Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/xZUujeAFSTwArzpPu_lWFdggi9k.roa
File:                     xZUujeAFSTwArzpPu_lWFdggi9k.roa (raw, json)
Hash identifier:          qxKigoq4FbC2Td1b3o1qFzpWqs7daeLkojwYiOlRGAk=
Subject key identifier:   C5:95:2E:8D:E0:05:49:3C:00:AF:3A:4F:BB:F9:56:15:D8:20:8B:D9
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019DB9A22DB60530D87C630F880EC4B915BB
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/xZUujeAFSTwArzpPu_lWFdggi9k.roa
Signing time:             Thu 23 Apr 2026 09:18:26 +0000
ROA not before:           Thu 23 Apr 2026 09:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61597
IP address blocks:        132.243.76.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:a2:2d:b6:05:30:d8:7c:63:0f:88:0e:c4:b9:15:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Apr 23 09:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5952e8de005493c00af3a4fbbf95615d8208bd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b1:1b:42:eb:69:0d:43:77:da:7c:3f:63:a4:
                    af:5c:28:64:93:2c:33:9b:8f:c3:01:d4:95:70:2c:
                    3e:57:bf:62:f3:bf:36:6c:2a:40:e6:4e:9d:69:e4:
                    09:02:04:ec:1d:4d:8a:6f:05:81:78:1f:3c:13:50:
                    a7:c0:fc:02:84:14:8a:d2:24:eb:1c:91:31:2f:12:
                    d4:b7:70:f6:8c:16:54:f7:83:3f:a1:c6:44:e8:cf:
                    c3:3e:dc:14:db:9e:32:8b:f4:a5:da:34:be:ac:cb:
                    0e:a9:17:1a:5b:13:40:1e:a8:2d:7f:40:31:14:38:
                    ab:af:41:4b:09:8c:57:2c:59:09:2b:e1:8e:68:d2:
                    59:4d:b5:76:35:25:8c:5f:1e:b8:6d:7f:1b:60:52:
                    6b:f7:7d:cf:7f:88:3c:2d:d2:a8:23:85:e6:18:2c:
                    9f:f3:32:97:c9:65:8b:43:a9:82:55:e5:8b:77:7b:
                    ee:93:ac:ef:13:cb:16:84:17:d2:46:f2:87:99:3b:
                    2c:f5:8e:7f:8e:e9:5f:ff:6b:27:26:04:6c:e0:61:
                    66:f5:a7:b1:13:13:e9:f9:d7:7f:ff:64:73:b8:15:
                    ad:0b:5f:67:2f:c8:d6:61:51:c0:90:3a:49:5b:63:
                    95:a5:f8:e3:fa:97:8e:fd:e7:18:86:25:f1:44:a3:
                    af:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:95:2E:8D:E0:05:49:3C:00:AF:3A:4F:BB:F9:56:15:D8:20:8B:D9
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/xZUujeAFSTwArzpPu_lWFdggi9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:8b:64:cf:59:a3:db:e0:fb:b0:c1:78:6e:a6:47:46:9d:25:
         ce:11:fe:b4:ec:d6:69:8b:d0:bd:f5:96:e3:3c:53:59:29:24:
         42:59:56:8b:cd:38:0d:bc:0a:02:02:db:8b:50:6f:72:93:74:
         64:10:aa:81:9c:fb:01:21:fb:8a:a6:fc:77:8a:6f:96:8e:35:
         02:5b:5b:26:bf:d2:ea:bf:d5:1c:77:0b:f2:29:87:fb:a2:53:
         18:5b:3f:80:b1:3a:71:51:b4:c0:71:3a:7c:40:5b:c0:8a:45:
         21:88:1f:1f:90:2b:f3:b1:b6:f3:7b:b3:71:30:4f:8e:ad:05:
         28:54:ec:75:d7:16:44:fa:5d:30:e0:92:a3:a8:92:ba:38:f0:
         24:3f:cf:07:c7:32:12:26:b6:8f:42:6f:36:16:22:7f:53:e3:
         13:3b:8a:c7:70:25:36:d0:dc:be:a8:da:68:56:cc:63:3a:38:
         38:c7:d6:c8:c4:88:be:92:b7:31:f8:05:7b:e3:2f:b8:cd:74:
         54:46:63:2b:1b:9a:21:cd:54:99:9f:86:a7:2a:4c:97:f4:d7:
         1a:42:25:41:41:91:01:27:00:50:ba:2b:df:6b:b1:ac:00:dd:
         52:82:d8:8a:26:e8:80:58:3e:66:ed:a6:34:55:09:10:2f:ae:
         99:27:e7:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ25oi22BTDYfGMPiA7EuRW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjYwNDIzMDkxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk1MmU4ZGUwMDU0OTNjMDBhZjNhNGZiYmY5NTYxNWQ4MjA4YmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LEbQutpDUN32nw/Y6SvXChkkywz
m4/DAdSVcCw+V79i8782bCpA5k6daeQJAgTsHU2KbwWBeB88E1CnwPwChBSK0iTr
HJExLxLUt3D2jBZU94M/ocZE6M/DPtwU254yi/Sl2jS+rMsOqRcaWxNAHqgtf0Ax
FDirr0FLCYxXLFkJK+GOaNJZTbV2NSWMXx64bX8bYFJr933Pf4g8LdKoI4XmGCyf
8zKXyWWLQ6mCVeWLd3vuk6zvE8sWhBfSRvKHmTss9Y5/julf/2snJgRs4GFm9aex
ExPp+dd//2RzuBWtC19nL8jWYVHAkDpJW2OVpfjj+peO/ecYhiXxRKOvBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWVLo3gBUk8AK86T7v5VhXYIIvZMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEveFpVdWplQUZTVHdBcnpwUHVfbFdGZGdnaTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQChPNMMA0G
CSqGSIb3DQEBCwUAA4IBAQAai2TPWaPb4PuwwXhupkdGnSXOEf607NZpi9C99Zbj
PFNZKSRCWVaLzTgNvAoCAtuLUG9yk3RkEKqBnPsBIfuKpvx3im+WjjUCW1smv9Lq
v9UcdwvyKYf7olMYWz+AsTpxUbTAcTp8QFvAikUhiB8fkCvzsbbze7NxME+OrQUo
VOx11xZE+l0w4JKjqJK6OPAkP88HxzISJraPQm82FiJ/U+MTO4rHcCU20Ny+qNpo
VsxjOjg4x9bIxIi+krcx+AV74y+4zXRURmMrG5ohzVSZn4anKkyX9NcaQiVBQZEB
JwBQuivfa7GsAN1SgtiKJuiAWD5m7aY0VQkQL66ZJ+cM
-----END CERTIFICATE-----