Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/xiMy2SPaH8lHFI3-H2U9JOLwGwg.roa
File:                     xiMy2SPaH8lHFI3-H2U9JOLwGwg.roa (raw, json)
Hash identifier:          JOE5tXZ69kYpokkhO+4/eAyh65at7yTIXXS2i46knHo=
Subject key identifier:   C6:23:32:D9:23:DA:1F:C9:47:14:8D:FE:1F:65:3D:24:E2:F0:1B:08
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       019E020007258F44324F9B126A86FC7303D7
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/xiMy2SPaH8lHFI3-H2U9JOLwGwg.roa
Signing time:             Thu 07 May 2026 10:33:36 +0000
ROA not before:           Thu 07 May 2026 10:33:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        46.34.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:00:07:25:8f:44:32:4f:9b:12:6a:86:fc:73:03:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: May  7 10:33:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c62332d923da1fc947148dfe1f653d24e2f01b08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b6:44:b4:20:d9:18:f8:ec:53:36:14:65:d6:
                    0d:7e:3a:bf:4b:ed:8a:53:1e:bc:2c:d8:03:e8:6b:
                    9c:9e:96:51:91:bb:85:0a:38:3f:cb:db:5f:41:40:
                    c9:f2:65:e5:5b:2f:fd:81:f9:7a:74:34:ac:84:b2:
                    2f:9a:95:98:93:2e:c2:1a:78:4f:d5:67:f6:92:70:
                    2d:31:12:02:e1:57:ac:2a:d6:a6:98:c4:e3:4d:24:
                    cd:ed:02:d6:16:2c:77:a9:a7:62:a1:03:b5:72:e6:
                    05:11:0b:78:71:74:c2:b3:f0:79:43:bf:18:37:f4:
                    31:e7:db:a4:93:31:ba:ee:64:c1:b4:bb:06:54:cc:
                    fa:7b:75:d5:bb:7b:fb:48:ba:87:d9:85:90:e8:7f:
                    a0:a9:a0:ed:79:66:0e:6b:c5:80:cf:3a:86:6a:7d:
                    cb:78:e0:cd:ad:44:31:1a:f1:68:d0:03:29:ec:1c:
                    74:ca:a9:ee:01:3c:e3:6e:37:9e:b0:5f:a6:28:63:
                    cd:d2:40:ec:6a:51:2a:05:f8:6f:d5:4e:10:13:1a:
                    61:8d:4c:9a:4b:c1:25:0e:1d:74:48:db:95:48:59:
                    88:9a:b7:6e:7f:6e:89:15:57:94:b2:d4:f9:1a:46:
                    bb:a9:2d:29:d2:d1:4d:cc:43:37:08:ae:6d:b9:d2:
                    2e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:23:32:D9:23:DA:1F:C9:47:14:8D:FE:1F:65:3D:24:E2:F0:1B:08
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/xiMy2SPaH8lHFI3-H2U9JOLwGwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:52:6f:64:f7:d4:0d:c3:78:33:ea:5b:12:39:bd:72:c8:87:
         33:31:22:1b:7a:8c:b8:0d:5e:95:a4:04:f3:c9:c6:05:de:50:
         e1:c5:f3:be:1b:f8:66:b2:36:e5:25:fd:04:c0:0d:1a:56:5c:
         03:70:e7:18:e0:44:74:13:23:c8:41:8f:2b:99:07:86:17:d9:
         5c:11:f4:be:4c:e2:e3:64:da:ea:aa:23:8d:ac:e2:a3:65:70:
         33:c0:54:4c:dd:f9:cb:19:9d:04:9a:e5:25:ad:a3:77:d0:58:
         d2:15:30:b7:90:64:f0:1a:28:b1:95:26:0e:89:2d:3d:16:6a:
         71:2c:ab:13:38:39:29:eb:e1:ed:88:fe:2a:30:d0:76:f5:e1:
         e8:db:c8:74:cd:6a:a1:c5:f7:8a:31:5f:05:f2:69:e2:35:ba:
         50:59:d0:a4:fb:6b:82:ba:f6:89:58:7e:fd:02:e7:1d:02:a1:
         4c:cd:13:21:62:dd:2b:a8:d4:4d:b6:3a:fe:bf:29:22:05:fb:
         dd:6a:9a:69:22:30:ba:ba:03:7b:e5:16:8d:cf:93:e4:ac:a5:
         7c:54:00:cb:78:fc:ad:14:40:d5:de:4b:f2:c8:4f:df:88:f5:
         75:28:9d:21:7e:75:88:fe:1d:d5:75:e1:0b:30:89:3f:ab:32:
         15:2d:13:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4CAAclj0QyT5sSaob8cwPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjYwNTA3MTAzMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjIzMzJkOTIzZGExZmM5NDcxNDhkZmUxZjY1M2QyNGUyZjAxYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7ZEtCDZGPjsUzYUZdYNfjq/S+2K
Ux68LNgD6GucnpZRkbuFCjg/y9tfQUDJ8mXlWy/9gfl6dDSshLIvmpWYky7CGnhP
1Wf2knAtMRIC4VesKtammMTjTSTN7QLWFix3qadioQO1cuYFEQt4cXTCs/B5Q78Y
N/Qx59ukkzG67mTBtLsGVMz6e3XVu3v7SLqH2YWQ6H+gqaDteWYOa8WAzzqGan3L
eODNrUQxGvFo0AMp7Bx0yqnuATzjbjeesF+mKGPN0kDsalEqBfhv1U4QExphjUya
S8ElDh10SNuVSFmImrduf26JFVeUstT5Gka7qS0p0tFNzEM3CK5tudIuEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYjMtkj2h/JRxSN/h9lPSTi8BsIMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEveGlNeTJTUGFIOGxIRkkzLUgyVTlKT0x3R3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiIzMA0G
CSqGSIb3DQEBCwUAA4IBAQA8Um9k99QNw3gz6lsSOb1yyIczMSIbeoy4DV6VpATz
ycYF3lDhxfO+G/hmsjblJf0EwA0aVlwDcOcY4ER0EyPIQY8rmQeGF9lcEfS+TOLj
ZNrqqiONrOKjZXAzwFRM3fnLGZ0EmuUlraN30FjSFTC3kGTwGiixlSYOiS09Fmpx
LKsTODkp6+HtiP4qMNB29eHo28h0zWqhxfeKMV8F8mniNbpQWdCk+2uCuvaJWH79
AucdAqFMzRMhYt0rqNRNtjr+vykiBfvdapppIjC6ugN75RaNz5PkrKV8VADLePyt
FEDV3kvyyE/fiPV1KJ0hfnWI/h3VdeELMIk/qzIVLRM6
-----END CERTIFICATE-----