Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/ckJgBQDoieEFIbgRM_XXkYVWsmI.roa
File:                     ckJgBQDoieEFIbgRM_XXkYVWsmI.roa (raw, json)
Hash identifier:          DfbyJmybapsMWoaSSWg69JYDxmxuhSsaycm1BwlS3/M=
Subject key identifier:   72:42:60:05:00:E8:89:E1:05:21:B8:11:33:F5:D7:91:85:56:B2:62
Certificate issuer:       /CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
Certificate serial:       019D1727FC869A7CD03054A51DE2910B09A4
Authority key identifier: 5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/ckJgBQDoieEFIbgRM_XXkYVWsmI.roa
Signing time:             Sun 22 Mar 2026 20:06:29 +0000
ROA not before:           Sun 22 Mar 2026 20:06:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        178.214.208.0/24 maxlen: 24
                          178.214.211.0/24 maxlen: 24
                          178.214.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:17:27:fc:86:9a:7c:d0:30:54:a5:1d:e2:91:0b:09:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
        Validity
            Not Before: Mar 22 20:06:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7242600500e889e10521b81133f5d7918556b262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f7:91:17:82:17:c9:a4:82:e2:ec:ec:57:4f:
                    02:83:7d:50:0d:49:00:a5:1e:bb:48:5f:18:a8:82:
                    46:14:17:85:ef:6d:c9:d0:47:5c:c8:8b:4b:58:8d:
                    cf:8e:89:63:c1:a7:ed:2f:4e:0f:9e:7a:b1:23:07:
                    40:92:ba:ab:63:fa:2f:f8:90:6b:7a:a7:c3:21:3b:
                    f7:af:00:c7:a8:28:79:8b:0c:aa:4d:52:32:55:ab:
                    57:fa:0d:21:55:2c:88:22:0f:61:2e:c8:43:fe:10:
                    a3:22:03:c4:36:cb:72:90:f6:61:13:1a:89:fe:be:
                    7c:30:4f:cd:41:10:0f:3d:85:8e:a5:49:31:c4:dd:
                    ec:09:1c:a3:95:80:bd:07:3a:ec:be:01:2a:e6:5f:
                    ad:49:c2:96:cb:1f:5f:58:5c:d8:4e:8d:1a:52:66:
                    03:75:5f:1f:51:c6:e1:fe:14:a4:e5:cf:5d:ba:da:
                    b3:bf:0e:d2:f7:e7:b8:f1:f2:1f:19:b6:00:49:d7:
                    c5:34:2f:5e:f7:8e:a7:86:b0:12:f1:97:49:02:7d:
                    ae:71:ce:7d:44:7b:af:3d:9b:3c:1a:5f:36:7d:ca:
                    3b:eb:e6:1d:f8:17:2e:20:43:76:e6:86:04:33:13:
                    39:ec:b0:c3:5c:2c:a7:3e:1e:9a:0f:3f:d8:bc:1d:
                    74:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:42:60:05:00:E8:89:E1:05:21:B8:11:33:F5:D7:91:85:56:B2:62
            X509v3 Authority Key Identifier:
                keyid:5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/ckJgBQDoieEFIbgRM_XXkYVWsmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.214.208.0/24
                  178.214.211.0/24
                  178.214.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:bb:bb:6b:78:04:f5:27:3e:d8:60:9a:15:c5:c0:74:04:53:
         ac:3a:a0:38:03:f1:b5:9e:d7:16:59:41:49:60:d3:c1:4b:94:
         dc:ff:7a:75:43:cd:c6:1e:51:cf:05:10:1e:05:96:21:f6:b7:
         65:31:9a:e6:e6:30:23:d3:41:11:9d:74:85:f8:28:85:18:d2:
         1e:09:f3:f1:a2:5f:81:7a:e9:f6:05:94:16:54:90:3d:b3:a9:
         a3:ec:9e:60:5e:09:d8:8b:da:74:c3:88:d3:60:90:78:fb:7c:
         c6:75:93:d9:17:18:e1:b8:e4:81:55:36:a3:6e:3b:af:9b:4a:
         c1:c8:d8:78:c6:67:bc:78:41:ab:3c:7b:fd:96:c2:ec:44:e9:
         5c:a5:5d:2b:58:7c:92:13:b7:1e:b0:e0:e2:a5:4a:e0:f9:d2:
         39:f5:c1:d4:d4:6f:66:b3:da:72:1d:af:92:14:fb:c2:02:52:
         3d:a1:58:19:d2:85:b0:9d:0b:b9:0a:51:6d:86:e2:7b:0a:c7:
         a4:f1:d4:b3:a8:fa:8b:34:ff:31:03:b4:a2:a8:b9:4a:44:1e:
         77:f2:79:46:7d:8c:87:c0:e6:7a:a1:06:0f:ab:f6:93:1d:87:
         f2:63:03:48:79:b1:4e:ed:8e:86:f8:9e:ca:41:ba:b4:00:5e:
         94:ba:0a:40
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0XJ/yGmnzQMFSlHeKRCwmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNmIwYzAwMWE5OWFiNjI5NmUyNDIxNzNiZjdlN2ZkY2Yw
M2MwMTkwHhcNMjYwMzIyMjAwNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjQyNjAwNTAwZTg4OWUxMDUyMWI4MTEzM2Y1ZDc5MTg1NTZiMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiveRF4IXyaSC4uzsV08Cg31QDUkA
pR67SF8YqIJGFBeF723J0EdcyItLWI3PjoljwaftL04PnnqxIwdAkrqrY/ov+JBr
eqfDITv3rwDHqCh5iwyqTVIyVatX+g0hVSyIIg9hLshD/hCjIgPENstykPZhExqJ
/r58ME/NQRAPPYWOpUkxxN3sCRyjlYC9BzrsvgEq5l+tScKWyx9fWFzYTo0aUmYD
dV8fUcbh/hSk5c9dutqzvw7S9+e48fIfGbYASdfFNC9e946nhrAS8ZdJAn2ucc59
RHuvPZs8Gl82fco76+Yd+BcuIEN25oYEMxM57LDDXCynPh6aDz/YvB10uQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHJCYAUA6InhBSG4ETP115GFVrJiMB8GA1UdIwQY
MBaAFFxrDAAamatiluJCFzv35/3PA8AZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMt
YzE4ZTNjY2M3NDJiLzEvY2tKZ0JRRG9pZUVGSWJnUk1fWFhrWVZXc21JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMtYzE4ZTNjY2M3NDJi
LzEvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAstbQAwQA
stbTAwQAstbYMA0GCSqGSIb3DQEBCwUAA4IBAQB9u7treAT1Jz7YYJoVxcB0BFOs
OqA4A/G1ntcWWUFJYNPBS5Tc/3p1Q83GHlHPBRAeBZYh9rdlMZrm5jAj00ERnXSF
+CiFGNIeCfPxol+Beun2BZQWVJA9s6mj7J5gXgnYi9p0w4jTYJB4+3zGdZPZFxjh
uOSBVTajbjuvm0rByNh4xme8eEGrPHv9lsLsROlcpV0rWHySE7cesODipUrg+dI5
9cHU1G9ms9pyHa+SFPvCAlI9oVgZ0oWwnQu5ClFthuJ7Csek8dSzqPqLNP8xA7Si
qLlKRB538nlGfYyHwOZ6oQYPq/aTHYfyYwNIebFO7Y6G+J7KQbq0AF6UugpA
-----END CERTIFICATE-----