Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cq67FTt7kzyloelsawgbfSET74Q.roa
File:                     cq67FTt7kzyloelsawgbfSET74Q.roa (raw, json)
Hash identifier:          GH0LI8oFCbB9nEHH1dF4wOPZfh5L/ajE7TgQXn0KUxQ=
Subject key identifier:   72:AE:BB:15:3B:7B:93:3C:A5:A1:E9:6C:6B:08:1B:7D:21:13:EF:84
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019E01798B2F78F002B41BA8BDAE3FD81BC6
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cq67FTt7kzyloelsawgbfSET74Q.roa
Signing time:             Thu 07 May 2026 08:06:43 +0000
ROA not before:           Thu 07 May 2026 08:06:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43180
IP address blocks:        2.57.241.0/24 maxlen: 24
                          31.207.4.0/24 maxlen: 24
                          167.17.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:79:8b:2f:78:f0:02:b4:1b:a8:bd:ae:3f:d8:1b:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May  7 08:06:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72aebb153b7b933ca5a1e96c6b081b7d2113ef84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a7:ea:6d:f1:b5:8c:a9:6c:0a:dc:e2:c3:17:
                    53:64:23:68:af:f7:11:91:98:ee:8d:2d:86:3a:be:
                    91:a5:2d:9f:f3:f1:ab:de:d7:38:54:28:5a:37:38:
                    57:0c:1c:dc:3b:98:e9:71:5e:2a:6a:2f:87:4d:6b:
                    76:43:29:82:f2:58:44:58:8f:82:1d:81:09:8d:1c:
                    3b:a4:19:28:86:a1:31:bb:df:35:58:9f:a0:79:90:
                    48:0e:86:5f:cc:9e:7f:94:f6:6f:d7:5a:de:0b:59:
                    77:d0:98:ab:b4:16:d1:30:74:6b:8d:11:cf:6a:8e:
                    a2:25:50:d2:2e:31:4a:29:99:10:f1:89:a1:14:7a:
                    b8:23:28:84:22:a9:47:65:87:f9:7c:ff:c3:34:b5:
                    86:17:48:63:09:51:53:ac:8f:ad:52:cb:5a:f9:1d:
                    73:82:48:11:77:11:0f:a9:3b:2e:70:c2:0f:b6:19:
                    cd:84:a6:c3:16:1d:04:fb:c4:0b:6f:2c:78:e7:01:
                    e1:28:98:74:de:6c:12:34:4b:ad:ee:61:66:10:9d:
                    8a:06:54:72:81:6b:2d:a3:81:55:0e:05:5f:24:ce:
                    ea:7c:3c:11:92:5d:00:8d:a8:97:81:36:0d:3e:2a:
                    c4:8f:ef:57:e7:20:a4:e9:cc:6f:8e:ce:03:4c:cb:
                    db:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:AE:BB:15:3B:7B:93:3C:A5:A1:E9:6C:6B:08:1B:7D:21:13:EF:84
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cq67FTt7kzyloelsawgbfSET74Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.241.0/24
                  31.207.4.0/24
                  167.17.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:1a:c4:67:6e:af:e2:96:b9:74:c3:37:09:79:3f:da:fb:f8:
         ab:5c:bc:06:53:5c:68:6b:91:93:da:ce:fe:f6:59:fc:c0:3a:
         f1:38:01:34:e5:97:ea:6f:f2:f4:21:ca:4b:6e:a1:1a:bb:ec:
         c5:c8:ff:9a:89:5f:64:fb:87:04:e0:96:88:2a:23:23:72:e1:
         11:6d:d3:e2:7c:6d:b6:42:91:7f:d2:68:5c:69:e5:cb:9a:ab:
         25:21:10:6c:e5:1b:12:09:37:07:89:f0:79:c4:61:35:2c:e6:
         5c:b1:51:4a:14:5c:31:da:11:00:3f:12:d7:d4:e7:3f:26:66:
         8f:ee:19:05:ae:4c:ad:36:e2:6c:5c:62:cf:cc:27:ad:d8:fd:
         d0:49:a5:53:fb:f1:1f:15:59:19:1e:ae:5a:45:36:9c:7c:a4:
         86:4b:87:ac:23:cd:6c:5e:bd:21:00:a0:69:86:d7:8b:9a:e5:
         4d:e3:b4:1f:fa:3d:c8:92:25:85:1a:f3:56:3e:50:d5:bd:3b:
         b0:38:81:fd:56:d1:8a:93:ac:5a:5a:30:45:ea:42:a1:4f:4e:
         b3:62:f8:c3:4f:a1:50:b2:d0:93:20:63:7c:0a:9f:f2:64:0e:
         ba:18:6a:95:e2:1d:35:c1:8b:0c:fb:ac:44:de:c8:f0:3a:f0:
         f9:5a:3a:af
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4BeYsvePACtBuova4/2BvGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNTA3MDgwNjQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmFlYmIxNTNiN2I5MzNjYTVhMWU5NmM2YjA4MWI3ZDIxMTNlZjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKfqbfG1jKlsCtziwxdTZCNor/cR
kZjujS2GOr6RpS2f8/Gr3tc4VChaNzhXDBzcO5jpcV4qai+HTWt2QymC8lhEWI+C
HYEJjRw7pBkohqExu981WJ+geZBIDoZfzJ5/lPZv11reC1l30JirtBbRMHRrjRHP
ao6iJVDSLjFKKZkQ8YmhFHq4IyiEIqlHZYf5fP/DNLWGF0hjCVFTrI+tUsta+R1z
gkgRdxEPqTsucMIPthnNhKbDFh0E+8QLbyx45wHhKJh03mwSNEut7mFmEJ2KBlRy
gWsto4FVDgVfJM7qfDwRkl0AjaiXgTYNPirEj+9X5yCk6cxvjs4DTMvbpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHKuuxU7e5M8paHpbGsIG30hE++EMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvY3E2N0ZUdDdrenlsb2Vsc2F3Z2JmU0VUNzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAjnxAwQA
H88EAwQApxEvMA0GCSqGSIb3DQEBCwUAA4IBAQB3GsRnbq/ilrl0wzcJeT/a+/ir
XLwGU1xoa5GT2s7+9ln8wDrxOAE05Zfqb/L0IcpLbqEau+zFyP+aiV9k+4cE4JaI
KiMjcuERbdPifG22QpF/0mhcaeXLmqslIRBs5RsSCTcHifB5xGE1LOZcsVFKFFwx
2hEAPxLX1Oc/JmaP7hkFrkytNuJsXGLPzCet2P3QSaVT+/EfFVkZHq5aRTacfKSG
S4esI81sXr0hAKBphteLmuVN47Qf+j3IkiWFGvNWPlDVvTuwOIH9VtGKk6xaWjBF
6kKhT06zYvjDT6FQstCTIGN8Cp/yZA66GGqV4h01wYsM+6xE3sjwOvD5Wjqv
-----END CERTIFICATE-----