17:7f:e7:e5:35:eb:6c:89:f2:47:8d:6d:50:e8:25:23:
         3f:ed:5b:05:6a:9a:08:57:99:36:d9:e0:b0:29:7a:b6:49:17:
         f5:f9:0d:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6WtGWGJLMhGMt+MFExtFc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwNjA1MDczNDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTYwYjE2Zjg5ZTNjZTg5N2RjMzQwMDY5YmI4ZmJjNzFiZjhjY2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FZlk8z0CaHvVxyWV3zZRHr7Hcr8
wJKgE1aHZ6FHacDVNVraGyKBZibBG1LlijmPhtsNH8XXVokZXSy3FSucM44lYi/6
g2/znvaGRgHnTy2soS2tJh0c4uvMzuICmYwc/TWTL1t/M9qXPyfTC9YdbWjCdcmr
/qdUavtXzzms8gL9y6Sg5yFTKGsoaSqCZ83LqLaQsktVO6Pj/K3QmQ82q7FEqkGo
kmlA2hM2zoxQMJKRCtHXv1mc37yy6Y99swe69UNRyUfXYGbWzp9/IAX6asHH0WQP
7a/UCLsRclloveOJeqzrMF30LetWaHw4kVawSRWrtT1pVE1Xxgj1yFqvxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGlgsW+J486JfcNABpu4+8cb+MypMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvYVdDeGI0bmp6b2w5dzBBR203ajd4eHY0ektrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYftAwQA
ykcEMA0GCSqGSIb3DQEBCwUAA4IBAQA5Txn/Y44zv9SCmwNH12bd566bEcwALgYG
O2EpERlfJr3IQ1hxkKV2tHKdMK21EKtD2x8hEouULvaHUaNyrSy1nNMhdTm0wrjO
rprF6CjQm6jaYZtHQJ85KUpigq5dEr0GCmy44lFHfNPALS9cL1/hNCYISchsYQsC
NJlc3c4+dULPIQeTISwhl+JRw0iwVnC22eCJzygoDulG7XO7J7V1hbazBrm7GXTx
lIVhtLVPXFKclfAUOBv8TkUPnd8wxlJmdILuw5MYvVMlI+ji9sJRxI/mivJcwi4s
3Bd/5+U162yJ8keNbVDoJSM/7VsFapoIV5k22eCwKXq2SRf1+Q00
-----END CERTIFICATE-----