Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/1JaXtcmBh5AL0yxWqmaAhepRvvY.roa
File:                     1JaXtcmBh5AL0yxWqmaAhepRvvY.roa (raw, json)
Hash identifier:          BKgG/PPz6dSaEfvak6M74NEkUUCFoiVAhl2+J5acTRI=
Subject key identifier:   D4:96:97:B5:C9:81:87:90:0B:D3:2C:56:AA:66:80:85:EA:51:BE:F6
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E4E7F2A093341371533745F44162C9D72
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/1JaXtcmBh5AL0yxWqmaAhepRvvY.roa
Signing time:             Fri 22 May 2026 07:03:36 +0000
ROA not before:           Fri 22 May 2026 07:03:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51082
IP address blocks:        158.173.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:7f:2a:09:33:41:37:15:33:74:5f:44:16:2c:9d:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May 22 07:03:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d49697b5c98187900bd32c56aa668085ea51bef6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:21:c2:07:3e:e4:43:68:d0:96:9d:b2:3d:2f:
                    e5:f8:a0:18:66:8f:cc:75:55:c0:b3:7f:40:8f:24:
                    a8:60:5e:4b:93:18:26:53:3c:16:90:b4:58:ec:14:
                    31:8c:6d:2d:12:7b:fb:2e:03:7b:13:76:d6:e7:15:
                    16:f3:7f:0d:99:5f:78:9c:d4:a3:1c:56:6f:5e:73:
                    05:44:bd:5f:f9:44:78:6a:ac:02:9c:5c:8a:06:25:
                    ea:bf:a2:27:d5:bd:14:94:10:07:32:51:27:b0:63:
                    71:1a:73:30:50:04:c8:58:dd:a0:28:9b:9a:b5:2d:
                    3d:a8:19:2f:ee:34:9c:1c:05:19:af:4d:ab:e2:74:
                    e0:06:27:a1:39:e9:42:ac:4e:de:51:8a:50:fc:69:
                    56:b4:17:ac:67:2b:00:55:39:f2:fb:2b:3e:97:19:
                    fa:f1:5c:75:3f:50:d3:d6:dd:8a:be:37:72:d3:7d:
                    7c:b1:e8:cc:02:41:e9:b2:15:9d:86:db:78:95:dd:
                    8a:75:cf:b9:cf:af:df:85:0f:90:0f:67:54:86:4d:
                    4c:78:96:e2:46:ed:25:e4:92:e9:70:11:0c:6d:af:
                    da:9a:8c:b4:82:e9:76:db:dd:da:31:f2:91:af:5f:
                    ba:c7:90:df:54:a4:9a:6d:d4:39:9a:7b:33:ca:d2:
                    67:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:96:97:B5:C9:81:87:90:0B:D3:2C:56:AA:66:80:85:EA:51:BE:F6
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/1JaXtcmBh5AL0yxWqmaAhepRvvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:b5:4f:f9:7d:79:dd:86:4f:56:cb:ca:8e:94:55:fc:8f:6c:
         3c:74:1b:16:c4:69:15:75:a4:3e:c3:7f:a4:a2:3b:16:9b:28:
         70:16:d1:3d:8a:92:9a:53:5f:47:68:4d:82:f8:76:5f:38:ee:
         dd:44:45:57:6a:84:fa:5b:be:a4:24:5a:76:35:74:8f:3b:e7:
         ac:25:b6:07:3b:2b:42:9f:5a:e7:31:24:98:f6:d6:eb:50:55:
         ce:5a:b9:74:52:59:b9:e9:36:52:55:75:5a:2d:3a:3a:74:3d:
         94:56:54:4b:9c:f1:73:a5:61:a7:3c:5b:12:39:1c:64:6a:f0:
         2d:80:45:71:4c:11:f6:e8:c9:29:b5:77:aa:8c:5b:3c:52:36:
         f4:65:f8:0f:9e:80:6f:bb:86:79:ae:cf:44:c8:46:a0:48:4f:
         00:7a:f1:15:ed:b8:8e:3b:ce:c4:c0:ba:bd:e6:cc:43:16:00:
         13:ac:d5:22:c2:aa:81:89:bc:6d:8f:11:03:74:ef:9b:86:35:
         32:6f:4a:fe:de:e8:d2:c4:98:98:50:d1:80:e9:cc:ea:ed:78:
         fb:1e:aa:86:83:63:19:a8:79:21:1a:68:5e:1a:1c:05:ba:5c:
         2e:70:b7:57:a8:d5:f9:dd:db:43:a3:6c:75:ae:3a:36:39:64:
         9b:22:7a:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5OfyoJM0E3FTN0X0QWLJ1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTIyMDcwMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk2OTdiNWM5ODE4NzkwMGJkMzJjNTZhYTY2ODA4NWVhNTFiZWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5iHCBz7kQ2jQlp2yPS/l+KAYZo/M
dVXAs39AjySoYF5LkxgmUzwWkLRY7BQxjG0tEnv7LgN7E3bW5xUW838NmV94nNSj
HFZvXnMFRL1f+UR4aqwCnFyKBiXqv6In1b0UlBAHMlEnsGNxGnMwUATIWN2gKJua
tS09qBkv7jScHAUZr02r4nTgBiehOelCrE7eUYpQ/GlWtBesZysAVTny+ys+lxn6
8Vx1P1DT1t2Kvjdy0318sejMAkHpshWdhtt4ld2Kdc+5z6/fhQ+QD2dUhk1MeJbi
Ru0l5JLpcBEMba/amoy0gul2293aMfKRr1+6x5DfVKSabdQ5mnszytJnqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSWl7XJgYeQC9MsVqpmgIXqUb72MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvMUphWHRjbUJoNUFMMHl4V3FtYUFoZXBSdnZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3QMA0G
CSqGSIb3DQEBCwUAA4IBAQBYtU/5fXndhk9Wy8qOlFX8j2w8dBsWxGkVdaQ+w3+k
ojsWmyhwFtE9ipKaU19HaE2C+HZfOO7dREVXaoT6W76kJFp2NXSPO+esJbYHOytC
n1rnMSSY9tbrUFXOWrl0Ulm56TZSVXVaLTo6dD2UVlRLnPFzpWGnPFsSORxkavAt
gEVxTBH26MkptXeqjFs8Ujb0ZfgPnoBvu4Z5rs9EyEagSE8AevEV7biOO87EwLq9
5sxDFgATrNUiwqqBibxtjxEDdO+bhjUyb0r+3ujSxJiYUNGA6czq7Xj7HqqGg2MZ
qHkhGmheGhwFulwucLdXqNX53dtDo2x1rjo2OWSbInrF
-----END CERTIFICATE-----