Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/fdc52e-debd-4579-9ec1-4995898acb60/1/Csx9QDzDsQz_aHEulUGMnETy388.roa
File:                     Csx9QDzDsQz_aHEulUGMnETy388.roa (raw, json)
Hash identifier:          C8BP4jzTuTTi1E6V65zQ+3x8Wh6nKEgy7uqDWh2K8g4=
Subject key identifier:   0A:CC:7D:40:3C:C3:B1:0C:FF:68:71:2E:95:41:8C:9C:44:F2:DF:CF
Certificate issuer:       /CN=d7575aabc758a9686f9d43e7ac0ed35ae4478f4d
Certificate serial:       019D8EEB0516D5550BD298EEB8333A6F829C
Authority key identifier: D7:57:5A:AB:C7:58:A9:68:6F:9D:43:E7:AC:0E:D3:5A:E4:47:8F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/11daq8dYqWhvnUPnrA7TWuRHj00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/fdc52e-debd-4579-9ec1-4995898acb60/1/Csx9QDzDsQz_aHEulUGMnETy388.roa
Signing time:             Wed 15 Apr 2026 02:14:20 +0000
ROA not before:           Wed 15 Apr 2026 02:14:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24452
IP address blocks:        213.155.16.0/22 maxlen: 24
                          217.179.88.0/22 maxlen: 24
                          2a13:8740::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/fdc52e-debd-4579-9ec1-4995898acb60/1/11daq8dYqWhvnUPnrA7TWuRHj00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/fdc52e-debd-4579-9ec1-4995898acb60/1/11daq8dYqWhvnUPnrA7TWuRHj00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/11daq8dYqWhvnUPnrA7TWuRHj00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8e:eb:05:16:d5:55:0b:d2:98:ee:b8:33:3a:6f:82:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7575aabc758a9686f9d43e7ac0ed35ae4478f4d
        Validity
            Not Before: Apr 15 02:14:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0acc7d403cc3b10cff68712e95418c9c44f2dfcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:96:89:89:67:43:f0:54:29:65:19:6c:33:76:
                    52:99:6c:b4:11:3e:7c:0a:33:93:63:00:21:a5:01:
                    81:cf:28:99:74:b6:c4:aa:fc:b9:48:e2:bb:51:f7:
                    a2:f1:1d:cf:af:63:20:94:59:8b:d5:13:0c:38:36:
                    ec:49:3a:e9:c4:37:92:b0:ab:01:53:2f:3e:9e:5a:
                    77:02:fe:b3:c7:26:dd:4b:f4:d9:36:8c:4d:14:9b:
                    15:39:ad:e0:00:1b:b5:bb:5f:6d:88:49:d2:3f:a9:
                    b0:c1:74:91:e9:9a:eb:69:58:d0:8d:48:47:5e:2f:
                    ca:cc:ec:a7:9b:05:9d:e0:b1:75:2f:58:ef:82:a1:
                    f9:60:4c:d4:30:a0:11:14:de:c2:54:e1:3b:9b:4b:
                    1a:82:eb:08:bd:c7:89:32:07:d5:3b:bf:3a:21:a5:
                    1c:96:3a:1d:a6:2c:d2:5c:15:b1:2a:46:99:86:29:
                    cb:4f:63:99:46:8e:a9:7d:b9:22:23:a0:89:05:20:
                    bb:d8:53:b7:33:99:7c:84:07:02:fa:16:7e:43:97:
                    bd:76:3a:e3:0c:72:64:3f:3b:09:cb:a4:a1:72:99:
                    fb:14:5f:3d:4c:9a:f3:1d:ae:41:e0:58:f6:3a:63:
                    53:54:2f:99:e8:d7:26:1c:f8:65:1e:b0:38:d4:49:
                    92:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:CC:7D:40:3C:C3:B1:0C:FF:68:71:2E:95:41:8C:9C:44:F2:DF:CF
            X509v3 Authority Key Identifier:
