Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/mGYiLhfQNyctSYzl32C3_8pgLyg.roa
File:                     mGYiLhfQNyctSYzl32C3_8pgLyg.roa (raw, json)
Hash identifier:          8HmTTsNkpzWmVIPPrtxGzEKkk0EjZwa9jEIOmHI0uZU=
Subject key identifier:   98:66:22:2E:17:D0:37:27:2D:49:8C:E5:DF:60:B7:FF:CA:60:2F:28
Certificate issuer:       /CN=63883a79789d9f65815292f18d4980ba9c5ed221
Certificate serial:       019CFBFBCF218DB2C16D7C98D0275CDCABE9
Authority key identifier: 63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/mGYiLhfQNyctSYzl32C3_8pgLyg.roa
Signing time:             Tue 17 Mar 2026 13:28:29 +0000
ROA not before:           Tue 17 Mar 2026 13:28:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396356
IP address blocks:        152.236.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:fb:cf:21:8d:b2:c1:6d:7c:98:d0:27:5c:dc:ab:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63883a79789d9f65815292f18d4980ba9c5ed221
        Validity
            Not Before: Mar 17 13:28:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9866222e17d037272d498ce5df60b7ffca602f28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d9:d9:ff:30:5e:d7:4c:9a:9e:66:12:e1:49:
                    18:9e:7c:43:fe:01:80:cf:6e:f1:14:b6:6e:b2:cb:
                    82:a2:be:3e:01:05:ca:06:65:4e:ab:b3:8a:c7:e7:
                    44:ca:51:39:77:6e:58:2e:28:02:4b:cf:98:0d:30:
                    7e:09:e3:66:87:9e:d7:ba:86:d4:99:f8:a7:b6:aa:
                    1f:1a:5e:51:ca:d7:32:01:9b:a8:c3:e6:13:f5:5e:
                    dc:9b:34:dc:9c:7c:af:91:b1:18:4b:bc:92:62:7c:
                    2b:9a:6c:f3:db:80:c6:5e:6e:03:5e:9e:3c:6c:8a:
                    06:f5:8f:21:cf:a9:6d:95:9d:96:49:b5:2d:b9:ea:
                    2d:cb:0c:3e:21:23:43:55:04:b0:72:0a:18:d5:bc:
                    a6:6c:02:de:13:44:76:2b:85:39:13:6d:ac:79:f7:
                    a9:bc:07:8b:5a:9c:4b:ea:e5:98:52:86:c3:a1:31:
                    2a:ba:ba:66:80:0c:bd:36:08:14:20:3d:4d:ad:39:
                    9e:8a:f8:86:a9:71:74:eb:c0:33:db:03:a0:31:34:
                    20:02:86:26:94:1b:fc:fa:29:55:63:64:47:f1:c9:
                    92:c9:4d:44:0c:12:cf:e4:34:44:a4:13:f2:60:46:
                    00:a3:4b:48:6e:f1:12:4c:fd:62:e8:b9:0f:07:d2:
                    61:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:66:22:2E:17:D0:37:27:2D:49:8C:E5:DF:60:B7:FF:CA:60:2F:28
            X509v3 Authority Key Identifier:
                keyid:63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/mGYiLhfQNyctSYzl32C3_8pgLyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.236.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0c:c7:76:48:78:19:1a:91:15:02:b3:93:35:e4:42:ac:56:94:
         8d:45:28:1c:d4:28:15:2c:8c:8a:eb:31:df:63:e9:04:a2:a4:
         6f:a2:5a:ae:01:4b:bf:34:82:a9:b8:f2:e2:01:45:9c:ac:cd:
         b2:45:4e:5f:a2:14:d6:9c:95:ad:a3:08:b7:2f:eb:3f:0e:69:
         02:55:17:74:75:a4:62:39:d0:b2:fc:7d:07:3a:ac:0e:a3:f5:
         5c:68:e7:56:26:0e:5c:67:ab:37:70:79:66:1c:6a:2b:3a:b9:
         73:87:33:8b:39:99:e1:8a:27:70:16:a5:36:5c:93:b3:01:be:
         fa:04:44:d1:c3:17:16:69:30:46:2a:ad:dc:40:29:fa:af:60:
         1a:13:77:56:39:a1:f5:7f:87:65:6d:a0:f5:7e:cf:e7:0b:98:
         38:38:fe:44:37:d1:a4:51:d3:97:79:4d:6e:a7:c8:2d:05:c1:
         47:92:d6:f7:69:e4:4d:9e:49:6c:ec:b6:1f:f8:77:f5:6f:d3:
         40:b4:77:4a:af:b1:65:80:3c:ea:1d:c3:b3:42:84:18:70:7d:
         6e:59:4b:0f:60:ae:3d:c6:22:ac:8e:c2:93:83:92:4f:9a:08:
         82:57:38:56:bc:e4:77:25:c3:53:07:d5:35:1a:a8:3c:1d:60:
         ee:e7:d3:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz7+88hjbLBbXyY0Cdc3KvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODgzYTc5Nzg5ZDlmNjU4MTUyOTJmMThkNDk4MGJhOWM1
ZWQyMjEwHhcNMjYwMzE3MTMyODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODY2MjIyZTE3ZDAzNzI3MmQ0OThjZTVkZjYwYjdmZmNhNjAyZjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdnZ/zBe10yanmYS4UkYnnxD/gGA
z27xFLZussuCor4+AQXKBmVOq7OKx+dEylE5d25YLigCS8+YDTB+CeNmh57XuobU
mfintqofGl5RytcyAZuow+YT9V7cmzTcnHyvkbEYS7ySYnwrmmzz24DGXm4DXp48
bIoG9Y8hz6ltlZ2WSbUtueotyww+ISNDVQSwcgoY1bymbALeE0R2K4U5E22sefep
vAeLWpxL6uWYUobDoTEqurpmgAy9NggUID1NrTmeiviGqXF068Az2wOgMTQgAoYm
lBv8+ilVY2RH8cmSyU1EDBLP5DREpBPyYEYAo0tIbvESTP1i6LkPB9JhQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhmIi4X0DcnLUmM5d9gt//KYC8oMB8GA1UdIwQY
MBaAFGOIOnl4nZ9lgVKS8Y1JgLqcXtIhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYt
MzVkMDU5NWUxMmYwLzEvbUdZaUxoZlFOeWN0U1l6bDMyQzNfOHBnTHlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYtMzVkMDU5NWUxMmYw
LzEvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFmOwAMA0G
CSqGSIb3DQEBCwUAA4IBAQAMx3ZIeBkakRUCs5M15EKsVpSNRSgc1CgVLIyK6zHf
Y+kEoqRvolquAUu/NIKpuPLiAUWcrM2yRU5fohTWnJWtowi3L+s/DmkCVRd0daRi
OdCy/H0HOqwOo/VcaOdWJg5cZ6s3cHlmHGorOrlzhzOLOZnhiidwFqU2XJOzAb76
BETRwxcWaTBGKq3cQCn6r2AaE3dWOaH1f4dlbaD1fs/nC5g4OP5EN9GkUdOXeU1u
p8gtBcFHktb3aeRNnkls7LYf+Hf1b9NAtHdKr7FlgDzqHcOzQoQYcH1uWUsPYK49
xiKsjsKTg5JPmgiCVzhWvOR3JcNTB9U1Gqg8HWDu59M2
-----END CERTIFICATE-----