Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/6292cd-d10b-4e48-83cc-25d85cf6e85a/1/aIKcl8xyOE8c2T5VfSfWvfIZQIU.roa
File:                     aIKcl8xyOE8c2T5VfSfWvfIZQIU.roa (raw, json)
Hash identifier:          rP1uuNWiqen7TPqE1GYuJGzp+rVZ1OGQdR+rdwxUdFQ=
Subject key identifier:   68:82:9C:97:CC:72:38:4F:1C:D9:3E:55:7D:27:D6:BD:F2:19:40:85
Certificate issuer:       /CN=3a62746967900b24c59d214f40532d76feff81e4
Certificate serial:       019DA1C95A9969D0F058B0E94D6A812756D2
Authority key identifier: 3A:62:74:69:67:90:0B:24:C5:9D:21:4F:40:53:2D:76:FE:FF:81:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OmJ0aWeQCyTFnSFPQFMtdv7_geQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/6292cd-d10b-4e48-83cc-25d85cf6e85a/1/aIKcl8xyOE8c2T5VfSfWvfIZQIU.roa
Signing time:             Sat 18 Apr 2026 18:10:20 +0000
ROA not before:           Sat 18 Apr 2026 18:10:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213487
IP address blocks:        147.236.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/6292cd-d10b-4e48-83cc-25d85cf6e85a/1/OmJ0aWeQCyTFnSFPQFMtdv7_geQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/6292cd-d10b-4e48-83cc-25d85cf6e85a/1/OmJ0aWeQCyTFnSFPQFMtdv7_geQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OmJ0aWeQCyTFnSFPQFMtdv7_geQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 12:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a1:c9:5a:99:69:d0:f0:58:b0:e9:4d:6a:81:27:56:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a62746967900b24c59d214f40532d76feff81e4
        Validity
            Not Before: Apr 18 18:10:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68829c97cc72384f1cd93e557d27d6bdf2194085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:81:fd:ae:aa:b9:2b:7b:b7:c4:1e:4f:e9:92:
                    3d:0b:c8:3c:e3:7c:fd:57:89:25:3d:2a:b4:ae:c3:
                    f4:c8:6f:bb:9b:ab:19:53:ed:a7:7d:ce:e6:9b:77:
                    ba:28:cc:d3:37:be:f2:f7:5e:a0:d0:ea:e2:05:7d:
                    e4:5a:3a:07:73:f9:45:2f:84:31:10:e8:09:1d:a0:
                    11:db:2b:46:96:44:db:50:a3:3d:ae:41:1f:d7:32:
                    95:06:f6:8b:91:40:77:98:25:aa:75:a1:82:4d:a4:
                    ea:42:82:d3:f0:7c:e6:7e:17:6c:c4:79:1d:59:41:
                    1d:13:3b:58:b6:14:10:e6:fe:ed:49:a7:53:d1:be:
                    a9:bf:47:2b:14:56:c8:1d:07:ab:dc:9f:c1:59:4b:
                    8f:ab:ca:52:38:e3:4e:77:5d:83:49:ae:be:e5:99:
                    4a:ed:54:7e:14:26:07:9c:fa:b1:90:3e:a6:79:2b:
                    97:eb:c0:8f:4a:2d:55:67:f1:e2:3a:d3:a8:36:b2:
                    90:ce:7a:6b:09:7e:5b:26:91:56:e1:dc:18:c1:e4:
                    df:26:57:3a:57:3c:41:a2:d6:cc:2e:1a:b5:57:82:
                    8c:da:bb:3a:ca:76:ae:8f:d6:93:9f:48:8d:fb:69:
                    f7:6c:f0:c3:99:d8:43:af:4a:8c:c0:2c:0f:78:35:
                    a3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:82:9C:97:CC:72:38:4F:1C:D9:3E:55:7D:27:D6:BD:F2:19:40:85
            X509v3 Authority Key Identifier:
