Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/sFxnSlo_GvslYR96cVzzR15qZ18.roa
File:                     sFxnSlo_GvslYR96cVzzR15qZ18.roa (raw, json)
Hash identifier:          Cxbdaq0biqZli00vObH8NU/m4dLQG/fVsC+CrWsbpEk=
Subject key identifier:   B0:5C:67:4A:5A:3F:1A:FB:25:61:1F:7A:71:5C:F3:47:5E:6A:67:5F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D9FFBEF138D01EAE8186676467BDB65FF
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/sFxnSlo_GvslYR96cVzzR15qZ18.roa
Signing time:             Sat 18 Apr 2026 09:46:21 +0000
ROA not before:           Sat 18 Apr 2026 09:46:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207057
IP address blocks:        167.17.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9f:fb:ef:13:8d:01:ea:e8:18:66:76:46:7b:db:65:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 18 09:46:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b05c674a5a3f1afb25611f7a715cf3475e6a675f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:06:ac:31:e6:44:6f:40:e8:22:b4:be:6f:99:
                    dd:8c:1b:d9:5f:e8:fe:82:2b:aa:4b:66:51:73:51:
                    86:6b:30:e2:34:ba:15:27:97:81:b9:ee:86:78:0a:
                    02:ab:db:6e:62:e9:14:1b:b2:26:94:6f:ca:79:19:
                    88:42:1f:63:6e:b3:1d:52:8b:2f:2e:ec:9c:cc:e3:
                    6e:c6:9f:58:8b:83:24:f8:48:ee:3d:a4:af:7b:14:
                    cd:83:6f:3e:85:be:d3:a2:42:20:50:db:eb:19:27:
                    1d:24:06:ec:b5:05:f6:61:b4:b7:84:57:98:2f:89:
                    54:e4:9f:9c:c5:55:dc:09:80:ef:1d:d4:d6:29:ee:
                    a1:d3:8f:b6:f6:1b:18:ae:38:a9:d2:42:91:23:c1:
                    2d:e0:3b:6a:6b:1c:71:53:23:9a:d4:f1:df:86:f3:
                    bb:ac:cd:3f:c4:84:29:26:34:33:92:0c:c6:49:fe:
                    b7:4c:25:a7:ff:71:47:bd:dc:da:82:c8:22:3a:7f:
                    68:cc:e4:dc:e9:af:63:84:be:fb:8a:63:12:b0:02:
                    14:7d:48:bb:7b:a2:a7:6a:93:49:31:be:0c:f9:7a:
                    e2:64:34:7b:67:1c:31:1e:71:7a:ca:61:e3:43:20:
                    c8:0b:d2:84:b5:7b:be:1c:00:93:5a:25:ad:48:bd:
                    b8:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5C:67:4A:5A:3F:1A:FB:25:61:1F:7A:71:5C:F3:47:5E:6A:67:5F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/sFxnSlo_GvslYR96cVzzR15qZ18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.17.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:8a:10:5f:76:85:b6:2a:37:6c:b8:fa:e5:dd:dd:6e:9c:46:
         31:64:38:ab:0f:28:f4:15:f3:81:0a:7f:2c:72:23:0c:77:a2:
         91:32:e0:ff:7f:5a:5c:b1:8f:89:98:6b:73:20:f9:02:ec:09:
         6c:be:c6:6d:72:12:9c:b4:c9:73:a5:5f:5c:66:c9:e5:6e:d9:
         db:2c:d4:ac:3a:91:df:ee:55:e4:45:5a:3a:43:b1:a8:12:8c:
         2c:42:08:03:ec:60:74:82:35:35:45:6c:84:83:7b:db:20:6c:
         04:e5:c4:c3:cb:91:1f:71:61:69:1a:ca:84:3a:a9:bb:3f:32:
         1b:78:0f:2e:43:e7:cf:93:6e:cc:cb:99:bc:ab:87:00:4d:2f:
         a8:2b:e7:ce:89:6d:74:fb:68:c8:39:cb:d0:91:ef:ee:16:e5:
         54:2c:cd:ad:f9:22:e8:9f:fe:1b:b8:82:7d:f5:88:57:e6:2e:
         49:e3:a6:c9:ec:a7:53:ec:92:db:01:e1:8f:b6:fe:a1:7b:a7:
         1b:01:a0:37:02:68:8e:5f:d5:ca:06:06:c2:ea:f1:5a:ab:6a:
         33:ca:b8:9f:b9:f9:36:13:a2:aa:65:63:8f:38:85:76:7c:fd:
         dc:6b:bf:03:1c:dc:5c:16:d6:73:62:b9:db:fe:ce:93:f8:f4:
         21:2c:46:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2f++8TjQHq6BhmdkZ722X/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDE4MDk0NjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDVjNjc0YTVhM2YxYWZiMjU2MTFmN2E3MTVjZjM0NzVlNmE2NzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwasMeZEb0DoIrS+b5ndjBvZX+j+
giuqS2ZRc1GGazDiNLoVJ5eBue6GeAoCq9tuYukUG7ImlG/KeRmIQh9jbrMdUosv
LuyczONuxp9Yi4Mk+EjuPaSvexTNg28+hb7TokIgUNvrGScdJAbstQX2YbS3hFeY
L4lU5J+cxVXcCYDvHdTWKe6h04+29hsYrjip0kKRI8Et4DtqaxxxUyOa1PHfhvO7
rM0/xIQpJjQzkgzGSf63TCWn/3FHvdzagsgiOn9ozOTc6a9jhL77imMSsAIUfUi7
e6KnapNJMb4M+XriZDR7ZxwxHnF6ymHjQyDIC9KEtXu+HACTWiWtSL24LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBcZ0paPxr7JWEfenFc80deamdfMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvc0Z4blNsb19HdnNsWVI5NmNWenpSMTVxWjE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApxG/MA0G
CSqGSIb3DQEBCwUAA4IBAQB3ihBfdoW2KjdsuPrl3d1unEYxZDirDyj0FfOBCn8s
ciMMd6KRMuD/f1pcsY+JmGtzIPkC7AlsvsZtchKctMlzpV9cZsnlbtnbLNSsOpHf
7lXkRVo6Q7GoEowsQggD7GB0gjU1RWyEg3vbIGwE5cTDy5EfcWFpGsqEOqm7PzIb
eA8uQ+fPk27My5m8q4cATS+oK+fOiW10+2jIOcvQke/uFuVULM2t+SLon/4buIJ9
9YhX5i5J46bJ7KdT7JLbAeGPtv6he6cbAaA3AmiOX9XKBgbC6vFaq2ozyrifufk2
E6KqZWOPOIV2fP3ca78DHNxcFtZzYrnb/s6T+PQhLEbl
-----END CERTIFICATE-----