Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/xyAifHL4yJafsXbZXrkrgodDKkI.roa
File:                     xyAifHL4yJafsXbZXrkrgodDKkI.roa (raw, json)
Hash identifier:          5dlJ/03oKMrYHI2ijFPlXqVyiklmxqeJzGBSWajGiKQ=
Subject key identifier:   C7:20:22:7C:72:F8:C8:96:9F:B1:76:D9:5E:B9:2B:82:87:43:2A:42
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       019DD3EE783D607F3233C50EBFB2949D6CAB
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/xyAifHL4yJafsXbZXrkrgodDKkI.roa
Signing time:             Tue 28 Apr 2026 11:51:53 +0000
ROA not before:           Tue 28 Apr 2026 11:51:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50941
IP address blocks:        185.172.50.0/24 maxlen: 24
                          185.172.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 02:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:ee:78:3d:60:7f:32:33:c5:0e:bf:b2:94:9d:6c:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Apr 28 11:51:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c720227c72f8c8969fb176d95eb92b8287432a42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:fc:11:48:5b:4e:6d:31:e6:3f:7a:67:04:ee:
                    99:02:30:97:5f:2f:94:c7:e3:75:bc:a7:c0:ee:9e:
                    37:77:a9:e5:44:71:96:b8:35:8e:12:20:4e:3b:96:
                    f8:ba:aa:22:da:16:80:f1:96:8f:3a:cd:90:b8:25:
                    5a:71:b2:13:17:b7:4b:2a:2b:62:4a:22:c2:ba:5f:
                    91:7a:47:12:2a:ed:25:54:d9:80:fb:d7:61:fa:83:
                    8d:a6:d3:5f:30:08:75:f1:d1:18:de:a3:04:23:7c:
                    8b:68:4c:86:77:a6:87:0f:c5:1d:42:6a:d8:19:3e:
                    c8:0d:4d:50:0d:64:39:14:a4:fe:39:18:61:66:4f:
                    55:47:75:c2:db:da:34:00:bb:37:f5:ab:b6:cc:c4:
                    69:1e:bb:8e:a3:bd:d0:59:4d:5d:28:d9:9c:f5:13:
                    d5:8c:f4:ad:47:ac:bf:03:ea:e1:10:7f:0c:c5:ea:
                    a9:41:eb:39:a5:d4:12:77:46:d8:a0:62:93:fc:c8:
                    c3:c2:3e:77:22:e4:2d:13:ab:49:87:7d:c2:97:0d:
                    85:74:b9:d9:b5:fe:63:fa:86:5a:f7:3c:e2:22:26:
                    48:e2:b5:7b:a5:50:f6:1b:fc:05:6d:3b:ea:a6:2f:
                    a2:95:05:01:7a:35:81:b0:1b:5e:81:ee:a8:6e:f1:
                    af:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:20:22:7C:72:F8:C8:96:9F:B1:76:D9:5E:B9:2B:82:87:43:2A:42
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/xyAifHL4yJafsXbZXrkrgodDKkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:e0:0b:42:20:84:38:81:12:48:3e:ad:b0:88:6d:7a:ee:c9:
         14:5c:9f:97:7e:46:0c:f2:a0:3a:8b:1f:99:2e:c1:c3:e2:db:
         a9:ba:98:63:45:9f:44:e8:89:74:a9:13:2d:51:5d:27:3e:6c:
         5a:be:a6:2c:e5:c0:44:ad:81:5f:86:fb:a8:52:e8:08:ab:f7:
         1c:61:d4:58:84:86:1b:d6:eb:a3:db:1e:34:56:a8:ab:d7:33:
         89:ae:4e:6f:da:eb:48:79:1a:5d:35:b7:cb:7b:42:90:7d:5c:
         2d:7b:65:d2:a9:9f:14:38:dc:0e:b5:da:0d:ce:c7:1c:f6:51:
         cd:57:6d:ed:a0:f9:e4:f4:0b:8d:4a:2d:bc:01:bf:b5:3c:a4:
         d2:79:c4:86:cc:a8:21:a7:7b:ce:af:ec:04:d7:55:9f:fe:9b:
         8e:ef:bf:ac:69:e9:23:95:34:41:ab:b1:c8:96:b0:ba:70:18:
         17:3b:5d:78:06:53:1a:1f:19:ee:7f:72:44:e2:0d:07:ae:22:
         95:05:8a:2e:1e:22:3e:69:c2:a0:ff:ab:30:a7:ff:c5:ed:21:
         e6:48:55:29:e6:0f:2e:b4:ea:ee:d5:3a:1f:c9:23:29:20:08:
         cc:7b:19:57:97:2a:12:df:b3:f7:83:04:a8:e8:bc:d7:f1:ff:
         16:fa:2d:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3T7ng9YH8yM8UOv7KUnWyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjYwNDI4MTE1MTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzIwMjI3YzcyZjhjODk2OWZiMTc2ZDk1ZWI5MmI4Mjg3NDMyYTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfwRSFtObTHmP3pnBO6ZAjCXXy+U
x+N1vKfA7p43d6nlRHGWuDWOEiBOO5b4uqoi2haA8ZaPOs2QuCVacbITF7dLKiti
SiLCul+RekcSKu0lVNmA+9dh+oONptNfMAh18dEY3qMEI3yLaEyGd6aHD8UdQmrY
GT7IDU1QDWQ5FKT+ORhhZk9VR3XC29o0ALs39au2zMRpHruOo73QWU1dKNmc9RPV
jPStR6y/A+rhEH8MxeqpQes5pdQSd0bYoGKT/MjDwj53IuQtE6tJh33Clw2FdLnZ
tf5j+oZa9zziIiZI4rV7pVD2G/wFbTvqpi+ilQUBejWBsBtege6obvGvaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcgInxy+MiWn7F22V65K4KHQypCMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEveHlBaWZITDR5SmFmc1hiWlhya3Jnb2RES2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuawyMA0G
CSqGSIb3DQEBCwUAA4IBAQBo4AtCIIQ4gRJIPq2wiG167skUXJ+XfkYM8qA6ix+Z
LsHD4tupuphjRZ9E6Il0qRMtUV0nPmxavqYs5cBErYFfhvuoUugIq/ccYdRYhIYb
1uuj2x40Vqir1zOJrk5v2utIeRpdNbfLe0KQfVwte2XSqZ8UONwOtdoNzscc9lHN
V23toPnk9AuNSi28Ab+1PKTSecSGzKghp3vOr+wE11Wf/puO77+saekjlTRBq7HI
lrC6cBgXO114BlMaHxnuf3JE4g0HriKVBYouHiI+acKg/6swp//F7SHmSFUp5g8u
tOru1TofySMpIAjMexlXlyoS37P3gwSo6LzX8f8W+i1r
-----END CERTIFICATE-----