Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/kD9THQqr52-A9HCLqNy2hqhG_kA.roa
File:                     kD9THQqr52-A9HCLqNy2hqhG_kA.roa (raw, json)
Hash identifier:          ZY3pnD0PUamjgM9FCMYtpaTRi8Ds5YJqoFSs/k+EEOo=
Subject key identifier:   90:3F:53:1D:0A:AB:E7:6F:80:F4:70:8B:A8:DC:B6:86:A8:46:FE:40
Certificate issuer:       /CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
Certificate serial:       019D265EF46F8E829425090BCE469374E6D7
Authority key identifier: C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/kD9THQqr52-A9HCLqNy2hqhG_kA.roa
Signing time:             Wed 25 Mar 2026 19:00:50 +0000
ROA not before:           Wed 25 Mar 2026 19:00:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48988
IP address blocks:        153.80.192.0/20 maxlen: 20
                          153.80.208.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:26:5e:f4:6f:8e:82:94:25:09:0b:ce:46:93:74:e6:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
        Validity
            Not Before: Mar 25 19:00:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=903f531d0aabe76f80f4708ba8dcb686a846fe40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c5:d5:50:16:51:df:ca:17:7c:c8:5b:54:6a:
                    48:1b:8e:cd:ab:e8:c0:5f:b6:9a:67:30:10:a1:7f:
                    11:c2:ec:65:72:04:6e:72:66:35:3a:c3:25:92:fb:
                    24:46:c8:47:1f:86:b6:99:cb:dd:ad:b6:b1:0c:ac:
                    59:a9:70:f7:8b:0b:bc:c9:3f:38:51:29:fa:e0:07:
                    6d:c0:37:a9:2a:4d:bd:fc:3e:38:8a:2d:f8:17:c6:
                    05:ca:66:1c:4c:ce:36:b2:20:18:02:de:5c:6a:f0:
                    14:1a:cc:74:e2:18:71:d3:97:f8:b0:2f:65:6f:0c:
                    c3:d4:92:a3:0c:c3:a7:b9:15:a0:ab:59:ee:36:c6:
                    83:c5:b9:b4:1f:5f:64:18:58:55:b4:c1:fb:63:f3:
                    74:4c:b0:8c:f1:cd:ac:b3:d8:50:9c:d4:73:d4:ce:
                    42:55:9a:46:de:65:c9:65:70:2c:52:4c:26:68:fa:
                    6b:17:86:e6:f2:55:62:cb:c5:25:f4:32:91:a2:3d:
                    9e:a9:12:36:e1:a5:9f:b6:9d:d9:75:df:86:8d:95:
                    34:d8:7e:04:c2:54:e9:47:25:ed:45:31:c0:8a:18:
                    c2:7e:f2:ca:07:ac:3e:fc:a5:4f:66:1c:ff:60:1d:
                    f1:26:26:94:7e:d0:d8:54:da:56:04:73:6a:d7:11:
                    4f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3F:53:1D:0A:AB:E7:6F:80:F4:70:8B:A8:DC:B6:86:A8:46:FE:40
            X509v3 Authority Key Identifier:
                keyid:C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/kD9THQqr52-A9HCLqNy2hqhG_kA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.80.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         76:9d:29:99:de:47:71:0f:02:07:d0:26:e1:75:29:00:ce:2a:
         c3:b6:b9:11:b5:30:ec:44:24:89:1f:63:67:09:a6:83:94:31:
         4c:d9:6a:c4:54:d7:86:39:78:5f:ec:d3:4d:b3:90:82:4f:94:
         fd:ce:65:f2:f5:d8:1d:f4:07:cb:9d:97:b5:19:af:ef:05:05:
         0c:d0:67:57:f0:8f:69:ae:a4:dc:a3:c6:1e:4b:fd:0a:c4:fa:
         9f:5d:2a:78:a6:a8:6f:0d:ec:7a:df:19:c9:a4:ea:6c:9e:9c:
         21:e2:d1:cd:b2:9b:62:52:b3:1e:27:f6:90:07:7f:08:09:3a:
         c7:c2:84:60:34:3d:e5:24:44:4a:8c:2c:28:47:db:1e:44:19:
         c7:9a:71:f7:40:c7:c7:ee:5a:a8:69:d2:94:6a:23:ab:4c:a6:
         b8:98:82:d8:f5:9c:dc:23:69:69:7d:7d:8c:4b:f9:0e:a7:0f:
         ec:19:45:4c:a7:35:b6:51:52:94:ed:a7:ed:23:b4:ee:a0:de:
         ae:48:5f:cf:17:b7:57:87:a5:ba:01:cc:42:df:49:93:3d:af:
         87:34:c2:e2:e6:23:97:ac:d2:4d:39:32:03:8f:35:f6:8c:7c:
         60:8b:69:3c:33:9f:a2:20:37:94:b1:ae:ab:e2:ff:2a:bb:c3:
         b3:93:b6:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0mXvRvjoKUJQkLzkaTdObXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NWExZGExY2IxYzkyMGFlMmY5Yjc0ODI3MGZkZWQ4NzM3
YTkxODQwHhcNMjYwMzI1MTkwMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDNmNTMxZDBhYWJlNzZmODBmNDcwOGJhOGRjYjY4NmE4NDZmZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8XVUBZR38oXfMhbVGpIG47Nq+jA
X7aaZzAQoX8RwuxlcgRucmY1OsMlkvskRshHH4a2mcvdrbaxDKxZqXD3iwu8yT84
USn64AdtwDepKk29/D44ii34F8YFymYcTM42siAYAt5cavAUGsx04hhx05f4sC9l
bwzD1JKjDMOnuRWgq1nuNsaDxbm0H19kGFhVtMH7Y/N0TLCM8c2ss9hQnNRz1M5C
VZpG3mXJZXAsUkwmaPprF4bm8lViy8Ul9DKRoj2eqRI24aWftp3Zdd+GjZU02H4E
wlTpRyXtRTHAihjCfvLKB6w+/KVPZhz/YB3xJiaUftDYVNpWBHNq1xFPDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA/Ux0Kq+dvgPRwi6jctoaoRv5AMB8GA1UdIwQY
MBaAFMZaHaHLHJIK4vm3SCcP3thzepGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAt
MzZiYWM4ZDkxZTJlLzEva0Q5VEhRcXI1Mi1BOUhDTHFOeTJocWhHX2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAtMzZiYWM4ZDkxZTJl
LzEveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFmVDAMA0G
CSqGSIb3DQEBCwUAA4IBAQB2nSmZ3kdxDwIH0CbhdSkAzirDtrkRtTDsRCSJH2Nn
CaaDlDFM2WrEVNeGOXhf7NNNs5CCT5T9zmXy9dgd9AfLnZe1Ga/vBQUM0GdX8I9p
rqTco8YeS/0KxPqfXSp4pqhvDex63xnJpOpsnpwh4tHNsptiUrMeJ/aQB38ICTrH
woRgND3lJERKjCwoR9seRBnHmnH3QMfH7lqoadKUaiOrTKa4mILY9ZzcI2lpfX2M
S/kOpw/sGUVMpzW2UVKU7aftI7TuoN6uSF/PF7dXh6W6AcxC30mTPa+HNMLi5iOX
rNJNOTIDjzX2jHxgi2k8M5+iIDeUsa6r4v8qu8Ozk7ZB
-----END CERTIFICATE-----