Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/3wh0CT_8NfW3KeKbg66Zbntk-98.roa
File:                     3wh0CT_8NfW3KeKbg66Zbntk-98.roa (raw, json)
Hash identifier:          XNvg+YgzCvz98HEiUChpuE5wzEJ7vEAr5EwgyO9TGdU=
Subject key identifier:   DF:08:74:09:3F:FC:35:F5:B7:29:E2:9B:83:AE:99:6E:7B:64:FB:DF
Certificate issuer:       /CN=d894365b28a082834a751a97771b791124524dec
Certificate serial:       019DF88C37D8D70D62D434BC1A5F61F1705A
Authority key identifier: D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/3wh0CT_8NfW3KeKbg66Zbntk-98.roa
Signing time:             Tue 05 May 2026 14:30:32 +0000
ROA not before:           Tue 05 May 2026 14:30:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        159.253.164.0/24 maxlen: 24
                          159.253.165.0/24 maxlen: 24
                          159.253.166.0/24 maxlen: 24
                          159.253.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:8c:37:d8:d7:0d:62:d4:34:bc:1a:5f:61:f1:70:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d894365b28a082834a751a97771b791124524dec
        Validity
            Not Before: May  5 14:30:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df0874093ffc35f5b729e29b83ae996e7b64fbdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:93:60:76:b8:59:4f:9a:13:de:7d:6a:fb:53:
                    eb:55:22:00:24:e1:7e:ce:38:07:82:6c:f2:21:88:
                    11:e9:ff:89:f9:fc:dc:21:54:42:95:b6:a1:34:6c:
                    1c:5d:ea:0d:fe:6b:48:a0:eb:96:88:9d:ad:bd:41:
                    1d:d9:4a:9c:ab:06:a7:63:b3:9d:5c:63:24:94:f1:
                    07:1e:25:14:d4:48:fb:c6:dd:2d:3d:54:57:4f:ce:
                    d6:3e:c4:01:4b:d5:31:99:70:2a:8c:69:bc:26:65:
                    da:b1:12:e6:f5:b7:ec:75:ab:f7:a1:09:c9:29:44:
                    a1:aa:7e:9e:2b:12:4f:62:a8:d3:c4:b7:34:ce:7d:
                    e2:2a:fb:8f:f4:e7:53:ec:40:44:15:ab:07:39:f3:
                    6a:f2:88:61:f5:8a:81:b6:48:23:3e:b3:a0:f5:83:
                    c1:8a:f7:39:24:92:77:3d:8a:d2:7d:a6:f9:c4:fa:
                    f3:6b:54:f1:86:fa:9a:f4:29:e1:47:8e:e3:60:6e:
                    ab:a8:87:fa:83:74:e1:b3:5c:04:5f:1f:86:14:5e:
                    3f:10:6a:00:ee:2b:8e:2e:aa:35:63:8c:4b:25:f6:
                    a0:d5:c2:b1:e9:a0:2d:5e:ba:41:fe:9c:cb:84:6d:
                    09:40:0d:13:c2:85:5d:b7:1b:84:55:64:df:93:86:
                    72:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:08:74:09:3F:FC:35:F5:B7:29:E2:9B:83:AE:99:6E:7B:64:FB:DF
            X509v3 Authority Key Identifier:
                keyid:D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/3wh0CT_8NfW3KeKbg66Zbntk-98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:e0:f9:f9:20:ca:45:b0:b4:a8:06:69:62:c6:87:64:74:d2:
         ba:a7:fd:d3:4e:be:5c:47:36:e1:30:cd:d1:47:04:c6:f1:8a:
         6b:a7:da:4d:bb:5d:c3:4c:70:7e:35:56:88:bb:1c:b8:42:2e:
         13:58:64:8e:9e:5a:b7:55:47:0f:e3:ef:28:67:5a:46:b9:b7:
         a8:f6:a1:b6:92:33:ef:5a:ce:7c:00:67:c3:10:96:03:5e:81:
         cf:a6:de:80:4b:e0:91:84:6b:98:31:42:28:3a:62:57:ce:b0:
         dc:68:50:86:77:89:e4:73:07:fb:a7:7d:62:53:3c:ca:da:c9:
         31:fc:39:31:ee:ad:b5:4d:29:72:ac:06:50:83:22:48:8d:41:
         83:7e:5a:42:b3:97:7a:65:66:f5:a4:cf:2f:83:14:ef:cb:ab:
         92:11:a4:38:db:1b:be:61:cc:05:d7:39:3a:82:17:57:c5:6f:
         ad:d2:c0:44:9b:2a:a7:c3:2c:e7:b5:f7:15:36:b5:80:5c:48:
         49:4b:97:22:89:18:c6:ea:42:f0:4b:48:8b:cd:0b:6f:67:96:
         99:3c:c4:86:46:c5:1e:7f:bc:8a:b8:f0:0f:44:15:77:8e:b3:
         94:1e:65:0b:cb:c3:c1:6c:71:7f:fb:8c:ca:27:84:69:66:79:
         f6:89:f3:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34jDfY1w1i1DS8Gl9h8XBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTQzNjViMjhhMDgyODM0YTc1MWE5Nzc3MWI3OTExMjQ1
MjRkZWMwHhcNMjYwNTA1MTQzMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjA4NzQwOTNmZmMzNWY1YjcyOWUyOWI4M2FlOTk2ZTdiNjRmYmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZNgdrhZT5oT3n1q+1PrVSIAJOF+
zjgHgmzyIYgR6f+J+fzcIVRClbahNGwcXeoN/mtIoOuWiJ2tvUEd2UqcqwanY7Od
XGMklPEHHiUU1Ej7xt0tPVRXT87WPsQBS9UxmXAqjGm8JmXasRLm9bfsdav3oQnJ
KUShqn6eKxJPYqjTxLc0zn3iKvuP9OdT7EBEFasHOfNq8ohh9YqBtkgjPrOg9YPB
ivc5JJJ3PYrSfab5xPrza1Txhvqa9CnhR47jYG6rqIf6g3Ths1wEXx+GFF4/EGoA
7iuOLqo1Y4xLJfag1cKx6aAtXrpB/pzLhG0JQA0TwoVdtxuEVWTfk4ZyLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8IdAk//DX1tynim4OumW57ZPvfMB8GA1UdIwQY
MBaAFNiUNlsooIKDSnUal3cbeREkUk3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEt
MjE0NjE3OWQ4ZTJiLzEvM3doMENUXzhOZlczS2VLYmc2NlpibnRrLTk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEtMjE0NjE3OWQ4ZTJi
LzEvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCn/2kMA0G
CSqGSIb3DQEBCwUAA4IBAQAy4Pn5IMpFsLSoBmlixodkdNK6p/3TTr5cRzbhMM3R
RwTG8Yprp9pNu13DTHB+NVaIuxy4Qi4TWGSOnlq3VUcP4+8oZ1pGubeo9qG2kjPv
Ws58AGfDEJYDXoHPpt6AS+CRhGuYMUIoOmJXzrDcaFCGd4nkcwf7p31iUzzK2skx
/Dkx7q21TSlyrAZQgyJIjUGDflpCs5d6ZWb1pM8vgxTvy6uSEaQ42xu+YcwF1zk6
ghdXxW+t0sBEmyqnwyzntfcVNrWAXEhJS5ciiRjG6kLwS0iLzQtvZ5aZPMSGRsUe
f7yKuPAPRBV3jrOUHmULy8PBbHF/+4zKJ4RpZnn2ifPl
-----END CERTIFICATE-----