Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/iyqMNnZZP9AXxczEMlwncCl9fUM.roa
File:                     iyqMNnZZP9AXxczEMlwncCl9fUM.roa (raw, json)
Hash identifier:          NmNltgBLDA4kSMfOda1hlLVamb1mc4Fm+rMPCyMYGjo=
Subject key identifier:   8B:2A:8C:36:76:59:3F:D0:17:C5:CC:C4:32:5C:27:70:29:7D:7D:43
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       019CF67B798451552513CEC97D9EB4F62DBD
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/iyqMNnZZP9AXxczEMlwncCl9fUM.roa
Signing time:             Mon 16 Mar 2026 11:50:12 +0000
ROA not before:           Mon 16 Mar 2026 11:50:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1147
IP address blocks:        145.98.0.0/21 maxlen: 24
                          145.127.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:7b:79:84:51:55:25:13:ce:c9:7d:9e:b4:f6:2d:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Mar 16 11:50:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b2a8c3676593fd017c5ccc4325c2770297d7d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:52:d9:d9:76:8e:08:cd:c1:af:3c:3b:1f:6f:
                    de:26:b2:8e:b2:65:52:87:ba:29:fc:39:65:b6:50:
                    03:c6:33:41:84:ab:e8:59:9d:11:e2:56:d1:e7:65:
                    80:47:b5:e9:11:72:79:5f:13:92:aa:ec:da:f1:0f:
                    25:39:89:11:bc:59:e8:cd:39:ab:23:74:d7:1c:9d:
                    9b:61:c5:0d:92:24:9f:49:22:22:2f:1f:02:82:30:
                    3f:6f:e9:0c:39:40:64:e5:c4:76:35:24:2a:36:30:
                    1a:c4:f9:85:9a:c1:cc:a0:4d:bd:f4:a3:64:21:db:
                    a7:bf:5f:77:75:05:2a:83:69:41:00:bf:c0:22:60:
                    c7:c9:76:ae:aa:ac:0a:46:95:26:e9:48:e8:39:c9:
                    90:88:04:ca:37:3b:ab:c1:66:c4:30:e1:dd:0c:de:
                    0e:48:10:34:06:1c:62:2f:95:20:b8:06:49:54:3f:
                    f2:ae:31:86:bc:dc:ca:38:de:c1:5a:5d:b7:c0:2a:
                    c4:cb:f3:13:71:38:0f:fc:5c:30:c7:64:d8:d8:7f:
                    9a:3c:0e:ea:f3:9b:a7:e7:d6:46:bc:1f:b8:ee:ac:
                    13:86:7e:e0:60:4b:be:e8:f6:8e:f7:85:2d:b1:a7:
                    9d:3b:f5:1b:30:41:9e:bc:81:af:ab:25:fc:10:ff:
                    31:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:2A:8C:36:76:59:3F:D0:17:C5:CC:C4:32:5C:27:70:29:7D:7D:43
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/iyqMNnZZP9AXxczEMlwncCl9fUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.98.0.0/21
                  145.127.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         43:ff:30:d3:45:b5:8f:d9:78:69:67:49:ba:e9:85:bf:d6:27:
         35:30:73:b7:79:59:91:ce:0c:e5:fa:ab:9b:b6:a3:98:c5:f6:
         25:da:a7:a2:ad:95:73:63:aa:2d:8e:5f:cd:a0:b5:39:19:be:
         a7:f2:ad:85:82:19:89:89:24:cf:b5:7f:7e:78:c4:12:9c:85:
         84:77:7d:4a:ef:1d:98:52:36:09:cc:0f:23:d3:8d:a0:7b:2e:
         2d:08:cf:cb:b1:77:38:9c:9b:43:fb:f2:c1:6e:c2:5d:5b:2a:
         6b:d2:bf:dd:ae:19:2e:a2:e0:52:63:d4:0c:44:5e:8f:04:bf:
         5b:8c:69:d8:db:70:34:80:3e:36:58:fe:42:1a:20:b6:0d:a4:
         38:2a:7b:f0:5d:96:99:1e:94:db:31:55:18:ad:fb:3a:66:26:
         3b:21:8f:87:33:db:9e:1d:3c:6a:a9:d9:31:bf:b5:00:58:7d:
         c2:d6:11:9a:41:2f:2d:fd:51:91:a6:02:35:31:28:56:6d:dc:
         34:b5:31:e1:3d:c2:e8:7a:be:10:78:04:e3:b8:8a:3b:46:db:
         5e:aa:2c:15:6c:86:96:13:a3:4f:ba:7b:ef:d5:f8:fc:65:21:
         f3:65:37:0b:19:0d:4f:f1:dd:eb:76:07:c6:6f:1f:99:26:ab:
         da:b1:a8:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz2e3mEUVUlE87JfZ609i29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjYwMzE2MTE1MDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjJhOGMzNjc2NTkzZmQwMTdjNWNjYzQzMjVjMjc3MDI5N2Q3ZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA51LZ2XaOCM3Brzw7H2/eJrKOsmVS
h7op/DlltlADxjNBhKvoWZ0R4lbR52WAR7XpEXJ5XxOSquza8Q8lOYkRvFnozTmr
I3TXHJ2bYcUNkiSfSSIiLx8CgjA/b+kMOUBk5cR2NSQqNjAaxPmFmsHMoE299KNk
Idunv193dQUqg2lBAL/AImDHyXauqqwKRpUm6UjoOcmQiATKNzurwWbEMOHdDN4O
SBA0BhxiL5UguAZJVD/yrjGGvNzKON7BWl23wCrEy/MTcTgP/Fwwx2TY2H+aPA7q
85un59ZGvB+47qwThn7gYEu+6PaO94UtsaedO/UbMEGevIGvqyX8EP8xTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIsqjDZ2WT/QF8XMxDJcJ3ApfX1DMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvaXlxTU5uWlpQOUFYeGN6RU1sd25jQ2w5ZlVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDkWIAAwQH
kX+AMA0GCSqGSIb3DQEBCwUAA4IBAQBD/zDTRbWP2XhpZ0m66YW/1ic1MHO3eVmR
zgzl+qubtqOYxfYl2qeirZVzY6otjl/NoLU5Gb6n8q2FghmJiSTPtX9+eMQSnIWE
d31K7x2YUjYJzA8j042gey4tCM/LsXc4nJtD+/LBbsJdWypr0r/drhkuouBSY9QM
RF6PBL9bjGnY23A0gD42WP5CGiC2DaQ4KnvwXZaZHpTbMVUYrfs6ZiY7IY+HM9ue
HTxqqdkxv7UAWH3C1hGaQS8t/VGRpgI1MShWbdw0tTHhPcLoer4QeATjuIo7Rtte
qiwVbIaWE6NPunvv1fj8ZSHzZTcLGQ1P8d3rdgfGbx+ZJqvasai9
-----END CERTIFICATE-----