Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/xOttd6TpxOr24A9NYb5gHM_31mk.roa
File:                     xOttd6TpxOr24A9NYb5gHM_31mk.roa (raw, json)
Hash identifier:          acecs5fYnCii+jIlRbpWYRX+vj6OKx+EgPOK7cU5+y0=
Subject key identifier:   C4:EB:6D:77:A4:E9:C4:EA:F6:E0:0F:4D:61:BE:60:1C:CF:F7:D6:69
Certificate issuer:       /CN=53dc5d4e9c90573c6ddf7d00cbe8b2eda413fc86
Certificate serial:       019CB32A0AA9333B1BC2F12FF0E9252C0C4F
Authority key identifier: 53:DC:5D:4E:9C:90:57:3C:6D:DF:7D:00:CB:E8:B2:ED:A4:13:FC:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9xdTpyQVzxt330Ay-iy7aQT_IY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/xOttd6TpxOr24A9NYb5gHM_31mk.roa
Signing time:             Tue 03 Mar 2026 10:06:42 +0000
ROA not before:           Tue 03 Mar 2026 10:06:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206215
IP address blocks:        167.150.22.0/24 maxlen: 24
                          167.150.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/U9xdTpyQVzxt330Ay-iy7aQT_IY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/U9xdTpyQVzxt330Ay-iy7aQT_IY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U9xdTpyQVzxt330Ay-iy7aQT_IY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 01:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:2a:0a:a9:33:3b:1b:c2:f1:2f:f0:e9:25:2c:0c:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53dc5d4e9c90573c6ddf7d00cbe8b2eda413fc86
        Validity
            Not Before: Mar  3 10:06:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4eb6d77a4e9c4eaf6e00f4d61be601ccff7d669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:04:18:bc:0e:c2:2f:6f:99:6b:ce:d1:e2:d2:
                    04:c1:27:94:60:89:06:42:a3:a1:18:4d:25:29:37:
                    83:8a:39:7b:94:e0:af:ad:59:76:86:28:95:77:ec:
                    7a:13:78:d4:60:9c:89:74:fe:20:0a:9f:a9:d3:9f:
                    31:61:07:b6:ac:3d:95:71:19:1a:4d:5f:89:6f:49:
                    79:0f:39:2c:8e:83:2a:e9:92:c4:55:cf:fa:e9:63:
                    85:c7:d0:f2:fb:ea:26:2b:7c:7e:2d:11:c8:a9:56:
                    68:9e:43:23:e6:18:c3:bc:7a:52:fb:93:0f:4f:d3:
                    55:8c:0a:b7:e8:bf:fe:32:a0:b0:97:4e:f0:d4:1c:
                    2a:bf:00:ac:fb:ed:5e:29:36:40:e3:1a:32:84:40:
                    e3:55:54:22:86:20:82:a1:04:0a:51:96:7f:07:f0:
                    da:da:30:22:09:e0:f3:0f:64:e4:a6:b2:10:25:e0:
                    00:9d:13:86:25:5f:37:cc:58:57:60:10:14:d3:6f:
                    8a:2c:96:8a:e2:fb:cc:1b:97:29:84:fc:90:4f:85:
                    21:d6:ee:fe:02:66:4d:ee:81:f8:63:7f:c6:50:f9:
                    ca:57:65:dd:ce:dd:cf:3f:99:02:fa:da:f6:b1:d2:
                    51:34:f8:c8:ef:c6:7f:45:66:0e:94:aa:48:7f:c4:
                    52:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:EB:6D:77:A4:E9:C4:EA:F6:E0:0F:4D:61:BE:60:1C:CF:F7:D6:69
            X509v3 Authority Key Identifier:
