Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/q22VxMdSRIy60hnXGH9ZkvEl-VU.roa
File:                     q22VxMdSRIy60hnXGH9ZkvEl-VU.roa (raw, json)
Hash identifier:          zg/MJ8qfVOHy4J7FHOIGJgHJYpom3/1tICP7KNToxU8=
Subject key identifier:   AB:6D:95:C4:C7:52:44:8C:BA:D2:19:D7:18:7F:59:92:F1:25:F9:55
Certificate issuer:       /CN=9e4b3281b08e6b5ec1fdeb0d0440528ed934dc3f
Certificate serial:       019CC2C8D27DB35B50BD927E93EEB8306459
Authority key identifier: 9E:4B:32:81:B0:8E:6B:5E:C1:FD:EB:0D:04:40:52:8E:D9:34:DC:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/q22VxMdSRIy60hnXGH9ZkvEl-VU.roa
Signing time:             Fri 06 Mar 2026 10:54:26 +0000
ROA not before:           Fri 06 Mar 2026 10:54:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12876
IP address blocks:        78.232.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/nksygbCOa17B_esNBEBSjtk03D8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/nksygbCOa17B_esNBEBSjtk03D8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:c8:d2:7d:b3:5b:50:bd:92:7e:93:ee:b8:30:64:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e4b3281b08e6b5ec1fdeb0d0440528ed934dc3f
        Validity
            Not Before: Mar  6 10:54:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab6d95c4c752448cbad219d7187f5992f125f955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0f:98:63:92:40:30:07:81:65:0f:57:2e:6b:
                    a3:31:3a:fc:0c:01:56:31:a1:93:c9:4b:31:03:52:
                    fe:41:40:b1:63:f4:a0:81:45:72:59:54:a9:07:0d:
                    7f:80:0e:fb:53:c4:ac:9a:3c:52:46:01:e4:2c:d0:
                    e4:23:5a:0c:4b:be:f4:04:5d:f3:df:1e:dc:c8:ad:
                    61:c0:06:9b:4b:81:ae:1b:fa:2f:4a:20:65:63:98:
                    40:93:b6:cc:07:8a:10:fe:5e:2e:e2:75:0a:47:f0:
                    66:5a:e0:66:a4:01:45:50:2f:05:37:c0:38:de:7b:
                    87:23:9f:f8:64:64:78:84:ed:1c:dd:1e:f1:4e:ca:
                    84:3e:47:0d:09:a3:f5:fc:07:b4:b9:c0:be:c0:f9:
                    4b:41:79:5c:9e:c5:ae:a3:2f:04:54:94:0c:f9:99:
                    f3:7d:bb:1c:a1:29:c5:70:a0:70:c7:de:6a:de:1d:
                    bd:7f:34:21:08:05:75:70:73:74:d1:c6:c9:99:fb:
                    81:f5:4f:de:57:58:ad:11:fb:b5:1b:58:fd:6b:da:
                    bc:64:9b:b9:2c:92:bd:f6:43:fb:7e:d4:9d:af:89:
                    70:31:d6:17:e2:f2:53:61:59:2e:a7:c5:67:bb:88:
                    75:ef:a0:0b:0c:f0:15:02:f4:7e:5e:e2:c6:a8:02:
                    6c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:6D:95:C4:C7:52:44:8C:BA:D2:19:D7:18:7F:59:92:F1:25:F9:55
            X509v3 Authority Key Identifier:
