Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/SMiyXrAPCyN75bhmFTdLi2GwlAk.roa
File:                     SMiyXrAPCyN75bhmFTdLi2GwlAk.roa (raw, json)
Hash identifier:          OWn6AVqzgfgw0x7vjLeI7fNAaN8eSRtfVsyb4Z33PEs=
Subject key identifier:   48:C8:B2:5E:B0:0F:0B:23:7B:E5:B8:66:15:37:4B:8B:61:B0:94:09
Certificate issuer:       /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial:       019E1D381AF426CB61997D8EE2FCA97F0FD3
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/SMiyXrAPCyN75bhmFTdLi2GwlAk.roa
Signing time:             Tue 12 May 2026 17:24:36 +0000
ROA not before:           Tue 12 May 2026 17:24:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6540
IP address blocks:        205.220.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1d:38:1a:f4:26:cb:61:99:7d:8e:e2:fc:a9:7f:0f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
        Validity
            Not Before: May 12 17:24:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48c8b25eb00f0b237be5b86615374b8b61b09409
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:ef:90:1f:12:20:fd:29:f0:f0:6e:cc:fe:f7:
                    3a:6d:de:71:8b:45:57:1e:89:4a:5c:6d:d2:4f:c9:
                    2e:c2:67:b0:1b:3d:9d:9b:50:ef:cf:50:b7:a5:ae:
                    96:68:79:b2:f7:3d:83:68:71:ec:53:88:e2:51:bd:
                    17:9d:57:9b:98:52:1b:e5:79:92:44:89:64:3a:a7:
                    4d:56:5a:89:1f:dc:a3:af:56:96:7c:bd:e1:1d:72:
                    1a:9b:52:1b:0d:d6:1c:5b:b1:45:e5:ff:8a:c1:8b:
                    bf:13:8d:e6:88:0a:9a:d1:52:9d:13:f3:26:4e:7e:
                    04:1e:d1:7c:c3:78:cd:e8:43:5b:a8:da:fc:de:87:
                    c0:9b:3c:6a:28:1a:f1:f4:55:8f:f8:21:e4:49:30:
                    4d:b9:42:e8:6d:74:c2:be:2d:63:41:72:10:16:f1:
                    d9:c4:0d:bd:ba:87:d3:2f:c4:9b:af:3d:ff:87:9e:
                    fb:46:82:b3:5a:39:78:8c:99:0b:1a:76:1a:0a:ce:
                    f4:cf:e9:f2:98:7c:93:62:a5:39:2c:56:1f:01:9b:
                    a3:cf:02:89:b3:a4:47:91:c1:8f:bf:64:89:86:62:
                    06:73:56:eb:75:ed:48:a4:1c:c7:c7:f7:e3:96:66:
                    ae:f6:1d:df:47:f8:08:1a:25:e5:de:d4:07:45:b6:
                    46:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:C8:B2:5E:B0:0F:0B:23:7B:E5:B8:66:15:37:4B:8B:61:B0:94:09
            X509v3 Authority Key Identifier:
                keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/SMiyXrAPCyN75bhmFTdLi2GwlAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.220.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:a0:07:00:37:11:31:f9:ba:9c:c8:fb:13:c5:d2:a2:00:d9:
         fe:48:46:1a:4e:9a:d7:ee:30:37:c2:39:04:6d:f3:3c:b5:67:
         31:10:6e:0e:b6:10:ce:36:11:84:3c:92:3d:c6:e0:91:10:e0:
         c2:9b:4c:2d:cc:5a:ae:2e:a3:af:75:63:fe:e0:27:c1:e3:70:
         2a:98:b5:86:f0:ee:5d:f7:02:60:fe:05:fc:84:0a:bb:fe:94:
         47:8f:f4:2d:a6:b2:6f:9d:d9:47:50:d8:b2:8e:d8:db:e6:19:
         9e:e1:67:ac:fa:d8:f1:13:7d:84:bd:19:9a:83:92:e6:0a:1b:
         d7:af:62:e5:6e:b8:3e:ab:0e:79:50:60:5c:cc:ab:4a:87:5f:
         84:ca:97:c7:47:d2:08:65:c2:b0:e3:a9:c1:73:29:3e:70:b5:
         55:3b:98:af:63:46:bf:de:7e:b3:65:ef:72:f0:e7:e5:e1:51:
         ed:d3:a1:c6:42:54:14:a4:ba:d6:da:d5:5b:e4:c5:4c:fc:e4:
         7e:70:f2:59:69:7b:66:0a:a7:9b:1c:44:80:3d:d1:6b:5b:21:
         a1:1c:87:91:46:56:72:50:4d:48:ab:aa:75:8c:bc:60:53:0e:
         67:3a:b7:f0:70:2d:d4:1d:7c:96:8e:0f:9a:37:b6:95:12:a3:
         88:1f:bc:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4dOBr0JsthmX2O4vypfw/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjYwNTEyMTcyNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGM4YjI1ZWIwMGYwYjIzN2JlNWI4NjYxNTM3NGI4YjYxYjA5NDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8O+QHxIg/Snw8G7M/vc6bd5xi0VX
HolKXG3ST8kuwmewGz2dm1Dvz1C3pa6WaHmy9z2DaHHsU4jiUb0XnVebmFIb5XmS
RIlkOqdNVlqJH9yjr1aWfL3hHXIam1IbDdYcW7FF5f+KwYu/E43miAqa0VKdE/Mm
Tn4EHtF8w3jN6ENbqNr83ofAmzxqKBrx9FWP+CHkSTBNuULobXTCvi1jQXIQFvHZ
xA29uofTL8Sbrz3/h577RoKzWjl4jJkLGnYaCs70z+nymHyTYqU5LFYfAZujzwKJ
s6RHkcGPv2SJhmIGc1brde1IpBzHx/fjlmau9h3fR/gIGiXl3tQHRbZGjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEjIsl6wDwsje+W4ZhU3S4thsJQJMB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEvU01peVhyQVBDeU43NWJobUZUZExpMkd3bEFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMtNzRkOTFjZGJlMTk1
LzEvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzdziMA0G
CSqGSIb3DQEBCwUAA4IBAQBLoAcANxEx+bqcyPsTxdKiANn+SEYaTprX7jA3wjkE
bfM8tWcxEG4OthDONhGEPJI9xuCREODCm0wtzFquLqOvdWP+4CfB43AqmLWG8O5d
9wJg/gX8hAq7/pRHj/QtprJvndlHUNiyjtjb5hme4Wes+tjxE32EvRmag5LmChvX
r2Llbrg+qw55UGBczKtKh1+EypfHR9IIZcKw46nBcyk+cLVVO5ivY0a/3n6zZe9y
8Ofl4VHt06HGQlQUpLrW2tVb5MVM/OR+cPJZaXtmCqebHESAPdFrWyGhHIeRRlZy
UE1Iq6p1jLxgUw5nOrfwcC3UHXyWjg+aN7aVEqOIH7zY
-----END CERTIFICATE-----