Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/6o0kZx4ZEgkwFac5z4NG_DD_P24.roa
File:                     6o0kZx4ZEgkwFac5z4NG_DD_P24.roa (raw, json)
Hash identifier:          NNeSsS+b7iF3LOszOdnT93/ZwRAQjem9ZtjYeB8oOp8=
Subject key identifier:   EA:8D:24:67:1E:19:12:09:30:15:A7:39:CF:83:46:FC:30:FF:3F:6E
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019D257BBB4457099F52B757CE6962C8F8AE
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/6o0kZx4ZEgkwFac5z4NG_DD_P24.roa
Signing time:             Wed 25 Mar 2026 14:52:38 +0000
ROA not before:           Wed 25 Mar 2026 14:52:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216334
IP address blocks:        207.89.16.0/24 maxlen: 24
                          207.89.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:7b:bb:44:57:09:9f:52:b7:57:ce:69:62:c8:f8:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Mar 25 14:52:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea8d24671e1912093015a739cf8346fc30ff3f6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f1:e1:f6:f1:e6:a2:dd:1b:d7:31:28:fe:fb:
                    9b:b9:26:7c:c4:b6:59:a9:5c:62:be:d2:62:d5:9c:
                    ff:9c:67:08:fc:0d:25:2d:e6:30:5d:83:e1:a9:9c:
                    fc:aa:7c:78:33:de:e9:81:05:f4:7b:5e:e7:69:41:
                    13:46:20:33:bc:b4:9f:f4:84:4e:a2:be:7c:d7:cd:
                    47:41:13:db:c7:ac:b8:bf:eb:2a:70:51:e8:db:40:
                    10:8e:21:8d:0d:c8:45:10:ed:13:0f:ba:99:5c:3c:
                    03:88:f7:0a:b4:e3:db:1e:f5:b4:43:0d:93:81:a1:
                    c5:e9:eb:b9:26:c5:db:d4:43:87:6b:68:ae:17:31:
                    2c:de:22:77:bc:5d:d9:4b:5c:0e:80:96:6d:b0:cf:
                    31:b2:64:ea:e9:63:16:94:d6:cd:3a:85:8d:05:2e:
                    d8:38:2e:de:42:60:b0:5a:14:51:f0:c7:ee:64:bf:
                    50:ec:4d:d4:cc:cb:26:d2:63:2a:00:93:78:09:af:
                    dd:8f:0e:12:bb:29:54:63:7e:d1:99:ca:be:e5:4d:
                    c3:11:39:33:f9:64:d2:00:21:ef:1b:1f:9f:fb:a6:
                    11:ff:f8:cc:fa:75:6f:3a:95:8f:46:9d:8d:fe:60:
                    f9:d8:e9:6a:81:99:72:ce:08:1a:b8:4c:e2:a3:25:
                    61:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:8D:24:67:1E:19:12:09:30:15:A7:39:CF:83:46:FC:30:FF:3F:6E
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/6o0kZx4ZEgkwFac5z4NG_DD_P24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.89.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:91:73:0a:7b:9e:ac:1b:06:68:6d:96:55:ee:03:6e:86:55:
         90:ad:2e:c1:7b:6f:d1:34:e8:30:8e:a3:4a:a9:87:ad:95:20:
         fc:3b:a3:a0:dc:23:0a:d0:47:7c:37:f8:07:d5:3b:c9:12:2c:
         ee:fa:4d:43:f5:cc:48:13:ab:c7:ec:da:d2:2f:42:16:35:18:
         d9:e4:21:a9:ee:9f:df:33:16:ce:2b:58:32:78:99:1b:c6:c9:
         9e:d8:8a:df:44:f4:bf:3d:39:54:a6:9e:5f:a2:60:cb:63:48:
         4a:71:9f:25:59:c3:5c:ab:5e:6b:11:1a:70:a4:7e:67:b6:55:
         3e:f7:5f:43:bd:68:a6:71:b2:0c:b4:33:90:5a:a5:fd:79:43:
         63:d0:a2:71:75:67:f5:98:a3:1e:be:65:e0:bd:8d:19:2e:ca:
         a6:2c:5d:7c:4f:bb:21:ce:66:f1:26:d9:87:a2:f0:e0:e8:c3:
         17:af:c4:c0:5d:2b:e1:e9:cf:ed:14:45:bd:23:8e:35:51:89:
         99:5e:b3:79:fe:41:76:d0:17:cb:c3:6c:10:dd:94:9e:32:62:
         a2:7d:e1:c5:54:7e:b2:f5:c3:dd:9e:c5:19:d1:f4:c9:f8:4a:
         f2:df:ff:9e:99:2b:b4:cc:61:ff:78:8e:58:e4:c7:fb:8f:33:
         95:a5:c9:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0le7tEVwmfUrdXzmliyPiuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwMzI1MTQ1MjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYThkMjQ2NzFlMTkxMjA5MzAxNWE3MzljZjgzNDZmYzMwZmYzZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfHh9vHmot0b1zEo/vubuSZ8xLZZ
qVxivtJi1Zz/nGcI/A0lLeYwXYPhqZz8qnx4M97pgQX0e17naUETRiAzvLSf9IRO
or58181HQRPbx6y4v+sqcFHo20AQjiGNDchFEO0TD7qZXDwDiPcKtOPbHvW0Qw2T
gaHF6eu5JsXb1EOHa2iuFzEs3iJ3vF3ZS1wOgJZtsM8xsmTq6WMWlNbNOoWNBS7Y
OC7eQmCwWhRR8MfuZL9Q7E3UzMsm0mMqAJN4Ca/djw4SuylUY37Rmcq+5U3DETkz
+WTSACHvGx+f+6YR//jM+nVvOpWPRp2N/mD52OlqgZlyzggauEzioyVhXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOqNJGceGRIJMBWnOc+DRvww/z9uMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvNm8wa1p4NFpFZ2t3RmFjNXo0TkdfRERfUDI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBz1kQMA0G
CSqGSIb3DQEBCwUAA4IBAQAdkXMKe56sGwZobZZV7gNuhlWQrS7Be2/RNOgwjqNK
qYetlSD8O6Og3CMK0Ed8N/gH1TvJEizu+k1D9cxIE6vH7NrSL0IWNRjZ5CGp7p/f
MxbOK1gyeJkbxsme2IrfRPS/PTlUpp5fomDLY0hKcZ8lWcNcq15rERpwpH5ntlU+
919DvWimcbIMtDOQWqX9eUNj0KJxdWf1mKMevmXgvY0ZLsqmLF18T7shzmbxJtmH
ovDg6MMXr8TAXSvh6c/tFEW9I441UYmZXrN5/kF20BfLw2wQ3ZSeMmKifeHFVH6y
9cPdnsUZ0fTJ+Ery3/+emSu0zGH/eI5Y5Mf7jzOVpckw
-----END CERTIFICATE-----