                keyid:53:DC:5D:4E:9C:90:57:3C:6D:DF:7D:00:CB:E8:B2:ED:A4:13:FC:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9xdTpyQVzxt330Ay-iy7aQT_IY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/xOttd6TpxOr24A9NYb5gHM_31mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/U9xdTpyQVzxt330Ay-iy7aQT_IY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.150.22.0/24
                  167.150.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:03:ca:8c:35:0c:8d:71:c4:a8:23:54:8d:75:b3:bf:71:56:
         1a:46:de:42:96:01:21:e1:26:f9:a1:08:af:d3:3b:40:5d:b1:
         7d:7b:9a:f1:f8:38:0e:06:6e:2f:61:29:1d:b9:98:c4:90:cc:
         24:8e:6d:d8:77:c5:30:ad:2b:0f:f9:8a:a5:3f:29:2a:0d:b5:
         fc:4b:7d:91:c2:d5:fb:b9:ae:c6:bc:ec:21:5b:3b:ec:8c:bc:
         94:af:66:bb:c6:38:21:99:61:38:e4:82:bf:ce:02:1a:a6:2f:
         ac:8d:5a:e0:c4:58:b4:de:5e:d9:ce:c1:00:0b:54:2f:a7:81:
         68:10:88:38:50:0a:ab:3e:22:b0:f6:8c:1c:d4:3e:68:48:50:
         99:51:6e:f4:a1:79:27:13:75:24:86:d0:fe:60:11:50:d8:69:
         7d:37:64:31:b9:87:62:29:e0:49:ba:45:5b:ec:ba:2f:c2:fc:
         28:59:cc:08:06:27:92:5d:2f:c7:1f:fd:2b:d4:4b:20:34:5c:
         2b:1c:45:bb:80:e5:41:ae:ae:06:5d:f0:d2:7f:87:a2:e0:89:
         41:9c:26:27:5f:82:2d:9c:f5:56:24:11:81:b5:d6:81:6c:d8:
         42:e7:4a:40:b5:0b:f7:58:71:4e:27:30:eb:a7:8f:3f:50:33:
         3c:a8:99:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyzKgqpMzsbwvEv8OklLAxPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZGM1ZDRlOWM5MDU3M2M2ZGRmN2QwMGNiZThiMmVkYTQx
M2ZjODYwHhcNMjYwMzAzMTAwNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGViNmQ3N2E0ZTljNGVhZjZlMDBmNGQ2MWJlNjAxY2NmZjdkNjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwQYvA7CL2+Za87R4tIEwSeUYIkG
QqOhGE0lKTeDijl7lOCvrVl2hiiVd+x6E3jUYJyJdP4gCp+p058xYQe2rD2VcRka
TV+Jb0l5DzksjoMq6ZLEVc/66WOFx9Dy++omK3x+LRHIqVZonkMj5hjDvHpS+5MP
T9NVjAq36L/+MqCwl07w1BwqvwCs++1eKTZA4xoyhEDjVVQihiCCoQQKUZZ/B/Da
2jAiCeDzD2TkprIQJeAAnROGJV83zFhXYBAU02+KLJaK4vvMG5cphPyQT4Uh1u7+
AmZN7oH4Y3/GUPnKV2Xdzt3PP5kC+tr2sdJRNPjI78Z/RWYOlKpIf8RSHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMTrbXek6cTq9uAPTWG+YBzP99ZpMB8GA1UdIwQY
MBaAFFPcXU6ckFc8bd99AMvosu2kE/yGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTl4ZFRweVFWenh0MzMwQXktaXk3YVFUX0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC84NmVjZjEtOGFhZi00NmM2LTk1MWQt
YWQ2NjcyMmQzNDllLzEveE90dGQ2VHB4T3IyNEE5TlliNWdITV8zMW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC84NmVjZjEtOGFhZi00NmM2LTk1MWQtYWQ2NjcyMmQzNDll
LzEvVTl4ZFRweVFWenh0MzMwQXktaXk3YVFUX0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAp5YWAwQA
p5bcMA0GCSqGSIb3DQEBCwUAA4IBAQASA8qMNQyNccSoI1SNdbO/cVYaRt5ClgEh
4Sb5oQiv0ztAXbF9e5rx+DgOBm4vYSkduZjEkMwkjm3Yd8UwrSsP+YqlPykqDbX8
S32RwtX7ua7GvOwhWzvsjLyUr2a7xjghmWE45IK/zgIapi+sjVrgxFi03l7ZzsEA
C1Qvp4FoEIg4UAqrPiKw9owc1D5oSFCZUW70oXknE3UkhtD+YBFQ2Gl9N2QxuYdi
KeBJukVb7LovwvwoWcwIBieSXS/HH/0r1EsgNFwrHEW7gOVBrq4GXfDSf4ei4IlB
nCYnX4ItnPVWJBGBtdaBbNhC50pAtQv3WHFOJzDrp48/UDM8qJm9
-----END CERTIFICATE-----