                keyid:3A:62:74:69:67:90:0B:24:C5:9D:21:4F:40:53:2D:76:FE:FF:81:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OmJ0aWeQCyTFnSFPQFMtdv7_geQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/6292cd-d10b-4e48-83cc-25d85cf6e85a/1/aIKcl8xyOE8c2T5VfSfWvfIZQIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/6292cd-d10b-4e48-83cc-25d85cf6e85a/1/OmJ0aWeQCyTFnSFPQFMtdv7_geQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.236.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:c3:32:fc:bb:61:9f:c7:66:63:07:61:a3:eb:17:f1:1b:5e:
         e4:fb:c7:dd:bb:93:e5:03:97:1b:e5:3e:03:e7:69:7f:07:bb:
         80:88:d2:1c:11:5a:6d:71:35:73:2f:9f:7f:b9:9a:25:54:09:
         91:fd:c9:c2:b2:b5:4b:f7:60:41:05:34:05:8d:ab:05:ec:21:
         25:6a:6f:f0:93:3b:04:17:18:6b:e1:27:84:1a:14:9f:65:fd:
         5a:31:a3:ae:56:bd:3e:d9:4a:00:9d:d1:b1:17:f4:d5:cd:fb:
         98:36:b5:6e:7e:52:75:03:4e:b8:04:d6:e0:29:1b:52:3d:8d:
         5f:e7:48:96:f8:cf:14:be:de:3e:0d:56:08:f0:1d:fb:e5:58:
         a1:ab:79:7e:19:e5:2d:8f:6c:d9:38:75:12:5a:3e:44:4e:33:
         e9:15:c5:d0:ed:1a:10:bc:13:90:af:28:1c:a6:eb:b3:5c:12:
         3f:d0:dd:9e:4e:fb:65:54:b4:ce:54:b0:87:85:0a:41:6b:3e:
         73:5c:f9:16:94:90:ba:91:71:4d:ae:0e:1e:7c:4f:01:5f:a1:
         bf:26:cd:32:5a:3c:5e:9c:fe:16:64:0a:bd:f5:30:f1:2c:78:
         ce:82:74:0e:ff:f8:b5:b9:ef:01:8d:4e:42:01:1d:95:a1:f9:
         d2:64:7f:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2hyVqZadDwWLDpTWqBJ1bSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNjI3NDY5Njc5MDBiMjRjNTlkMjE0ZjQwNTMyZDc2ZmVm
ZjgxZTQwHhcNMjYwNDE4MTgxMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODgyOWM5N2NjNzIzODRmMWNkOTNlNTU3ZDI3ZDZiZGYyMTk0MDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIH9rqq5K3u3xB5P6ZI9C8g843z9
V4klPSq0rsP0yG+7m6sZU+2nfc7mm3e6KMzTN77y916g0OriBX3kWjoHc/lFL4Qx
EOgJHaAR2ytGlkTbUKM9rkEf1zKVBvaLkUB3mCWqdaGCTaTqQoLT8HzmfhdsxHkd
WUEdEztYthQQ5v7tSadT0b6pv0crFFbIHQer3J/BWUuPq8pSOONOd12DSa6+5ZlK
7VR+FCYHnPqxkD6meSuX68CPSi1VZ/HiOtOoNrKQznprCX5bJpFW4dwYweTfJlc6
VzxBotbMLhq1V4KM2rs6ynauj9aTn0iN+2n3bPDDmdhDr0qMwCwPeDWjiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiCnJfMcjhPHNk+VX0n1r3yGUCFMB8GA1UdIwQY
MBaAFDpidGlnkAskxZ0hT0BTLXb+/4HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT21KMGFXZVFDeVRGblNGUFFGTXRkdjdfZ2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi82MjkyY2QtZDEwYi00ZTQ4LTgzY2Mt
MjVkODVjZjZlODVhLzEvYUlLY2w4eHlPRThjMlQ1VmZTZld2ZklaUUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi82MjkyY2QtZDEwYi00ZTQ4LTgzY2MtMjVkODVjZjZlODVh
LzEvT21KMGFXZVFDeVRGblNGUFFGTXRkdjdfZ2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+yjMA0G
CSqGSIb3DQEBCwUAA4IBAQBKwzL8u2Gfx2ZjB2Gj6xfxG17k+8fdu5PlA5cb5T4D
52l/B7uAiNIcEVptcTVzL59/uZolVAmR/cnCsrVL92BBBTQFjasF7CElam/wkzsE
Fxhr4SeEGhSfZf1aMaOuVr0+2UoAndGxF/TVzfuYNrVuflJ1A064BNbgKRtSPY1f
50iW+M8Uvt4+DVYI8B375Vihq3l+GeUtj2zZOHUSWj5ETjPpFcXQ7RoQvBOQrygc
puuzXBI/0N2eTvtlVLTOVLCHhQpBaz5zXPkWlJC6kXFNrg4efE8BX6G/Js0yWjxe
nP4WZAq99TDxLHjOgnQO//i1ue8BjU5CAR2VofnSZH90
-----END CERTIFICATE-----