Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/xyOkTXVPZjz9JAhos1QM2vsm3W4.roa
File:                     xyOkTXVPZjz9JAhos1QM2vsm3W4.roa (raw, json)
Hash identifier:          QXjoMKDwi6j1vpZqYsBGzsQGgoo9dIBXi5WlfEHsxyk=
Subject key identifier:   C7:23:A4:4D:75:4F:66:3C:FD:24:08:68:B3:54:0C:DA:FB:26:DD:6E
Certificate issuer:       /CN=709f8f32082152359cdaf9aabd4a551f4fb40213
Certificate serial:       019CCD2C6F3F03C4EF71000554C3CA2935D7
Authority key identifier: 70:9F:8F:32:08:21:52:35:9C:DA:F9:AA:BD:4A:55:1F:4F:B4:02:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cJ-PMgghUjWc2vmqvUpVH0-0AhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/xyOkTXVPZjz9JAhos1QM2vsm3W4.roa
Signing time:             Sun 08 Mar 2026 11:19:26 +0000
ROA not before:           Sun 08 Mar 2026 11:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43815
IP address blocks:        176.111.34.0/23 maxlen: 24
                          193.30.244.0/24 maxlen: 24
                          2001:678:8b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/cJ-PMgghUjWc2vmqvUpVH0-0AhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/cJ-PMgghUjWc2vmqvUpVH0-0AhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cJ-PMgghUjWc2vmqvUpVH0-0AhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 11:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:cd:2c:6f:3f:03:c4:ef:71:00:05:54:c3:ca:29:35:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=709f8f32082152359cdaf9aabd4a551f4fb40213
        Validity
            Not Before: Mar  8 11:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c723a44d754f663cfd240868b3540cdafb26dd6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b7:97:f5:7e:b3:6b:a4:7c:56:61:3d:be:f7:
                    97:8c:b0:bd:b3:e9:cb:a5:bf:46:67:14:41:08:61:
                    2c:91:65:fc:a7:b2:f2:a9:6d:87:bd:71:eb:ff:78:
                    43:d7:cf:be:8e:f8:03:d8:93:26:34:89:69:95:c6:
                    1b:ef:4b:2d:d8:b5:8e:e6:89:36:08:4b:f9:05:03:
                    fc:4d:4a:8b:60:ea:fb:e0:4c:f5:d8:63:99:a9:86:
                    1e:0b:2e:10:e2:53:d8:5a:4e:87:2e:91:71:85:ff:
                    97:fc:08:a2:34:1b:b0:32:c4:f4:0b:94:3d:fc:8b:
                    8d:16:41:3f:e4:1f:c8:a7:f0:af:ee:c6:3f:95:8b:
                    d8:13:64:a1:48:d9:ac:31:db:e3:5f:c9:3e:d8:f0:
                    a2:60:73:20:2d:32:37:7c:7b:38:46:21:c8:7b:ee:
                    cc:bd:ea:5d:42:b9:6d:ba:7b:40:40:b0:31:fc:5b:
                    ff:77:d0:42:5b:30:1b:1a:d7:10:5d:fe:be:51:ee:
                    16:8e:5e:d1:47:c9:de:f5:28:d2:19:f0:7f:ea:1d:
                    ce:01:bb:69:1c:a7:f3:5f:38:a8:25:2f:cb:55:91:
                    7d:b2:d4:5d:da:72:6c:04:a9:07:17:0d:03:36:5c:
                    90:cc:56:18:86:8a:ba:ca:b9:26:ea:8c:13:58:95:
                    5e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:23:A4:4D:75:4F:66:3C:FD:24:08:68:B3:54:0C:DA:FB:26:DD:6E
            X509v3 Authority Key Identifier:
