Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1R72r87Q9BPSyPINw7oijWBFs3o.roa
File:                     1R72r87Q9BPSyPINw7oijWBFs3o.roa (raw, json)
Hash identifier:          hNncErOkRbMBalQrLfm+uD232N0IVDsqCaJzbc5iGFM=
Subject key identifier:   D5:1E:F6:AF:CE:D0:F4:13:D2:C8:F2:0D:C3:BA:22:8D:60:45:B3:7A
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D2A32FD76A5814D8DBFA56D078A6A3DF3
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1R72r87Q9BPSyPINw7oijWBFs3o.roa
Signing time:             Thu 26 Mar 2026 12:51:17 +0000
ROA not before:           Thu 26 Mar 2026 12:51:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41798
IP address blocks:        80.71.150.0/24 maxlen: 24
                          91.212.166.0/24 maxlen: 24
                          176.100.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:32:fd:76:a5:81:4d:8d:bf:a5:6d:07:8a:6a:3d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 26 12:51:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d51ef6afced0f413d2c8f20dc3ba228d6045b37a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f0:00:c5:f9:e3:52:16:70:a8:1f:cc:f9:69:
                    9d:b5:d8:6e:21:ef:2a:8a:f8:24:c9:cd:f5:3f:98:
                    c7:8c:34:a9:60:8d:7a:fb:72:2a:91:c5:d7:07:bf:
                    c7:c4:93:91:d7:41:d6:f8:83:b2:3b:ce:01:09:72:
                    93:ed:06:52:70:fe:12:86:a1:20:02:13:6f:49:85:
                    31:85:b9:91:93:d9:bc:f0:e1:ed:5b:c5:a9:72:a0:
                    07:d9:ad:18:76:da:eb:64:24:a0:e8:f1:59:66:46:
                    d9:6e:82:0c:eb:9e:7e:95:83:b2:0c:08:4c:79:a7:
                    75:b7:25:38:52:cb:85:31:7f:7f:c7:c2:35:b6:cb:
                    bb:96:38:27:de:db:68:a6:4a:48:b3:3e:74:66:b1:
                    bb:c2:e8:86:25:fd:6e:49:75:f9:4e:03:a3:93:1a:
                    5c:4b:7c:5c:91:2c:32:64:4b:ef:fe:c2:dc:24:d4:
                    6b:00:73:1e:78:73:f2:ad:c8:fd:5f:51:ea:90:fe:
                    36:da:26:99:5a:ca:90:ae:de:65:36:40:79:e6:02:
                    69:26:f5:db:c5:38:52:60:74:68:d3:33:0e:00:15:
                    03:fa:3b:4a:b1:41:92:06:5b:61:ff:84:50:4d:d5:
                    3b:96:2f:b1:61:e6:3c:0e:f8:4a:63:69:f3:f2:18:
                    c5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:1E:F6:AF:CE:D0:F4:13:D2:C8:F2:0D:C3:BA:22:8D:60:45:B3:7A
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1R72r87Q9BPSyPINw7oijWBFs3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.150.0/24
                  91.212.166.0/24
                  176.100.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:3b:5f:05:85:b4:15:5e:97:45:ac:68:f2:50:0a:7d:70:3a:
         4f:a4:3e:6c:63:01:0c:dd:f0:f2:bb:78:f5:79:7d:c0:52:ba:
         aa:77:98:af:9f:ac:df:b3:18:3c:17:bc:dc:21:96:c3:4c:dd:
         2d:6d:5a:24:31:9e:b8:83:74:d7:b7:5a:2d:ab:6e:72:64:2c:
         76:31:16:d2:cf:67:a0:00:19:50:2b:b4:08:6a:c0:6d:6e:16:
         42:ba:2c:07:9d:9b:52:d3:f6:ac:8b:f5:1f:a0:64:29:84:94:
         2a:ad:ca:27:fe:e8:30:e5:0e:4d:25:00:a9:79:53:b1:bc:ec:
         32:94:9b:f4:04:a0:cc:f2:1a:fb:26:c4:f7:84:ba:24:12:d1:
         fa:b2:c2:0f:79:b5:65:45:da:eb:2a:c6:fb:86:71:5f:9a:e2:
         9b:37:d5:18:c3:0d:54:c9:48:e1:30:c3:04:8a:5d:bd:01:79:
         27:fa:a0:c9:02:0f:c3:86:1b:70:a6:b4:61:21:20:de:eb:b2:
         ab:51:ad:05:0c:04:0a:31:a9:68:92:ed:c0:80:ac:e7:a2:0a:
         51:8b:bf:55:1c:b9:03:e6:aa:60:d3:92:f0:f0:2f:be:88:11:
         4b:86:37:53:a3:fc:7d:b0:27:66:13:49:dd:0b:51:66:38:f4:
         9c:93:f6:03
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0qMv12pYFNjb+lbQeKaj3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMzI2MTI1MTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTFlZjZhZmNlZDBmNDEzZDJjOGYyMGRjM2JhMjI4ZDYwNDViMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPAAxfnjUhZwqB/M+WmdtdhuIe8q
ivgkyc31P5jHjDSpYI16+3IqkcXXB7/HxJOR10HW+IOyO84BCXKT7QZScP4ShqEg
AhNvSYUxhbmRk9m88OHtW8WpcqAH2a0YdtrrZCSg6PFZZkbZboIM655+lYOyDAhM
ead1tyU4UsuFMX9/x8I1tsu7ljgn3ttopkpIsz50ZrG7wuiGJf1uSXX5TgOjkxpc
S3xckSwyZEvv/sLcJNRrAHMeeHPyrcj9X1HqkP422iaZWsqQrt5lNkB55gJpJvXb
xThSYHRo0zMOABUD+jtKsUGSBlth/4RQTdU7li+xYeY8DvhKY2nz8hjF3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNUe9q/O0PQT0sjyDcO6Io1gRbN6MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvMVI3MnI4N1E5QlBTeVBJTnc3b2lqV0JGczNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUEeWAwQA
W9SmAwQAsGQqMA0GCSqGSIb3DQEBCwUAA4IBAQCaO18FhbQVXpdFrGjyUAp9cDpP
pD5sYwEM3fDyu3j1eX3AUrqqd5ivn6zfsxg8F7zcIZbDTN0tbVokMZ64g3TXt1ot
q25yZCx2MRbSz2egABlQK7QIasBtbhZCuiwHnZtS0/asi/UfoGQphJQqrcon/ugw
5Q5NJQCpeVOxvOwylJv0BKDM8hr7JsT3hLokEtH6ssIPebVlRdrrKsb7hnFfmuKb
N9UYww1UyUjhMMMEil29AXkn+qDJAg/DhhtwprRhISDe67KrUa0FDAQKMaloku3A
gKznogpRi79VHLkD5qpg05Lw8C++iBFLhjdTo/x9sCdmE0ndC1FmOPSck/YD
-----END CERTIFICATE-----