Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/AgkXsoN89D1C4BazwPZPR0YBvYc.roa
File:                     AgkXsoN89D1C4BazwPZPR0YBvYc.roa (raw, json)
Hash identifier:          hLWJJQxnTtxF1AtdFoZo5bzi68Rr7lSXuZ16vwGsXic=
Subject key identifier:   02:09:17:B2:83:7C:F4:3D:42:E0:16:B3:C0:F6:4F:47:46:01:BD:87
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E0B7106DBFBB22C7503BB14540C370064
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/AgkXsoN89D1C4BazwPZPR0YBvYc.roa
Signing time:             Sat 09 May 2026 06:33:37 +0000
ROA not before:           Sat 09 May 2026 06:33:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58065
IP address blocks:        158.173.210.0/24 maxlen: 24
                          212.32.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 16:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0b:71:06:db:fb:b2:2c:75:03:bb:14:54:0c:37:00:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May  9 06:33:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=020917b2837cf43d42e016b3c0f64f474601bd87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d7:2e:b2:34:84:62:18:0b:68:8f:7f:dc:9a:
                    f1:c0:96:d6:68:7c:dc:ae:8b:1e:e0:49:ee:02:69:
                    90:32:46:89:47:9c:f4:b9:06:4a:b4:28:d1:81:63:
                    a0:70:0b:37:b6:8f:c3:82:d7:b1:35:2a:f6:83:e8:
                    bf:ac:d8:c6:6c:54:b1:b8:42:b1:29:65:0e:be:82:
                    1d:6d:97:67:bb:80:41:f7:99:e6:0e:7a:b1:32:7a:
                    33:02:f8:60:6d:2e:45:ed:f5:c9:2d:9a:75:3a:14:
                    88:3f:23:d8:09:61:8d:90:50:e7:db:51:7b:c4:17:
                    33:4a:bb:d6:7d:4b:ac:7e:64:f0:0a:fa:59:90:b8:
                    75:07:7a:25:d1:d6:47:81:27:3b:cf:61:a6:17:da:
                    bb:0d:8f:40:e2:72:45:1f:ab:5d:dd:08:ca:a4:e5:
                    7c:ac:a6:69:63:12:06:24:c4:6c:07:0f:3d:6f:c3:
                    d2:56:da:a5:cd:9a:63:ab:a8:28:1b:db:8b:46:6d:
                    01:57:28:fa:72:8f:7f:7e:b4:1a:1f:14:a9:b5:72:
                    d4:77:17:f6:3b:c5:73:b5:10:a0:67:d4:34:31:50:
                    c2:cf:9b:84:45:d8:81:78:fb:c8:5c:70:32:3b:4e:
                    8b:7c:d9:dd:73:be:86:2f:13:03:ed:77:88:4f:ff:
                    b5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:09:17:B2:83:7C:F4:3D:42:E0:16:B3:C0:F6:4F:47:46:01:BD:87
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/AgkXsoN89D1C4BazwPZPR0YBvYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.210.0/24
                  212.32.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:75:e4:61:8d:54:e6:19:35:1d:a6:99:be:d3:47:5a:f2:1f:
         99:99:03:42:ee:de:50:46:f6:18:26:f0:22:b4:91:4a:ad:50:
         3a:be:f2:ab:83:95:32:f9:5d:b4:3c:b2:eb:a7:d7:86:1a:74:
         33:1f:e7:0a:d0:6d:6c:12:90:8e:45:5d:c9:ae:5d:3a:34:45:
         6c:2e:f4:d2:ab:14:05:7a:2d:d4:88:35:d8:90:3e:37:97:72:
         20:42:4d:bd:6c:a1:54:8b:d3:7e:dc:38:ec:04:f1:a7:bf:7c:
         e5:1b:c2:89:74:cf:e2:43:c0:d5:76:d0:63:44:7b:fa:01:3d:
         88:ce:4e:56:73:47:8a:7c:3f:06:2f:7b:32:fc:e3:bc:f8:6a:
         21:f3:f9:2d:fb:90:4d:e5:48:36:9c:ef:26:bb:b0:2a:e6:8d:
         13:a3:2b:53:6e:e7:8b:2f:4c:82:80:38:93:d3:12:5e:7d:fd:
         14:fd:af:48:99:cb:e3:f7:44:7e:34:29:60:17:93:22:e6:68:
         19:33:e0:aa:6e:b0:81:fd:3c:be:9e:2a:5f:d6:8e:8d:a7:6f:
         54:cd:0b:27:d4:e9:b1:6c:d9:68:d1:ed:c5:ed:ea:18:5f:ec:
         16:97:cd:9a:37:2c:77:d1:53:b2:3f:33:2d:53:17:5f:46:05:
         b4:c8:3c:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4LcQbb+7IsdQO7FFQMNwBkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTA5MDYzMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjA5MTdiMjgzN2NmNDNkNDJlMDE2YjNjMGY2NGY0NzQ2MDFiZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9cusjSEYhgLaI9/3JrxwJbWaHzc
rose4EnuAmmQMkaJR5z0uQZKtCjRgWOgcAs3to/DgtexNSr2g+i/rNjGbFSxuEKx
KWUOvoIdbZdnu4BB95nmDnqxMnozAvhgbS5F7fXJLZp1OhSIPyPYCWGNkFDn21F7
xBczSrvWfUusfmTwCvpZkLh1B3ol0dZHgSc7z2GmF9q7DY9A4nJFH6td3QjKpOV8
rKZpYxIGJMRsBw89b8PSVtqlzZpjq6goG9uLRm0BVyj6co9/frQaHxSptXLUdxf2
O8VztRCgZ9Q0MVDCz5uERdiBePvIXHAyO06LfNndc76GLxMD7XeIT/+1sQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAIJF7KDfPQ9QuAWs8D2T0dGAb2HMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvQWdrWHNvTjg5RDFDNEJhendQWlBSMFlCdlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAnq3SAwQA
1CBLMA0GCSqGSIb3DQEBCwUAA4IBAQApdeRhjVTmGTUdppm+00da8h+ZmQNC7t5Q
RvYYJvAitJFKrVA6vvKrg5Uy+V20PLLrp9eGGnQzH+cK0G1sEpCORV3Jrl06NEVs
LvTSqxQFei3UiDXYkD43l3IgQk29bKFUi9N+3DjsBPGnv3zlG8KJdM/iQ8DVdtBj
RHv6AT2Izk5Wc0eKfD8GL3sy/OO8+Goh8/kt+5BN5Ug2nO8mu7Aq5o0ToytTbueL
L0yCgDiT0xJeff0U/a9Imcvj90R+NClgF5Mi5mgZM+CqbrCB/Ty+nipf1o6Np29U
zQsn1OmxbNlo0e3F7eoYX+wWl82aNyx30VOyPzMtUxdfRgW0yDxZ
-----END CERTIFICATE-----