Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sCf_4e0BgiWkJrhM1P2LRaZeGxQ.roa
File:                     sCf_4e0BgiWkJrhM1P2LRaZeGxQ.roa (raw, json)
Hash identifier:          V0QEhAth5nR9U6laYorORCdtjX2fLgexbf7sYHfQLhE=
Subject key identifier:   B0:27:FF:E1:ED:01:82:25:A4:26:B8:4C:D4:FD:8B:45:A6:5E:1B:14
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019E3A1D93BE75DD3C1BEB2E1418E1DE4F23
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sCf_4e0BgiWkJrhM1P2LRaZeGxQ.roa
Signing time:             Mon 18 May 2026 08:04:37 +0000
ROA not before:           Mon 18 May 2026 08:04:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201891
IP address blocks:        220.158.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3a:1d:93:be:75:dd:3c:1b:eb:2e:14:18:e1:de:4f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: May 18 08:04:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b027ffe1ed018225a426b84cd4fd8b45a65e1b14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ae:31:7f:ff:c2:cc:10:28:3c:65:d1:be:16:
                    3a:e7:0d:45:29:66:9d:00:e5:ce:f6:2b:55:27:33:
                    38:7b:fb:82:de:72:aa:ca:bd:21:0b:42:c9:bf:14:
                    c1:7c:e0:9a:fe:12:96:b1:6c:4e:30:51:b0:e0:44:
                    32:8e:48:0f:2c:17:9c:f4:cc:7f:40:f2:87:65:22:
                    9d:db:1d:df:47:bf:f1:48:96:3c:26:ff:4a:2e:95:
                    0c:04:41:47:a6:de:33:2e:89:0c:78:5b:49:29:f5:
                    73:73:82:02:4d:23:bd:e3:3e:61:38:7c:84:22:1b:
                    ef:ff:7a:58:e6:1a:f9:35:85:1c:3f:c9:1d:a3:4d:
                    06:df:fa:fa:c6:f2:41:9c:79:cd:80:b6:6c:28:f3:
                    78:e9:5b:79:c8:58:42:95:23:63:3e:a1:85:70:b2:
                    a3:56:69:7f:2e:1d:2c:ec:ff:be:83:70:2b:7b:dc:
                    82:39:5c:62:00:7b:8d:c0:da:4a:41:f2:82:63:0f:
                    47:6b:28:10:3d:f1:25:10:5d:22:cb:bd:93:df:1f:
                    0e:ee:76:ed:0f:cd:ff:f7:51:28:4f:23:54:be:18:
                    0f:49:d6:a4:55:48:e2:6f:b4:df:bb:a9:ff:7a:23:
                    b4:df:2b:62:22:9e:05:3a:1a:46:00:79:d2:2f:dd:
                    e3:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:27:FF:E1:ED:01:82:25:A4:26:B8:4C:D4:FD:8B:45:A6:5E:1B:14
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sCf_4e0BgiWkJrhM1P2LRaZeGxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  220.158.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:8b:10:bb:6b:fd:84:f8:f5:bf:68:e6:05:4e:d9:ae:e0:ac:
         71:39:19:95:ac:b7:68:7a:51:de:4a:76:bb:e5:6e:6c:5d:a0:
         87:d7:f6:76:a4:d7:56:90:b9:df:bd:55:43:0d:72:1a:5f:51:
         40:b3:8f:3a:67:3e:85:22:f3:7c:42:4b:a3:ae:8e:23:54:cd:
         b6:63:6b:69:af:52:ba:70:4d:97:91:b4:48:e1:69:d8:74:ac:
         d7:16:17:f7:82:2e:29:28:29:75:f0:10:08:79:5c:33:d4:33:
         e2:ac:f9:06:a0:71:75:c2:03:0c:dc:6d:80:f5:5f:22:ab:cd:
         2d:f3:7f:0d:60:3b:30:50:2f:a7:f6:85:4b:8a:c9:ed:b7:87:
         df:2a:fe:63:99:af:aa:90:44:15:1d:19:59:4f:f7:a4:ad:57:
         09:e6:4b:b6:24:50:86:c5:ed:43:09:37:8e:34:d4:96:5e:50:
         6a:f3:37:a5:92:56:72:da:c0:ee:ca:b7:42:a6:3c:2e:a5:7a:
         e2:ae:57:42:d7:89:2c:33:32:9e:df:81:a7:04:9c:41:99:79:
         c9:6a:4c:c4:41:82:87:95:7f:bb:b1:99:3b:db:f9:20:fb:42:
         ef:5d:86:47:6a:f3:e3:fc:3c:17:bd:2a:32:7a:c0:d1:f9:4a:
         49:90:8e:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ46HZO+dd08G+suFBjh3k8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNTE4MDgwNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDI3ZmZlMWVkMDE4MjI1YTQyNmI4NGNkNGZkOGI0NWE2NWUxYjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq4xf//CzBAoPGXRvhY65w1FKWad
AOXO9itVJzM4e/uC3nKqyr0hC0LJvxTBfOCa/hKWsWxOMFGw4EQyjkgPLBec9Mx/
QPKHZSKd2x3fR7/xSJY8Jv9KLpUMBEFHpt4zLokMeFtJKfVzc4ICTSO94z5hOHyE
Ihvv/3pY5hr5NYUcP8kdo00G3/r6xvJBnHnNgLZsKPN46Vt5yFhClSNjPqGFcLKj
Vml/Lh0s7P++g3Are9yCOVxiAHuNwNpKQfKCYw9HaygQPfElEF0iy72T3x8O7nbt
D83/91EoTyNUvhgPSdakVUjib7Tfu6n/eiO03ytiIp4FOhpGAHnSL93jPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAn/+HtAYIlpCa4TNT9i0WmXhsUMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvc0NmXzRlMEJnaVdrSnJoTTFQMkxSYVplR3hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3J7GMA0G
CSqGSIb3DQEBCwUAA4IBAQB/ixC7a/2E+PW/aOYFTtmu4KxxORmVrLdoelHeSna7
5W5sXaCH1/Z2pNdWkLnfvVVDDXIaX1FAs486Zz6FIvN8Qkujro4jVM22Y2tpr1K6
cE2XkbRI4WnYdKzXFhf3gi4pKCl18BAIeVwz1DPirPkGoHF1wgMM3G2A9V8iq80t
838NYDswUC+n9oVLisntt4ffKv5jma+qkEQVHRlZT/ekrVcJ5ku2JFCGxe1DCTeO
NNSWXlBq8zelklZy2sDuyrdCpjwupXrirldC14ksMzKe34GnBJxBmXnJakzEQYKH
lX+7sZk72/kg+0LvXYZHavPj/DwXvSoyesDR+UpJkI5V
-----END CERTIFICATE-----