                keyid:D7:57:5A:AB:C7:58:A9:68:6F:9D:43:E7:AC:0E:D3:5A:E4:47:8F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/11daq8dYqWhvnUPnrA7TWuRHj00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/fdc52e-debd-4579-9ec1-4995898acb60/1/Csx9QDzDsQz_aHEulUGMnETy388.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/fdc52e-debd-4579-9ec1-4995898acb60/1/11daq8dYqWhvnUPnrA7TWuRHj00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.155.16.0/22
                  217.179.88.0/22
                IPv6:
                  2a13:8740::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:0d:c2:39:c3:1a:26:7b:a2:5f:e7:d2:bb:15:16:c1:e6:da:
         57:ef:85:ff:65:14:9e:af:a5:8b:b0:46:36:c0:f9:0d:c4:7a:
         92:43:8f:60:2c:8e:68:6a:06:f2:28:6a:91:a9:fa:27:2f:2c:
         d4:0d:a0:b1:1f:30:c3:bf:6d:1c:93:8e:85:f8:f6:d0:fa:18:
         ab:0a:0e:ec:f2:e8:4b:55:07:29:4f:75:a4:ed:86:32:b9:13:
         e1:b3:b9:05:69:13:cb:c3:46:94:fd:b9:b1:4b:48:ae:e8:4b:
         00:15:75:92:64:a8:2d:a1:7a:ae:a8:72:39:d9:58:cf:9d:8d:
         6d:58:49:c8:94:75:18:33:26:5a:1f:b6:86:09:3a:67:7e:d8:
         88:a7:fc:1f:6a:cd:f1:b8:0d:37:25:9a:32:96:64:ab:4f:b0:
         0a:e5:a0:a1:9b:9d:7f:1b:8b:b7:97:01:73:5d:18:c8:e7:01:
         e6:b0:72:fa:77:cf:86:bd:b4:b9:dd:a3:27:fa:69:ea:c4:97:
         66:f7:62:58:14:91:e2:be:27:9e:03:1f:f1:70:0e:31:a9:01:
         4b:bf:7d:60:07:70:97:7f:f5:ae:93:fe:81:a6:80:93:75:da:
         24:b5:5e:fe:31:62:82:01:b3:15:d3:f2:92:7b:ff:3c:13:e3:
         d1:fc:bb:5f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ2O6wUW1VUL0pjuuDM6b4KcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NTc1YWFiYzc1OGE5Njg2ZjlkNDNlN2FjMGVkMzVhZTQ0
NzhmNGQwHhcNMjYwNDE1MDIxNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWNjN2Q0MDNjYzNiMTBjZmY2ODcxMmU5NTQxOGM5YzQ0ZjJkZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZaJiWdD8FQpZRlsM3ZSmWy0ET58
CjOTYwAhpQGBzyiZdLbEqvy5SOK7Ufei8R3Pr2MglFmL1RMMODbsSTrpxDeSsKsB
Uy8+nlp3Av6zxybdS/TZNoxNFJsVOa3gABu1u19tiEnSP6mwwXSR6ZrraVjQjUhH
Xi/KzOynmwWd4LF1L1jvgqH5YEzUMKARFN7CVOE7m0sagusIvceJMgfVO786IaUc
ljodpizSXBWxKkaZhinLT2OZRo6pfbkiI6CJBSC72FO3M5l8hAcC+hZ+Q5e9djrj
DHJkPzsJy6Shcpn7FF89TJrzHa5B4Fj2OmNTVC+Z6NcmHPhlHrA41EmS4wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFArMfUA8w7EM/2hxLpVBjJxE8t/PMB8GA1UdIwQY
MBaAFNdXWqvHWKlob51D56wO01rkR49NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTFkYXE4ZFlxV2h2blVQbnJBN1RXdVJIajAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mZGM1MmUtZGViZC00NTc5LTllYzEt
NDk5NTg5OGFjYjYwLzEvQ3N4OVFEekRzUXpfYUhFdWxVR01uRVR5Mzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mZGM1MmUtZGViZC00NTc5LTllYzEtNDk5NTg5OGFjYjYw
LzEvMTFkYXE4ZFlxV2h2blVQbnJBN1RXdVJIajAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQC1ZsQAwQC
2bNYMA0EAgACMAcDBQMqE4dAMA0GCSqGSIb3DQEBCwUAA4IBAQCTDcI5wxome6Jf
59K7FRbB5tpX74X/ZRSer6WLsEY2wPkNxHqSQ49gLI5oagbyKGqRqfonLyzUDaCx
HzDDv20ck46F+PbQ+hirCg7s8uhLVQcpT3Wk7YYyuRPhs7kFaRPLw0aU/bmxS0iu
6EsAFXWSZKgtoXquqHI52VjPnY1tWEnIlHUYMyZaH7aGCTpnftiIp/wfas3xuA03
JZoylmSrT7AK5aChm51/G4u3lwFzXRjI5wHmsHL6d8+GvbS53aMn+mnqxJdm92JY
FJHivieeAx/xcA4xqQFLv31gB3CXf/Wuk/6BpoCTddoktV7+MWKCAbMV0/KSe/88
E+PR/Ltf
-----END CERTIFICATE-----