Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/IWbk6zNSYB6WM0Y5Z6-XcPx7fTg.roa
File:                     IWbk6zNSYB6WM0Y5Z6-XcPx7fTg.roa (raw, json)
Hash identifier:          lD3YgQPEcJ+Lsldpe4bbaxPUzCjTvoc7u6pwJwRKzSw=
Subject key identifier:   21:66:E4:EB:33:52:60:1E:96:33:46:39:67:AF:97:70:FC:7B:7D:38
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019D637A3247474AABBD5287517E48823040
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/IWbk6zNSYB6WM0Y5Z6-XcPx7fTg.roa
Signing time:             Mon 06 Apr 2026 15:47:25 +0000
ROA not before:           Mon 06 Apr 2026 15:47:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200436
IP address blocks:        5.42.217.0/24 maxlen: 24
                          62.3.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 06:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:7a:32:47:47:4a:ab:bd:52:87:51:7e:48:82:30:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Apr  6 15:47:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2166e4eb3352601e9633463967af9770fc7b7d38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:09:1d:be:83:12:de:51:4c:9e:95:63:bc:dc:
                    86:7c:9f:8b:ea:68:36:fb:54:4d:72:b8:cd:9b:f9:
                    5b:6b:9d:2f:df:98:fb:cd:41:69:48:af:39:ac:ea:
                    37:e3:74:3e:52:2f:d5:c7:99:ea:f9:45:93:45:2b:
                    40:17:fe:a2:5b:4e:5a:06:10:e7:b0:74:e0:76:fc:
                    91:9a:3c:65:83:57:79:55:18:38:b4:b0:c9:d9:2d:
                    f5:16:7b:78:e1:b9:35:1e:90:a0:7d:09:c0:19:37:
                    b4:8e:fd:dc:ec:82:22:f8:6b:17:d9:f6:9f:80:c1:
                    1f:82:f6:e3:57:b4:b6:a3:00:78:51:89:89:46:d7:
                    cd:8d:6c:6a:ac:24:e5:55:04:9e:0d:83:81:4f:75:
                    57:5e:8b:34:46:84:36:50:91:24:ae:34:e3:4a:e8:
                    41:ac:e4:8a:87:f2:d3:c6:0e:1c:82:09:79:5e:64:
                    4c:6a:3d:e6:2f:d8:4d:ab:0f:ea:f9:07:11:c3:89:
                    4f:81:6a:be:e3:86:8e:e3:4a:09:d2:81:67:97:cf:
                    01:c7:73:45:5d:8c:cc:e0:59:5c:b9:0d:bf:1b:58:
                    04:1d:41:cc:d6:b9:27:ae:fe:cb:28:65:01:a6:24:
                    36:e2:d3:18:26:20:82:04:86:d2:6b:82:c6:b5:b7:
                    a6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:66:E4:EB:33:52:60:1E:96:33:46:39:67:AF:97:70:FC:7B:7D:38
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/IWbk6zNSYB6WM0Y5Z6-XcPx7fTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.217.0/24
                  62.3.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:6c:e0:c7:0d:e1:82:6f:80:f9:1a:ba:62:a0:f4:ba:81:61:
         ce:54:95:71:ff:8c:86:f3:42:df:e6:2e:77:b5:61:d2:2e:df:
         4c:38:fb:5d:f6:8a:63:b4:df:c9:22:72:17:c8:3c:d4:27:c9:
         ed:a2:f8:ed:b8:08:59:6b:f3:33:06:f1:f0:21:52:6e:a9:ec:
         eb:4b:b9:98:29:ee:92:e1:0c:40:4f:e7:2f:4c:3b:7f:de:e1:
         7d:54:e2:d2:b3:89:27:77:fe:86:e9:23:36:c3:36:12:4f:70:
         cb:a2:14:36:2c:cc:de:a4:82:56:ba:99:f2:92:c0:07:ec:e2:
         e3:b7:9d:11:c9:42:df:32:93:8e:8a:d3:27:bf:f8:b2:76:e9:
         b0:5c:a0:17:b3:7f:a1:9e:49:0d:23:cc:9d:f7:03:76:8f:84:
         6c:60:08:f4:4a:ec:28:72:ad:61:7e:d6:a1:d9:9c:b1:e1:46:
         4e:79:a1:bd:73:17:29:d3:28:5c:4c:6f:29:a4:01:4e:09:f8:
         43:57:b7:38:9f:87:1d:1c:8c:22:dd:7f:0b:9b:47:aa:3a:fb:
         d9:0f:af:e0:41:9c:31:f3:18:72:fc:15:00:60:01:04:fb:0c:
         e0:1e:d8:2e:4b:b3:7b:61:c1:b0:df:f3:c2:61:37:aa:9f:ba:
         ff:69:94:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1jejJHR0qrvVKHUX5IgjBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNDA2MTU0NzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTY2ZTRlYjMzNTI2MDFlOTYzMzQ2Mzk2N2FmOTc3MGZjN2I3ZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwkdvoMS3lFMnpVjvNyGfJ+L6mg2
+1RNcrjNm/lba50v35j7zUFpSK85rOo343Q+Ui/Vx5nq+UWTRStAF/6iW05aBhDn
sHTgdvyRmjxlg1d5VRg4tLDJ2S31Fnt44bk1HpCgfQnAGTe0jv3c7IIi+GsX2faf
gMEfgvbjV7S2owB4UYmJRtfNjWxqrCTlVQSeDYOBT3VXXos0RoQ2UJEkrjTjSuhB
rOSKh/LTxg4cggl5XmRMaj3mL9hNqw/q+QcRw4lPgWq+44aO40oJ0oFnl88Bx3NF
XYzM4FlcuQ2/G1gEHUHM1rknrv7LKGUBpiQ24tMYJiCCBIbSa4LGtbemywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCFm5OszUmAeljNGOWevl3D8e304MB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvSVdiazZ6TlNZQjZXTTBZNVo2LVhjUHg3ZlRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABSrZAwQA
PgMOMA0GCSqGSIb3DQEBCwUAA4IBAQB4bODHDeGCb4D5GrpioPS6gWHOVJVx/4yG
80Lf5i53tWHSLt9MOPtd9opjtN/JInIXyDzUJ8ntovjtuAhZa/MzBvHwIVJuqezr
S7mYKe6S4QxAT+cvTDt/3uF9VOLSs4knd/6G6SM2wzYST3DLohQ2LMzepIJWupny
ksAH7OLjt50RyULfMpOOitMnv/iydumwXKAXs3+hnkkNI8yd9wN2j4RsYAj0Suwo
cq1hftah2Zyx4UZOeaG9cxcp0yhcTG8ppAFOCfhDV7c4n4cdHIwi3X8Lm0eqOvvZ
D6/gQZwx8xhy/BUAYAEE+wzgHtguS7N7YcGw3/PCYTeqn7r/aZRK
-----END CERTIFICATE-----