Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/iPahdVFjnIMLFab7e1hz9AD8mnQ.roa
File:                     iPahdVFjnIMLFab7e1hz9AD8mnQ.roa (raw, json)
Hash identifier:          X5DNApyaL3xMnN7g/7ZqxS0aZOIXDBxHJJjMjs9/8GE=
Subject key identifier:   88:F6:A1:75:51:63:9C:83:0B:15:A6:FB:7B:58:73:F4:00:FC:9A:74
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019E2BBEFB43F8E7BC8F4BF23A1C3BA555FE
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/iPahdVFjnIMLFab7e1hz9AD8mnQ.roa
Signing time:             Fri 15 May 2026 13:06:36 +0000
ROA not before:           Fri 15 May 2026 13:06:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201411
IP address blocks:        153.56.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:be:fb:43:f8:e7:bc:8f:4b:f2:3a:1c:3b:a5:55:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: May 15 13:06:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88f6a17551639c830b15a6fb7b5873f400fc9a74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e0:11:3e:fd:0f:8e:6c:d2:0f:78:b8:2f:1a:
                    a3:d1:4b:9d:64:91:da:75:3e:6f:1a:70:a4:37:46:
                    82:11:d5:a2:25:99:1c:d9:a7:66:4d:9d:d1:9d:53:
                    a5:9d:49:7a:dd:f9:1f:e7:1e:ba:b7:9c:9c:ae:1e:
                    1b:ab:3a:29:f7:0f:f9:a1:8e:52:48:73:95:dc:db:
                    87:3c:eb:99:93:3e:fb:af:47:8d:ef:1e:12:26:ce:
                    22:c8:3d:e2:62:cf:c9:e4:f3:8f:57:a4:b3:b1:e7:
                    ee:99:57:ad:92:89:8d:07:bf:10:a7:5a:ff:63:13:
                    bc:33:eb:90:fb:46:41:07:99:77:ad:78:f4:28:64:
                    ae:03:6e:33:ae:94:e8:58:32:04:78:ff:22:4c:cd:
                    05:f5:f2:c4:68:43:97:bd:e1:0c:f1:54:f8:ac:15:
                    70:1f:5c:48:5a:bc:dc:39:4b:32:f0:47:69:40:c5:
                    38:9b:9c:73:12:13:6f:e7:42:92:1e:fb:0b:f9:41:
                    a3:59:5a:7d:2e:0e:a5:03:88:6d:a3:1a:25:bf:54:
                    ff:43:c1:aa:7c:85:8d:0f:73:a9:d8:92:7a:fd:be:
                    0d:e1:d1:42:4c:50:0b:27:75:ed:64:f4:e6:23:73:
                    fa:9a:0e:4d:a9:11:4e:12:47:8c:d7:4b:a9:69:22:
                    d4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F6:A1:75:51:63:9C:83:0B:15:A6:FB:7B:58:73:F4:00:FC:9A:74
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/iPahdVFjnIMLFab7e1hz9AD8mnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.56.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:07:45:3f:4f:44:58:70:22:cd:e6:71:2d:47:4a:08:b3:bf:
         45:a8:0f:96:37:12:0e:ab:e2:f3:f3:84:24:f7:d5:9a:9c:7f:
         b0:69:f9:92:ba:1d:9c:0b:a1:e2:c8:9d:4b:2e:83:73:eb:ec:
         3d:e1:43:6c:57:b2:64:61:52:18:b4:ea:38:4d:b9:19:47:e3:
         3d:44:1a:7a:f7:8a:3a:c0:46:d7:c5:41:6b:33:aa:7d:c5:b4:
         1f:76:a9:52:25:29:b5:46:9f:93:08:99:b3:3a:16:cf:45:ee:
         00:1a:46:1c:54:bb:0c:42:e0:f0:02:13:54:c5:32:b7:90:8a:
         41:8e:0b:f8:82:e9:14:27:02:9a:ae:6a:54:8e:dd:2b:22:07:
         fb:59:79:3c:bb:3c:70:1f:aa:71:f6:1f:29:66:05:c3:b3:a8:
         50:59:03:5e:05:65:d6:cd:1e:47:ad:e5:22:ef:69:e6:e3:dc:
         4a:10:10:bd:46:ed:b5:75:a8:b8:f4:1d:19:0f:13:41:aa:8c:
         c3:a2:88:8b:15:3f:4c:68:f4:f9:a3:41:91:6c:53:b5:83:c0:
         e1:44:2e:41:35:c1:66:9b:9b:85:cc:8e:c5:df:75:ea:5d:b6:
         ec:a2:f1:2b:28:59:ff:fd:df:27:94:5c:fc:91:ef:11:41:2c:
         82:7a:d8:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rvvtD+Oe8j0vyOhw7pVX+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwNTE1MTMwNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGY2YTE3NTUxNjM5YzgzMGIxNWE2ZmI3YjU4NzNmNDAwZmM5YTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eARPv0PjmzSD3i4Lxqj0UudZJHa
dT5vGnCkN0aCEdWiJZkc2admTZ3RnVOlnUl63fkf5x66t5ycrh4bqzop9w/5oY5S
SHOV3NuHPOuZkz77r0eN7x4SJs4iyD3iYs/J5POPV6SzsefumVetkomNB78Qp1r/
YxO8M+uQ+0ZBB5l3rXj0KGSuA24zrpToWDIEeP8iTM0F9fLEaEOXveEM8VT4rBVw
H1xIWrzcOUsy8EdpQMU4m5xzEhNv50KSHvsL+UGjWVp9Lg6lA4htoxolv1T/Q8Gq
fIWND3Op2JJ6/b4N4dFCTFALJ3XtZPTmI3P6mg5NqRFOEkeM10upaSLUWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIj2oXVRY5yDCxWm+3tYc/QA/Jp0MB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvaVBhaGRWRmpuSU1MRmFiN2UxaHo5QUQ4bW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmTicMA0G
CSqGSIb3DQEBCwUAA4IBAQAbB0U/T0RYcCLN5nEtR0oIs79FqA+WNxIOq+Lz84Qk
99WanH+wafmSuh2cC6HiyJ1LLoNz6+w94UNsV7JkYVIYtOo4TbkZR+M9RBp694o6
wEbXxUFrM6p9xbQfdqlSJSm1Rp+TCJmzOhbPRe4AGkYcVLsMQuDwAhNUxTK3kIpB
jgv4gukUJwKarmpUjt0rIgf7WXk8uzxwH6px9h8pZgXDs6hQWQNeBWXWzR5HreUi
72nm49xKEBC9Ru21dai49B0ZDxNBqozDooiLFT9MaPT5o0GRbFO1g8DhRC5BNcFm
m5uFzI7F33XqXbbsovErKFn//d8nlFz8ke8RQSyCetjd
-----END CERTIFICATE-----