Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/df0a71-989f-4052-8b38-27f31b7027bd/1/xulwkrdTClCIo8JTMQSPEZiJ5xM.roa
File:                     xulwkrdTClCIo8JTMQSPEZiJ5xM.roa (raw, json)
Hash identifier:          zBwBsovIkxRJ5sWGqQLeI9gfF8IlVwdOJj27qMN+l8w=
Subject key identifier:   C6:E9:70:92:B7:53:0A:50:88:A3:C2:53:31:04:8F:11:98:89:E7:13
Certificate issuer:       /CN=e035f882fa6eef25200b6a7d7378c285926d8c9e
Certificate serial:       019DDDA4F80D819FE2C1C4C24C4CDCC72D80
Authority key identifier: E0:35:F8:82:FA:6E:EF:25:20:0B:6A:7D:73:78:C2:85:92:6D:8C:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4DX4gvpu7yUgC2p9c3jChZJtjJ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/df0a71-989f-4052-8b38-27f31b7027bd/1/xulwkrdTClCIo8JTMQSPEZiJ5xM.roa
Signing time:             Thu 30 Apr 2026 09:07:49 +0000
ROA not before:           Thu 30 Apr 2026 09:07:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202575
IP address blocks:        150.237.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/df0a71-989f-4052-8b38-27f31b7027bd/1/4DX4gvpu7yUgC2p9c3jChZJtjJ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/df0a71-989f-4052-8b38-27f31b7027bd/1/4DX4gvpu7yUgC2p9c3jChZJtjJ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4DX4gvpu7yUgC2p9c3jChZJtjJ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:dd:a4:f8:0d:81:9f:e2:c1:c4:c2:4c:4c:dc:c7:2d:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e035f882fa6eef25200b6a7d7378c285926d8c9e
        Validity
            Not Before: Apr 30 09:07:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6e97092b7530a5088a3c25331048f119889e713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:79:ca:fe:84:97:ff:36:f4:45:f3:8b:c8:04:
                    a4:4d:9b:2d:7f:6b:ec:a1:23:7c:69:ca:d7:7c:95:
                    7a:9c:27:01:f4:b7:fb:b0:82:ef:f9:76:31:cf:1f:
                    7d:dd:f0:5b:78:22:83:08:66:a8:cf:43:93:ba:d3:
                    c5:97:76:c4:66:64:f2:c1:ef:88:58:79:ae:09:28:
                    5c:b0:7d:74:5e:04:1c:cc:9c:14:bc:ce:22:06:64:
                    11:f2:20:68:db:87:df:c3:34:35:c6:80:6a:3a:43:
                    1b:70:fe:59:f0:91:00:ae:02:73:83:87:ed:55:97:
                    a2:a2:33:9a:db:67:bc:d2:b0:f6:8c:81:3b:62:f5:
                    55:ba:87:d7:49:c6:fc:a9:b2:c1:bb:e2:48:44:7d:
                    1d:1a:12:0b:82:5e:96:b1:53:db:d2:3c:e4:9f:64:
                    78:5c:0c:6e:8b:34:61:a5:44:83:93:53:ba:41:1c:
                    2d:13:ca:fc:54:88:c9:6e:5c:63:ed:f7:c3:df:88:
                    94:80:1f:f2:46:c1:f9:91:82:93:fc:1d:94:32:0a:
                    63:70:c4:65:72:a8:cd:24:65:22:85:51:24:b4:7f:
                    a2:bd:9f:35:03:3c:f9:c5:92:ac:f9:b8:e4:48:33:
                    fb:84:3f:68:51:a9:e1:32:64:6e:7f:9f:9e:ea:2a:
                    5e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E9:70:92:B7:53:0A:50:88:A3:C2:53:31:04:8F:11:98:89:E7:13
            X509v3 Authority Key Identifier:
