Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/xocX0OiZvgU5VI0um5esoBJgKGQ.roa
File:                     xocX0OiZvgU5VI0um5esoBJgKGQ.roa (raw, json)
Hash identifier:          HQ7XVQefIamerTDLvc+3clMBswKRPDgT0UO5IeEO2zo=
Subject key identifier:   C6:87:17:D0:E8:99:BE:05:39:54:8D:2E:9B:97:AC:A0:12:60:28:64
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019DAC02F102610C4A2A4F56056270D32B95
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/xocX0OiZvgU5VI0um5esoBJgKGQ.roa
Signing time:             Mon 20 Apr 2026 17:49:27 +0000
ROA not before:           Mon 20 Apr 2026 17:49:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201861
IP address blocks:        89.106.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ac:02:f1:02:61:0c:4a:2a:4f:56:05:62:70:d3:2b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 20 17:49:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c68717d0e899be0539548d2e9b97aca012602864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9d:b9:6f:11:9d:26:86:2d:31:48:79:c6:5f:
                    77:44:ed:1d:02:2d:37:72:1a:f4:bc:33:80:4d:90:
                    bd:b9:a9:62:5e:3e:aa:60:de:9b:16:a3:3b:e7:bf:
                    bd:4c:47:26:5c:ce:7a:5d:33:88:b9:46:14:d4:67:
                    5c:2f:b2:0e:10:16:28:1c:fd:b0:7a:c4:68:fc:a2:
                    d0:81:d5:c9:eb:37:8f:c2:87:42:49:80:a0:3e:9a:
                    c5:b5:a8:2f:62:9b:60:c5:14:4f:2a:9f:b9:b8:c0:
                    4c:25:69:5c:67:7c:94:9e:b8:40:86:e7:3d:69:11:
                    05:43:22:69:27:0a:9f:ba:06:7e:b2:4b:8a:7c:1d:
                    f7:3b:4e:6a:9c:21:cb:f2:86:af:33:a1:f9:46:d1:
                    76:92:07:5b:c7:fb:97:4e:f5:5f:1a:7c:79:35:aa:
                    61:71:9d:f6:9c:e7:69:fb:d1:3a:f1:1f:c5:28:ab:
                    aa:42:5a:19:4b:f1:c4:09:f7:53:87:6c:0d:43:bb:
                    b9:72:82:22:8e:b1:67:b6:f9:ec:ec:a3:cd:6f:e7:
                    09:de:51:ea:52:12:3d:ec:f0:33:3d:11:98:ac:cd:
                    db:86:00:26:52:4e:61:01:28:99:71:f1:50:32:5a:
                    96:23:5b:bb:9b:81:20:c5:8b:f2:6f:39:d2:1f:4b:
                    48:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:87:17:D0:E8:99:BE:05:39:54:8D:2E:9B:97:AC:A0:12:60:28:64
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/xocX0OiZvgU5VI0um5esoBJgKGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:f3:0f:d8:ca:bf:2f:1b:38:f9:6a:9f:2f:f4:2b:42:61:32:
         e6:d1:7b:69:72:5e:58:b6:c4:29:3d:50:94:db:96:07:1e:b2:
         28:8c:79:52:26:d6:1b:83:78:47:d2:6e:5e:c6:16:74:f3:e0:
         e9:54:f3:0e:7f:58:7b:15:42:9f:5a:ea:e3:89:43:f0:3b:26:
         a9:15:6a:b8:bf:7f:fe:7f:13:48:27:7b:7b:dd:35:99:f4:7f:
         13:3f:3e:2b:8a:fa:91:12:71:6a:a6:66:db:0a:99:e4:99:98:
         c7:d8:93:8d:61:02:5d:32:c8:d6:73:78:71:e9:03:a2:cd:53:
         9b:9b:62:58:f1:42:a0:99:dc:ca:4c:c6:7a:ef:b7:56:f9:fc:
         2c:d4:59:a9:4b:cf:df:d6:1b:c3:cc:0f:27:28:53:e3:56:7b:
         40:d1:c8:95:75:3e:74:39:e3:90:d8:bd:0e:90:c5:35:ed:8e:
         4e:08:03:88:ca:65:5c:17:61:21:57:df:23:53:a2:c8:db:80:
         94:6f:0d:7a:88:56:3f:c4:57:e6:06:3e:f1:0a:58:c8:0c:7b:
         c4:fd:cf:2a:47:03:f1:83:dd:30:ec:cb:73:5b:36:83:9e:f3:
         b7:56:79:01:88:34:f7:29:b1:e5:5f:8b:58:eb:5b:14:28:fc:
         2f:58:e0:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2sAvECYQxKKk9WBWJw0yuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDIwMTc0OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjg3MTdkMGU4OTliZTA1Mzk1NDhkMmU5Yjk3YWNhMDEyNjAyODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl525bxGdJoYtMUh5xl93RO0dAi03
chr0vDOATZC9ualiXj6qYN6bFqM757+9TEcmXM56XTOIuUYU1GdcL7IOEBYoHP2w
esRo/KLQgdXJ6zePwodCSYCgPprFtagvYptgxRRPKp+5uMBMJWlcZ3yUnrhAhuc9
aREFQyJpJwqfugZ+skuKfB33O05qnCHL8oavM6H5RtF2kgdbx/uXTvVfGnx5Naph
cZ32nOdp+9E68R/FKKuqQloZS/HECfdTh2wNQ7u5coIijrFntvns7KPNb+cJ3lHq
UhI97PAzPRGYrM3bhgAmUk5hASiZcfFQMlqWI1u7m4EgxYvybznSH0tI/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMaHF9Domb4FOVSNLpuXrKASYChkMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEveG9jWDBPaVp2Z1U1VkkwdW01ZXNvQkpnS0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWpVMA0G
CSqGSIb3DQEBCwUAA4IBAQAO8w/Yyr8vGzj5ap8v9CtCYTLm0Xtpcl5YtsQpPVCU
25YHHrIojHlSJtYbg3hH0m5exhZ08+DpVPMOf1h7FUKfWurjiUPwOyapFWq4v3/+
fxNIJ3t73TWZ9H8TPz4rivqREnFqpmbbCpnkmZjH2JONYQJdMsjWc3hx6QOizVOb
m2JY8UKgmdzKTMZ677dW+fws1FmpS8/f1hvDzA8nKFPjVntA0ciVdT50OeOQ2L0O
kMU17Y5OCAOIymVcF2EhV98jU6LI24CUbw16iFY/xFfmBj7xCljIDHvE/c8qRwPx
g90w7MtzWzaDnvO3VnkBiDT3KbHlX4tY61sUKPwvWOAy
-----END CERTIFICATE-----