Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/aNY_udjUjweJXPOJqKkLsSUQQEk.roa
File:                     aNY_udjUjweJXPOJqKkLsSUQQEk.roa (raw, json)
Hash identifier:          zB53YZr6NXhIUp/aEuccelkUG4JTzu5aMzPXoShO6FY=
Subject key identifier:   68:D6:3F:B9:D8:D4:8F:07:89:5C:F3:89:A8:A9:0B:B1:25:10:40:49
Certificate issuer:       /CN=72cc24221420b75f95edb9ceba1f7738fa17379e
Certificate serial:       019D14DB4CB94251C0273AF36D807A515B15
Authority key identifier: 72:CC:24:22:14:20:B7:5F:95:ED:B9:CE:BA:1F:77:38:FA:17:37:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cswkIhQgt1-V7bnOuh93OPoXN54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/aNY_udjUjweJXPOJqKkLsSUQQEk.roa
Signing time:             Sun 22 Mar 2026 09:23:29 +0000
ROA not before:           Sun 22 Mar 2026 09:23:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49592
IP address blocks:        157.173.4.0/23 maxlen: 23
                          157.173.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/cswkIhQgt1-V7bnOuh93OPoXN54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/cswkIhQgt1-V7bnOuh93OPoXN54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cswkIhQgt1-V7bnOuh93OPoXN54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 25 Mar 2026 06:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:14:db:4c:b9:42:51:c0:27:3a:f3:6d:80:7a:51:5b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72cc24221420b75f95edb9ceba1f7738fa17379e
        Validity
            Not Before: Mar 22 09:23:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68d63fb9d8d48f07895cf389a8a90bb125104049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b9:fe:63:28:58:f5:bb:26:fd:2e:4f:34:e6:
                    54:0a:6f:3a:23:0e:87:44:02:6e:8e:f3:f7:c1:12:
                    07:b2:4b:c7:9c:b2:12:be:e6:9b:9c:9a:6b:4f:b1:
                    c6:ca:53:9d:a6:12:d5:9d:cd:6c:2d:08:ac:dc:8e:
                    33:e1:64:a4:12:5f:cb:7e:8e:bd:87:d4:f7:56:09:
                    01:f3:99:c3:08:c6:2a:c5:31:e8:5b:04:fe:6c:92:
                    e8:b0:11:46:2b:11:8c:0a:fb:d8:15:c6:98:ba:7a:
                    89:e2:ce:ad:6f:1a:48:19:bd:37:cd:ac:ec:86:75:
                    0a:92:13:08:3c:83:6e:80:28:4a:35:ae:9b:fc:02:
                    c6:17:af:af:53:49:a0:16:14:f1:a5:50:75:86:45:
                    88:c0:db:3f:92:6b:b5:18:00:5a:98:bc:1d:f6:3f:
                    62:4d:67:2a:c6:30:65:90:9a:4c:4e:20:3d:aa:ff:
                    a4:4d:74:6e:33:e6:1d:1e:3d:5e:a5:22:0f:f9:22:
                    02:3a:9d:c8:5f:aa:5f:7e:ec:75:06:9a:d3:ea:8a:
                    79:58:39:cf:cc:46:0b:36:b7:90:35:34:1e:da:a8:
                    d7:f6:b6:d9:62:29:bd:b8:61:6a:ab:a2:5e:06:af:
                    80:d7:30:7c:dc:cf:7d:4b:06:7e:58:ad:11:e7:82:
                    50:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D6:3F:B9:D8:D4:8F:07:89:5C:F3:89:A8:A9:0B:B1:25:10:40:49
            X509v3 Authority Key Identifier:
