Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/1-lGH1nu7CvzHWYEiuO1j3MNSzJY.roa
File:                     1-lGH1nu7CvzHWYEiuO1j3MNSzJY.roa (raw, json)
Hash identifier:          9/b6BBId/Kn5DB9SmUCWKxBwcAQLvltddZcgBj268UQ=
Subject key identifier:   FA:51:87:D6:7B:BB:0A:FC:C7:59:81:22:B8:ED:63:DC:C3:52:CC:96
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019D060C1A5E6913D883C193AAE384F3CB84
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/1-lGH1nu7CvzHWYEiuO1j3MNSzJY.roa
Signing time:             Thu 19 Mar 2026 12:22:29 +0000
ROA not before:           Thu 19 Mar 2026 12:22:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152913
IP address blocks:        85.149.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:0c:1a:5e:69:13:d8:83:c1:93:aa:e3:84:f3:cb:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Mar 19 12:22:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa5187d67bbb0afcc7598122b8ed63dcc352cc96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ef:ff:20:0e:4f:00:a0:cf:73:ec:8e:26:0d:
                    c3:5a:64:9d:b3:2e:b7:2f:26:d8:71:b2:f0:04:a0:
                    6b:f7:6d:01:b8:c1:58:e5:73:3b:7c:1d:df:16:e7:
                    36:74:f8:36:c7:47:82:a3:38:34:a0:df:04:81:a7:
                    74:8b:87:76:e4:e9:79:ba:60:88:39:f8:b1:f4:08:
                    77:b4:d2:a0:ef:e4:66:79:66:21:44:22:f0:d4:79:
                    f8:ae:60:49:af:8f:60:c8:4a:0f:8b:18:eb:7c:38:
                    f9:12:5c:c5:6a:7d:9d:13:99:ff:e7:47:50:54:b9:
                    7d:d3:c9:d4:ea:ba:c5:b6:87:97:f6:9a:51:14:a0:
                    f5:1c:9e:fa:d4:de:a9:6b:99:10:a9:07:d9:47:b5:
                    4d:35:6e:3c:9f:da:7e:a9:41:3b:78:a7:3d:45:ea:
                    30:17:60:47:a0:1c:1c:91:4c:d0:50:6c:f1:d7:b4:
                    d7:78:ca:3f:93:05:29:41:a6:f8:95:e1:44:a8:57:
                    e7:e6:99:e8:b5:9e:65:61:5f:cd:37:86:a2:84:b0:
                    61:07:e5:5d:4e:63:7f:32:cf:c5:59:48:30:09:4e:
                    e4:12:81:0b:c9:7a:d5:98:50:3c:16:53:f6:27:c8:
                    a4:b5:b9:ab:b0:13:94:7c:fc:95:e6:dd:d6:77:72:
                    c9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:51:87:D6:7B:BB:0A:FC:C7:59:81:22:B8:ED:63:DC:C3:52:CC:96
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/1-lGH1nu7CvzHWYEiuO1j3MNSzJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         31:c8:24:ac:e3:ee:d1:61:db:78:6d:d0:82:e7:18:51:8b:11:
         7c:03:3a:72:7f:cb:90:37:ff:c8:a7:f9:8d:9c:24:71:02:c4:
         7e:74:d0:5d:bd:6e:c0:01:88:4a:b1:01:9c:77:94:e9:87:ec:
         38:6e:42:a2:22:fa:ea:e8:59:2f:98:61:24:a6:49:9d:01:90:
         80:2a:d6:44:4f:6c:db:5b:6a:7c:88:c0:ac:e0:f7:e4:83:d1:
         8f:c3:4d:d3:f4:81:9e:8f:35:78:4c:14:2e:dc:ec:5e:33:6d:
         d3:a3:d8:77:1c:0d:3d:ea:13:8c:df:ac:6a:ba:16:cf:3f:01:
         a0:b1:35:d8:f3:34:a2:a2:6a:e2:07:12:86:0f:02:9b:d3:5c:
         a4:17:e1:06:6c:96:66:5f:fd:db:85:18:af:2c:90:c4:05:36:
         36:1b:a2:8e:f7:d1:ba:8d:20:90:bc:07:5d:ef:1d:04:5d:df:
         dd:d2:92:22:f3:d1:5e:2b:91:bd:84:45:96:45:da:2b:39:4e:
         e9:16:30:5a:34:1d:98:88:60:fc:dd:84:ad:bd:b1:ab:7e:54:
         be:cb:95:99:1f:2e:08:cc:0c:33:0a:2c:d5:94:d5:14:85:fa:
         fc:9a:ba:67:c1:cc:1e:a2:3b:15:32:78:c6:10:61:89:d9:7d:
         51:f0:c9:60
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0GDBpeaRPYg8GTquOE88uEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwMzE5MTIyMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTUxODdkNjdiYmIwYWZjYzc1OTgxMjJiOGVkNjNkY2MzNTJjYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+//IA5PAKDPc+yOJg3DWmSdsy63
LybYcbLwBKBr920BuMFY5XM7fB3fFuc2dPg2x0eCozg0oN8Egad0i4d25Ol5umCI
Ofix9Ah3tNKg7+RmeWYhRCLw1Hn4rmBJr49gyEoPixjrfDj5ElzFan2dE5n/50dQ
VLl908nU6rrFtoeX9ppRFKD1HJ761N6pa5kQqQfZR7VNNW48n9p+qUE7eKc9Reow
F2BHoBwckUzQUGzx17TXeMo/kwUpQab4leFEqFfn5pnotZ5lYV/NN4aihLBhB+Vd
TmN/Ms/FWUgwCU7kEoELyXrVmFA8FlP2J8iktbmrsBOUfPyV5t3Wd3LJOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpRh9Z7uwr8x1mBIrjtY9zDUsyWMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvMS1sR0gxbnU3Q3Z6SFdZRWl1TzFqM01OU3pKWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzkvM2MwNzZiLWFlYTEtNGEzMy1hOWU5LTk5MTI4YmY2YTg0
MS8xLzJOUEtMQ01hX2ZPd05WeDNwOHV5SnZnYmRONC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1WV0DAN
BgkqhkiG9w0BAQsFAAOCAQEAMcgkrOPu0WHbeG3QgucYUYsRfAM6cn/LkDf/yKf5
jZwkcQLEfnTQXb1uwAGISrEBnHeU6YfsOG5CoiL66uhZL5hhJKZJnQGQgCrWRE9s
21tqfIjArOD35IPRj8NN0/SBno81eEwULtzsXjNt06PYdxwNPeoTjN+saroWzz8B
oLE12PM0oqJq4gcShg8Cm9NcpBfhBmyWZl/924UYryyQxAU2NhuijvfRuo0gkLwH
Xe8dBF3f3dKSIvPRXiuRvYRFlkXaKzlO6RYwWjQdmIhg/N2Erb2xq35UvsuVmR8u
CMwMMwos1ZTVFIX6/Jq6Z8HMHqI7FTJ4xhBhidl9UfDJYA==
-----END CERTIFICATE-----