Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/VrjsaeLp6Pc541-1y_w7AEMCnXs.roa
File:                     VrjsaeLp6Pc541-1y_w7AEMCnXs.roa (raw, json)
Hash identifier:          OSztQVXKB43/NtAxxPbK0a6SNpqVuh5KnLHSrOxUM7M=
Subject key identifier:   56:B8:EC:69:E2:E9:E8:F7:39:E3:5F:B5:CB:FC:3B:00:43:02:9D:7B
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D99B09989D711EA4ED81890F6C74C792C
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/VrjsaeLp6Pc541-1y_w7AEMCnXs.roa
Signing time:             Fri 17 Apr 2026 04:26:20 +0000
ROA not before:           Fri 17 Apr 2026 04:26:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19437
IP address blocks:        212.192.18.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:99:b0:99:89:d7:11:ea:4e:d8:18:90:f6:c7:4c:79:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 17 04:26:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56b8ec69e2e9e8f739e35fb5cbfc3b0043029d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:9c:75:41:13:f5:ac:bf:33:83:63:ce:2b:5d:
                    60:50:17:60:ad:14:dc:8f:48:c1:df:92:bf:66:c5:
                    93:19:b8:ed:86:bf:62:65:fa:33:f1:87:34:c6:4a:
                    56:23:21:ff:ac:e4:cb:ee:e5:d9:52:0f:dd:85:f6:
                    5a:5e:87:f5:72:5e:5b:3b:04:40:3b:49:a6:8b:fc:
                    50:6c:94:2b:4f:9d:3b:c9:2a:c9:26:94:cc:63:60:
                    8c:ed:fe:13:7a:16:77:7d:df:3a:7a:01:0d:61:28:
                    e7:ea:73:31:43:8b:eb:2b:97:cc:79:69:7f:96:3a:
                    e7:56:37:33:d3:2d:37:e7:94:8e:44:b9:ba:ea:84:
                    04:3e:c6:c2:c9:b1:b6:bc:d3:86:b0:ab:58:1b:b4:
                    82:6f:2c:d6:cf:f9:5c:be:0d:2b:c6:51:31:15:1a:
                    c0:4d:59:22:ce:81:88:f9:99:d3:36:ec:ba:5f:70:
                    a6:d0:39:1f:8a:85:9f:2e:83:51:5e:78:7c:fb:8c:
                    4d:18:4a:43:11:d6:ee:41:58:b1:74:1d:c7:9e:3c:
                    13:07:b0:27:dc:80:28:61:e5:42:aa:86:e9:4b:a5:
                    b1:53:2c:6c:d0:92:ab:39:23:6f:c4:10:51:cf:67:
                    b3:54:36:51:58:b5:63:7e:dc:fd:3d:4c:40:f6:c2:
                    5d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B8:EC:69:E2:E9:E8:F7:39:E3:5F:B5:CB:FC:3B:00:43:02:9D:7B
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/VrjsaeLp6Pc541-1y_w7AEMCnXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:9d:94:9f:61:88:c8:28:e0:a7:05:5c:88:86:9b:eb:58:ef:
         11:d2:46:c2:cd:09:48:ab:8e:4a:e6:3b:46:63:b1:76:9b:a4:
         26:f2:27:26:2c:c6:46:dd:c3:86:8f:67:1b:68:0d:28:8e:c4:
         fb:e7:13:0f:aa:93:3f:b5:3c:35:e0:27:b2:dd:a6:a1:e8:bd:
         ec:1f:b0:d6:3f:0c:7b:2c:ba:88:ae:0c:bf:48:9b:39:fb:3a:
         83:59:ee:3b:e6:73:23:77:f3:94:ec:41:1c:99:49:59:8a:f3:
         3f:fc:e5:f6:53:98:5e:f9:94:88:9a:4a:27:3e:f9:3f:8d:9a:
         b6:fd:f4:dd:6d:b5:df:da:11:7a:e2:a6:74:ca:25:75:3e:63:
         a0:84:70:99:e9:38:a9:fc:26:15:05:8f:40:72:a8:e3:6e:09:
         da:82:7c:e4:1f:da:1f:2b:01:5a:d1:07:b8:ab:dc:ef:6f:ae:
         89:b7:35:03:16:05:1b:a7:a9:a0:56:09:91:22:9d:22:ab:ff:
         75:53:06:f8:c1:51:55:f7:a8:d6:12:36:11:de:83:13:64:4b:
         4b:cc:68:37:1e:34:8f:7c:a9:64:bd:bb:74:e9:26:53:8b:5c:
         c8:64:ba:08:8d:18:9f:34:5e:a8:be:39:55:2d:5e:77:b8:16:
         cb:14:08:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2ZsJmJ1xHqTtgYkPbHTHksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDE3MDQyNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmI4ZWM2OWUyZTllOGY3MzllMzVmYjVjYmZjM2IwMDQzMDI5ZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpx1QRP1rL8zg2POK11gUBdgrRTc
j0jB35K/ZsWTGbjthr9iZfoz8Yc0xkpWIyH/rOTL7uXZUg/dhfZaXof1cl5bOwRA
O0mmi/xQbJQrT507ySrJJpTMY2CM7f4TehZ3fd86egENYSjn6nMxQ4vrK5fMeWl/
ljrnVjcz0y0355SORLm66oQEPsbCybG2vNOGsKtYG7SCbyzWz/lcvg0rxlExFRrA
TVkizoGI+ZnTNuy6X3Cm0DkfioWfLoNRXnh8+4xNGEpDEdbuQVixdB3HnjwTB7An
3IAoYeVCqobpS6WxUyxs0JKrOSNvxBBRz2ezVDZRWLVjftz9PUxA9sJd5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFa47Gni6ej3OeNftcv8OwBDAp17MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVnJqc2FlTHA2UGM1NDEtMXlfdzdBRU1DblhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1MASMA0G
CSqGSIb3DQEBCwUAA4IBAQAFnZSfYYjIKOCnBVyIhpvrWO8R0kbCzQlIq45K5jtG
Y7F2m6Qm8icmLMZG3cOGj2cbaA0ojsT75xMPqpM/tTw14Cey3aah6L3sH7DWPwx7
LLqIrgy/SJs5+zqDWe475nMjd/OU7EEcmUlZivM//OX2U5he+ZSImkonPvk/jZq2
/fTdbbXf2hF64qZ0yiV1PmOghHCZ6Tip/CYVBY9AcqjjbgnagnzkH9ofKwFa0Qe4
q9zvb66JtzUDFgUbp6mgVgmRIp0iq/91Uwb4wVFV96jWEjYR3oMTZEtLzGg3HjSP
fKlkvbt06SZTi1zIZLoIjRifNF6ovjlVLV53uBbLFAjz
-----END CERTIFICATE-----