Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/IoSQ968prEWE2iPAfiHq62Q9HRQ.roa
File:                     IoSQ968prEWE2iPAfiHq62Q9HRQ.roa (raw, json)
Hash identifier:          sMFfoE8ew6Os6X7T5w3iP4CHenQCaCmWxqa3HE4kDyg=
Subject key identifier:   22:84:90:F7:AF:29:AC:45:84:DA:23:C0:7E:21:EA:EB:64:3D:1D:14
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       019E47AFFF39ACA3FF16C8AA2450C962CAB1
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/IoSQ968prEWE2iPAfiHq62Q9HRQ.roa
Signing time:             Wed 20 May 2026 23:19:36 +0000
ROA not before:           Wed 20 May 2026 23:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399955
IP address blocks:        159.197.224.0/20 maxlen: 24
                          159.197.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:47:af:ff:39:ac:a3:ff:16:c8:aa:24:50:c9:62:ca:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: May 20 23:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=228490f7af29ac4584da23c07e21eaeb643d1d14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a8:c5:f4:da:97:ef:4c:44:f7:e9:12:34:62:
                    43:89:4f:cf:87:49:8e:98:9c:03:57:fb:7e:19:83:
                    00:cf:8c:90:bf:8d:09:de:3d:d6:17:8b:24:ea:ee:
                    58:99:c0:99:2d:0b:e6:69:df:21:7d:27:cf:30:c2:
                    2d:73:44:2c:14:a5:f4:5d:c8:98:95:33:ae:9a:f3:
                    7f:3f:39:ef:c2:de:4e:42:26:e8:31:09:be:be:0f:
                    c9:f0:79:b9:6d:e0:d9:1f:9d:34:d7:16:e8:d6:be:
                    de:95:b2:ec:e3:b0:e8:d9:ad:ce:c8:4a:26:04:2c:
                    ec:40:df:e7:f7:4c:89:e6:a9:fc:ce:d0:89:bc:c3:
                    a1:16:39:75:c7:99:28:4f:ac:e0:4e:3d:0d:bc:cd:
                    5b:9b:f1:e3:70:52:cc:ea:02:ec:c7:a0:4a:e5:cb:
                    dd:d9:71:e9:3a:9e:e7:98:55:21:48:29:fe:58:41:
                    7a:eb:90:5e:38:eb:b9:4a:b9:30:ab:c4:cf:ba:bf:
                    dc:ba:e6:e8:e9:71:0f:49:60:01:50:e9:dc:f8:93:
                    0a:89:37:64:3d:62:c2:a9:a8:dd:f1:3d:29:38:22:
                    9c:01:cc:1e:8a:05:9d:e3:a8:9a:e2:25:57:39:d5:
                    7b:43:0f:a6:1e:cc:f0:7a:7a:b6:32:60:e7:40:6c:
                    66:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:84:90:F7:AF:29:AC:45:84:DA:23:C0:7E:21:EA:EB:64:3D:1D:14
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/IoSQ968prEWE2iPAfiHq62Q9HRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.197.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         64:4a:ad:17:1b:9c:6e:a5:4e:84:d0:f3:1e:1a:f5:37:0a:69:
         0b:7f:24:7f:50:bb:93:a4:92:d5:31:03:36:37:13:0f:6b:eb:
         db:dd:c5:97:f7:2d:79:c0:f9:94:30:da:f9:57:77:c4:96:21:
         ca:49:cf:19:41:37:30:90:58:62:2b:c3:c3:5f:12:22:7f:fa:
         64:ad:cb:dc:9f:8d:56:ee:f9:28:2e:07:6a:e5:10:6f:2b:a3:
         65:36:63:69:70:7f:41:e3:46:b2:ac:e6:a9:5a:09:2b:ff:9c:
         95:9b:3b:41:ae:d5:40:9a:c6:14:18:b5:08:ef:d7:f0:d3:f9:
         a0:44:c6:20:04:37:dc:1b:11:62:bd:4f:50:48:34:66:5f:cd:
         63:85:ec:63:57:00:e6:79:dc:9c:f4:ee:62:75:42:0f:a2:98:
         e8:f3:69:b8:c0:ec:81:19:b9:ae:29:fc:99:6e:40:b3:1f:b7:
         a3:3b:13:e3:33:3e:06:57:4d:0d:cb:9b:de:69:c1:c3:e1:7f:
         50:c7:62:d1:45:23:b1:04:42:ff:eb:fb:a8:89:b5:59:4e:e0:
         f5:e1:44:66:32:62:3a:58:ca:0f:12:ef:55:c7:fa:af:4e:25:
         2b:e2:04:54:49:09:2c:ad:68:a4:a4:b6:6b:bf:bd:87:a7:c0:
         85:41:c8:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Hr/85rKP/FsiqJFDJYsqxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjYwNTIwMjMxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjg0OTBmN2FmMjlhYzQ1ODRkYTIzYzA3ZTIxZWFlYjY0M2QxZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqajF9NqX70xE9+kSNGJDiU/Ph0mO
mJwDV/t+GYMAz4yQv40J3j3WF4sk6u5YmcCZLQvmad8hfSfPMMItc0QsFKX0XciY
lTOumvN/Pznvwt5OQiboMQm+vg/J8Hm5beDZH5001xbo1r7elbLs47Do2a3OyEom
BCzsQN/n90yJ5qn8ztCJvMOhFjl1x5koT6zgTj0NvM1bm/HjcFLM6gLsx6BK5cvd
2XHpOp7nmFUhSCn+WEF665BeOOu5Srkwq8TPur/cuubo6XEPSWABUOnc+JMKiTdk
PWLCqajd8T0pOCKcAcweigWd46ia4iVXOdV7Qw+mHszwenq2MmDnQGxmVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKEkPevKaxFhNojwH4h6utkPR0UMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvSW9TUTk2OHByRVdFMmlQQWZpSHE2MlE5SFJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFn8XgMA0G
CSqGSIb3DQEBCwUAA4IBAQBkSq0XG5xupU6E0PMeGvU3CmkLfyR/ULuTpJLVMQM2
NxMPa+vb3cWX9y15wPmUMNr5V3fEliHKSc8ZQTcwkFhiK8PDXxIif/pkrcvcn41W
7vkoLgdq5RBvK6NlNmNpcH9B40ayrOapWgkr/5yVmztBrtVAmsYUGLUI79fw0/mg
RMYgBDfcGxFivU9QSDRmX81jhexjVwDmedyc9O5idUIPopjo82m4wOyBGbmuKfyZ
bkCzH7ejOxPjMz4GV00Ny5veacHD4X9Qx2LRRSOxBEL/6/uoibVZTuD14URmMmI6
WMoPEu9Vx/qvTiUr4gRUSQksrWikpLZrv72Hp8CFQcjH
-----END CERTIFICATE-----