                keyid:72:CC:24:22:14:20:B7:5F:95:ED:B9:CE:BA:1F:77:38:FA:17:37:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cswkIhQgt1-V7bnOuh93OPoXN54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/aNY_udjUjweJXPOJqKkLsSUQQEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/cswkIhQgt1-V7bnOuh93OPoXN54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.173.4.0/23
                  157.173.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:2e:35:aa:44:56:06:f6:39:53:fa:b7:3e:57:54:f8:53:ff:
         5d:4e:30:9a:2d:b1:8d:dc:56:37:63:8e:5c:9b:62:0d:05:bc:
         41:4b:e1:95:37:40:25:0c:9d:40:ad:f5:d7:d9:b7:b0:7e:24:
         48:2a:ae:d0:05:62:f4:75:6c:5a:b1:75:7b:f7:0c:35:10:11:
         f1:6d:77:c2:29:03:c4:14:54:bf:77:8d:4a:22:a9:72:06:5f:
         5c:ad:60:10:a7:48:a3:d1:49:10:a8:1c:c1:75:af:4a:d9:15:
         f1:75:4b:cc:04:01:11:4b:cd:a9:63:2a:b6:cf:ea:97:50:f5:
         01:63:25:01:0f:b1:4b:03:59:b3:70:8b:a6:e8:e3:25:35:43:
         28:59:f4:96:db:ff:6e:2a:38:88:d7:e6:b2:cf:03:bc:71:36:
         ff:e1:d2:f3:3b:53:0a:00:e1:1a:8e:3c:8c:f0:ba:fa:04:e2:
         d9:c5:0c:72:9b:fa:65:32:0c:7c:7d:69:60:81:f4:d4:1f:91:
         53:fe:72:1f:3b:b0:84:c4:d7:9b:3f:cb:88:ee:b0:d3:41:79:
         c3:07:0d:c7:7b:e4:b8:21:cb:9a:cc:34:09:70:97:4b:b4:31:
         a1:88:f4:74:73:d1:13:2f:8b:3a:f4:e9:1f:aa:d4:45:1a:6d:
         cc:73:0d:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0U20y5QlHAJzrzbYB6UVsVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyY2MyNDIyMTQyMGI3NWY5NWVkYjljZWJhMWY3NzM4ZmEx
NzM3OWUwHhcNMjYwMzIyMDkyMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQ2M2ZiOWQ4ZDQ4ZjA3ODk1Y2YzODlhOGE5MGJiMTI1MTA0MDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrn+YyhY9bsm/S5PNOZUCm86Iw6H
RAJujvP3wRIHskvHnLISvuabnJprT7HGylOdphLVnc1sLQis3I4z4WSkEl/Lfo69
h9T3VgkB85nDCMYqxTHoWwT+bJLosBFGKxGMCvvYFcaYunqJ4s6tbxpIGb03zazs
hnUKkhMIPINugChKNa6b/ALGF6+vU0mgFhTxpVB1hkWIwNs/kmu1GABamLwd9j9i
TWcqxjBlkJpMTiA9qv+kTXRuM+YdHj1epSIP+SICOp3IX6pffux1BprT6op5WDnP
zEYLNreQNTQe2qjX9rbZYim9uGFqq6JeBq+A1zB83M99SwZ+WK0R54JQPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGjWP7nY1I8HiVzziaipC7ElEEBJMB8GA1UdIwQY
MBaAFHLMJCIUILdfle25zrofdzj6FzeeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3N3a0loUWd0MS1WN2JuT3VoOTNPUG9YTjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iZDRkZjItYjc4MS00MzQ4LWJjNTQt
ZGIzODdjNzgwMWU4LzEvYU5ZX3VkalVqd2VKWFBPSnFLa0xzU1VRUUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iZDRkZjItYjc4MS00MzQ4LWJjNTQtZGIzODdjNzgwMWU4
LzEvY3N3a0loUWd0MS1WN2JuT3VoOTNPUG9YTjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBna0EAwQA
na0HMA0GCSqGSIb3DQEBCwUAA4IBAQB8LjWqRFYG9jlT+rc+V1T4U/9dTjCaLbGN
3FY3Y45cm2INBbxBS+GVN0AlDJ1ArfXX2bewfiRIKq7QBWL0dWxasXV79ww1EBHx
bXfCKQPEFFS/d41KIqlyBl9crWAQp0ij0UkQqBzBda9K2RXxdUvMBAERS82pYyq2
z+qXUPUBYyUBD7FLA1mzcIum6OMlNUMoWfSW2/9uKjiI1+ayzwO8cTb/4dLzO1MK
AOEajjyM8Lr6BOLZxQxym/plMgx8fWlggfTUH5FT/nIfO7CExNebP8uI7rDTQXnD
Bw3He+S4IcuazDQJcJdLtDGhiPR0c9ETL4s69OkfqtRFGm3Mcw0i
-----END CERTIFICATE-----