Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/AXyzBE0tybxRg9_jdKm4jNHR7bw.roa
File:                     AXyzBE0tybxRg9_jdKm4jNHR7bw.roa (raw, json)
Hash identifier:          nfQgADgYeSKYxfzdRmUnB0z2SSRcFjYrl/PLdcFMeDw=
Subject key identifier:   01:7C:B3:04:4D:2D:C9:BC:51:83:DF:E3:74:A9:B8:8C:D1:D1:ED:BC
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019DB3E2EE337872DCB30862757760720BE4
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/AXyzBE0tybxRg9_jdKm4jNHR7bw.roa
Signing time:             Wed 22 Apr 2026 06:31:26 +0000
ROA not before:           Wed 22 Apr 2026 06:31:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        85.232.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:e2:ee:33:78:72:dc:b3:08:62:75:77:60:72:0b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: Apr 22 06:31:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=017cb3044d2dc9bc5183dfe374a9b88cd1d1edbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4e:d3:1c:6d:87:ef:f4:37:10:13:5d:b9:da:
                    3f:bb:32:9f:d1:6d:11:5b:91:1e:27:ce:00:a1:26:
                    eb:7d:bd:a6:ed:a6:97:5c:f7:cb:23:93:05:07:ac:
                    51:f4:17:55:22:3a:b5:01:33:ad:99:76:c0:b0:71:
                    20:f6:3e:74:b4:11:e9:b7:ef:2b:0c:a0:54:a6:ba:
                    23:28:6c:47:81:b1:b7:2d:4c:3a:66:af:2f:b5:ab:
                    41:50:e9:cb:83:9a:00:5d:c6:81:b8:6b:17:9f:60:
                    c5:39:c7:56:1c:af:0e:fd:9b:78:cf:78:59:cf:05:
                    b1:06:0f:67:ac:7b:de:7d:17:a5:56:43:2c:7a:4c:
                    8b:7b:fa:83:ad:a4:53:e1:ac:3c:5e:b4:52:91:c6:
                    ba:c2:5f:09:4d:d6:33:b2:cf:09:12:11:a1:2d:86:
                    64:05:3d:b6:14:af:c1:3f:a7:b5:2f:37:5b:25:e3:
                    6f:ec:5b:a3:2f:09:43:57:6a:7a:2b:74:88:0c:fa:
                    f2:7c:cc:c7:a1:71:5b:c2:9e:ac:89:99:51:f5:5e:
                    3c:f1:7e:b7:a9:ce:f4:ae:ca:3e:98:25:b8:d3:a6:
                    78:76:39:c8:13:db:11:86:80:1d:92:df:45:ae:8e:
                    93:3c:42:d5:8f:12:70:b3:c1:1c:c9:fd:ea:ee:80:
                    84:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:7C:B3:04:4D:2D:C9:BC:51:83:DF:E3:74:A9:B8:8C:D1:D1:ED:BC
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/AXyzBE0tybxRg9_jdKm4jNHR7bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a6:f3:04:51:cd:79:30:30:13:52:17:ef:3f:19:5e:f8:6f:7f:
         a6:a1:34:ea:19:cc:48:53:df:62:e6:d9:a9:21:31:e5:53:44:
         3a:a9:cc:a1:0f:63:a0:01:a9:ab:da:05:5c:ed:59:d5:09:3e:
         0b:aa:14:29:27:f5:b4:87:f0:9b:3e:85:0e:12:cf:92:90:e4:
         3e:d2:8b:a9:1c:c6:2e:f4:7d:cf:79:b5:c5:67:f1:ad:85:c9:
         6c:06:20:8b:4c:88:b1:2a:19:20:c1:aa:54:a8:0f:02:98:ca:
         ce:d9:f7:22:62:8c:e6:26:52:27:d4:50:eb:47:d3:f4:a8:69:
         b2:a1:2c:08:89:42:21:57:00:26:8d:e8:f8:ad:41:a9:7a:d3:
         fd:bd:15:5e:77:96:f8:fc:69:d2:de:05:2a:52:39:ff:74:c8:
         c8:72:d2:91:63:57:49:fc:8a:64:b6:8b:ed:73:14:ee:ba:bc:
         49:c2:3b:be:43:33:27:c5:fb:17:85:f4:b2:1b:6d:86:ec:67:
         c8:9c:a5:13:bc:ad:25:b2:92:24:a5:bf:9f:d1:1b:ea:43:f6:
         fa:20:5c:31:7a:5c:69:6f:76:dd:67:45:a9:7d:9f:ec:b4:db:
         d7:73:c3:82:e0:7f:7e:ca:af:d1:84:66:ea:60:a5:5b:12:71:
         9d:16:84:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2z4u4zeHLcswhidXdgcgvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNDIyMDYzMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTdjYjMwNDRkMmRjOWJjNTE4M2RmZTM3NGE5Yjg4Y2QxZDFlZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtE7THG2H7/Q3EBNdudo/uzKf0W0R
W5EeJ84AoSbrfb2m7aaXXPfLI5MFB6xR9BdVIjq1ATOtmXbAsHEg9j50tBHpt+8r
DKBUprojKGxHgbG3LUw6Zq8vtatBUOnLg5oAXcaBuGsXn2DFOcdWHK8O/Zt4z3hZ
zwWxBg9nrHvefRelVkMsekyLe/qDraRT4aw8XrRSkca6wl8JTdYzss8JEhGhLYZk
BT22FK/BP6e1LzdbJeNv7FujLwlDV2p6K3SIDPryfMzHoXFbwp6siZlR9V488X63
qc70rso+mCW406Z4djnIE9sRhoAdkt9Fro6TPELVjxJws8Ecyf3q7oCEmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAF8swRNLcm8UYPf43SpuIzR0e28MB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvQVh5ekJFMHR5YnhSZzlfamRLbTRqTkhSN2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVeigMA0G
CSqGSIb3DQEBCwUAA4IBAQCm8wRRzXkwMBNSF+8/GV74b3+moTTqGcxIU99i5tmp
ITHlU0Q6qcyhD2OgAamr2gVc7VnVCT4LqhQpJ/W0h/CbPoUOEs+SkOQ+0oupHMYu
9H3PebXFZ/GthclsBiCLTIixKhkgwapUqA8CmMrO2fciYozmJlIn1FDrR9P0qGmy
oSwIiUIhVwAmjej4rUGpetP9vRVed5b4/GnS3gUqUjn/dMjIctKRY1dJ/Ipktovt
cxTuurxJwju+QzMnxfsXhfSyG22G7GfInKUTvK0lspIkpb+f0RvqQ/b6IFwxelxp
b3bdZ0WpfZ/stNvXc8OC4H9+yq/RhGbqYKVbEnGdFoQO
-----END CERTIFICATE-----