                keyid:9E:4B:32:81:B0:8E:6B:5E:C1:FD:EB:0D:04:40:52:8E:D9:34:DC:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/q22VxMdSRIy60hnXGH9ZkvEl-VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/nksygbCOa17B_esNBEBSjtk03D8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.232.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         22:c0:3c:ee:1f:fc:07:46:9c:d6:62:c9:ee:e5:7e:4a:9f:7e:
         c6:9d:67:38:00:e1:14:49:a3:52:37:68:8d:9e:53:ea:d0:95:
         8f:63:73:6c:cf:27:95:31:37:f0:8d:1c:e1:f4:e6:84:1f:35:
         ab:65:76:73:98:7d:3a:b8:e3:38:71:55:e6:cc:56:b5:0d:f9:
         cb:57:bd:6d:10:0b:56:f9:2a:4f:6d:9c:40:b4:63:27:21:72:
         1d:46:88:bd:68:43:bf:41:3a:43:92:c7:b9:eb:5c:2f:3f:39:
         bb:a8:8b:10:77:79:de:22:1d:2f:3d:0f:60:e1:b8:25:58:28:
         0c:51:98:f1:1b:fe:1d:2c:e1:b2:b5:5d:12:29:a5:b1:4f:ab:
         9d:18:18:c6:8d:4d:3f:95:16:08:b6:8f:79:ae:0b:26:c2:da:
         2a:7b:b6:94:ec:b4:15:e3:2c:4e:6f:c5:41:f2:95:fd:5b:80:
         84:38:08:8b:62:0d:00:27:b8:e8:f6:f6:b9:87:34:83:4e:bb:
         a1:60:8b:13:c6:65:9d:8d:00:e2:19:2d:c4:ad:9c:8d:73:a8:
         a5:7d:3a:a6:e9:23:3a:f3:86:17:57:a2:de:f9:b1:8f:63:e2:
         33:a7:38:bd:24:2a:62:ca:b6:44:0f:bb:01:17:b1:78:e5:4e:
         d6:5b:c2:b5
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZzCyNJ9s1tQvZJ+k+64MGRZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNGIzMjgxYjA4ZTZiNWVjMWZkZWIwZDA0NDA1MjhlZDkz
NGRjM2YwHhcNMjYwMzA2MTA1NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjZkOTVjNGM3NTI0NDhjYmFkMjE5ZDcxODdmNTk5MmYxMjVmOTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg+YY5JAMAeBZQ9XLmujMTr8DAFW
MaGTyUsxA1L+QUCxY/SggUVyWVSpBw1/gA77U8SsmjxSRgHkLNDkI1oMS770BF3z
3x7cyK1hwAabS4GuG/ovSiBlY5hAk7bMB4oQ/l4u4nUKR/BmWuBmpAFFUC8FN8A4
3nuHI5/4ZGR4hO0c3R7xTsqEPkcNCaP1/Ae0ucC+wPlLQXlcnsWuoy8EVJQM+Znz
fbscoSnFcKBwx95q3h29fzQhCAV1cHN00cbJmfuB9U/eV1itEfu1G1j9a9q8ZJu5
LJK99kP7ftSdr4lwMdYX4vJTYVkup8Vnu4h176ALDPAVAvR+XuLGqAJsiQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKttlcTHUkSMutIZ1xh/WZLxJflVMB8GA1UdIwQY
MBaAFJ5LMoGwjmtewf3rDQRAUo7ZNNw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtzeWdiQ09hMTdCX2VzTkJFQlNqdGswM0Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mZjdkMzMtZTRmNy00M2MwLTkyNGIt
NmIyZDQ2OTI0YzZmLzEvcTIyVnhNZFNSSXk2MGhuWEdIOVprdkVsLVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mZjdkMzMtZTRmNy00M2MwLTkyNGItNmIyZDQ2OTI0YzZm
LzEvbmtzeWdiQ09hMTdCX2VzTkJFQlNqdGswM0Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMATugwDQYJ
KoZIhvcNAQELBQADggEBACLAPO4f/AdGnNZiye7lfkqffsadZzgA4RRJo1I3aI2e
U+rQlY9jc2zPJ5UxN/CNHOH05oQfNatldnOYfTq44zhxVebMVrUN+ctXvW0QC1b5
Kk9tnEC0Yychch1GiL1oQ79BOkOSx7nrXC8/ObuoixB3ed4iHS89D2DhuCVYKAxR
mPEb/h0s4bK1XRIppbFPq50YGMaNTT+VFgi2j3muCybC2ip7tpTstBXjLE5vxUHy
lf1bgIQ4CItiDQAnuOj29rmHNINOu6FgixPGZZ2NAOIZLcStnI1zqKV9OqbpIzrz
hhdXot75sY9j4jOnOL0kKmLKtkQPuwEXsXjlTtZbwrU=
-----END CERTIFICATE-----