Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/sLFcLYotntVYb_F3PfrQafiVlco.roa
File:                     sLFcLYotntVYb_F3PfrQafiVlco.roa (raw, json)
Hash identifier:          LKMOCTP8E+zMdY4OqxqtRcz2FnEI7d2g1G9T8yRvAdk=
Subject key identifier:   B0:B1:5C:2D:8A:2D:9E:D5:58:6F:F1:77:3D:FA:D0:69:F8:95:95:CA
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E978E10B296845441451F3798BE76067C
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/sLFcLYotntVYb_F3PfrQafiVlco.roa
Signing time:             Fri 05 Jun 2026 11:32:10 +0000
ROA not before:           Fri 05 Jun 2026 11:32:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200221
IP address blocks:        158.173.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:8e:10:b2:96:84:54:41:45:1f:37:98:be:76:06:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  5 11:32:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0b15c2d8a2d9ed5586ff1773dfad069f89595ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:aa:e3:ec:88:bf:2b:14:ec:04:91:3d:89:c7:
                    96:d2:a9:23:d8:84:12:d9:01:65:85:3f:45:4a:fe:
                    66:a5:c0:c9:6f:c1:fa:17:b8:b3:92:69:84:40:42:
                    a2:25:4b:68:cc:cb:24:f1:6a:e6:bc:f2:d4:52:39:
                    91:16:7a:f9:39:ba:8f:88:70:bc:c6:9b:6b:73:f4:
                    62:b6:1b:1d:54:59:de:fa:7d:1d:98:9f:d3:81:84:
                    94:2d:fa:18:30:6d:a3:6f:ee:68:8a:23:35:c9:ca:
                    72:0b:9e:c5:e9:86:7c:95:01:91:6b:ab:a1:6e:86:
                    3e:6b:00:7b:e1:94:86:3b:f7:97:2a:1f:63:ca:f8:
                    96:62:e1:67:f1:78:b6:b1:02:80:56:61:36:3a:75:
                    5a:47:40:ff:92:e6:da:66:ce:0b:2e:53:7f:22:77:
                    d9:68:9b:9d:d3:cd:a9:8f:f2:3e:8f:47:1c:bd:34:
                    90:5c:a5:94:cd:af:64:fc:57:31:18:56:b6:81:03:
                    26:54:06:27:df:27:64:da:40:37:af:16:01:57:dd:
                    34:37:d2:50:2c:14:b8:89:75:d2:b8:77:e8:09:97:
                    49:64:59:1d:21:32:e8:5e:35:8a:9e:c9:83:e4:fb:
                    9a:7c:7c:20:66:74:a8:e5:7c:e3:f9:67:19:9f:f1:
                    c0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B1:5C:2D:8A:2D:9E:D5:58:6F:F1:77:3D:FA:D0:69:F8:95:95:CA
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/sLFcLYotntVYb_F3PfrQafiVlco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:f8:02:96:cf:6f:54:0c:2e:e2:30:33:f3:85:b3:f6:aa:ab:
         7e:59:ca:c6:15:59:26:c8:f8:aa:cf:be:e9:9b:16:2d:88:da:
         be:ac:3f:a0:62:ae:86:11:47:fb:d6:2f:f3:34:28:48:06:49:
         32:28:57:43:09:d3:9f:ae:52:e1:ed:8d:c2:58:8b:0a:64:6e:
         11:b9:a0:f5:66:10:2e:4e:93:99:3e:4e:da:36:22:50:1f:75:
         ef:0c:d4:bc:7d:51:9e:8e:b5:58:c0:97:1e:e8:f7:8b:f8:c2:
         a4:d4:9b:fe:66:cf:27:0e:13:8c:53:e3:b2:1f:91:ff:16:80:
         eb:b8:4b:1d:cf:71:8a:81:23:fb:09:e1:67:04:c6:ae:ac:48:
         ce:97:95:83:e3:c3:44:cb:e9:6b:78:82:a9:b3:4a:85:a6:41:
         50:6f:bf:d1:1a:c9:17:4d:4a:79:26:e6:6a:fe:53:41:e8:b0:
         2c:c1:60:f4:f6:6d:64:14:53:39:6c:d7:5e:32:12:24:56:22:
         a7:89:91:3c:73:72:7e:27:12:06:02:2c:09:24:24:37:f1:33:
         a1:27:7c:9c:d2:a2:b1:57:11:04:67:61:94:2d:dc:36:2f:81:
         02:5f:93:aa:64:bf:6e:71:ab:e6:a0:f8:83:53:b9:98:45:90:
         14:ea:04:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6XjhCyloRUQUUfN5i+dgZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjA1MTEzMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGIxNWMyZDhhMmQ5ZWQ1NTg2ZmYxNzczZGZhZDA2OWY4OTU5NWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKrj7Ii/KxTsBJE9iceW0qkj2IQS
2QFlhT9FSv5mpcDJb8H6F7izkmmEQEKiJUtozMsk8WrmvPLUUjmRFnr5ObqPiHC8
xptrc/RithsdVFne+n0dmJ/TgYSULfoYMG2jb+5oiiM1ycpyC57F6YZ8lQGRa6uh
boY+awB74ZSGO/eXKh9jyviWYuFn8Xi2sQKAVmE2OnVaR0D/kubaZs4LLlN/InfZ
aJud082pj/I+j0ccvTSQXKWUza9k/FcxGFa2gQMmVAYn3ydk2kA3rxYBV900N9JQ
LBS4iXXSuHfoCZdJZFkdITLoXjWKnsmD5PuafHwgZnSo5Xzj+WcZn/HASwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCxXC2KLZ7VWG/xdz360Gn4lZXKMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvc0xGY0xZb3RudFZZYl9GM1BmclFhZmlWbGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3YMA0G
CSqGSIb3DQEBCwUAA4IBAQCa+AKWz29UDC7iMDPzhbP2qqt+WcrGFVkmyPiqz77p
mxYtiNq+rD+gYq6GEUf71i/zNChIBkkyKFdDCdOfrlLh7Y3CWIsKZG4RuaD1ZhAu
TpOZPk7aNiJQH3XvDNS8fVGejrVYwJce6PeL+MKk1Jv+Zs8nDhOMU+OyH5H/FoDr
uEsdz3GKgSP7CeFnBMaurEjOl5WD48NEy+lreIKps0qFpkFQb7/RGskXTUp5JuZq
/lNB6LAswWD09m1kFFM5bNdeMhIkViKniZE8c3J+JxIGAiwJJCQ38TOhJ3yc0qKx
VxEEZ2GULdw2L4ECX5OqZL9ucavmoPiDU7mYRZAU6gSi
-----END CERTIFICATE-----