Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/CMxaRehAS-NJPoJRiOZs5vD8m8s.roa
File:                     CMxaRehAS-NJPoJRiOZs5vD8m8s.roa (raw, json)
Hash identifier:          TH/swbW7E8102sySsE86cpKCx/bBoBo1mAPp0XnPa5U=
Subject key identifier:   08:CC:5A:45:E8:40:4B:E3:49:3E:82:51:88:E6:6C:E6:F0:FC:9B:CB
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019E6F372B99B58BFB8A826223D66D2ADCF7
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/CMxaRehAS-NJPoJRiOZs5vD8m8s.roa
Signing time:             Thu 28 May 2026 15:32:27 +0000
ROA not before:           Thu 28 May 2026 15:32:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203020
IP address blocks:        161.104.68.0/22 maxlen: 32
                          161.104.72.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 12:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6f:37:2b:99:b5:8b:fb:8a:82:62:23:d6:6d:2a:dc:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: May 28 15:32:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08cc5a45e8404be3493e825188e66ce6f0fc9bcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:39:9d:1f:f9:5f:93:3b:9c:b3:39:e7:f8:98:
                    3c:a5:b6:4a:87:03:2f:8a:4f:f5:1b:44:1b:89:08:
                    fe:35:0f:01:5e:74:4a:27:e1:57:d9:f1:c7:a6:1e:
                    5a:86:52:6d:ff:5b:51:f5:01:bc:39:31:84:65:14:
                    79:d5:9c:3c:95:02:5d:fa:c4:fd:08:7c:dc:1b:10:
                    fe:fb:74:29:0b:83:9d:e2:13:47:aa:aa:da:11:fb:
                    aa:9c:0d:38:ca:12:ae:1b:10:8d:40:63:aa:bd:3d:
                    ae:e4:b7:2d:22:fa:e0:66:ef:04:85:50:fc:62:51:
                    f2:30:9a:f5:6d:e4:7e:32:cb:3f:aa:0c:90:9d:5c:
                    6e:80:58:80:19:f8:53:70:81:8b:15:2a:f5:5d:99:
                    8b:77:e4:7b:01:36:e6:50:f0:ff:06:c4:15:e1:e2:
                    18:12:50:36:9b:ef:fa:f9:2f:98:c4:90:20:06:ca:
                    ac:54:be:96:94:fe:ef:43:a5:07:27:cc:6c:4b:18:
                    30:8a:36:0f:3e:3d:2f:8b:b2:7b:12:00:30:2c:50:
                    5b:10:38:94:5e:72:bf:e3:fd:5c:c2:38:64:83:77:
                    03:00:e4:fc:92:bb:85:cd:48:6a:1b:75:0d:2e:41:
                    d3:fd:ca:fc:28:44:29:30:75:ee:b8:0b:78:fc:6e:
                    7a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:CC:5A:45:E8:40:4B:E3:49:3E:82:51:88:E6:6C:E6:F0:FC:9B:CB
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/CMxaRehAS-NJPoJRiOZs5vD8m8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.104.68.0-161.104.75.255

    Signature Algorithm: sha256WithRSAEncryption
         11:2c:3e:4f:82:77:ce:18:c4:34:f6:23:30:0a:2b:7b:ad:83:
         5a:1d:af:e0:cd:f8:12:8b:1f:0d:5a:2b:9b:4b:4a:ec:00:3b:
         06:0b:2f:10:75:4c:47:5b:2f:88:46:57:d2:ad:88:c9:80:2b:
         bf:dd:e1:67:40:93:be:2e:fd:ab:d2:39:28:f1:89:c5:1c:ee:
         30:56:5e:4b:21:f7:f4:6e:3d:d1:84:10:d3:c8:8d:e5:d6:31:
         c1:d7:c5:27:9b:ad:6d:11:e5:59:74:e3:18:e0:21:e6:9c:52:
         6a:db:d3:9a:3b:73:24:38:47:56:d0:21:86:17:b1:7c:8d:a2:
         98:24:fe:73:3b:5a:dc:2d:9b:5d:9d:8b:04:56:95:d3:bb:37:
         51:83:aa:37:49:bb:4a:e9:da:ab:39:7b:be:e6:cc:d5:dd:19:
         b9:76:f7:bc:e7:b6:bb:bd:57:35:8c:f7:a9:70:74:b6:a9:e3:
         6f:3c:6c:d3:d3:ff:1f:92:23:a5:bb:53:5a:fa:14:ce:35:5f:
         d9:b6:48:24:0a:18:1a:b3:49:ad:69:5a:d9:78:70:d3:fc:ba:
         6f:37:09:48:51:b2:17:bc:dd:e9:b4:aa:3a:78:53:e9:68:57:
         4a:6c:85:59:ec:09:51:31:21:90:32:d3:75:98:62:a0:b7:ee:
         6a:42:fd:b9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5vNyuZtYv7ioJiI9ZtKtz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwNTI4MTUzMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGNjNWE0NWU4NDA0YmUzNDkzZTgyNTE4OGU2NmNlNmYwZmM5YmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zmdH/lfkzucsznn+Jg8pbZKhwMv
ik/1G0QbiQj+NQ8BXnRKJ+FX2fHHph5ahlJt/1tR9QG8OTGEZRR51Zw8lQJd+sT9
CHzcGxD++3QpC4Od4hNHqqraEfuqnA04yhKuGxCNQGOqvT2u5LctIvrgZu8EhVD8
YlHyMJr1beR+Mss/qgyQnVxugFiAGfhTcIGLFSr1XZmLd+R7ATbmUPD/BsQV4eIY
ElA2m+/6+S+YxJAgBsqsVL6WlP7vQ6UHJ8xsSxgwijYPPj0vi7J7EgAwLFBbEDiU
XnK/4/1cwjhkg3cDAOT8kruFzUhqG3UNLkHT/cr8KEQpMHXuuAt4/G56ywIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAjMWkXoQEvjST6CUYjmbObw/JvLMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvQ014YVJlaEFTLU5KUG9KUmlPWnM1dkQ4bThzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKhaEQD
BAKhaEgwDQYJKoZIhvcNAQELBQADggEBABEsPk+Cd84YxDT2IzAKK3utg1odr+DN
+BKLHw1aK5tLSuwAOwYLLxB1TEdbL4hGV9KtiMmAK7/d4WdAk74u/avSOSjxicUc
7jBWXksh9/RuPdGEENPIjeXWMcHXxSebrW0R5Vl04xjgIeacUmrb05o7cyQ4R1bQ
IYYXsXyNopgk/nM7Wtwtm12diwRWldO7N1GDqjdJu0rp2qs5e77mzNXdGbl297zn
tru9VzWM96lwdLap4288bNPT/x+SI6W7U1r6FM41X9m2SCQKGBqzSa1pWtl4cNP8
um83CUhRshe83em0qjp4U+loV0pshVnsCVExIZAy03WYYqC37mpC/bk=
-----END CERTIFICATE-----