                keyid:E0:35:F8:82:FA:6E:EF:25:20:0B:6A:7D:73:78:C2:85:92:6D:8C:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4DX4gvpu7yUgC2p9c3jChZJtjJ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/df0a71-989f-4052-8b38-27f31b7027bd/1/xulwkrdTClCIo8JTMQSPEZiJ5xM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/df0a71-989f-4052-8b38-27f31b7027bd/1/4DX4gvpu7yUgC2p9c3jChZJtjJ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.237.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a5:50:46:b8:89:1c:df:da:91:0f:19:dc:71:30:f8:ae:4c:30:
         c3:f1:7a:65:24:8b:d1:2f:20:5e:ec:15:cb:81:57:da:5d:dd:
         a4:05:df:d9:73:7a:08:2a:d5:82:12:8a:dc:96:ed:58:53:99:
         d4:b1:77:68:ca:5a:f1:d6:97:0a:a3:ab:6b:ab:90:31:0c:ba:
         d8:de:32:61:ed:a8:d7:e0:a2:f3:1d:b7:be:5c:01:7b:ac:03:
         00:51:76:2c:fc:32:1a:88:48:ab:04:2b:ca:d8:c3:08:c1:df:
         cc:1a:cf:93:d8:12:97:ce:bd:53:da:26:9f:1b:13:00:7e:ce:
         18:bf:61:51:50:33:be:f3:29:b0:e6:17:40:7b:ad:70:97:2d:
         b1:cd:22:1a:6e:71:68:40:03:0c:f9:28:f5:de:1a:19:8b:89:
         66:fb:4d:29:a8:75:61:18:1a:07:7f:51:bb:5f:66:c0:14:82:
         03:9a:f1:f9:47:ff:21:a1:ae:ec:f0:2d:6c:86:18:28:1c:4d:
         f4:26:bf:51:13:38:5d:37:b8:8d:3a:cb:9b:1a:41:2e:25:ae:
         1a:28:5a:a7:e9:99:be:f0:da:b6:4e:40:f4:a4:e9:0b:6e:5e:
         13:de:07:5f:9f:ae:b6:15:7a:ae:a8:93:86:84:b5:d2:82:d8:
         f0:25:ac:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3dpPgNgZ/iwcTCTEzcxy2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwMzVmODgyZmE2ZWVmMjUyMDBiNmE3ZDczNzhjMjg1OTI2
ZDhjOWUwHhcNMjYwNDMwMDkwNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmU5NzA5MmI3NTMwYTUwODhhM2MyNTMzMTA0OGYxMTk4ODllNzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nnK/oSX/zb0RfOLyASkTZstf2vs
oSN8acrXfJV6nCcB9Lf7sILv+XYxzx993fBbeCKDCGaoz0OTutPFl3bEZmTywe+I
WHmuCShcsH10XgQczJwUvM4iBmQR8iBo24ffwzQ1xoBqOkMbcP5Z8JEArgJzg4ft
VZeiojOa22e80rD2jIE7YvVVuofXScb8qbLBu+JIRH0dGhILgl6WsVPb0jzkn2R4
XAxuizRhpUSDk1O6QRwtE8r8VIjJblxj7ffD34iUgB/yRsH5kYKT/B2UMgpjcMRl
cqjNJGUihVEktH+ivZ81Azz5xZKs+bjkSDP7hD9oUanhMmRuf5+e6ipebQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbpcJK3UwpQiKPCUzEEjxGYiecTMB8GA1UdIwQY
MBaAFOA1+IL6bu8lIAtqfXN4woWSbYyeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNERYNGd2cHU3eVVnQzJwOWMzakNoWkp0ako0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kZjBhNzEtOTg5Zi00MDUyLThiMzgt
MjdmMzFiNzAyN2JkLzEveHVsd2tyZFRDbENJbzhKVE1RU1BFWmlKNXhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kZjBhNzEtOTg5Zi00MDUyLThiMzgtMjdmMzFiNzAyN2Jk
LzEvNERYNGd2cHU3eVVnQzJwOWMzakNoWkp0ako0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQElu0AMA0G
CSqGSIb3DQEBCwUAA4IBAQClUEa4iRzf2pEPGdxxMPiuTDDD8XplJIvRLyBe7BXL
gVfaXd2kBd/Zc3oIKtWCEorclu1YU5nUsXdoylrx1pcKo6trq5AxDLrY3jJh7ajX
4KLzHbe+XAF7rAMAUXYs/DIaiEirBCvK2MMIwd/MGs+T2BKXzr1T2iafGxMAfs4Y
v2FRUDO+8ymw5hdAe61wly2xzSIabnFoQAMM+Sj13hoZi4lm+00pqHVhGBoHf1G7
X2bAFIIDmvH5R/8hoa7s8C1shhgoHE30Jr9REzhdN7iNOsubGkEuJa4aKFqn6Zm+
8Nq2TkD0pOkLbl4T3gdfn662FXquqJOGhLXSgtjwJaxd
-----END CERTIFICATE-----