Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/37mxkZixR_bwnbeVwhCjBHW6d8E.roa
File:                     37mxkZixR_bwnbeVwhCjBHW6d8E.roa (raw, json)
Hash identifier:          3NewfDqufhLhgHHEAwQ2xRkvSJQXOzdt7yeorX7tt1E=
Subject key identifier:   DF:B9:B1:91:98:B1:47:F6:F0:9D:B7:95:C2:10:A3:04:75:BA:77:C1
Certificate issuer:       /CN=5fbe65ae23f207fa695255f55a907ac1608be094
Certificate serial:       019DD4AEC7F5082F708DAE3952A73C8FCCBF
Authority key identifier: 5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/37mxkZixR_bwnbeVwhCjBHW6d8E.roa
Signing time:             Tue 28 Apr 2026 15:21:57 +0000
ROA not before:           Tue 28 Apr 2026 15:21:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215272
IP address blocks:        153.80.244.0/24 maxlen: 24
                          193.47.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:ae:c7:f5:08:2f:70:8d:ae:39:52:a7:3c:8f:cc:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fbe65ae23f207fa695255f55a907ac1608be094
        Validity
            Not Before: Apr 28 15:21:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dfb9b19198b147f6f09db795c210a30475ba77c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:26:37:45:b1:cd:d1:1f:b9:6c:36:38:85:37:
                    41:d4:ab:4e:37:ff:35:88:4f:c9:1e:9e:f3:60:cb:
                    3f:9e:65:92:8e:60:aa:5b:54:50:f9:b3:8e:31:71:
                    10:27:7e:e5:fc:7c:c8:f5:22:7e:9a:17:e2:b1:4c:
                    31:6a:0f:c9:52:bb:5c:02:45:f4:e5:49:f1:79:ea:
                    93:72:b9:a9:e1:f8:31:06:59:29:14:0c:a6:11:26:
                    cb:6c:60:af:e4:f4:22:66:f7:86:8a:d1:58:13:79:
                    ee:54:c8:16:21:bd:89:91:5a:c3:66:8c:e4:ea:76:
                    72:c2:47:fe:38:91:3f:d1:da:a0:32:59:4a:b3:d7:
                    83:ac:3c:e3:fa:f4:15:15:f3:df:6e:e5:96:89:ab:
                    fd:96:ee:2c:9f:66:75:13:2f:ac:38:f7:aa:35:c6:
                    3d:8a:f5:b6:63:3b:3d:24:96:b5:60:3c:23:fb:b8:
                    6f:23:6d:fd:79:15:bd:0a:94:9d:dc:d5:e2:4c:18:
                    a3:1b:30:28:6a:fd:be:4d:96:48:13:35:1a:a0:c2:
                    f9:21:95:35:cc:c2:1f:38:e4:b4:24:9d:ef:35:b3:
                    e8:bc:79:d6:3f:33:93:d2:8e:19:e1:49:e3:3a:19:
                    55:45:a7:30:9c:b8:a5:fd:f9:0c:c9:0c:db:c9:da:
                    a8:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B9:B1:91:98:B1:47:F6:F0:9D:B7:95:C2:10:A3:04:75:BA:77:C1
            X509v3 Authority Key Identifier:
                keyid:5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/37mxkZixR_bwnbeVwhCjBHW6d8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.80.244.0/24
                  193.47.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a3:f1:70:66:cc:d1:57:db:2f:2e:79:ad:1d:e5:c7:7b:74:
         44:b2:9b:d8:25:02:c6:31:53:6e:9a:3b:76:68:df:80:11:67:
         47:0a:22:42:20:00:04:58:ee:71:b2:2b:2b:9e:83:2c:83:9b:
         fd:c4:7a:0d:fc:9d:65:5f:58:e9:06:73:3c:04:1b:00:f9:99:
         13:dc:d9:d6:fd:f4:08:09:09:85:e1:eb:48:7a:2f:d8:c4:f7:
         d3:a8:94:27:dc:59:be:2a:dc:59:f3:d4:de:f5:dc:03:50:73:
         5b:f6:13:bf:87:75:d9:5a:68:55:8b:3d:2e:b7:30:7f:2f:03:
         aa:39:a0:99:f9:b0:46:69:75:8a:57:ae:b6:78:21:bd:2e:c6:
         e5:1e:4f:21:7f:82:29:d5:7a:dc:71:5f:c7:bd:13:24:d7:bf:
         ea:27:6e:2b:3d:a4:36:50:5a:13:14:6c:82:90:91:26:8e:d2:
         85:fb:2e:14:99:fb:f2:fc:ef:a0:e2:51:16:22:31:1c:77:fc:
         71:89:15:dd:fb:f4:4b:02:82:03:fe:80:86:83:2a:df:1c:1b:
         77:7a:3a:21:7f:8f:a3:af:39:d2:be:78:c2:48:be:fd:b5:18:
         8d:aa:a5:b4:02:f5:00:fe:58:fd:fe:35:03:48:30:5d:2b:4d:
         eb:92:1a:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3Ursf1CC9wja45Uqc8j8y/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmU2NWFlMjNmMjA3ZmE2OTUyNTVmNTVhOTA3YWMxNjA4
YmUwOTQwHhcNMjYwNDI4MTUyMTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmI5YjE5MTk4YjE0N2Y2ZjA5ZGI3OTVjMjEwYTMwNDc1YmE3N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCY3RbHN0R+5bDY4hTdB1KtON/81
iE/JHp7zYMs/nmWSjmCqW1RQ+bOOMXEQJ37l/HzI9SJ+mhfisUwxag/JUrtcAkX0
5UnxeeqTcrmp4fgxBlkpFAymESbLbGCv5PQiZveGitFYE3nuVMgWIb2JkVrDZozk
6nZywkf+OJE/0dqgMllKs9eDrDzj+vQVFfPfbuWWiav9lu4sn2Z1Ey+sOPeqNcY9
ivW2Yzs9JJa1YDwj+7hvI239eRW9CpSd3NXiTBijGzAoav2+TZZIEzUaoML5IZU1
zMIfOOS0JJ3vNbPovHnWPzOT0o4Z4UnjOhlVRacwnLil/fkMyQzbydqomQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN+5sZGYsUf28J23lcIQowR1unfBMB8GA1UdIwQY
MBaAFF++Za4j8gf6aVJV9VqQesFgi+CUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUt
NDkyYWIzNzI2ODlkLzEvMzdteGtaaXhSX2J3bmJlVndoQ2pCSFc2ZDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUtNDkyYWIzNzI2ODlk
LzEvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmVD0AwQA
wS8qMA0GCSqGSIb3DQEBCwUAA4IBAQAgo/FwZszRV9svLnmtHeXHe3REspvYJQLG
MVNumjt2aN+AEWdHCiJCIAAEWO5xsisrnoMsg5v9xHoN/J1lX1jpBnM8BBsA+ZkT
3NnW/fQICQmF4etIei/YxPfTqJQn3Fm+KtxZ89Te9dwDUHNb9hO/h3XZWmhViz0u
tzB/LwOqOaCZ+bBGaXWKV662eCG9LsblHk8hf4Ip1XrccV/HvRMk17/qJ24rPaQ2
UFoTFGyCkJEmjtKF+y4Umfvy/O+g4lEWIjEcd/xxiRXd+/RLAoID/oCGgyrfHBt3
ejohf4+jrznSvnjCSL79tRiNqqW0AvUA/lj9/jUDSDBdK03rkhqs
-----END CERTIFICATE-----