Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/XAicTI9UC61pmPVZdsahFl2lMBY.roa
File:                     XAicTI9UC61pmPVZdsahFl2lMBY.roa (raw, json)
Hash identifier:          1ekmg/ykYoDb9Od3u6BS5GbbaLysf5uiWev0CH3GBwk=
Subject key identifier:   5C:08:9C:4C:8F:54:0B:AD:69:98:F5:59:76:C6:A1:16:5D:A5:30:16
Certificate issuer:       /CN=a2f6bc8f163af49c03d9ad69e716b42c5b96ee79
Certificate serial:       019CE6E0FF42C468DA255FF85E48AD15292D
Authority key identifier: A2:F6:BC:8F:16:3A:F4:9C:03:D9:AD:69:E7:16:B4:2C:5B:96:EE:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ova8jxY69JwD2a1p5xa0LFuW7nk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/XAicTI9UC61pmPVZdsahFl2lMBY.roa
Signing time:             Fri 13 Mar 2026 11:07:10 +0000
ROA not before:           Fri 13 Mar 2026 11:07:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        46.19.171.0/24 maxlen: 24
                          46.19.172.0/24 maxlen: 24
                          46.19.173.0/24 maxlen: 24
                          46.19.174.0/24 maxlen: 24
                          46.19.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/ova8jxY69JwD2a1p5xa0LFuW7nk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/ova8jxY69JwD2a1p5xa0LFuW7nk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ova8jxY69JwD2a1p5xa0LFuW7nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:e0:ff:42:c4:68:da:25:5f:f8:5e:48:ad:15:29:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2f6bc8f163af49c03d9ad69e716b42c5b96ee79
        Validity
            Not Before: Mar 13 11:07:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c089c4c8f540bad6998f55976c6a1165da53016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:c3:c7:53:10:4d:5c:0e:05:9c:65:79:99:
                    c9:7d:71:b6:b2:08:31:03:3e:51:0a:31:9c:29:c6:
                    a9:62:8b:c3:a2:53:b0:01:4e:8d:50:93:b9:f0:9c:
                    2a:4d:a5:94:aa:09:c4:e0:df:2e:55:16:9c:06:e7:
                    ab:33:cb:06:55:28:3f:d3:f1:72:cd:7f:43:04:3c:
                    87:e8:b7:b4:33:6e:ce:cc:69:e4:31:0f:a6:9a:8c:
                    a6:f6:df:2c:6d:e7:71:2a:d1:70:95:d5:c7:e9:7e:
                    1e:46:2e:a0:83:d8:38:a0:21:f0:a5:57:1b:8b:68:
                    79:42:2a:a5:06:f1:a2:e0:63:3d:a7:07:99:36:8a:
                    65:9e:ce:7b:b0:19:ea:62:47:e9:91:df:57:98:a8:
                    a3:5a:bb:b8:38:30:36:3d:9c:6a:e2:ec:9c:86:40:
                    1e:92:ae:1d:3f:88:0f:df:0f:0c:08:2f:9b:81:7c:
                    cd:a4:86:6e:87:5d:1b:61:fa:b8:30:af:c2:24:dc:
                    b9:f7:30:3a:bf:0f:43:09:24:f2:c9:bf:58:7e:f3:
                    96:4e:ed:b0:de:07:71:0a:0f:ef:e4:98:d9:fd:3b:
                    4a:9d:9d:00:9a:af:a7:b2:08:b3:0b:3f:ed:7a:be:
                    8d:4e:e9:62:93:38:ae:31:db:89:c8:c3:3c:8e:0e:
                    de:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:08:9C:4C:8F:54:0B:AD:69:98:F5:59:76:C6:A1:16:5D:A5:30:16
            X509v3 Authority Key Identifier:
