Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/X7CBYKuwZavOmFbf8xJJDhABAJ4.roa
File:                     X7CBYKuwZavOmFbf8xJJDhABAJ4.roa (raw, json)
Hash identifier:          XXFExiGUxJHCf32+M8YXjA/DO0qOOWZKBpQs4MlsYQo=
Subject key identifier:   5F:B0:81:60:AB:B0:65:AB:CE:98:56:DF:F3:12:49:0E:10:01:00:9E
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019E157DA73351B158B6102DB875CB8A6CFF
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/X7CBYKuwZavOmFbf8xJJDhABAJ4.roa
Signing time:             Mon 11 May 2026 05:23:36 +0000
ROA not before:           Mon 11 May 2026 05:23:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4766
IP address blocks:        85.232.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:7d:a7:33:51:b1:58:b6:10:2d:b8:75:cb:8a:6c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: May 11 05:23:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fb08160abb065abce9856dff312490e1001009e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c7:79:8e:43:7a:98:7b:2a:f4:d9:8a:93:51:
                    a2:16:cb:0e:6f:90:fb:67:f7:a5:2b:53:34:8a:5e:
                    bb:b4:33:e6:66:53:52:3a:a2:99:28:87:6e:d1:e2:
                    f0:98:3f:5c:ff:43:26:b1:39:94:80:a7:6b:fe:e5:
                    60:bc:f6:b0:c6:eb:d1:52:c4:5d:44:b9:41:52:00:
                    a0:77:c9:77:b6:15:c9:78:f1:10:26:30:8c:bd:da:
                    d1:17:0d:0f:6b:18:fd:d4:2a:99:ea:ef:dc:d3:d1:
                    80:9b:bd:42:73:89:65:af:2e:1a:a6:2b:b9:8a:71:
                    1c:cd:38:45:46:2c:7d:d0:34:5c:93:9e:e9:ac:ce:
                    19:21:de:9c:c6:d4:e7:65:9c:b6:2a:10:f1:d5:82:
                    d5:99:20:75:d1:b0:e3:9f:09:38:b4:86:1f:c7:61:
                    60:41:71:d4:52:f4:22:c7:eb:0b:07:66:f9:b2:80:
                    e4:41:81:72:b5:55:17:64:d6:17:fa:33:93:a2:4f:
                    bd:d4:5d:74:54:ea:0e:6a:d3:69:8c:c9:e3:e1:a7:
                    99:07:5d:2c:90:23:c3:ed:ea:53:b3:8d:28:e3:71:
                    eb:5d:b4:28:97:44:8e:c0:bf:0c:d9:cd:41:30:9d:
                    f0:61:ff:0f:e4:eb:98:aa:15:fd:8b:04:93:9b:ef:
                    b0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B0:81:60:AB:B0:65:AB:CE:98:56:DF:F3:12:49:0E:10:01:00:9E
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/X7CBYKuwZavOmFbf8xJJDhABAJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:0e:b2:34:93:68:23:b2:86:36:21:27:54:4e:6f:d1:e6:5d:
         30:8b:92:86:39:6b:39:ba:a7:b4:ba:d2:e0:87:4d:ce:55:8a:
         d3:c8:29:00:19:76:1d:66:79:ec:20:da:30:69:2e:e6:c8:f9:
         05:77:5a:50:00:52:fb:d0:3a:b2:0c:95:5d:67:63:9d:7d:a7:
         73:9b:e7:0a:f2:b8:41:e5:cf:24:cb:29:b5:8f:ec:47:06:2d:
         8f:1d:e1:3c:23:b8:f7:18:9b:a7:57:d3:22:16:44:a5:68:83:
         2a:5e:f0:68:31:4d:79:cd:db:98:75:88:b8:8b:8d:cf:f6:6e:
         db:a3:65:8e:08:13:5d:34:6e:c9:a5:81:5c:4b:8e:70:46:ca:
         c1:4a:01:a3:16:6c:36:76:60:40:f7:57:de:cd:f8:7c:83:01:
         d8:8c:8e:eb:c1:88:e3:86:a4:6f:98:b0:cd:13:72:a7:c3:f1:
         89:04:03:af:f6:b3:05:0a:66:2d:44:0b:6c:25:ff:b8:3e:8b:
         fa:88:e6:81:3d:eb:dc:fd:cd:dd:d0:4c:eb:5f:85:4e:30:ae:
         17:d5:68:7c:1f:cd:b0:89:0e:46:4a:22:68:76:3f:10:63:ab:
         1e:56:6e:29:42:7b:08:ba:b4:f7:79:df:3b:ac:95:dc:b3:b6:
         9c:9b:07:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4VfaczUbFYthAtuHXLimz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNTExMDUyMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmIwODE2MGFiYjA2NWFiY2U5ODU2ZGZmMzEyNDkwZTEwMDEwMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMd5jkN6mHsq9NmKk1GiFssOb5D7
Z/elK1M0il67tDPmZlNSOqKZKIdu0eLwmD9c/0MmsTmUgKdr/uVgvPawxuvRUsRd
RLlBUgCgd8l3thXJePEQJjCMvdrRFw0Paxj91CqZ6u/c09GAm71Cc4llry4apiu5
inEczThFRix90DRck57prM4ZId6cxtTnZZy2KhDx1YLVmSB10bDjnwk4tIYfx2Fg
QXHUUvQix+sLB2b5soDkQYFytVUXZNYX+jOTok+91F10VOoOatNpjMnj4aeZB10s
kCPD7epTs40o43HrXbQol0SOwL8M2c1BMJ3wYf8P5OuYqhX9iwSTm++wUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+wgWCrsGWrzphW3/MSSQ4QAQCeMB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvWDdDQllLdXdaYXZPbUZiZjh4SkpEaEFCQUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVei/MA0G
CSqGSIb3DQEBCwUAA4IBAQCFDrI0k2gjsoY2ISdUTm/R5l0wi5KGOWs5uqe0utLg
h03OVYrTyCkAGXYdZnnsINowaS7myPkFd1pQAFL70DqyDJVdZ2Odfadzm+cK8rhB
5c8kyym1j+xHBi2PHeE8I7j3GJunV9MiFkSlaIMqXvBoMU15zduYdYi4i43P9m7b
o2WOCBNdNG7JpYFcS45wRsrBSgGjFmw2dmBA91fezfh8gwHYjI7rwYjjhqRvmLDN
E3Knw/GJBAOv9rMFCmYtRAtsJf+4Pov6iOaBPevc/c3d0EzrX4VOMK4X1Wh8H82w
iQ5GSiJodj8QY6seVm4pQnsIurT3ed87rJXcs7acmwcr
-----END CERTIFICATE-----