Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/282c30-739d-49cc-8d92-95c0a3d95cd4/1/R-SwYMTjtn5PLo1G8A1pUz52HeY.roa
File:                     R-SwYMTjtn5PLo1G8A1pUz52HeY.roa (raw, json)
Hash identifier:          qHK+oCqvUGG+TD3uyjlb47uGZnuoOzFmLT/ig8WXj88=
Subject key identifier:   47:E4:B0:60:C4:E3:B6:7E:4F:2E:8D:46:F0:0D:69:53:3E:76:1D:E6
Certificate issuer:       /CN=10e5efe934cf377ddf373b366721f1339243f907
Certificate serial:       019DDA51D5E64D91371B3C93D4FA0BE0C22F
Authority key identifier: 10:E5:EF:E9:34:CF:37:7D:DF:37:3B:36:67:21:F1:33:92:43:F9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EOXv6TTPN33fNzs2ZyHxM5JD-Qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/282c30-739d-49cc-8d92-95c0a3d95cd4/1/R-SwYMTjtn5PLo1G8A1pUz52HeY.roa
Signing time:             Wed 29 Apr 2026 17:38:09 +0000
ROA not before:           Wed 29 Apr 2026 17:38:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401405
IP address blocks:        160.211.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/282c30-739d-49cc-8d92-95c0a3d95cd4/1/EOXv6TTPN33fNzs2ZyHxM5JD-Qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/282c30-739d-49cc-8d92-95c0a3d95cd4/1/EOXv6TTPN33fNzs2ZyHxM5JD-Qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EOXv6TTPN33fNzs2ZyHxM5JD-Qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 05:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:51:d5:e6:4d:91:37:1b:3c:93:d4:fa:0b:e0:c2:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10e5efe934cf377ddf373b366721f1339243f907
        Validity
            Not Before: Apr 29 17:38:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47e4b060c4e3b67e4f2e8d46f00d69533e761de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b1:fd:6a:a4:19:33:63:a7:ac:80:46:d7:37:
                    c8:52:07:22:ef:b5:dc:5e:dd:f0:9a:86:40:ea:21:
                    a3:cb:31:96:f2:0a:55:8f:ea:3a:d4:9b:95:10:09:
                    e4:a4:bb:3b:5c:17:79:cf:13:7b:13:50:3c:9c:de:
                    c2:aa:a6:67:bf:81:fd:7c:4a:d9:c2:bd:32:8c:1c:
                    c5:c4:c2:61:65:ba:90:15:0c:ab:31:e5:71:3d:a4:
                    e2:4b:96:e3:7c:fe:cd:b4:96:a0:9d:e2:45:83:3e:
                    c6:7f:5a:db:c1:96:13:c6:ca:e0:f3:ea:5f:72:48:
                    a2:b8:bd:20:21:2f:82:df:6e:e2:06:20:d7:5a:0d:
                    76:9c:ff:17:27:b6:05:33:4b:d6:9a:a9:0e:6e:f7:
                    b8:ef:d9:e2:a9:2b:c2:35:57:3a:b7:f3:7c:ab:d5:
                    8a:55:bb:25:2d:81:fa:96:10:dc:6c:73:64:8f:cd:
                    7a:93:e7:69:10:69:ce:f3:57:09:7d:76:b7:30:c6:
                    53:a4:2b:4a:97:07:14:a4:ec:86:f5:4b:d7:58:a2:
                    08:22:59:9f:a0:6c:74:33:cc:8b:04:36:9d:a5:a3:
                    ee:b2:db:f6:45:98:19:82:8f:50:b8:87:6f:2c:1b:
                    9b:17:cc:ec:99:fd:31:d6:bf:07:99:40:58:38:45:
                    16:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E4:B0:60:C4:E3:B6:7E:4F:2E:8D:46:F0:0D:69:53:3E:76:1D:E6
            X509v3 Authority Key Identifier:
