Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/IXzkr3hgsDqBmZJ74jrhndkapc4.roa
File:                     IXzkr3hgsDqBmZJ74jrhndkapc4.roa (raw, json)
Hash identifier:          jVe71LEUDJyR/8zqazDnj1SGTTNXQZxCtbDFD1x4bpA=
Subject key identifier:   21:7C:E4:AF:78:60:B0:3A:81:99:92:7B:E2:3A:E1:9D:D9:1A:A5:CE
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019E4EF0AFEE5EF8A2A3FC6924965C9CBC45
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/IXzkr3hgsDqBmZJ74jrhndkapc4.roa
Signing time:             Fri 22 May 2026 09:07:37 +0000
ROA not before:           Fri 22 May 2026 09:07:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402252
IP address blocks:        83.137.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:f0:af:ee:5e:f8:a2:a3:fc:69:24:96:5c:9c:bc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 22 09:07:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=217ce4af7860b03a8199927be23ae19dd91aa5ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b5:ef:26:fa:18:3b:25:33:c1:36:ce:a8:17:
                    9b:e6:4f:75:79:a0:bf:0e:40:bb:c3:09:c7:37:05:
                    fd:23:5a:89:25:84:cc:1d:8b:07:5c:4b:d9:42:7f:
                    99:a8:14:33:7e:5f:7d:11:82:09:e5:7b:ac:22:61:
                    cf:c8:4b:4a:17:69:92:7f:c9:a5:8b:06:8a:ff:c9:
                    54:4b:f1:94:a3:c8:3a:79:27:24:ab:2a:ae:94:d8:
                    d3:a6:5e:f9:d5:c5:7e:2c:de:9e:cb:a6:ba:42:ab:
                    77:15:99:cc:be:f6:81:98:55:e3:0b:3e:46:bc:f2:
                    0b:45:18:34:15:8a:05:07:1b:22:79:18:26:5d:23:
                    18:5d:53:c8:32:5d:f8:f2:cf:b7:ee:ac:82:4f:e7:
                    67:30:fb:2b:e9:d8:61:63:83:57:c2:4e:8d:d9:b7:
                    00:f8:fe:83:a3:88:b9:09:0d:fb:cb:b8:a6:51:f5:
                    05:74:eb:9c:77:a1:9d:3e:1b:c5:5e:31:70:ea:c0:
                    18:e1:0a:3c:71:7a:49:dc:0a:29:2f:60:96:d9:ca:
                    ee:da:0f:a8:78:4c:6b:7e:61:c1:8d:a0:85:ae:c4:
                    54:20:fc:2c:2b:46:25:81:7f:7f:79:75:55:50:58:
                    64:d7:b3:c2:fb:dd:81:d6:b3:01:6c:fd:d3:d0:83:
                    6a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:7C:E4:AF:78:60:B0:3A:81:99:92:7B:E2:3A:E1:9D:D9:1A:A5:CE
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/IXzkr3hgsDqBmZJ74jrhndkapc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:e8:55:3a:46:59:fe:cd:8a:58:5c:9f:12:79:6c:76:ca:88:
         88:3b:7e:1d:76:6f:51:7e:40:d4:51:93:6d:4a:3d:20:57:cf:
         75:b2:a3:80:47:82:26:d6:0c:65:a7:ea:ae:89:9a:1f:fb:20:
         5e:36:1a:d3:a8:f8:ac:44:f9:a8:0d:22:97:99:03:13:fe:19:
         92:b6:7a:b8:37:5e:c4:77:a0:33:57:6c:8f:e4:f6:87:09:fc:
         3d:c3:b1:09:b1:c0:51:15:04:95:cf:ca:fe:34:dc:30:9f:4b:
         55:70:87:97:2a:58:43:7e:57:11:66:da:af:df:e5:43:5d:7f:
         ca:63:4e:33:c1:80:72:4d:29:58:8f:c1:81:42:db:13:90:68:
         7e:c7:7d:b3:8f:31:ea:82:1b:94:d6:f2:43:e5:c9:7c:4b:09:
         e2:29:8a:b1:3d:7a:2c:8f:2e:0f:fd:77:25:43:48:25:3f:1f:
         95:12:5f:81:ff:20:c6:9b:92:b2:d8:dc:b8:16:b4:ed:2c:e7:
         dc:33:fc:6a:89:ef:58:4d:32:bf:dc:bd:ef:61:2e:7b:65:b4:
         d9:51:54:a4:b2:4e:2c:df:a8:2c:11:79:f1:7c:be:d6:7f:cd:
         97:a3:fd:17:b3:47:9b:e6:90:29:5c:c9:74:ad:37:e9:c1:2a:
         b8:10:42:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5O8K/uXviio/xpJJZcnLxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwNTIyMDkwNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTdjZTRhZjc4NjBiMDNhODE5OTkyN2JlMjNhZTE5ZGQ5MWFhNWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7XvJvoYOyUzwTbOqBeb5k91eaC/
DkC7wwnHNwX9I1qJJYTMHYsHXEvZQn+ZqBQzfl99EYIJ5XusImHPyEtKF2mSf8ml
iwaK/8lUS/GUo8g6eSckqyqulNjTpl751cV+LN6ey6a6Qqt3FZnMvvaBmFXjCz5G
vPILRRg0FYoFBxsieRgmXSMYXVPIMl348s+37qyCT+dnMPsr6dhhY4NXwk6N2bcA
+P6Do4i5CQ37y7imUfUFdOucd6GdPhvFXjFw6sAY4Qo8cXpJ3AopL2CW2cru2g+o
eExrfmHBjaCFrsRUIPwsK0YlgX9/eXVVUFhk17PC+92B1rMBbP3T0INqcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCF85K94YLA6gZmSe+I64Z3ZGqXOMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvSVh6a3IzaGdzRHFCbVpKNzRqcmhuZGthcGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4meMA0G
CSqGSIb3DQEBCwUAA4IBAQA66FU6Rln+zYpYXJ8SeWx2yoiIO34ddm9RfkDUUZNt
Sj0gV891sqOAR4Im1gxlp+quiZof+yBeNhrTqPisRPmoDSKXmQMT/hmStnq4N17E
d6AzV2yP5PaHCfw9w7EJscBRFQSVz8r+NNwwn0tVcIeXKlhDflcRZtqv3+VDXX/K
Y04zwYByTSlYj8GBQtsTkGh+x32zjzHqghuU1vJD5cl8SwniKYqxPXosjy4P/Xcl
Q0glPx+VEl+B/yDGm5Ky2Ny4FrTtLOfcM/xqie9YTTK/3L3vYS57ZbTZUVSksk4s
36gsEXnxfL7Wf82Xo/0Xs0eb5pApXMl0rTfpwSq4EEIQ
-----END CERTIFICATE-----