Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/piwBwz4HJGYBENTFdgGuRDrHazc.roa
File:                     piwBwz4HJGYBENTFdgGuRDrHazc.roa (raw, json)
Hash identifier:          HyV9rRZkFNwRRX6HGBAQRpmfS8v8I2SCJ4CVMaujnWU=
Subject key identifier:   A6:2C:01:C3:3E:07:24:66:01:10:D4:C5:76:01:AE:44:3A:C7:6B:37
Certificate issuer:       /CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
Certificate serial:       019CF2DD365A9CCE4F110800897881C90763
Authority key identifier: D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/piwBwz4HJGYBENTFdgGuRDrHazc.roa
Signing time:             Sun 15 Mar 2026 18:58:29 +0000
ROA not before:           Sun 15 Mar 2026 18:58:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        195.24.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f2:dd:36:5a:9c:ce:4f:11:08:00:89:78:81:c9:07:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
        Validity
            Not Before: Mar 15 18:58:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a62c01c33e0724660110d4c57601ae443ac76b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c6:5e:8c:16:4e:0d:62:71:1f:c4:0f:1f:e7:
                    c5:b5:36:59:4a:77:57:3b:10:91:32:9b:9e:0a:4d:
                    4d:76:51:53:ee:e1:ac:47:18:3e:af:2b:88:fe:8d:
                    92:e2:be:33:f0:36:f2:4f:35:29:d4:cf:88:ea:76:
                    97:92:d0:13:3b:79:55:4c:4e:e3:00:ba:37:37:38:
                    29:22:e0:46:5e:78:08:02:2f:1d:6d:c5:ae:f7:7f:
                    ed:0f:6a:1b:66:e6:1d:62:56:4f:11:2e:b6:b7:6a:
                    de:68:39:db:ba:3d:4d:3d:75:df:53:55:19:37:be:
                    42:f8:8c:57:ec:4c:d2:5c:c6:54:b7:4f:6d:2f:b0:
                    8b:2f:ed:e6:f5:3b:67:9c:d9:c1:a1:03:e9:32:88:
                    b8:12:99:a7:ea:c2:bb:c9:3a:ae:36:77:a8:ae:27:
                    51:a3:e4:3d:7b:47:d7:17:44:72:48:77:0b:db:a7:
                    f5:e5:8c:b5:ce:6f:b4:66:1a:04:34:b3:82:fd:e4:
                    82:ff:6a:cb:37:d4:3e:a2:8f:97:d4:c1:9c:01:1b:
                    e3:38:66:bf:f2:59:74:d9:97:5b:9d:f1:8e:3e:46:
                    2d:33:c7:82:2d:d2:54:6e:36:80:30:ec:96:9a:b2:
                    8c:cc:4b:95:41:8d:49:da:7f:24:a8:6e:29:86:2f:
                    ee:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:2C:01:C3:3E:07:24:66:01:10:D4:C5:76:01:AE:44:3A:C7:6B:37
            X509v3 Authority Key Identifier:
                keyid:D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/piwBwz4HJGYBENTFdgGuRDrHazc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:ac:13:f8:19:e7:80:ae:0c:a9:e4:9b:1a:9b:cc:a6:8e:3c:
         94:d5:58:dd:6e:76:46:eb:29:12:8e:86:31:36:ce:1c:b2:c7:
         eb:d1:1b:11:6f:a7:7d:45:83:79:bc:59:14:97:88:de:11:6a:
         89:9c:44:35:e5:87:3b:d6:59:cb:98:d4:77:fa:45:77:35:af:
         c4:56:5b:73:2e:ea:9e:c1:22:b8:18:1f:cf:38:60:4a:69:56:
         93:67:d9:a2:ac:76:84:75:bb:0b:8a:49:09:c8:39:5d:17:1d:
         bd:45:d2:2b:db:e8:94:81:7a:73:34:90:9b:06:4a:80:86:cb:
         95:9b:22:d9:10:59:cd:04:09:99:92:73:25:b0:7f:1a:bc:81:
         11:e9:36:fe:6e:8e:e5:14:7c:c1:97:4f:47:7b:fe:f7:b1:04:
         fa:11:a0:d7:2b:d5:bf:ce:28:bc:9a:b4:b7:1e:15:35:d3:d4:
         b5:2a:5a:1b:35:8b:ec:c4:a1:09:d6:66:f1:80:2a:7f:e3:b3:
         0f:0d:f3:cb:51:54:8f:7f:e3:88:19:4c:e4:b3:a1:72:8a:83:
         90:33:a7:da:f2:11:1a:53:45:d5:85:50:4a:4c:eb:1e:31:d2:
         7e:84:d9:27:a4:35:eb:01:e5:49:26:fb:7f:3d:61:de:1e:d8:
         b2:eb:ef:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzy3TZanM5PEQgAiXiByQdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjYxZDFmMWQ5Y2NkYWI2YjZkOGUxNDUwYzJjOTM2ZDM5
N2U2NzAwHhcNMjYwMzE1MTg1ODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjJjMDFjMzNlMDcyNDY2MDExMGQ0YzU3NjAxYWU0NDNhYzc2YjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusZejBZODWJxH8QPH+fFtTZZSndX
OxCRMpueCk1NdlFT7uGsRxg+ryuI/o2S4r4z8DbyTzUp1M+I6naXktATO3lVTE7j
ALo3NzgpIuBGXngIAi8dbcWu93/tD2obZuYdYlZPES62t2reaDnbuj1NPXXfU1UZ
N75C+IxX7EzSXMZUt09tL7CLL+3m9TtnnNnBoQPpMoi4Epmn6sK7yTquNneoridR
o+Q9e0fXF0RySHcL26f15Yy1zm+0ZhoENLOC/eSC/2rLN9Q+oo+X1MGcARvjOGa/
8ll02ZdbnfGOPkYtM8eCLdJUbjaAMOyWmrKMzEuVQY1J2n8kqG4phi/uwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYsAcM+ByRmARDUxXYBrkQ6x2s3MB8GA1UdIwQY
MBaAFNC2HR8dnM2ra22OFFDCyTbTl+ZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzIt
MTVmNjJjODkwYWY4LzEvcGl3Qnd6NEhKR1lCRU5URmRnR3VSRHJIYXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzItMTVmNjJjODkwYWY4
LzEvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjtMA0G
CSqGSIb3DQEBCwUAA4IBAQB0rBP4GeeArgyp5Jsam8ymjjyU1VjdbnZG6ykSjoYx
Ns4cssfr0RsRb6d9RYN5vFkUl4jeEWqJnEQ15Yc71lnLmNR3+kV3Na/EVltzLuqe
wSK4GB/POGBKaVaTZ9mirHaEdbsLikkJyDldFx29RdIr2+iUgXpzNJCbBkqAhsuV
myLZEFnNBAmZknMlsH8avIER6Tb+bo7lFHzBl09He/73sQT6EaDXK9W/zii8mrS3
HhU109S1KlobNYvsxKEJ1mbxgCp/47MPDfPLUVSPf+OIGUzks6FyioOQM6fa8hEa
U0XVhVBKTOseMdJ+hNknpDXrAeVJJvt/PWHeHtiy6+/2
-----END CERTIFICATE-----