Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/rhYObfg3iE-q9TpSUVi7U1nmwco.roa
File:                     rhYObfg3iE-q9TpSUVi7U1nmwco.roa (raw, json)
Hash identifier:          /MJd5jMuW2DJVfi1CA3Z5cdKfPRdSRhzKKOkI3tlkm4=
Subject key identifier:   AE:16:0E:6D:F8:37:88:4F:AA:F5:3A:52:51:58:BB:53:59:E6:C1:CA
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019DE298F981A20090CE07863BE04EE3F96F
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/rhYObfg3iE-q9TpSUVi7U1nmwco.roa
Signing time:             Fri 01 May 2026 08:12:49 +0000
ROA not before:           Fri 01 May 2026 08:12:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201194
IP address blocks:        178.239.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:98:f9:81:a2:00:90:ce:07:86:3b:e0:4e:e3:f9:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: May  1 08:12:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae160e6df837884faaf53a525158bb5359e6c1ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:18:5f:b2:ae:72:95:57:d2:a5:ef:71:c9:b8:
                    d9:26:34:c9:f7:a5:f6:f5:24:02:26:65:8a:dd:a4:
                    25:4a:73:8e:ab:e7:33:90:35:69:9d:f3:4e:6b:49:
                    e7:bb:f1:77:42:9f:4c:02:4b:9e:2f:fb:16:6f:f4:
                    36:ea:a0:40:a8:c5:86:56:8c:aa:fe:33:f5:1a:46:
                    8f:74:c3:4a:f6:85:23:33:86:c2:0c:a6:2f:b4:d5:
                    b1:18:1f:c5:e5:f8:10:8c:96:3c:f9:08:ac:7a:ee:
                    a2:b1:49:e3:06:bc:68:ed:a7:1f:2b:09:f0:3b:b4:
                    1c:f7:51:85:f3:bb:31:6f:5f:ca:1b:62:e9:ee:29:
                    69:10:39:97:4b:53:78:fa:e8:50:88:d4:5e:cf:cf:
                    90:4d:74:8c:ab:09:96:6a:0b:29:2a:e7:5e:93:67:
                    c7:56:a0:01:d4:27:75:9f:7c:c2:15:da:19:52:fc:
                    9d:4b:79:f4:72:23:4a:32:06:be:cb:8c:13:63:82:
                    76:68:09:a1:91:1a:28:57:5b:ec:af:bc:f9:73:78:
                    84:14:de:62:ac:f9:f4:e0:79:7e:ef:5d:ea:7c:22:
                    79:46:42:ed:f9:9f:cd:c0:d9:7d:3c:54:63:34:c9:
                    f6:67:38:2c:9c:4f:30:6a:d0:59:12:3d:81:f3:11:
                    8b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:16:0E:6D:F8:37:88:4F:AA:F5:3A:52:51:58:BB:53:59:E6:C1:CA
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/rhYObfg3iE-q9TpSUVi7U1nmwco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:6c:70:6b:f2:d3:ef:1c:6f:2e:2c:57:7a:c0:d4:7b:0d:a3:
         84:62:47:ba:fd:b9:1b:ec:e4:ee:03:00:ad:b5:37:f0:f9:54:
         9b:2f:4d:a8:84:1d:a3:53:f1:c1:e9:d6:b1:68:a1:85:62:be:
         4e:a9:37:d9:b2:9f:39:bc:84:ed:3b:5a:44:39:6c:4c:41:71:
         47:27:ce:30:59:55:85:bf:61:c9:f2:03:73:ef:7c:4b:34:b9:
         6d:d0:56:a9:b4:55:f6:15:fd:b6:13:57:a2:21:22:8c:05:81:
         b1:52:f7:23:ab:10:fb:9c:6c:37:af:04:04:ec:d9:9c:35:c2:
         1b:6b:0e:a8:b4:59:11:3b:59:12:61:ef:38:93:0e:8d:ae:fd:
         79:46:f2:3d:37:35:37:79:de:c2:8f:a7:87:4f:d3:ee:e3:a1:
         06:18:c5:93:e3:51:84:39:2c:d4:92:04:a6:c9:41:1e:4b:26:
         21:bf:b8:cc:91:51:5b:e6:8c:75:f5:e1:cf:e7:4c:c3:ad:6c:
         17:c0:d2:14:f8:9e:5f:84:9b:c7:81:70:ef:3b:65:ac:53:a1:
         4f:f7:cd:63:de:76:8e:f3:ee:68:04:5d:c6:13:25:bd:98:c3:
         6c:dc:7e:dd:82:e5:7d:a5:e6:2f:ce:1f:16:e7:ec:08:eb:74:
         ba:1b:ce:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3imPmBogCQzgeGO+BO4/lvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjYwNTAxMDgxMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE2MGU2ZGY4Mzc4ODRmYWFmNTNhNTI1MTU4YmI1MzU5ZTZjMWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthhfsq5ylVfSpe9xybjZJjTJ96X2
9SQCJmWK3aQlSnOOq+czkDVpnfNOa0nnu/F3Qp9MAkueL/sWb/Q26qBAqMWGVoyq
/jP1GkaPdMNK9oUjM4bCDKYvtNWxGB/F5fgQjJY8+Qiseu6isUnjBrxo7acfKwnw
O7Qc91GF87sxb1/KG2Lp7ilpEDmXS1N4+uhQiNRez8+QTXSMqwmWagspKudek2fH
VqAB1Cd1n3zCFdoZUvydS3n0ciNKMga+y4wTY4J2aAmhkRooV1vsr7z5c3iEFN5i
rPn04Hl+713qfCJ5RkLt+Z/NwNl9PFRjNMn2ZzgsnE8watBZEj2B8xGL1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4WDm34N4hPqvU6UlFYu1NZ5sHKMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvcmhZT2JmZzNpRS1xOVRwU1VWaTdVMW5td2NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+bMA0G
CSqGSIb3DQEBCwUAA4IBAQBhbHBr8tPvHG8uLFd6wNR7DaOEYke6/bkb7OTuAwCt
tTfw+VSbL02ohB2jU/HB6daxaKGFYr5OqTfZsp85vITtO1pEOWxMQXFHJ84wWVWF
v2HJ8gNz73xLNLlt0FaptFX2Ff22E1eiISKMBYGxUvcjqxD7nGw3rwQE7NmcNcIb
aw6otFkRO1kSYe84kw6Nrv15RvI9NzU3ed7Cj6eHT9Pu46EGGMWT41GEOSzUkgSm
yUEeSyYhv7jMkVFb5ox19eHP50zDrWwXwNIU+J5fhJvHgXDvO2WsU6FP981j3naO
8+5oBF3GEyW9mMNs3H7dguV9peYvzh8W5+wI63S6G85p
-----END CERTIFICATE-----