Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/SlNzNAWQdSW1IXPYXxVEUC7qRfc.roa
File:                     SlNzNAWQdSW1IXPYXxVEUC7qRfc.roa (raw, json)
Hash identifier:          WpTmgBPaPSdZUg8IGZa3ER3Cw4ur6gg0dInqBPFiAuI=
Subject key identifier:   4A:53:73:34:05:90:75:25:B5:21:73:D8:5F:15:44:50:2E:EA:45:F7
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       019E8D9769460371B07C9A272693A61ECA67
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/SlNzNAWQdSW1IXPYXxVEUC7qRfc.roa
Signing time:             Wed 03 Jun 2026 13:06:10 +0000
ROA not before:           Wed 03 Jun 2026 13:06:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5528
IP address blocks:        188.208.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 06:29:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:97:69:46:03:71:b0:7c:9a:27:26:93:a6:1e:ca:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Jun  3 13:06:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a53733405907525b52173d85f1544502eea45f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:52:18:a8:34:d5:b7:8e:9f:18:d3:ea:d7:ab:
                    72:00:2a:f9:85:d5:6e:60:62:47:9f:a7:85:e7:fd:
                    ed:af:b2:a4:f1:ac:b7:0e:2a:f3:84:b9:16:0a:b2:
                    f0:a1:96:dc:d8:58:e3:d9:4b:96:5e:86:86:0c:d6:
                    33:8c:7b:24:ca:35:36:96:3b:92:ce:ee:96:ec:f4:
                    fb:d4:8a:21:eb:e5:3d:17:72:81:c2:24:fd:31:05:
                    b5:42:26:dc:ab:fb:b4:4c:87:c2:dc:c4:ac:9b:1b:
                    b2:1c:70:38:99:c2:6c:cc:fa:76:16:09:51:cb:aa:
                    55:d1:76:93:1f:9c:50:3e:62:ee:c2:be:5c:49:eb:
                    45:10:51:cd:e2:2e:d6:84:c6:2d:6a:d2:0d:8f:8f:
                    d7:19:54:29:70:98:fc:a3:ca:38:54:09:f0:97:a5:
                    3c:1e:12:ed:53:2c:9f:57:27:3e:78:fe:fa:c3:73:
                    cb:77:af:2c:c1:f4:50:5b:d8:0c:d5:18:59:33:36:
                    db:c2:d8:5f:0a:d8:68:e5:41:b7:1c:0a:20:fd:fe:
                    c2:33:aa:e3:49:27:9b:89:3e:c5:bd:b0:b6:b0:cd:
                    bf:22:bf:72:93:d1:c6:7b:b2:8b:0b:18:34:8c:d9:
                    5a:de:f1:62:5e:e5:78:8a:7d:b0:cb:4d:54:97:97:
                    ba:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:53:73:34:05:90:75:25:B5:21:73:D8:5F:15:44:50:2E:EA:45:F7
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/SlNzNAWQdSW1IXPYXxVEUC7qRfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.208.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:49:33:0e:bb:66:b8:2b:96:58:37:65:fd:2d:cb:77:e3:bf:
         26:b2:c2:eb:4c:0a:2c:a6:e0:b8:67:9a:ac:1f:91:c1:23:0c:
         c7:5f:c5:db:fd:5e:98:f4:0a:8f:8c:98:35:20:6c:b9:a1:4c:
         3e:d0:fd:79:eb:51:7f:f4:59:28:ab:2c:45:f3:5b:fc:e9:33:
         7f:04:61:f6:6e:1f:3c:2e:a1:43:bb:81:1a:2f:27:aa:dc:3a:
         0c:0a:e7:cb:4a:a9:4f:fb:29:00:c4:5c:a2:65:e2:bd:7d:1a:
         7a:28:3d:07:69:8e:27:f5:bd:54:44:37:5d:26:1e:40:7d:b0:
         4c:8b:7d:b9:df:95:2b:49:17:b5:cc:3d:2a:30:fe:ff:59:31:
         01:85:0c:de:e7:a2:5c:71:50:8a:d0:31:ed:36:bb:21:65:11:
         5c:42:71:d7:33:58:df:cd:a4:85:82:c5:9a:d2:e1:08:68:fb:
         31:4f:e3:9b:19:3c:04:18:d6:ce:a8:b6:6c:cf:48:69:3c:d1:
         e7:1b:c8:75:44:f2:39:ce:e6:58:06:2e:e2:f8:93:86:48:9d:
         78:e1:3a:e8:e0:eb:ed:cc:06:99:7c:c0:04:b1:e4:84:9a:7d:
         21:43:0e:cd:e9:a1:94:96:b7:da:25:38:ee:e8:34:ed:05:a3:
         77:86:32:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6Nl2lGA3GwfJonJpOmHspnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjYwNjAzMTMwNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTUzNzMzNDA1OTA3NTI1YjUyMTczZDg1ZjE1NDQ1MDJlZWE0NWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFIYqDTVt46fGNPq16tyACr5hdVu
YGJHn6eF5/3tr7Kk8ay3DirzhLkWCrLwoZbc2Fjj2UuWXoaGDNYzjHskyjU2ljuS
zu6W7PT71Ioh6+U9F3KBwiT9MQW1Qibcq/u0TIfC3MSsmxuyHHA4mcJszPp2FglR
y6pV0XaTH5xQPmLuwr5cSetFEFHN4i7WhMYtatINj4/XGVQpcJj8o8o4VAnwl6U8
HhLtUyyfVyc+eP76w3PLd68swfRQW9gM1RhZMzbbwthfCtho5UG3HAog/f7CM6rj
SSebiT7FvbC2sM2/Ir9yk9HGe7KLCxg0jNla3vFiXuV4in2wy01Ul5e6ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpTczQFkHUltSFz2F8VRFAu6kX3MB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvU2xOek5BV1FkU1cxSVhQWVh4VkVVQzdxUmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNB9MA0G
CSqGSIb3DQEBCwUAA4IBAQCxSTMOu2a4K5ZYN2X9Lct3478mssLrTAospuC4Z5qs
H5HBIwzHX8Xb/V6Y9AqPjJg1IGy5oUw+0P1561F/9FkoqyxF81v86TN/BGH2bh88
LqFDu4EaLyeq3DoMCufLSqlP+ykAxFyiZeK9fRp6KD0HaY4n9b1URDddJh5AfbBM
i32535UrSRe1zD0qMP7/WTEBhQze56JccVCK0DHtNrshZRFcQnHXM1jfzaSFgsWa
0uEIaPsxT+ObGTwEGNbOqLZsz0hpPNHnG8h1RPI5zuZYBi7i+JOGSJ144Tro4Ovt
zAaZfMAEseSEmn0hQw7N6aGUlrfaJTju6DTtBaN3hjLh
-----END CERTIFICATE-----