Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/bf3036-f3df-48ce-9a0a-8566166dfcc2/1/dRnQup6ENsOnclr1PcgcIp0tL8g.roa
File:                     dRnQup6ENsOnclr1PcgcIp0tL8g.roa (raw, json)
Hash identifier:          o5bs9yh/4DZ5CC4/08k8apbs3okw9hIOvvAwRqUJ99c=
Subject key identifier:   75:19:D0:BA:9E:84:36:C3:A7:72:5A:F5:3D:C8:1C:22:9D:2D:2F:C8
Certificate issuer:       /CN=3362bff2cc497f0b521c8254a12ebd4e34e52b4d
Certificate serial:       019C94EF247FD99864EAF37438FF9ADE4095
Authority key identifier: 33:62:BF:F2:CC:49:7F:0B:52:1C:82:54:A1:2E:BD:4E:34:E5:2B:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M2K_8sxJfwtSHIJUoS69TjTlK00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/bf3036-f3df-48ce-9a0a-8566166dfcc2/1/dRnQup6ENsOnclr1PcgcIp0tL8g.roa
Signing time:             Wed 25 Feb 2026 13:13:46 +0000
ROA not before:           Wed 25 Feb 2026 13:13:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50971
IP address blocks:        178.23.216.0/21 maxlen: 21
                          2a03:56a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/bf3036-f3df-48ce-9a0a-8566166dfcc2/1/M2K_8sxJfwtSHIJUoS69TjTlK00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/bf3036-f3df-48ce-9a0a-8566166dfcc2/1/M2K_8sxJfwtSHIJUoS69TjTlK00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M2K_8sxJfwtSHIJUoS69TjTlK00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:94:ef:24:7f:d9:98:64:ea:f3:74:38:ff:9a:de:40:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3362bff2cc497f0b521c8254a12ebd4e34e52b4d
        Validity
            Not Before: Feb 25 13:13:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7519d0ba9e8436c3a7725af53dc81c229d2d2fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9d:85:db:d6:0f:14:f2:71:45:81:f6:a0:cb:
                    b3:b1:0e:02:27:38:3f:5d:d3:93:81:d6:e6:d3:77:
                    d5:c7:93:82:60:87:bc:6f:ee:3f:4a:3e:74:24:a7:
                    55:d7:ac:8f:09:99:1c:4b:ef:4e:9f:83:0f:ff:ac:
                    cf:7b:ac:85:07:11:b5:f3:da:1c:2c:0a:53:09:0f:
                    5f:d8:14:22:b8:81:28:31:89:97:0e:9e:85:cb:10:
                    ae:14:b8:1c:fc:82:7e:a6:c0:c1:3c:4e:c6:8b:da:
                    62:f6:6b:bf:d6:ff:87:64:86:56:4b:ef:f8:27:9a:
                    7a:99:4a:d5:54:53:7f:9b:7e:9d:91:ca:eb:1c:3c:
                    2b:c4:25:8e:58:35:bf:8e:fc:bc:a9:21:2f:6e:b4:
                    d3:ba:31:27:e3:c4:9e:df:62:ee:51:d5:f4:c8:fa:
                    61:f3:d6:b0:4c:7a:81:a5:51:ff:71:a9:cf:97:4b:
                    82:fc:a0:e4:ef:23:67:25:a6:cb:ab:fc:3a:5e:19:
                    9c:61:41:92:dc:cf:c2:cf:06:12:b6:9f:b3:e7:e7:
                    09:11:12:b5:15:83:e3:d8:f6:cb:41:aa:ac:91:19:
                    4d:6a:10:31:8a:00:98:dd:fe:a8:3e:b7:d3:bd:18:
                    f8:cd:b3:e0:bf:54:75:8c:81:ab:64:5a:47:c8:54:
                    eb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:19:D0:BA:9E:84:36:C3:A7:72:5A:F5:3D:C8:1C:22:9D:2D:2F:C8
            X509v3 Authority Key Identifier:
