Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cR9hwduqcM0-tt4tyIG4xOdEO8o.roa
File:                     cR9hwduqcM0-tt4tyIG4xOdEO8o.roa (raw, json)
Hash identifier:          eESYhGgsOhBABcCCTn41YR4bKydzF2wE4artsrQEyj0=
Subject key identifier:   71:1F:61:C1:DB:AA:70:CD:3E:B6:DE:2D:C8:81:B8:C4:E7:44:3B:CA
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E9B9FEF76F674B43E146345716D376109
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cR9hwduqcM0-tt4tyIG4xOdEO8o.roa
Signing time:             Sat 06 Jun 2026 06:30:10 +0000
ROA not before:           Sat 06 Jun 2026 06:30:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41171
IP address blocks:        158.173.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9b:9f:ef:76:f6:74:b4:3e:14:63:45:71:6d:37:61:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  6 06:30:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=711f61c1dbaa70cd3eb6de2dc881b8c4e7443bca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f9:fb:e1:65:f9:26:5b:e6:4a:e6:a2:5f:d1:
                    ca:d0:10:a6:49:8e:f2:2c:85:2b:b7:22:ae:36:73:
                    7c:f5:06:fd:c8:d2:5b:e1:36:ce:00:83:e3:ac:63:
                    8f:db:56:1f:cd:47:ca:a6:fa:8e:c6:99:e0:63:1a:
                    ce:87:52:ac:b9:2a:e0:a7:31:35:60:1d:31:a4:c4:
                    31:b2:7c:3a:95:94:08:d4:96:b1:5f:3f:48:86:4f:
                    b2:07:45:48:59:0b:e7:8a:3c:c1:39:e0:e5:69:bf:
                    bf:1b:22:78:ad:7d:48:63:bd:9e:21:0c:b8:2f:64:
                    51:89:29:9e:95:68:df:0b:04:a4:8a:7b:87:b8:19:
                    2e:d3:2b:3f:7c:3a:44:b6:12:b8:4a:10:5d:06:14:
                    0b:2d:37:8d:03:26:64:a4:f6:1c:60:4c:90:72:93:
                    f7:d6:7d:c2:2d:5d:f0:11:5c:94:ba:b7:c0:33:d7:
                    6c:6b:5f:7c:ea:eb:66:75:af:7c:e4:f8:df:20:6e:
                    15:48:bc:62:c4:e8:9a:9a:e5:af:98:05:3e:52:4a:
                    6f:1e:75:dd:7f:ff:72:e9:bc:f8:5c:da:59:b2:d4:
                    36:a3:b5:8d:84:c6:17:66:f0:6d:d3:75:be:e3:14:
                    95:b2:08:75:7e:f5:a2:40:11:96:88:67:b1:f3:86:
                    45:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1F:61:C1:DB:AA:70:CD:3E:B6:DE:2D:C8:81:B8:C4:E7:44:3B:CA
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cR9hwduqcM0-tt4tyIG4xOdEO8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:78:b0:cf:33:00:8f:2c:76:c5:8d:30:56:c0:fd:e5:e6:63:
         13:0e:a0:4f:33:6b:c2:24:67:f3:a6:bf:f3:95:fe:53:2e:01:
         75:2c:27:bd:e3:d2:8e:9b:59:26:df:a5:41:48:f7:8b:a9:a4:
         4e:c0:c5:9d:3d:8f:77:24:6b:7d:99:4d:90:86:9c:57:e7:df:
         f8:40:f1:d0:1c:8d:49:e1:e2:84:a6:ee:4a:73:f9:b4:40:43:
         fc:e9:37:36:26:eb:88:92:65:f8:21:e9:bf:42:01:f1:03:9d:
         72:53:24:24:d0:08:5c:80:f0:d6:7b:3e:29:b9:2a:b6:cc:86:
         e5:e0:c5:af:88:45:e2:7c:e1:f0:b5:02:35:16:fc:6d:b4:a7:
         5e:fd:33:38:9c:3c:f1:ad:f4:8f:83:58:8d:a1:12:38:1a:e5:
         14:28:cc:e7:0e:7d:21:00:cb:eb:86:14:4e:7a:0c:ce:7e:f3:
         12:87:c1:d0:19:10:04:2e:e1:50:51:a3:ce:03:04:63:54:e4:
         7c:8b:c6:0d:e6:d1:e2:be:78:5e:1f:94:0f:c7:0a:f5:56:36:
         37:1c:77:bb:20:f7:93:5d:1b:4a:83:03:1c:6e:43:f8:85:01:
         3c:cc:be:49:bc:b3:56:09:72:61:34:df:4f:72:53:aa:23:b4:
         04:b6:5d:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6bn+929nS0PhRjRXFtN2EJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjA2MDYzMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTFmNjFjMWRiYWE3MGNkM2ViNmRlMmRjODgxYjhjNGU3NDQzYmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/n74WX5JlvmSuaiX9HK0BCmSY7y
LIUrtyKuNnN89Qb9yNJb4TbOAIPjrGOP21YfzUfKpvqOxpngYxrOh1KsuSrgpzE1
YB0xpMQxsnw6lZQI1JaxXz9Ihk+yB0VIWQvnijzBOeDlab+/GyJ4rX1IY72eIQy4
L2RRiSmelWjfCwSkinuHuBku0ys/fDpEthK4ShBdBhQLLTeNAyZkpPYcYEyQcpP3
1n3CLV3wEVyUurfAM9dsa1986utmda985PjfIG4VSLxixOiamuWvmAU+UkpvHnXd
f/9y6bz4XNpZstQ2o7WNhMYXZvBt03W+4xSVsgh1fvWiQBGWiGex84ZFYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEfYcHbqnDNPrbeLciBuMTnRDvKMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvY1I5aHdkdXFjTTAtdHQ0dHlJRzR4T2RFTzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3ZMA0G
CSqGSIb3DQEBCwUAA4IBAQB+eLDPMwCPLHbFjTBWwP3l5mMTDqBPM2vCJGfzpr/z
lf5TLgF1LCe949KOm1km36VBSPeLqaROwMWdPY93JGt9mU2QhpxX59/4QPHQHI1J
4eKEpu5Kc/m0QEP86Tc2JuuIkmX4Iem/QgHxA51yUyQk0AhcgPDWez4puSq2zIbl
4MWviEXifOHwtQI1FvxttKde/TM4nDzxrfSPg1iNoRI4GuUUKMznDn0hAMvrhhRO
egzOfvMSh8HQGRAELuFQUaPOAwRjVOR8i8YN5tHivnheH5QPxwr1VjY3HHe7IPeT
XRtKgwMcbkP4hQE8zL5JvLNWCXJhNN9PclOqI7QEtl3x
-----END CERTIFICATE-----