Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b62a95-b43d-4f1f-8ef4-9a321ffc2eef/1/A0WxIMRMNMclEvt4ndusa1g2IhE.roa
File:                     A0WxIMRMNMclEvt4ndusa1g2IhE.roa (raw, json)
Hash identifier:          szMuq8++oIkroMPNyvWtoJIXZcpNBA4TyVyyn0tkBCA=
Subject key identifier:   03:45:B1:20:C4:4C:34:C7:25:12:FB:78:9D:DB:AC:6B:58:36:22:11
Certificate issuer:       /CN=2b58895beef87b55030079112d4ab17d93c98a20
Certificate serial:       019B77C6E82872DBFC0B15CC68D958A04EB7
Authority key identifier: 2B:58:89:5B:EE:F8:7B:55:03:00:79:11:2D:4A:B1:7D:93:C9:8A:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K1iJW-74e1UDAHkRLUqxfZPJiiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b62a95-b43d-4f1f-8ef4-9a321ffc2eef/1/A0WxIMRMNMclEvt4ndusa1g2IhE.roa
Signing time:             Thu 01 Jan 2026 04:18:02 +0000
ROA not before:           Thu 01 Jan 2026 04:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203595
IP address blocks:        74.122.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b62a95-b43d-4f1f-8ef4-9a321ffc2eef/1/K1iJW-74e1UDAHkRLUqxfZPJiiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b62a95-b43d-4f1f-8ef4-9a321ffc2eef/1/K1iJW-74e1UDAHkRLUqxfZPJiiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K1iJW-74e1UDAHkRLUqxfZPJiiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:e8:28:72:db:fc:0b:15:cc:68:d9:58:a0:4e:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b58895beef87b55030079112d4ab17d93c98a20
        Validity
            Not Before: Jan  1 04:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0345b120c44c34c72512fb789ddbac6b58362211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2a:d8:70:f0:83:bf:6e:ce:43:29:2d:30:3f:
                    98:51:cc:4e:e3:62:f9:77:cb:77:14:6b:64:a7:d7:
                    e8:9d:31:5d:af:82:f9:ef:ea:8a:ad:85:a2:c0:c9:
                    ec:c9:57:a8:d7:9b:1e:df:60:5c:8b:87:28:73:93:
                    aa:1b:2b:07:36:75:04:8b:f9:21:1f:bf:9d:91:c6:
                    29:92:ed:bc:fa:70:00:02:19:c4:7b:5c:06:16:5d:
                    62:3a:bf:6f:a8:8e:5d:04:f7:26:44:42:21:7d:15:
                    b0:77:1e:02:6b:f5:e5:4a:30:67:ae:11:61:14:39:
                    6a:64:4b:b2:12:78:a2:a1:39:39:cb:ee:93:b9:ca:
                    5c:94:f6:77:ce:9e:22:00:0c:e8:f0:a6:24:d8:8b:
                    aa:b2:63:ef:09:4b:9b:59:3c:12:b5:bf:31:46:08:
                    1d:dc:0f:f7:a1:df:8a:cc:b3:e9:66:d4:48:97:30:
                    b6:ee:24:33:57:f2:1e:17:f8:4e:26:80:c1:c4:59:
                    20:7a:c2:89:18:44:6e:6f:b1:12:3f:f1:46:04:4a:
                    ef:25:f9:4a:55:f2:7b:9b:4f:87:b4:c8:bc:8f:4d:
                    d3:df:4f:17:a7:c5:a5:ce:96:a4:07:f8:b5:32:35:
                    2f:3d:37:8f:c8:58:49:c6:b4:d2:22:1a:93:3b:ea:
                    ef:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:45:B1:20:C4:4C:34:C7:25:12:FB:78:9D:DB:AC:6B:58:36:22:11
            X509v3 Authority Key Identifier:
