Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/xsHRrRq9ZWcSJBMViwIQOe931BI.roa
File:                     xsHRrRq9ZWcSJBMViwIQOe931BI.roa (raw, json)
Hash identifier:          q9uTAjBaHikgJo5SPVn0xqqJNycW9cIvrEv0dB6bycU=
Subject key identifier:   C6:C1:D1:AD:1A:BD:65:67:12:24:13:15:8B:02:10:39:EF:77:D4:12
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       019D99FE6B280E3AF5C19B80863722D25E44
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/xsHRrRq9ZWcSJBMViwIQOe931BI.roa
Signing time:             Fri 17 Apr 2026 05:51:20 +0000
ROA not before:           Fri 17 Apr 2026 05:51:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395470
IP address blocks:        213.145.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:51:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:99:fe:6b:28:0e:3a:f5:c1:9b:80:86:37:22:d2:5e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Apr 17 05:51:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6c1d1ad1abd6567122413158b021039ef77d412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d3:ff:59:ef:e8:8e:ca:94:c5:a4:a6:e8:2e:
                    d4:8d:8a:e5:0c:85:fb:df:2f:fc:92:41:6e:27:52:
                    4b:81:e4:42:30:93:89:38:a6:f8:7b:6e:81:f1:5e:
                    f7:6b:4e:7f:99:fa:47:1b:f8:10:12:f7:b9:cc:b2:
                    dc:0f:9f:4b:63:ad:68:8e:59:99:b7:9e:fd:fc:f5:
                    b3:9a:e6:e4:4e:ca:fa:7b:2c:58:dc:03:f2:76:e2:
                    40:4f:c9:24:b2:82:cd:07:98:04:83:e9:1d:d1:c2:
                    78:d6:e4:e4:b2:bd:77:aa:43:f8:8b:43:93:2f:5d:
                    f5:fe:04:0e:da:91:ef:76:b7:3f:31:dc:2f:5a:b1:
                    25:af:e0:96:c4:ac:26:78:b8:be:c6:ef:a3:f1:45:
                    12:f0:9e:23:b3:d5:e5:44:d7:c6:71:f6:8d:8e:06:
                    50:db:c7:e1:9f:8a:b0:8a:f5:38:b4:a0:00:30:70:
                    f3:57:65:bd:29:a9:14:9a:e2:e3:a7:f3:88:f1:01:
                    6e:18:8b:0a:04:d6:b7:69:f1:06:bf:08:c2:85:75:
                    a5:60:b7:99:68:12:f2:60:4f:0f:87:e4:64:0f:f1:
                    91:75:c7:05:cc:ce:f3:a8:22:81:4f:1d:8c:63:16:
                    f6:a1:7f:ea:aa:5a:44:0c:08:61:0f:d9:55:25:59:
                    5b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:C1:D1:AD:1A:BD:65:67:12:24:13:15:8B:02:10:39:EF:77:D4:12
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/xsHRrRq9ZWcSJBMViwIQOe931BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:87:59:05:53:ab:b4:5e:f1:09:06:d0:7f:88:97:81:4a:18:
         fd:13:dc:9b:69:32:2a:78:43:56:fc:08:ad:b5:c1:94:2f:4b:
         df:41:63:8d:48:c0:a1:c7:0a:51:87:5c:5a:04:be:b8:6d:e7:
         13:fc:2b:13:0e:eb:b9:0b:fa:f9:f4:19:4f:97:1a:e2:d5:d8:
         1b:37:bb:7f:a4:62:b2:76:14:38:05:ef:20:03:6e:6b:bf:97:
         01:e0:ff:5b:87:0a:b7:bb:18:98:22:8c:02:1e:77:c0:49:da:
         de:67:e8:3a:09:b3:35:9a:a3:d3:30:fc:9e:4d:a6:b9:51:ff:
         1b:8f:52:84:25:eb:cf:d0:84:12:63:e3:88:5e:9e:0a:76:29:
         43:e5:30:f5:32:f9:2d:1e:6c:e0:8f:4b:42:d9:67:c9:87:2d:
         d9:c3:07:da:b0:fe:99:18:c9:d4:b6:48:55:f6:ca:fa:d6:71:
         2d:15:85:4e:cd:a1:ca:7b:ce:1b:61:4e:0b:e3:60:ba:a0:9e:
         b6:c1:00:61:25:c7:ce:1d:87:e7:fb:86:7a:c0:3f:2d:be:32:
         c3:2f:69:db:f0:f7:e7:83:7e:30:b0:dc:72:fe:b8:9c:32:69:
         cb:f8:00:bc:a5:62:02:c5:67:f4:1c:f4:06:38:ac:72:4e:b5:
         a6:de:5c:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Z/msoDjr1wZuAhjci0l5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjYwNDE3MDU1MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmMxZDFhZDFhYmQ2NTY3MTIyNDEzMTU4YjAyMTAzOWVmNzdkNDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdP/We/ojsqUxaSm6C7UjYrlDIX7
3y/8kkFuJ1JLgeRCMJOJOKb4e26B8V73a05/mfpHG/gQEve5zLLcD59LY61ojlmZ
t579/PWzmubkTsr6eyxY3APyduJAT8kksoLNB5gEg+kd0cJ41uTksr13qkP4i0OT
L131/gQO2pHvdrc/MdwvWrElr+CWxKwmeLi+xu+j8UUS8J4js9XlRNfGcfaNjgZQ
28fhn4qwivU4tKAAMHDzV2W9KakUmuLjp/OI8QFuGIsKBNa3afEGvwjChXWlYLeZ
aBLyYE8Ph+RkD/GRdccFzM7zqCKBTx2MYxb2oX/qqlpEDAhhD9lVJVlbrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbB0a0avWVnEiQTFYsCEDnvd9QSMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEveHNIUnJScTlaV2NTSkJNVml3SVFPZTkzMUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFGMA0G
CSqGSIb3DQEBCwUAA4IBAQBTh1kFU6u0XvEJBtB/iJeBShj9E9ybaTIqeENW/Ait
tcGUL0vfQWONSMChxwpRh1xaBL64becT/CsTDuu5C/r59BlPlxri1dgbN7t/pGKy
dhQ4Be8gA25rv5cB4P9bhwq3uxiYIowCHnfASdreZ+g6CbM1mqPTMPyeTaa5Uf8b
j1KEJevP0IQSY+OIXp4KdilD5TD1MvktHmzgj0tC2WfJhy3ZwwfasP6ZGMnUtkhV
9sr61nEtFYVOzaHKe84bYU4L42C6oJ62wQBhJcfOHYfn+4Z6wD8tvjLDL2nb8Pfn
g34wsNxy/ricMmnL+AC8pWICxWf0HPQGOKxyTrWm3lzZ
-----END CERTIFICATE-----