Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/rSklrKM9yUBRtmcTZ3JrpV-pbF8.roa
File:                     rSklrKM9yUBRtmcTZ3JrpV-pbF8.roa (raw, json)
Hash identifier:          IeInj6Ips0Ggz3WNulyuE5o9Jct1XuzppTnW6FpL1E0=
Subject key identifier:   AD:29:25:AC:A3:3D:C9:40:51:B6:67:13:67:72:6B:A5:5F:A9:6C:5F
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       019EA0B4E4F997AA476D6E0C13AE1B1BFE8E
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/rSklrKM9yUBRtmcTZ3JrpV-pbF8.roa
Signing time:             Sun 07 Jun 2026 06:11:10 +0000
ROA not before:           Sun 07 Jun 2026 06:11:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207591
IP address blocks:        147.234.78.0/23 maxlen: 23
                          147.234.78.0/24 maxlen: 24
                          147.234.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 18:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a0:b4:e4:f9:97:aa:47:6d:6e:0c:13:ae:1b:1b:fe:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jun  7 06:11:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad2925aca33dc94051b6671367726ba55fa96c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d5:43:f2:f9:e4:53:e0:1f:db:97:8b:14:f7:
                    5b:61:8b:33:a6:f6:9d:e5:aa:c1:28:a3:9b:1b:8c:
                    a1:f8:ee:56:0b:82:98:8a:39:44:39:0b:95:8c:04:
                    13:93:a6:cc:72:39:d4:e5:43:33:00:c8:f4:8e:1f:
                    69:51:1a:94:2f:7b:bc:a9:7e:d2:12:15:1a:49:00:
                    3e:9e:c2:d3:12:4f:68:03:8c:35:91:86:1d:2d:57:
                    42:0b:5b:04:fa:98:e6:9d:15:68:a9:84:f2:37:a8:
                    01:2c:80:66:7a:c6:f2:fb:e7:b1:1c:94:1d:ff:1e:
                    78:54:e7:31:76:69:10:3d:af:2d:90:04:e2:1c:a6:
                    a6:e9:08:05:94:f6:10:6f:15:fb:24:05:b3:e5:2f:
                    75:5a:f1:de:69:1e:39:45:3b:49:ee:e6:d1:26:dc:
                    e6:e2:6c:9d:a4:6f:dd:b0:4d:9d:3a:c5:f6:3c:12:
                    7a:b7:27:5c:b2:3f:db:97:64:95:95:60:69:6d:07:
                    fa:3e:32:92:a8:de:91:0f:c9:3e:71:ea:6f:52:08:
                    79:d6:95:66:48:63:91:d8:4b:01:78:18:d9:95:8a:
                    2d:89:9e:6b:4f:cd:c8:cc:5b:6d:18:c9:5f:61:d2:
                    e8:58:f8:d8:8c:d2:9d:11:6e:18:68:00:e5:a5:0a:
                    88:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:29:25:AC:A3:3D:C9:40:51:B6:67:13:67:72:6B:A5:5F:A9:6C:5F
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/rSklrKM9yUBRtmcTZ3JrpV-pbF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ca:94:d2:c0:96:e4:bb:53:39:4b:31:69:17:4e:cc:1e:77:79:
         b0:ba:a1:e0:f3:ed:fd:a4:85:8d:6b:13:7b:c8:28:db:2e:0d:
         16:bf:4f:89:bb:16:d4:ba:14:3d:a3:57:ef:eb:be:3e:43:ff:
         44:c9:8b:03:db:a4:d3:c2:12:da:37:b0:d5:5c:41:9f:80:40:
         eb:f0:6f:01:66:c6:f1:58:f3:f7:90:4b:f7:bf:49:7c:0d:94:
         9e:22:1a:48:2f:24:37:a5:54:c0:e9:8b:09:64:ce:a8:2c:a4:
         5c:28:89:7d:b2:45:ef:55:56:f1:db:1b:73:d4:9c:85:3c:5c:
         6b:29:ff:2e:55:84:fd:7c:e8:f3:72:98:b3:42:3b:99:6f:0d:
         1b:a0:25:85:ac:90:b0:f5:1c:94:16:a2:3b:23:d8:1a:0f:9c:
         e2:f6:e3:8f:09:8f:a4:51:c4:01:c0:28:de:bb:25:31:a7:41:
         58:70:a2:0c:cc:19:a3:4b:83:09:66:6a:00:c5:3c:89:d2:c4:
         3c:ac:25:9f:0c:3f:e9:8e:d6:e5:9f:c7:b9:86:11:a7:a4:f3:
         d2:31:4a:bb:b9:8e:78:16:9b:6f:cb:8b:27:e8:d2:26:0d:94:
         87:e1:7e:aa:4d:b6:5b:cd:65:4d:21:d6:59:fa:75:6b:28:ab:
         a8:66:21:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6gtOT5l6pHbW4ME64bG/6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjYwNjA3MDYxMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDI5MjVhY2EzM2RjOTQwNTFiNjY3MTM2NzcyNmJhNTVmYTk2YzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntVD8vnkU+Af25eLFPdbYYszpvad
5arBKKObG4yh+O5WC4KYijlEOQuVjAQTk6bMcjnU5UMzAMj0jh9pURqUL3u8qX7S
EhUaSQA+nsLTEk9oA4w1kYYdLVdCC1sE+pjmnRVoqYTyN6gBLIBmesby++exHJQd
/x54VOcxdmkQPa8tkATiHKam6QgFlPYQbxX7JAWz5S91WvHeaR45RTtJ7ubRJtzm
4mydpG/dsE2dOsX2PBJ6tydcsj/bl2SVlWBpbQf6PjKSqN6RD8k+cepvUgh51pVm
SGOR2EsBeBjZlYotiZ5rT83IzFttGMlfYdLoWPjYjNKdEW4YaADlpQqITwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0pJayjPclAUbZnE2dya6VfqWxfMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvclNrbHJLTTl5VUJSdG1jVFozSnJwVi1wYkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk+pOMA0G
CSqGSIb3DQEBCwUAA4IBAQDKlNLAluS7UzlLMWkXTswed3mwuqHg8+39pIWNaxN7
yCjbLg0Wv0+JuxbUuhQ9o1fv674+Q/9EyYsD26TTwhLaN7DVXEGfgEDr8G8BZsbx
WPP3kEv3v0l8DZSeIhpILyQ3pVTA6YsJZM6oLKRcKIl9skXvVVbx2xtz1JyFPFxr
Kf8uVYT9fOjzcpizQjuZbw0boCWFrJCw9RyUFqI7I9gaD5zi9uOPCY+kUcQBwCje
uyUxp0FYcKIMzBmjS4MJZmoAxTyJ0sQ8rCWfDD/pjtbln8e5hhGnpPPSMUq7uY54
Fptvy4sn6NImDZSH4X6qTbZbzWVNIdZZ+nVrKKuoZiH4
-----END CERTIFICATE-----