                keyid:70:9F:8F:32:08:21:52:35:9C:DA:F9:AA:BD:4A:55:1F:4F:B4:02:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cJ-PMgghUjWc2vmqvUpVH0-0AhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/xyOkTXVPZjz9JAhos1QM2vsm3W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/cJ-PMgghUjWc2vmqvUpVH0-0AhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.111.34.0/23
                  193.30.244.0/24
                IPv6:
                  2001:678:8b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:2b:5c:40:85:26:ea:9c:2d:01:2b:e5:8f:d5:1d:a8:44:51:
         24:c5:4a:dc:d2:a9:0a:97:ef:35:df:26:c8:c0:5c:8e:31:b7:
         0d:12:05:a0:60:40:62:a3:11:b5:10:45:25:c5:f3:a5:5b:b3:
         1d:da:3c:9f:76:08:55:5b:9f:0d:33:d4:10:f4:14:98:d3:45:
         1e:f8:b7:6c:72:ac:61:0e:f4:3d:ee:72:a2:4e:07:f9:4c:64:
         45:f4:5d:c8:54:a7:81:7f:30:1c:0e:d2:91:71:5b:95:21:ab:
         38:d1:4b:83:24:7a:18:9b:81:b4:08:e7:31:cb:7f:60:cf:e8:
         7c:33:c9:fc:b7:58:93:38:75:1c:a2:d3:43:9f:6b:a5:30:5a:
         90:56:81:83:4c:b3:47:23:e2:7e:80:8c:d1:7f:55:36:89:2c:
         65:b2:57:93:a1:22:a7:87:a8:da:a2:dd:e7:8c:2d:1e:45:a2:
         70:d5:78:d5:7c:f9:3a:2d:81:a6:71:9a:68:15:9a:00:97:a9:
         23:56:30:1b:87:14:b4:65:7f:77:97:07:13:88:35:2e:d9:51:
         82:ef:d9:79:5f:ab:3f:ee:b4:86:98:09:7a:c0:e7:1f:f5:9c:
         88:66:58:ee:c6:4b:f1:a5:0d:17:c7:fe:61:70:31:ae:32:6b:
         1d:0d:37:9b
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZzNLG8/A8TvcQAFVMPKKTXXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwOWY4ZjMyMDgyMTUyMzU5Y2RhZjlhYWJkNGE1NTFmNGZi
NDAyMTMwHhcNMjYwMzA4MTExOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzIzYTQ0ZDc1NGY2NjNjZmQyNDA4NjhiMzU0MGNkYWZiMjZkZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LeX9X6za6R8VmE9vveXjLC9s+nL
pb9GZxRBCGEskWX8p7LyqW2HvXHr/3hD18++jvgD2JMmNIlplcYb70st2LWO5ok2
CEv5BQP8TUqLYOr74Ez12GOZqYYeCy4Q4lPYWk6HLpFxhf+X/AiiNBuwMsT0C5Q9
/IuNFkE/5B/Ip/Cv7sY/lYvYE2ShSNmsMdvjX8k+2PCiYHMgLTI3fHs4RiHIe+7M
vepdQrltuntAQLAx/Fv/d9BCWzAbGtcQXf6+Ue4Wjl7RR8ne9SjSGfB/6h3OAbtp
HKfzXzioJS/LVZF9stRd2nJsBKkHFw0DNlyQzFYYhoq6yrkm6owTWJVerwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMcjpE11T2Y8/SQIaLNUDNr7Jt1uMB8GA1UdIwQY
MBaAFHCfjzIIIVI1nNr5qr1KVR9PtAITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0otUE1nZ2hValdjMnZtcXZVcFZIMC0wQWhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mMzc1MzgtN2Y5Zi00MjI4LWEzMWUt
MmRhYjQzYWMwNGIzLzEveHlPa1RYVlBaano5SkFob3MxUU0ydnNtM1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mMzc1MzgtN2Y5Zi00MjI4LWEzMWUtMmRhYjQzYWMwNGIz
LzEvY0otUE1nZ2hValdjMnZtcXZVcFZIMC0wQWhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBsG8iAwQA
wR70MA8EAgACMAkDBwAgAQZ4CLAwDQYJKoZIhvcNAQELBQADggEBACwrXECFJuqc
LQEr5Y/VHahEUSTFStzSqQqX7zXfJsjAXI4xtw0SBaBgQGKjEbUQRSXF86Vbsx3a
PJ92CFVbnw0z1BD0FJjTRR74t2xyrGEO9D3ucqJOB/lMZEX0XchUp4F/MBwO0pFx
W5UhqzjRS4MkehibgbQI5zHLf2DP6Hwzyfy3WJM4dRyi00Ofa6UwWpBWgYNMs0cj
4n6AjNF/VTaJLGWyV5OhIqeHqNqi3eeMLR5FonDVeNV8+TotgaZxmmgVmgCXqSNW
MBuHFLRlf3eXBxOINS7ZUYLv2Xlfqz/utIaYCXrA5x/1nIhmWO7GS/GlDRfH/mFw
Ma4yax0NN5s=
-----END CERTIFICATE-----