Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/D97R0f6wcJeezq7lLgqmu7BA_nc.roa
File:                     D97R0f6wcJeezq7lLgqmu7BA_nc.roa (raw, json)
Hash identifier:          A+f6qmQCetOSAsJLLeyROkHkp5iv9hWhVN2aKLzqLTE=
Subject key identifier:   0F:DE:D1:D1:FE:B0:70:97:9E:CE:AE:E5:2E:0A:A6:BB:B0:40:FE:77
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       019E00E70DBE6CCD17222AFF988A6855F120
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/D97R0f6wcJeezq7lLgqmu7BA_nc.roa
Signing time:             Thu 07 May 2026 05:26:42 +0000
ROA not before:           Thu 07 May 2026 05:26:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208581
IP address blocks:        147.234.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 05:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:00:e7:0d:be:6c:cd:17:22:2a:ff:98:8a:68:55:f1:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: May  7 05:26:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0fded1d1feb070979eceaee52e0aa6bbb040fe77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f1:fd:80:ca:37:a0:98:81:15:12:c5:91:c4:
                    71:55:e5:77:db:5f:30:58:62:6f:f7:da:64:a2:8a:
                    89:08:40:eb:05:e0:e1:12:61:fd:2f:55:b4:28:ee:
                    7d:13:56:40:6f:6e:36:60:18:3d:13:91:b5:48:7f:
                    ac:5c:24:36:f0:ef:31:cf:d0:92:4d:d7:5c:bc:a6:
                    e9:8e:2b:f1:e1:01:6c:4f:cd:f4:b6:68:cd:d6:d7:
                    c1:c0:9a:b8:39:25:95:ee:ae:16:20:0e:6f:77:0e:
                    04:16:9a:a2:5c:33:02:c3:2d:38:85:31:f1:c8:f2:
                    b4:36:90:d1:07:23:12:03:c4:ac:c1:e8:a5:49:99:
                    d9:03:a0:7b:76:85:80:40:81:45:e2:d2:41:02:96:
                    b4:4e:a8:b9:3d:c8:f5:52:0d:50:10:83:4b:cb:c8:
                    a4:8e:9a:0f:8d:a7:83:85:de:ce:d9:5e:e1:f6:88:
                    99:3a:dc:44:df:ea:a7:b1:8a:71:fb:e2:3a:d7:70:
                    59:fd:a4:66:a8:d6:46:7e:5a:51:0b:50:b2:b3:d2:
                    c7:5d:91:7c:e1:da:fe:e6:85:e5:e7:a0:d1:9d:1c:
                    51:21:64:62:51:47:91:c4:f6:ca:eb:0b:d6:db:74:
                    b9:39:f6:b7:a0:a6:24:27:a3:a4:8e:db:27:be:47:
                    69:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:DE:D1:D1:FE:B0:70:97:9E:CE:AE:E5:2E:0A:A6:BB:B0:40:FE:77
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/D97R0f6wcJeezq7lLgqmu7BA_nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:f0:7b:5b:9d:d2:e0:7a:93:ae:12:a0:36:72:e1:ba:2c:57:
         01:a0:43:42:eb:e7:33:e9:79:80:6c:9e:11:bf:67:7b:10:be:
         8a:d1:5b:6f:b4:0c:d5:02:04:a2:36:e0:d3:a9:76:1d:6c:22:
         da:1d:31:5a:5b:a1:8a:dd:f9:cc:00:75:9a:8a:ec:f7:76:67:
         5b:27:92:dd:e3:19:3e:c3:3f:09:93:bb:04:5f:9c:40:1e:9b:
         f0:f7:5a:91:3c:6d:c0:e8:60:44:eb:65:55:80:e7:f0:dc:f0:
         4a:04:15:75:4a:ee:5b:b3:dd:45:1e:fd:a5:85:07:83:f2:da:
         b9:7b:29:92:05:81:cc:17:d7:9e:8a:7d:a4:3b:52:2e:40:0f:
         9e:56:b9:8d:98:97:1b:a9:75:35:cb:62:82:b5:7b:26:3d:60:
         a1:04:e9:c3:96:03:6d:10:e0:7e:54:e5:54:f5:31:ed:e6:2c:
         a8:73:69:ca:06:86:02:dc:f8:0b:b3:53:57:74:71:a7:c4:1a:
         4e:98:43:cc:02:f9:4a:ab:83:37:35:7c:36:7a:55:53:75:54:
         02:bb:ee:2a:81:03:7c:1b:2d:b7:1c:d9:cc:70:c3:45:20:89:
         df:b4:07:8a:7c:ee:8a:61:29:c4:1d:5c:da:02:8b:ca:f7:7e:
         9d:a3:01:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4A5w2+bM0XIir/mIpoVfEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjYwNTA3MDUyNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmRlZDFkMWZlYjA3MDk3OWVjZWFlZTUyZTBhYTZiYmIwNDBmZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/H9gMo3oJiBFRLFkcRxVeV3218w
WGJv99pkooqJCEDrBeDhEmH9L1W0KO59E1ZAb242YBg9E5G1SH+sXCQ28O8xz9CS
TddcvKbpjivx4QFsT830tmjN1tfBwJq4OSWV7q4WIA5vdw4EFpqiXDMCwy04hTHx
yPK0NpDRByMSA8SsweilSZnZA6B7doWAQIFF4tJBApa0Tqi5Pcj1Ug1QEINLy8ik
jpoPjaeDhd7O2V7h9oiZOtxE3+qnsYpx++I613BZ/aRmqNZGflpRC1Cys9LHXZF8
4dr+5oXl56DRnRxRIWRiUUeRxPbK6wvW23S5Ofa3oKYkJ6Okjtsnvkdp1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/e0dH+sHCXns6u5S4KpruwQP53MB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvRDk3UjBmNndjSmVlenE3bExncW11N0JBX25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+pQMA0G
CSqGSIb3DQEBCwUAA4IBAQCt8HtbndLgepOuEqA2cuG6LFcBoENC6+cz6XmAbJ4R
v2d7EL6K0VtvtAzVAgSiNuDTqXYdbCLaHTFaW6GK3fnMAHWaiuz3dmdbJ5Ld4xk+
wz8Jk7sEX5xAHpvw91qRPG3A6GBE62VVgOfw3PBKBBV1Su5bs91FHv2lhQeD8tq5
eymSBYHMF9eein2kO1IuQA+eVrmNmJcbqXU1y2KCtXsmPWChBOnDlgNtEOB+VOVU
9THt5iyoc2nKBoYC3PgLs1NXdHGnxBpOmEPMAvlKq4M3NXw2elVTdVQCu+4qgQN8
Gy23HNnMcMNFIInftAeKfO6KYSnEHVzaAovK936dowFs
-----END CERTIFICATE-----