Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/vS8Q_N6igvP3rLQWWp1GPwIWXmo.roa
File:                     vS8Q_N6igvP3rLQWWp1GPwIWXmo.roa (raw, json)
Hash identifier:          bLwDGIVpHk0950JB0lDED2A4/hga0PtnakptlehqS+s=
Subject key identifier:   BD:2F:10:FC:DE:A2:82:F3:F7:AC:B4:16:5A:9D:46:3F:02:16:5E:6A
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E8281237A12BD112F2525968E17CBAE81
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/vS8Q_N6igvP3rLQWWp1GPwIWXmo.roa
Signing time:             Mon 01 Jun 2026 09:26:01 +0000
ROA not before:           Mon 01 Jun 2026 09:26:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        62.169.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:81:23:7a:12:bd:11:2f:25:25:96:8e:17:cb:ae:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  1 09:26:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd2f10fcdea282f3f7acb4165a9d463f02165e6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:53:c1:7c:0c:70:df:17:8b:24:27:8b:c4:61:
                    ea:ed:5d:7e:27:4e:7f:c6:3b:29:ab:ce:73:8e:a3:
                    e4:d1:38:5c:bd:2d:da:59:e8:09:c7:e4:59:3b:ab:
                    6c:58:f6:3e:6d:e6:f9:55:18:f2:31:b3:ce:df:3f:
                    ab:70:5a:fd:15:7f:4f:1e:49:0b:01:95:dc:e3:c0:
                    2d:b2:cb:d6:43:55:5a:a5:cc:35:fa:41:0d:48:6e:
                    74:cd:50:8d:a9:64:61:f7:9b:25:21:83:34:99:0a:
                    29:da:4a:5f:3e:de:16:83:95:0b:f7:1b:24:15:15:
                    16:18:a0:51:b7:51:a5:75:d6:4e:55:be:51:7d:e1:
                    dc:59:fd:4d:c0:a9:bc:b9:8b:f9:24:72:86:3a:ef:
                    4f:ed:71:7d:0b:81:92:f4:fb:cb:e4:96:46:e7:57:
                    32:b8:12:23:f1:51:f7:12:74:95:42:2c:6a:bf:a7:
                    f7:0d:a4:b7:e1:12:cf:9c:a2:a4:39:4f:06:12:43:
                    8e:f4:61:23:b6:ee:cd:84:a3:a5:66:ca:3c:c3:1b:
                    81:05:d5:7d:12:a5:99:4e:98:d8:51:b2:14:24:9a:
                    84:72:14:f5:ee:16:70:2c:81:fd:0c:d5:e7:91:8c:
                    0d:1a:25:37:15:07:fb:ab:c3:c7:04:22:2b:9d:57:
                    d2:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:2F:10:FC:DE:A2:82:F3:F7:AC:B4:16:5A:9D:46:3F:02:16:5E:6A
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/vS8Q_N6igvP3rLQWWp1GPwIWXmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:cf:27:60:1a:09:9f:ba:49:41:fb:91:db:48:e2:75:a4:7e:
         d4:21:bc:d0:25:fb:35:03:fb:19:25:d9:11:b8:ce:9b:7d:64:
         aa:62:de:bc:38:e9:6d:de:5b:1f:95:c8:6f:26:36:ef:25:ed:
         ae:24:fe:61:32:48:bf:2f:a0:9a:b5:9b:9c:7e:c8:23:79:a3:
         0e:dc:ed:5c:74:2b:e1:d6:d9:b1:7e:ff:f8:8b:3a:67:ca:6b:
         7f:40:f1:76:88:2b:1d:af:24:7a:a1:67:34:b8:5a:1d:8a:c0:
         4a:06:f3:18:6e:b0:62:85:90:e1:7c:74:d5:6c:8c:41:09:dd:
         44:77:c9:26:d6:8f:8c:6d:9a:41:93:ff:42:5c:ba:75:aa:23:
         ab:29:ee:51:48:12:19:3e:36:eb:4f:ca:41:7b:4e:c1:8f:01:
         18:e0:6f:de:4f:b3:05:d4:9d:9f:21:0e:ed:da:7e:26:d3:37:
         cf:2e:9c:f1:90:91:a4:d1:4c:e8:3b:cd:e5:16:ea:5f:ed:88:
         c3:57:b9:4c:4c:69:13:08:1f:93:ac:c5:d4:5d:43:a4:cf:fd:
         83:5e:df:11:d9:65:00:47:f3:c0:fc:8a:dd:2a:9d:01:52:c9:
         9e:02:00:1b:13:15:8b:4e:fd:e6:92:9d:01:d9:a3:af:fd:93:
         a6:2e:9a:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6CgSN6Er0RLyUllo4Xy66BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjAxMDkyNjAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDJmMTBmY2RlYTI4MmYzZjdhY2I0MTY1YTlkNDYzZjAyMTY1ZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVPBfAxw3xeLJCeLxGHq7V1+J05/
xjspq85zjqPk0ThcvS3aWegJx+RZO6tsWPY+beb5VRjyMbPO3z+rcFr9FX9PHkkL
AZXc48AtssvWQ1Vapcw1+kENSG50zVCNqWRh95slIYM0mQop2kpfPt4Wg5UL9xsk
FRUWGKBRt1GlddZOVb5RfeHcWf1NwKm8uYv5JHKGOu9P7XF9C4GS9PvL5JZG51cy
uBIj8VH3EnSVQixqv6f3DaS34RLPnKKkOU8GEkOO9GEjtu7NhKOlZso8wxuBBdV9
EqWZTpjYUbIUJJqEchT17hZwLIH9DNXnkYwNGiU3FQf7q8PHBCIrnVfS5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0vEPzeooLz96y0FlqdRj8CFl5qMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdlM4UV9ONmlndlAzckxRV1dwMUdQd0lXWG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqmCMA0G
CSqGSIb3DQEBCwUAA4IBAQCozydgGgmfuklB+5HbSOJ1pH7UIbzQJfs1A/sZJdkR
uM6bfWSqYt68OOlt3lsflchvJjbvJe2uJP5hMki/L6CatZucfsgjeaMO3O1cdCvh
1tmxfv/4izpnymt/QPF2iCsdryR6oWc0uFodisBKBvMYbrBihZDhfHTVbIxBCd1E
d8km1o+MbZpBk/9CXLp1qiOrKe5RSBIZPjbrT8pBe07BjwEY4G/eT7MF1J2fIQ7t
2n4m0zfPLpzxkJGk0UzoO83lFupf7YjDV7lMTGkTCB+TrMXUXUOkz/2DXt8R2WUA
R/PA/IrdKp0BUsmeAgAbExWLTv3mkp0B2aOv/ZOmLpq0
-----END CERTIFICATE-----