                keyid:A2:F6:BC:8F:16:3A:F4:9C:03:D9:AD:69:E7:16:B4:2C:5B:96:EE:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ova8jxY69JwD2a1p5xa0LFuW7nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/XAicTI9UC61pmPVZdsahFl2lMBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/ova8jxY69JwD2a1p5xa0LFuW7nk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.171.0-46.19.175.255

    Signature Algorithm: sha256WithRSAEncryption
         42:9f:59:13:35:af:55:17:e9:22:ed:eb:d4:cd:5e:59:b4:f3:
         4a:85:d6:19:5b:f4:46:9b:76:ad:31:06:f9:57:b9:a1:f5:cd:
         e5:32:34:f2:8d:30:bb:82:11:82:ec:ec:28:02:bd:16:8f:af:
         4e:21:28:d7:54:c6:0a:d8:e0:92:ab:47:dd:e3:b2:fe:4b:5c:
         73:e9:6c:5e:d0:65:4c:88:da:e4:a4:60:46:d7:72:45:2b:b3:
         ae:3d:3a:6d:01:9d:d5:6a:15:bb:39:04:b4:71:6c:10:70:60:
         dd:e0:11:bb:33:3b:1c:57:7c:96:fd:a3:7f:b5:23:a2:13:e5:
         d9:ac:97:f9:19:59:ca:36:0a:cd:36:dd:7c:8a:79:45:2e:8c:
         29:43:a0:3f:e3:52:a9:e4:70:39:87:82:c0:47:c1:e4:ee:0b:
         c4:fc:ca:6d:6f:09:0f:6b:44:87:07:a2:d9:9e:6a:35:d2:4d:
         0f:ee:7c:86:99:e2:6f:10:d7:cf:f0:76:e1:f9:e5:85:ce:fb:
         82:32:cf:1b:79:10:a2:18:0c:46:90:87:f0:f8:ae:71:c4:fe:
         a5:9d:3a:b0:c8:98:b3:31:54:62:bc:09:27:96:03:e4:ff:f1:
         93:63:23:e8:be:f1:de:b6:9c:1b:34:3d:e0:10:58:ab:37:86:
         13:fb:7f:b2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZzm4P9CxGjaJV/4XkitFSktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZjZiYzhmMTYzYWY0OWMwM2Q5YWQ2OWU3MTZiNDJjNWI5
NmVlNzkwHhcNMjYwMzEzMTEwNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzA4OWM0YzhmNTQwYmFkNjk5OGY1NTk3NmM2YTExNjVkYTUzMDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjfDx1MQTVwOBZxleZnJfXG2sggx
Az5RCjGcKcapYovDolOwAU6NUJO58JwqTaWUqgnE4N8uVRacBuerM8sGVSg/0/Fy
zX9DBDyH6Le0M27OzGnkMQ+mmoym9t8sbedxKtFwldXH6X4eRi6gg9g4oCHwpVcb
i2h5QiqlBvGi4GM9pweZNoplns57sBnqYkfpkd9XmKijWru4ODA2PZxq4uychkAe
kq4dP4gP3w8MCC+bgXzNpIZuh10bYfq4MK/CJNy59zA6vw9DCSTyyb9YfvOWTu2w
3gdxCg/v5JjZ/TtKnZ0Amq+nsgizCz/ter6NTulikziuMduJyMM8jg7eOwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFwInEyPVAutaZj1WXbGoRZdpTAWMB8GA1UdIwQY
MBaAFKL2vI8WOvScA9mtaecWtCxblu55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3ZhOGp4WTY5SndEMmExcDV4YTBMRnVXN25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8yODUxYjYtMmU2NS00ODU5LTljMDUt
NTA2YmI2YzY3OWNlLzEvWEFpY1RJOVVDNjFwbVBWWmRzYWhGbDJsTUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8yODUxYjYtMmU2NS00ODU5LTljMDUtNTA2YmI2YzY3OWNl
LzEvb3ZhOGp4WTY5SndEMmExcDV4YTBMRnVXN25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAuE6sD
BAQuE6AwDQYJKoZIhvcNAQELBQADggEBAEKfWRM1r1UX6SLt69TNXlm080qF1hlb
9Eabdq0xBvlXuaH1zeUyNPKNMLuCEYLs7CgCvRaPr04hKNdUxgrY4JKrR93jsv5L
XHPpbF7QZUyI2uSkYEbXckUrs649Om0BndVqFbs5BLRxbBBwYN3gEbszOxxXfJb9
o3+1I6IT5dmsl/kZWco2Cs023XyKeUUujClDoD/jUqnkcDmHgsBHweTuC8T8ym1v
CQ9rRIcHotmeajXSTQ/ufIaZ4m8Q18/wduH55YXO+4Iyzxt5EKIYDEaQh/D4rnHE
/qWdOrDImLMxVGK8CSeWA+T/8ZNjI+i+8d62nBs0PeAQWKs3hhP7f7I=
-----END CERTIFICATE-----