Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oRQZtSBHcLciTW7sjKUaMX5XODI.roa
File:                     oRQZtSBHcLciTW7sjKUaMX5XODI.roa (raw, json)
Hash identifier:          okuisY80tuXxYalnGMmFWcr/ZT+7YqW4E0n7OpY/TRA=
Subject key identifier:   A1:14:19:B5:20:47:70:B7:22:4D:6E:EC:8C:A5:1A:31:7E:57:38:32
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019E4958CC9769A3CC25910B23D13DC8BF56
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oRQZtSBHcLciTW7sjKUaMX5XODI.roa
Signing time:             Thu 21 May 2026 07:03:36 +0000
ROA not before:           Thu 21 May 2026 07:03:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211043
IP address blocks:        178.173.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:58:cc:97:69:a3:cc:25:91:0b:23:d1:3d:c8:bf:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: May 21 07:03:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a11419b5204770b7224d6eec8ca51a317e573832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6a:0c:46:5d:6e:f5:f9:5b:07:52:aa:8d:e5:
                    ec:f4:a2:8e:e2:81:2b:29:19:60:e9:ba:e7:df:bf:
                    46:cc:c7:bf:1b:b7:13:6b:38:68:71:f9:b5:4c:9d:
                    3e:4d:6d:53:02:15:99:e9:f0:2b:8f:21:eb:7d:65:
                    e6:b0:53:47:5e:ec:d4:72:ce:c3:0b:bb:6f:89:fc:
                    16:68:00:41:09:30:3c:e9:0b:34:d1:55:9a:7f:49:
                    65:34:11:89:4c:9f:89:fa:62:4c:7f:98:bf:f4:67:
                    e9:6e:cc:d7:37:e1:b4:b0:12:19:ef:d9:19:b1:ed:
                    b6:13:bb:eb:59:bd:0a:ae:b9:47:f5:36:9a:a2:fe:
                    75:14:14:22:58:d4:f7:70:87:5e:27:02:f7:0b:a7:
                    c0:37:96:16:64:cb:b7:bc:f2:43:93:b4:a6:10:b9:
                    30:6a:9d:55:63:9e:e2:c4:17:dd:92:1c:9c:8f:e3:
                    99:c5:e9:5a:89:91:11:6d:ec:62:48:16:69:08:91:
                    0a:b7:58:0c:2c:03:c5:6d:fe:23:3b:f3:bc:d1:37:
                    3f:23:47:d8:b8:d6:22:43:c9:9e:a0:0b:d6:d9:b6:
                    dc:f3:a3:3c:26:66:19:19:ea:27:07:12:b2:dd:51:
                    dd:8e:1e:0e:ad:bc:12:1c:3d:35:22:9f:2e:63:60:
                    8b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:14:19:B5:20:47:70:B7:22:4D:6E:EC:8C:A5:1A:31:7E:57:38:32
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oRQZtSBHcLciTW7sjKUaMX5XODI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.173.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:43:15:33:4e:23:ed:f1:aa:dc:c9:0b:4a:5d:7d:58:85:dc:
         95:d9:20:1e:4d:9d:05:ae:d7:49:53:40:c1:55:16:ea:5c:bf:
         d1:b5:6e:b1:7a:5f:12:4d:9c:2a:70:a3:4a:53:57:8f:a0:e9:
         a5:95:80:9c:84:0b:fb:c9:82:fd:78:a9:70:47:ef:bb:68:76:
         fd:3d:c9:3d:5b:75:29:04:a8:2f:98:4e:b3:66:fd:ba:e7:42:
         e7:57:17:da:d6:0c:fb:7d:ca:3d:d8:d7:34:d4:6b:c0:bd:4e:
         c5:5d:a7:f2:fa:94:50:b5:b4:8c:fd:05:ec:41:27:73:f5:fe:
         c9:24:0d:b5:2e:d4:f3:bb:e7:2b:30:82:de:aa:3e:0b:b2:ea:
         76:f3:bd:aa:34:2d:1f:53:73:4a:39:2e:f4:c0:80:12:81:26:
         8a:ed:ac:f8:18:4e:3d:26:40:1a:fd:65:0b:84:29:9c:0c:91:
         df:d5:44:15:76:a7:c2:06:29:6a:1c:3f:e7:3b:e5:fe:a1:de:
         a7:2f:ba:84:d4:18:0f:92:91:e6:fa:5b:f2:3c:86:b5:60:7b:
         97:4d:02:6c:d3:e3:bd:c9:7c:e6:ae:2d:2e:fd:72:9d:4c:3f:
         2e:69:62:43:c2:51:e8:44:fa:e7:fa:10:6c:c0:6f:6d:56:58:
         6a:94:70:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5JWMyXaaPMJZELI9E9yL9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwNTIxMDcwMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTE0MTliNTIwNDc3MGI3MjI0ZDZlZWM4Y2E1MWEzMTdlNTczODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmoMRl1u9flbB1KqjeXs9KKO4oEr
KRlg6brn379GzMe/G7cTazhocfm1TJ0+TW1TAhWZ6fArjyHrfWXmsFNHXuzUcs7D
C7tvifwWaABBCTA86Qs00VWaf0llNBGJTJ+J+mJMf5i/9GfpbszXN+G0sBIZ79kZ
se22E7vrWb0KrrlH9Taaov51FBQiWNT3cIdeJwL3C6fAN5YWZMu3vPJDk7SmELkw
ap1VY57ixBfdkhycj+OZxelaiZERbexiSBZpCJEKt1gMLAPFbf4jO/O80Tc/I0fY
uNYiQ8meoAvW2bbc86M8JmYZGeonBxKy3VHdjh4OrbwSHD01Ip8uY2CLFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEUGbUgR3C3Ik1u7IylGjF+VzgyMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvb1JRWnRTQkhjTGNpVFc3c2pLVWFNWDVYT0RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsq3oMA0G
CSqGSIb3DQEBCwUAA4IBAQBlQxUzTiPt8arcyQtKXX1YhdyV2SAeTZ0FrtdJU0DB
VRbqXL/RtW6xel8STZwqcKNKU1ePoOmllYCchAv7yYL9eKlwR++7aHb9Pck9W3Up
BKgvmE6zZv2650LnVxfa1gz7fco92Nc01GvAvU7FXafy+pRQtbSM/QXsQSdz9f7J
JA21LtTzu+crMILeqj4Lsup2872qNC0fU3NKOS70wIASgSaK7az4GE49JkAa/WUL
hCmcDJHf1UQVdqfCBilqHD/nO+X+od6nL7qE1BgPkpHm+lvyPIa1YHuXTQJs0+O9
yXzmri0u/XKdTD8uaWJDwlHoRPrn+hBswG9tVlhqlHDe
-----END CERTIFICATE-----