                keyid:33:62:BF:F2:CC:49:7F:0B:52:1C:82:54:A1:2E:BD:4E:34:E5:2B:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M2K_8sxJfwtSHIJUoS69TjTlK00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/bf3036-f3df-48ce-9a0a-8566166dfcc2/1/dRnQup6ENsOnclr1PcgcIp0tL8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/bf3036-f3df-48ce-9a0a-8566166dfcc2/1/M2K_8sxJfwtSHIJUoS69TjTlK00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.23.216.0/21
                IPv6:
                  2a03:56a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:c6:15:50:23:c6:f4:f8:56:42:37:8a:50:db:69:42:b6:c6:
         2e:b4:e5:f2:4d:a4:a9:20:eb:ae:d4:41:b5:bc:4a:cc:ea:17:
         37:04:87:c3:8a:a5:d2:73:5c:52:2f:b9:19:9c:55:f4:e4:d5:
         d9:8b:72:b9:f5:3a:40:25:e0:dc:72:66:f5:60:c9:aa:09:0d:
         f4:7f:9d:69:23:c3:4c:09:32:16:09:f1:1b:62:57:82:13:3c:
         90:8e:5c:9f:72:4b:17:05:7a:aa:22:ed:65:4d:3f:3c:ef:5a:
         26:12:eb:a8:82:13:f9:39:20:99:fb:5c:21:d1:81:4f:06:19:
         b9:6b:8a:7f:14:f7:12:14:6b:c9:6d:0f:df:84:09:2c:9e:f4:
         e4:e7:bf:be:bb:bd:25:83:1e:52:52:2a:77:41:bf:73:54:66:
         7d:07:02:ce:5c:13:86:a4:0b:cb:61:77:d3:9d:e8:59:2e:65:
         f3:e9:43:bc:4e:41:c0:9d:54:cf:94:5d:29:51:91:40:f3:a2:
         ea:05:ce:77:7b:0f:4e:bd:24:56:39:65:97:4b:b8:86:fd:63:
         5b:15:17:30:8f:dc:46:17:32:03:06:c8:77:69:24:cb:1b:a4:
         30:af:c1:ee:b3:4f:4e:f1:1e:08:09:90:42:af:7c:80:bb:6d:
         aa:12:27:bf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyU7yR/2Zhk6vN0OP+a3kCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNjJiZmYyY2M0OTdmMGI1MjFjODI1NGExMmViZDRlMzRl
NTJiNGQwHhcNMjYwMjI1MTMxMzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTE5ZDBiYTllODQzNmMzYTc3MjVhZjUzZGM4MWMyMjlkMmQyZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ2F29YPFPJxRYH2oMuzsQ4CJzg/
XdOTgdbm03fVx5OCYIe8b+4/Sj50JKdV16yPCZkcS+9On4MP/6zPe6yFBxG189oc
LApTCQ9f2BQiuIEoMYmXDp6FyxCuFLgc/IJ+psDBPE7Gi9pi9mu/1v+HZIZWS+/4
J5p6mUrVVFN/m36dkcrrHDwrxCWOWDW/jvy8qSEvbrTTujEn48Se32LuUdX0yPph
89awTHqBpVH/canPl0uC/KDk7yNnJabLq/w6XhmcYUGS3M/CzwYStp+z5+cJERK1
FYPj2PbLQaqskRlNahAxigCY3f6oPrfTvRj4zbPgv1R1jIGrZFpHyFTrmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHUZ0LqehDbDp3Ja9T3IHCKdLS/IMB8GA1UdIwQY
MBaAFDNiv/LMSX8LUhyCVKEuvU405StNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTJLXzhzeEpmd3RTSElKVW9TNjlUalRsSzAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9iZjMwMzYtZjNkZi00OGNlLTlhMGEt
ODU2NjE2NmRmY2MyLzEvZFJuUXVwNkVOc09uY2xyMVBjZ2NJcDB0TDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9iZjMwMzYtZjNkZi00OGNlLTlhMGEtODU2NjE2NmRmY2My
LzEvTTJLXzhzeEpmd3RTSElKVW9TNjlUalRsSzAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDshfYMA0E
AgACMAcDBQAqA1agMA0GCSqGSIb3DQEBCwUAA4IBAQCyxhVQI8b0+FZCN4pQ22lC
tsYutOXyTaSpIOuu1EG1vErM6hc3BIfDiqXSc1xSL7kZnFX05NXZi3K59TpAJeDc
cmb1YMmqCQ30f51pI8NMCTIWCfEbYleCEzyQjlyfcksXBXqqIu1lTT8871omEuuo
ghP5OSCZ+1wh0YFPBhm5a4p/FPcSFGvJbQ/fhAksnvTk57++u70lgx5SUip3Qb9z
VGZ9BwLOXBOGpAvLYXfTnehZLmXz6UO8TkHAnVTPlF0pUZFA86LqBc53ew9OvSRW
OWWXS7iG/WNbFRcwj9xGFzIDBsh3aSTLG6Qwr8Hus09O8R4ICZBCr3yAu22qEie/
-----END CERTIFICATE-----