                keyid:2B:58:89:5B:EE:F8:7B:55:03:00:79:11:2D:4A:B1:7D:93:C9:8A:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K1iJW-74e1UDAHkRLUqxfZPJiiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b62a95-b43d-4f1f-8ef4-9a321ffc2eef/1/A0WxIMRMNMclEvt4ndusa1g2IhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b62a95-b43d-4f1f-8ef4-9a321ffc2eef/1/K1iJW-74e1UDAHkRLUqxfZPJiiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.122.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:bd:ce:aa:49:c5:a3:55:2a:ce:9f:c7:42:06:0e:b9:38:72:
         e4:76:9f:ac:a9:b0:3c:a3:e4:76:6d:c9:44:a5:63:2f:21:d3:
         d0:76:8a:44:54:d4:20:96:13:d2:aa:a4:46:f5:49:c5:bd:b1:
         f4:a6:a1:42:1e:65:1d:e5:c2:20:78:82:66:3c:d0:f4:88:fd:
         83:05:ab:93:1c:9d:6c:a5:08:00:0f:0e:2c:b8:25:84:a3:15:
         47:dc:2e:b0:93:d4:f9:82:ae:94:57:5d:39:7c:d9:5f:1c:51:
         8e:2e:37:3c:bc:b3:be:3c:f0:bc:47:aa:76:b9:ca:57:87:c2:
         d5:c5:2b:01:7a:52:2b:b1:09:c8:ea:29:46:66:c9:d0:16:b4:
         29:9a:57:40:3e:ea:78:cf:e6:ec:8e:36:ee:f6:80:bc:3c:48:
         ad:fb:d2:07:1a:ab:26:eb:e4:89:81:47:0f:a1:05:90:88:92:
         04:a0:7e:04:fc:63:9b:05:b0:7b:b4:88:ed:d0:61:18:d2:01:
         2c:98:9b:b1:cc:50:56:95:ec:b0:5e:85:6b:28:bb:ac:1a:92:
         49:64:c1:14:ae:99:61:0e:c6:f2:88:55:34:f0:30:3f:70:11:
         67:0f:05:6e:43:b2:04:6e:7d:d9:d1:92:4e:49:70:f2:7f:97:
         9a:50:29:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xugoctv8CxXMaNlYoE63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNTg4OTViZWVmODdiNTUwMzAwNzkxMTJkNGFiMTdkOTNj
OThhMjAwHhcNMjYwMTAxMDQxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzQ1YjEyMGM0NGMzNGM3MjUxMmZiNzg5ZGRiYWM2YjU4MzYyMjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArirYcPCDv27OQyktMD+YUcxO42L5
d8t3FGtkp9fonTFdr4L57+qKrYWiwMnsyVeo15se32Bci4coc5OqGysHNnUEi/kh
H7+dkcYpku28+nAAAhnEe1wGFl1iOr9vqI5dBPcmREIhfRWwdx4Ca/XlSjBnrhFh
FDlqZEuyEniioTk5y+6TucpclPZ3zp4iAAzo8KYk2IuqsmPvCUubWTwStb8xRggd
3A/3od+KzLPpZtRIlzC27iQzV/IeF/hOJoDBxFkgesKJGERub7ESP/FGBErvJflK
VfJ7m0+HtMi8j03T308Xp8WlzpakB/i1MjUvPTePyFhJxrTSIhqTO+rv8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANFsSDETDTHJRL7eJ3brGtYNiIRMB8GA1UdIwQY
MBaAFCtYiVvu+HtVAwB5ES1KsX2TyYogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzFpSlctNzRlMVVEQUhrUkxVcXhmWlBKaWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iNjJhOTUtYjQzZC00ZjFmLThlZjQt
OWEzMjFmZmMyZWVmLzEvQTBXeElNUk1OTWNsRXZ0NG5kdXNhMWcySWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iNjJhOTUtYjQzZC00ZjFmLThlZjQtOWEzMjFmZmMyZWVm
LzEvSzFpSlctNzRlMVVEQUhrUkxVcXhmWlBKaWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQASnruMA0G
CSqGSIb3DQEBCwUAA4IBAQCXvc6qScWjVSrOn8dCBg65OHLkdp+sqbA8o+R2bclE
pWMvIdPQdopEVNQglhPSqqRG9UnFvbH0pqFCHmUd5cIgeIJmPND0iP2DBauTHJ1s
pQgADw4suCWEoxVH3C6wk9T5gq6UV105fNlfHFGOLjc8vLO+PPC8R6p2ucpXh8LV
xSsBelIrsQnI6ilGZsnQFrQpmldAPup4z+bsjjbu9oC8PEit+9IHGqsm6+SJgUcP
oQWQiJIEoH4E/GObBbB7tIjt0GEY0gEsmJuxzFBWleywXoVrKLusGpJJZMEUrplh
DsbyiFU08DA/cBFnDwVuQ7IEbn3Z0ZJOSXDyf5eaUClQ
-----END CERTIFICATE-----