Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/rxUnx1ra5EHEfcrIj6uPq_Tbrrs.roa
File:                     rxUnx1ra5EHEfcrIj6uPq_Tbrrs.roa (raw, json)
Hash identifier:          xMlkEOl/cVJYjxYinyPnGY0MzSt5ZGRrCF7oAtp8yYg=
Subject key identifier:   AF:15:27:C7:5A:DA:E4:41:C4:7D:CA:C8:8F:AB:8F:AB:F4:DB:AE:BB
Certificate issuer:       /CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
Certificate serial:       019E35BFB4FB0BFD6C6236F10368A7DAC95C
Authority key identifier: 55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/rxUnx1ra5EHEfcrIj6uPq_Tbrrs.roa
Signing time:             Sun 17 May 2026 11:43:36 +0000
ROA not before:           Sun 17 May 2026 11:43:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209604
IP address blocks:        168.222.182.0/24 maxlen: 24
                          208.92.224.0/24 maxlen: 24
                          208.92.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:35:bf:b4:fb:0b:fd:6c:62:36:f1:03:68:a7:da:c9:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
        Validity
            Not Before: May 17 11:43:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af1527c75adae441c47dcac88fab8fabf4dbaebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:52:92:bb:c6:4a:56:e6:72:a8:33:b0:50:4f:
                    d4:90:a7:77:5b:04:19:4a:1a:14:ef:99:14:0b:c9:
                    39:2b:12:73:d1:b8:2b:60:f6:fb:e3:07:b6:26:64:
                    af:26:4b:40:5e:57:1f:19:88:45:25:fb:11:f8:0f:
                    fa:96:e5:01:77:b9:59:5b:88:1f:8f:68:28:08:9a:
                    bd:cd:87:bc:b2:93:51:8b:56:3e:2a:3f:69:f3:c8:
                    01:35:28:40:13:94:75:98:3f:95:5c:e8:94:eb:41:
                    81:24:21:9b:cb:da:31:05:4b:22:54:91:e0:01:15:
                    26:05:3f:81:43:75:fd:c7:9a:cc:93:41:ca:70:ac:
                    92:90:98:7f:52:63:7b:65:ea:5e:02:6d:73:28:8d:
                    a4:e6:d7:f8:75:db:47:01:b0:a8:33:05:c6:a4:16:
                    36:78:47:ab:da:07:92:df:02:54:d1:f1:5c:d8:38:
                    a1:46:00:13:36:24:27:fd:14:3e:01:e6:b1:40:07:
                    85:45:3e:76:de:19:bf:e3:f9:00:59:8f:8c:ac:52:
                    ea:ae:5d:17:44:e4:e0:8b:29:f6:84:60:a5:45:22:
                    fe:07:80:f5:c0:64:5b:86:78:ad:39:14:3f:95:50:
                    5d:ba:e4:d2:c0:03:6f:4d:eb:c2:09:d1:6c:9d:db:
                    28:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:15:27:C7:5A:DA:E4:41:C4:7D:CA:C8:8F:AB:8F:AB:F4:DB:AE:BB
            X509v3 Authority Key Identifier:
                keyid:55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/rxUnx1ra5EHEfcrIj6uPq_Tbrrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.182.0/24
                  208.92.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:41:e4:05:6d:a8:b7:b8:ea:b2:97:5f:17:9b:be:61:34:42:
         f3:88:54:1a:c1:59:07:8c:7a:1b:2a:6b:a8:db:13:8f:a9:06:
         89:1f:99:91:2f:6d:12:0f:cd:c3:63:2d:44:26:c8:a5:5d:0b:
         e8:62:25:7c:a4:c9:7d:82:69:d0:e8:85:37:db:d2:6f:1d:de:
         fb:02:78:eb:29:98:3b:e5:b8:77:64:9a:ba:03:f0:31:80:40:
         88:c4:5a:32:89:f2:9a:af:52:c7:97:ef:86:b4:93:df:f8:d2:
         ab:37:5a:20:a6:9a:6b:dc:63:61:1d:cf:ae:95:bf:7d:1f:85:
         d3:c6:88:b3:59:0a:e4:4b:27:01:b9:c3:9e:e1:d6:82:a2:6c:
         ae:cd:fa:55:46:4a:60:13:17:b1:76:16:27:c2:15:de:c2:40:
         58:a0:fc:78:d5:d2:e0:3c:33:64:80:e9:46:4e:48:b6:67:b5:
         55:60:51:93:fb:f9:f7:b7:d8:f5:af:d5:b4:81:cb:0c:8d:a9:
         c0:85:eb:79:ac:4f:c6:0e:ac:8a:2d:01:5d:17:56:82:ef:6b:
         42:e6:fa:43:a3:3b:a6:fc:b0:32:c1:65:90:19:ab:13:5c:73:
         f5:2e:74:3d:7e:31:16:ef:ba:34:c5:07:79:c3:33:38:0a:f5:
         87:65:9c:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ41v7T7C/1sYjbxA2in2slcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YzliMjAyNWUwZTY5NTgwOGY2YjYxZWUyNzZhZWQ0ZmI1
NjgwY2QwHhcNMjYwNTE3MTE0MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjE1MjdjNzVhZGFlNDQxYzQ3ZGNhYzg4ZmFiOGZhYmY0ZGJhZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1KSu8ZKVuZyqDOwUE/UkKd3WwQZ
ShoU75kUC8k5KxJz0bgrYPb74we2JmSvJktAXlcfGYhFJfsR+A/6luUBd7lZW4gf
j2goCJq9zYe8spNRi1Y+Kj9p88gBNShAE5R1mD+VXOiU60GBJCGby9oxBUsiVJHg
ARUmBT+BQ3X9x5rMk0HKcKySkJh/UmN7ZepeAm1zKI2k5tf4ddtHAbCoMwXGpBY2
eEer2geS3wJU0fFc2DihRgATNiQn/RQ+AeaxQAeFRT523hm/4/kAWY+MrFLqrl0X
ROTgiyn2hGClRSL+B4D1wGRbhnitORQ/lVBduuTSwANvTevCCdFsndsoMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK8VJ8da2uRBxH3KyI+rj6v02667MB8GA1UdIwQY
MBaAFFXJsgJeDmlYCPa2HuJ2rtT7VoDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUt
NzFiZTBkNTE5MTlkLzEvcnhVbngxcmE1RUhFZmNySWo2dVBxX1RicnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUtNzFiZTBkNTE5MTlk
LzEvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqN62AwQB
0FzgMA0GCSqGSIb3DQEBCwUAA4IBAQAvQeQFbai3uOqyl18Xm75hNELziFQawVkH
jHobKmuo2xOPqQaJH5mRL20SD83DYy1EJsilXQvoYiV8pMl9gmnQ6IU329JvHd77
AnjrKZg75bh3ZJq6A/AxgECIxFoyifKar1LHl++GtJPf+NKrN1ogpppr3GNhHc+u
lb99H4XTxoizWQrkSycBucOe4daComyuzfpVRkpgExexdhYnwhXewkBYoPx41dLg
PDNkgOlGTki2Z7VVYFGT+/n3t9j1r9W0gcsMjanAhet5rE/GDqyKLQFdF1aC72tC
5vpDozum/LAywWWQGasTXHP1LnQ9fjEW77o0xQd5wzM4CvWHZZyZ
-----END CERTIFICATE-----