                keyid:10:E5:EF:E9:34:CF:37:7D:DF:37:3B:36:67:21:F1:33:92:43:F9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EOXv6TTPN33fNzs2ZyHxM5JD-Qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/282c30-739d-49cc-8d92-95c0a3d95cd4/1/R-SwYMTjtn5PLo1G8A1pUz52HeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/282c30-739d-49cc-8d92-95c0a3d95cd4/1/EOXv6TTPN33fNzs2ZyHxM5JD-Qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.211.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:68:63:2f:34:d7:63:72:8b:f2:20:ae:4c:6f:1c:bd:b7:99:
         2f:6a:ac:5b:c7:62:ce:ce:12:67:b0:ed:b4:c3:28:78:de:d9:
         10:bb:93:c8:2d:d7:8d:d9:03:78:33:31:bf:7d:a5:0e:36:09:
         65:91:82:49:73:2e:91:54:d7:f5:0c:2f:42:64:eb:5e:1f:76:
         f6:b0:0a:a9:0a:e5:49:2b:d1:d8:ae:24:c1:ca:0b:78:74:87:
         28:ce:a5:94:78:25:8b:cb:d7:2f:e7:47:6b:06:91:c9:73:10:
         95:15:53:5a:bd:43:32:57:f9:e7:04:ec:24:5e:27:56:c1:e1:
         39:a0:87:1f:9e:2c:be:6c:5e:5e:c3:53:b4:7c:36:bc:11:09:
         d0:d1:bd:d5:ce:00:65:23:48:f3:bc:25:e4:af:6c:2d:2a:55:
         e7:89:aa:b4:e6:4f:8f:c8:7d:a5:00:79:f1:7b:a5:d8:52:89:
         39:88:45:1b:9e:90:90:e6:5d:dd:90:79:a0:cf:db:6f:74:b9:
         71:5f:84:35:5b:00:af:1f:0e:de:d4:ad:09:3b:0a:04:58:57:
         0c:8d:35:cc:31:99:e4:63:a1:28:d8:6a:cc:ff:7b:da:d2:11:
         69:d1:c7:0a:f1:54:73:14:b3:54:b3:2b:2f:39:03:5c:93:4f:
         da:a3:e6:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3aUdXmTZE3GzyT1PoL4MIvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZTVlZmU5MzRjZjM3N2RkZjM3M2IzNjY3MjFmMTMzOTI0
M2Y5MDcwHhcNMjYwNDI5MTczODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2U0YjA2MGM0ZTNiNjdlNGYyZThkNDZmMDBkNjk1MzNlNzYxZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7H9aqQZM2OnrIBG1zfIUgci77Xc
Xt3wmoZA6iGjyzGW8gpVj+o61JuVEAnkpLs7XBd5zxN7E1A8nN7CqqZnv4H9fErZ
wr0yjBzFxMJhZbqQFQyrMeVxPaTiS5bjfP7NtJagneJFgz7Gf1rbwZYTxsrg8+pf
ckiiuL0gIS+C327iBiDXWg12nP8XJ7YFM0vWmqkObve479niqSvCNVc6t/N8q9WK
VbslLYH6lhDcbHNkj816k+dpEGnO81cJfXa3MMZTpCtKlwcUpOyG9UvXWKIIIlmf
oGx0M8yLBDadpaPustv2RZgZgo9QuIdvLBubF8zsmf0x1r8HmUBYOEUWDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfksGDE47Z+Ty6NRvANaVM+dh3mMB8GA1UdIwQY
MBaAFBDl7+k0zzd93zc7Nmch8TOSQ/kHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU9YdjZUVFBOMzNmTnpzMlp5SHhNNUpELVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8yODJjMzAtNzM5ZC00OWNjLThkOTIt
OTVjMGEzZDk1Y2Q0LzEvUi1Td1lNVGp0bjVQTG8xRzhBMXBVejUySGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8yODJjMzAtNzM5ZC00OWNjLThkOTItOTVjMGEzZDk1Y2Q0
LzEvRU9YdjZUVFBOMzNmTnpzMlp5SHhNNUpELVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoNMPMA0G
CSqGSIb3DQEBCwUAA4IBAQB4aGMvNNdjcovyIK5Mbxy9t5kvaqxbx2LOzhJnsO20
wyh43tkQu5PILdeN2QN4MzG/faUONgllkYJJcy6RVNf1DC9CZOteH3b2sAqpCuVJ
K9HYriTBygt4dIcozqWUeCWLy9cv50drBpHJcxCVFVNavUMyV/nnBOwkXidWweE5
oIcfniy+bF5ew1O0fDa8EQnQ0b3VzgBlI0jzvCXkr2wtKlXniaq05k+PyH2lAHnx
e6XYUok5iEUbnpCQ5l3dkHmgz9tvdLlxX4Q1WwCvHw7e1K0JOwoEWFcMjTXMMZnk
Y6Eo2GrM/3va0hFp0ccK8VRzFLNUsysvOQNck0/ao+at
-----END CERTIFICATE-----