Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/0tMr1V2NrZJuowDCZdCx-tCNBkY.roa
File:                     0tMr1V2NrZJuowDCZdCx-tCNBkY.roa (raw, json)
Hash identifier:          9fKPyx7EXZECo0QhxrhTF/z1f7bEAZhvNl4JyZ6Gf8s=
Subject key identifier:   D2:D3:2B:D5:5D:8D:AD:92:6E:A3:00:C2:65:D0:B1:FA:D0:8D:06:46
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       019DAF6F183E5BCB6A5C28767362D05FDA78
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/0tMr1V2NrZJuowDCZdCx-tCNBkY.roa
Signing time:             Tue 21 Apr 2026 09:46:26 +0000
ROA not before:           Tue 21 Apr 2026 09:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214143
IP address blocks:        209.131.66.0/24 maxlen: 24
                          209.131.68.0/24 maxlen: 24
                          209.131.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:6f:18:3e:5b:cb:6a:5c:28:76:73:62:d0:5f:da:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Apr 21 09:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2d32bd55d8dad926ea300c265d0b1fad08d0646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bf:81:c4:61:66:87:fe:43:ef:23:4f:3c:d7:
                    4e:fa:b7:06:0d:f2:04:c8:fb:1e:a9:49:80:cb:0c:
                    03:5b:4e:76:12:97:4a:17:f3:93:fb:da:30:9a:89:
                    57:0b:aa:fe:3b:10:ea:8b:34:ab:c3:80:9f:27:c3:
                    fc:0d:eb:97:3a:50:09:e6:20:5f:de:29:3f:e0:ff:
                    0f:98:2c:9f:2c:fa:51:ea:ad:05:9f:6c:db:1e:55:
                    79:78:e3:52:d0:a7:4a:b0:11:88:40:48:43:f5:c1:
                    c2:d1:00:e0:10:0e:33:7e:cf:24:09:92:e5:97:44:
                    52:a5:2e:1e:1a:9c:9a:37:f1:f0:b5:4d:a4:11:04:
                    09:ee:84:c9:2d:71:62:00:05:3a:32:7d:f6:a7:15:
                    71:cd:8a:04:e5:06:24:80:d4:fc:7a:f5:ea:8b:fd:
                    5c:c1:16:9d:e8:12:a3:f9:bf:61:7e:ff:d4:32:0e:
                    60:06:c9:0a:80:2a:79:1c:7c:f1:bb:51:2d:3d:d8:
                    92:85:d8:e6:00:e8:4b:ad:44:77:bf:61:18:a2:8c:
                    01:0b:a2:6f:e2:41:15:da:52:62:26:19:74:26:71:
                    52:44:91:10:f5:e3:69:32:9c:07:c1:c4:6a:4c:5c:
                    5c:5b:0e:3b:1e:d9:33:b3:b2:b2:a7:f4:97:d6:0b:
                    58:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:D3:2B:D5:5D:8D:AD:92:6E:A3:00:C2:65:D0:B1:FA:D0:8D:06:46
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/0tMr1V2NrZJuowDCZdCx-tCNBkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.66.0/24
                  209.131.68.0/24
                  209.131.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:28:d6:69:ce:43:6a:10:72:34:b0:70:f9:c8:ed:a4:75:3c:
         51:fa:db:68:ce:0f:a2:09:0d:f7:a8:97:a1:2f:39:4f:b3:5d:
         a7:75:c2:6a:b3:f4:97:46:4d:c2:52:41:c2:b8:82:e2:40:2f:
         1e:6c:41:46:3a:1d:48:92:72:be:24:35:ff:17:fb:07:7c:4f:
         2c:0f:e4:77:24:15:fb:ef:3d:95:b1:2a:18:94:cc:90:9e:32:
         a8:53:aa:6a:03:16:61:b2:fe:6f:6a:8d:d1:f9:92:e5:be:55:
         22:68:af:ce:8c:ab:02:ff:0c:bf:06:66:6e:27:78:9c:db:6e:
         d1:68:4e:a5:8d:f4:89:15:b8:b9:b0:89:02:7e:7e:b7:18:19:
         76:5a:4b:a4:fc:2b:12:68:30:a0:84:eb:1f:2c:c2:f0:cd:f1:
         28:1c:e0:76:24:e7:f7:d5:01:80:8b:ad:60:97:af:45:ce:0d:
         9e:b7:bc:f7:d4:d7:a2:67:56:60:e9:14:20:4e:fe:bd:f6:25:
         80:4c:8d:de:55:fe:6d:e0:58:3c:3b:c3:29:bb:cc:52:d1:4d:
         d8:4a:34:be:32:03:d2:78:11:6e:6b:2a:05:0e:bb:09:ca:6c:
         bc:ff:97:83:8b:34:17:98:74:bd:d3:ef:74:13:d8:44:eb:8e:
         7e:43:b2:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2vbxg+W8tqXCh2c2LQX9p4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjYwNDIxMDk0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmQzMmJkNTVkOGRhZDkyNmVhMzAwYzI2NWQwYjFmYWQwOGQwNjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArb+BxGFmh/5D7yNPPNdO+rcGDfIE
yPseqUmAywwDW052EpdKF/OT+9owmolXC6r+OxDqizSrw4CfJ8P8DeuXOlAJ5iBf
3ik/4P8PmCyfLPpR6q0Fn2zbHlV5eONS0KdKsBGIQEhD9cHC0QDgEA4zfs8kCZLl
l0RSpS4eGpyaN/HwtU2kEQQJ7oTJLXFiAAU6Mn32pxVxzYoE5QYkgNT8evXqi/1c
wRad6BKj+b9hfv/UMg5gBskKgCp5HHzxu1EtPdiShdjmAOhLrUR3v2EYoowBC6Jv
4kEV2lJiJhl0JnFSRJEQ9eNpMpwHwcRqTFxcWw47Htkzs7Kyp/SX1gtYHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNLTK9Vdja2SbqMAwmXQsfrQjQZGMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvMHRNcjFWMk5yWkp1b3dEQ1pkQ3gtdENOQmtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA0YNCAwQA
0YNEAwQA0YNHMA0GCSqGSIb3DQEBCwUAA4IBAQAgKNZpzkNqEHI0sHD5yO2kdTxR
+ttozg+iCQ33qJehLzlPs12ndcJqs/SXRk3CUkHCuILiQC8ebEFGOh1IknK+JDX/
F/sHfE8sD+R3JBX77z2VsSoYlMyQnjKoU6pqAxZhsv5vao3R+ZLlvlUiaK/OjKsC
/wy/BmZuJ3ic227RaE6ljfSJFbi5sIkCfn63GBl2Wkuk/CsSaDCghOsfLMLwzfEo
HOB2JOf31QGAi61gl69Fzg2et7z31NeiZ1Zg6RQgTv699iWATI3eVf5t4Fg8O8Mp
u8xS0U3YSjS+MgPSeBFuayoFDrsJymy8/5eDizQXmHS90+90E9hE645+Q7Ii
-----END CERTIFICATE-----