Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/xcKAn6_J0RdzDDxjFQnoVr-3SHc.roa
File:                     xcKAn6_J0RdzDDxjFQnoVr-3SHc.roa (raw, json)
Hash identifier:          0OBTl0gSXdjOqzC3JgdG9nMOgVTbqy1i2ztVgApbEDY=
Subject key identifier:   C5:C2:80:9F:AF:C9:D1:17:73:0C:3C:63:15:09:E8:56:BF:B7:48:77
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019D203F687C7045F823500D52339F5C1330
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/xcKAn6_J0RdzDDxjFQnoVr-3SHc.roa
Signing time:             Tue 24 Mar 2026 14:28:39 +0000
ROA not before:           Tue 24 Mar 2026 14:28:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9498
IP address blocks:        2.20.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:3f:68:7c:70:45:f8:23:50:0d:52:33:9f:5c:13:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 24 14:28:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5c2809fafc9d117730c3c631509e856bfb74877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d2:75:db:92:8c:00:c0:ab:9b:61:c9:8e:f6:
                    ee:94:0c:1b:6f:ba:a2:e9:03:8f:59:72:1d:84:59:
                    0c:0c:cd:ae:a8:16:d5:c8:25:2e:d9:ad:ba:85:dd:
                    89:7e:35:3d:96:b4:f2:c4:3d:ec:5a:b8:51:d0:bb:
                    22:ed:03:dd:7f:12:7b:b6:87:ea:25:dc:9d:47:f7:
                    4f:02:ff:d2:d7:f4:3a:b8:bc:b7:2c:c7:7a:cb:2e:
                    d3:41:6f:d7:70:11:37:3b:b0:29:f2:17:81:c2:e4:
                    c7:0e:ae:b4:e1:c8:5d:7e:9a:43:84:6f:9d:17:a0:
                    af:18:33:d2:78:f1:c5:e3:6d:35:b8:b1:38:62:ff:
                    d4:16:be:fa:c2:2a:ec:a6:7b:95:bb:8e:1c:c6:83:
                    63:3d:a3:18:53:f3:d4:00:4e:d1:2b:28:34:ba:25:
                    af:cc:d8:3f:6c:1d:2b:dd:2e:8a:09:76:6a:ba:11:
                    87:53:14:5a:c1:13:13:08:de:25:e2:d8:10:6c:38:
                    73:cb:d8:92:e4:d5:66:86:3b:6c:57:37:64:75:6b:
                    9c:dc:56:bd:b8:65:b4:7f:56:19:27:c4:14:90:11:
                    6e:a6:14:96:7b:d9:70:6d:e6:e2:b4:bb:08:af:ee:
                    11:f5:61:6c:71:cc:e0:e8:df:04:95:6b:9a:98:08:
                    e7:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C2:80:9F:AF:C9:D1:17:73:0C:3C:63:15:09:E8:56:BF:B7:48:77
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/xcKAn6_J0RdzDDxjFQnoVr-3SHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.20.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:35:8d:be:a2:92:3f:61:5c:6d:2d:1e:03:e6:66:f7:2c:05:
         de:48:cf:60:6e:0f:0d:8c:ab:44:ec:89:40:bb:b0:f5:d3:19:
         cd:f2:77:33:38:38:4c:c8:dd:33:73:f5:14:7f:4c:d4:c3:53:
         0a:7d:3d:4e:25:ea:c2:15:85:e7:5b:29:9c:37:3e:86:1a:c4:
         54:f4:12:5e:50:e9:33:08:71:6b:24:35:5e:90:7b:2b:d0:d4:
         20:06:c1:c2:44:9b:36:c0:c7:de:00:07:85:19:17:b2:25:fe:
         e3:b5:6d:d9:d8:6c:02:cc:78:20:2c:c9:b5:af:20:d8:fd:64:
         eb:1e:17:2f:f7:2b:5c:78:e7:25:98:31:13:2e:d7:82:b5:bb:
         e3:19:61:06:6a:98:e7:bf:86:25:df:10:c0:37:ea:18:16:94:
         4c:11:a8:a0:77:19:34:9f:de:8b:17:5b:36:fe:6e:10:93:11:
         23:5e:f7:31:78:6a:7e:2d:51:74:db:b5:0d:cf:15:45:90:52:
         4e:63:e3:c6:82:3f:aa:02:20:13:41:1c:ce:50:53:80:e5:2f:
         58:8c:f7:7b:69:9d:80:6b:d0:6f:9d:38:77:38:7e:f8:d5:33:
         45:15:7b:56:48:7a:e3:b6:2a:8c:c5:b3:4f:be:e7:ac:6c:77:
         b3:5d:e1:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0gP2h8cEX4I1ANUjOfXBMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwMzI0MTQyODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWMyODA5ZmFmYzlkMTE3NzMwYzNjNjMxNTA5ZTg1NmJmYjc0ODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9J125KMAMCrm2HJjvbulAwbb7qi
6QOPWXIdhFkMDM2uqBbVyCUu2a26hd2JfjU9lrTyxD3sWrhR0Lsi7QPdfxJ7tofq
JdydR/dPAv/S1/Q6uLy3LMd6yy7TQW/XcBE3O7Ap8heBwuTHDq604chdfppDhG+d
F6CvGDPSePHF4201uLE4Yv/UFr76wirspnuVu44cxoNjPaMYU/PUAE7RKyg0uiWv
zNg/bB0r3S6KCXZquhGHUxRawRMTCN4l4tgQbDhzy9iS5NVmhjtsVzdkdWuc3Fa9
uGW0f1YZJ8QUkBFuphSWe9lwbebitLsIr+4R9WFscczg6N8ElWuamAjnDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXCgJ+vydEXcww8YxUJ6Fa/t0h3MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEveGNLQW42X0owUmR6RER4akZRbm9Wci0zU0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhScMA0G
CSqGSIb3DQEBCwUAA4IBAQBmNY2+opI/YVxtLR4D5mb3LAXeSM9gbg8NjKtE7IlA
u7D10xnN8nczODhMyN0zc/UUf0zUw1MKfT1OJerCFYXnWymcNz6GGsRU9BJeUOkz
CHFrJDVekHsr0NQgBsHCRJs2wMfeAAeFGReyJf7jtW3Z2GwCzHggLMm1ryDY/WTr
Hhcv9ytceOclmDETLteCtbvjGWEGapjnv4Yl3xDAN+oYFpRMEaigdxk0n96LF1s2
/m4QkxEjXvcxeGp+LVF027UNzxVFkFJOY+PGgj+qAiATQRzOUFOA5S9YjPd7aZ2A
a9BvnTh3OH741TNFFXtWSHrjtiqMxbNPvuesbHezXeEC
-----END CERTIFICATE-----