Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/TIJ_Pc1k7ZQ1-CMvtl_esIxA-lQ.roa
File:                     TIJ_Pc1k7ZQ1-CMvtl_esIxA-lQ.roa (raw, json)
Hash identifier:          fPlXG6mzNG68BlxW/k4eSqpLr/8rvZLsvPTT1SdrhcU=
Subject key identifier:   4C:82:7F:3D:CD:64:ED:94:35:F8:23:2F:B6:5F:DE:B0:8C:40:FA:54
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       019CF6AFEBF217D1F42F7E2818B9705580B5
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/TIJ_Pc1k7ZQ1-CMvtl_esIxA-lQ.roa
Signing time:             Mon 16 Mar 2026 12:47:30 +0000
ROA not before:           Mon 16 Mar 2026 12:47:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50564
IP address blocks:        176.227.156.0/24 maxlen: 24
                          178.156.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:af:eb:f2:17:d1:f4:2f:7e:28:18:b9:70:55:80:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Mar 16 12:47:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c827f3dcd64ed9435f8232fb65fdeb08c40fa54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f7:0d:fc:ea:74:9b:5e:ab:ba:c7:3e:6a:03:
                    f3:02:fa:1e:2d:cb:7b:df:31:05:1f:17:b0:a8:df:
                    e1:a0:8b:a4:c7:47:36:ea:c9:c4:35:64:ac:1b:58:
                    dd:4d:95:9d:29:5b:71:dc:6e:91:57:53:02:d0:75:
                    62:54:b3:15:3a:d0:17:f4:aa:8d:7f:ae:6d:d1:79:
                    41:ae:ad:a3:6d:7a:29:25:d9:bd:01:50:21:96:6b:
                    d4:de:10:6d:3f:1b:18:61:5b:5c:2e:ad:df:83:53:
                    f7:33:a1:e4:b1:6b:9f:7b:8c:e5:ad:4d:30:8e:80:
                    b9:e6:ed:20:ac:21:7b:2a:3a:28:bb:7a:53:d9:02:
                    ee:9f:0c:9c:58:d4:e0:81:fc:f6:2d:71:31:11:e9:
                    b4:ff:70:4f:9e:db:ce:2c:8d:2e:b7:6d:be:3c:7d:
                    90:5d:b5:aa:9f:34:78:b9:7c:bc:37:c1:d5:e4:a3:
                    6d:ac:ab:a6:7d:7a:07:b7:1a:12:46:02:59:d6:24:
                    49:2e:b6:ad:1d:05:9b:54:37:94:a3:d3:17:1e:49:
                    e0:11:16:56:4e:ff:f1:77:46:56:16:7d:60:c2:2e:
                    8d:05:e4:2d:24:9f:fb:61:10:13:2a:2e:84:ef:3f:
                    5c:e4:bb:f5:08:c6:a1:9d:af:8d:6d:0f:dd:76:4a:
                    ac:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:82:7F:3D:CD:64:ED:94:35:F8:23:2F:B6:5F:DE:B0:8C:40:FA:54
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/TIJ_Pc1k7ZQ1-CMvtl_esIxA-lQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.227.156.0/24
                  178.156.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:62:65:27:a2:1b:c8:65:05:cc:6f:22:1d:e6:7d:cf:f1:72:
         8b:03:08:a6:2e:41:6c:79:ab:f2:24:cd:ed:33:47:d5:1a:32:
         4c:a8:68:ce:56:a6:b2:a1:2c:f3:a3:fe:60:f8:42:74:11:b6:
         a8:49:58:7c:45:99:20:ce:9c:73:e3:c2:89:14:ea:5b:d9:5f:
         dd:ee:9f:cd:3a:c7:2e:ae:29:56:95:0d:d4:9b:89:a6:9b:fa:
         b1:a1:51:21:f6:7a:63:97:b3:e8:07:de:25:38:79:86:19:b3:
         53:6d:c8:7c:fc:fb:9c:af:0c:d7:91:4f:20:a7:81:04:50:c2:
         db:8e:e2:46:3c:b0:49:e7:21:c3:96:44:5f:fd:22:8a:5c:fb:
         51:77:fa:be:6a:b3:91:7e:6b:fe:a4:d1:62:88:63:81:2f:70:
         b9:97:29:90:2c:9e:96:06:6a:fa:b2:96:3a:42:97:cc:02:cd:
         36:d7:b0:d9:ef:87:0b:35:96:07:30:cd:04:fe:87:a3:ed:6e:
         9f:a9:39:4b:4e:42:df:95:48:56:0c:c2:3e:a9:aa:f4:78:1f:
         0e:02:b8:c2:e9:fb:f8:0f:a1:b0:95:2c:32:22:ad:d4:4d:7d:
         a1:72:a9:b3:2e:51:3c:9f:c9:ed:49:09:23:e9:59:9b:c8:25:
         b3:a7:ba:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz2r+vyF9H0L34oGLlwVYC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjYwMzE2MTI0NzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzgyN2YzZGNkNjRlZDk0MzVmODIzMmZiNjVmZGViMDhjNDBmYTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvcN/Op0m16rusc+agPzAvoeLct7
3zEFHxewqN/hoIukx0c26snENWSsG1jdTZWdKVtx3G6RV1MC0HViVLMVOtAX9KqN
f65t0XlBrq2jbXopJdm9AVAhlmvU3hBtPxsYYVtcLq3fg1P3M6HksWufe4zlrU0w
joC55u0grCF7Kjoou3pT2QLunwycWNTggfz2LXExEem0/3BPntvOLI0ut22+PH2Q
XbWqnzR4uXy8N8HV5KNtrKumfXoHtxoSRgJZ1iRJLratHQWbVDeUo9MXHkngERZW
Tv/xd0ZWFn1gwi6NBeQtJJ/7YRATKi6E7z9c5Lv1CMahna+NbQ/ddkqsTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEyCfz3NZO2UNfgjL7Zf3rCMQPpUMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvVElKX1BjMWs3WlExLUNNdnRsX2VzSXhBLWxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsOOcAwQA
spxNMA0GCSqGSIb3DQEBCwUAA4IBAQBeYmUnohvIZQXMbyId5n3P8XKLAwimLkFs
eavyJM3tM0fVGjJMqGjOVqayoSzzo/5g+EJ0EbaoSVh8RZkgzpxz48KJFOpb2V/d
7p/NOscurilWlQ3Um4mmm/qxoVEh9npjl7PoB94lOHmGGbNTbch8/PucrwzXkU8g
p4EEUMLbjuJGPLBJ5yHDlkRf/SKKXPtRd/q+arORfmv+pNFiiGOBL3C5lymQLJ6W
Bmr6spY6QpfMAs0217DZ74cLNZYHMM0E/oej7W6fqTlLTkLflUhWDMI+qar0eB8O
ArjC6fv4D6GwlSwyIq3UTX2hcqmzLlE8n8ntSQkj6VmbyCWzp7ov
-----END CERTIFICATE-----