Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/0bLw6VFP6wfXURikI6fXz5qO9ec.roa
File:                     0bLw6VFP6wfXURikI6fXz5qO9ec.roa (raw, json)
Hash identifier:          EwbELtCuZRN6IS8zCzCE+Y3Hg2sgznPBjC/HH368ChI=
Subject key identifier:   D1:B2:F0:E9:51:4F:EB:07:D7:51:18:A4:23:A7:D7:CF:9A:8E:F5:E7
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DB4BB01182E3644BB4974C104B595678D
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/0bLw6VFP6wfXURikI6fXz5qO9ec.roa
Signing time:             Wed 22 Apr 2026 10:27:27 +0000
ROA not before:           Wed 22 Apr 2026 10:27:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402310
IP address blocks:        216.195.198.0/24 maxlen: 24
                          216.236.8.0/21 maxlen: 21
                          216.236.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:bb:01:18:2e:36:44:bb:49:74:c1:04:b5:95:67:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 22 10:27:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1b2f0e9514feb07d75118a423a7d7cf9a8ef5e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1c:4d:f5:5a:43:8f:1e:d4:e5:3f:b0:11:34:
                    42:18:8b:0b:e8:e0:d0:ff:00:c0:e2:75:8f:09:01:
                    c8:c4:ea:59:bc:41:47:bf:e0:b9:96:86:ad:bb:b4:
                    a4:b2:55:de:e5:f3:60:23:1e:59:17:3b:87:cf:1c:
                    d7:90:91:e2:56:f4:6c:b6:f2:6f:ac:b1:68:4f:28:
                    e2:af:4e:49:f8:57:5b:b0:47:d8:67:13:ab:e3:86:
                    2f:11:cb:13:55:c3:84:28:be:52:e1:fe:02:ed:b0:
                    30:d3:66:df:c5:b3:cb:57:f5:af:69:9e:05:51:70:
                    f1:3d:89:88:f5:a6:3b:5a:2e:98:7b:0c:ca:fd:0b:
                    b5:f7:78:1e:30:c8:f4:4a:43:0b:05:ed:fe:fe:eb:
                    1d:86:89:02:37:7c:5e:16:27:b4:46:1c:0b:44:e2:
                    64:52:53:d4:67:01:1f:d9:a9:23:b2:be:ac:fb:1c:
                    88:d4:d1:78:cb:67:34:8b:f4:8f:0d:f3:73:6e:76:
                    16:bc:29:34:bc:6a:34:cc:24:f2:f8:a3:5b:3c:a9:
                    5c:c8:43:74:f2:84:dc:e6:43:90:24:c1:e4:36:be:
                    d2:5b:c2:c2:8b:f1:8e:d2:23:21:9c:bd:05:75:0b:
                    12:75:5b:fb:83:a1:e5:6a:f4:15:0d:21:c1:50:e6:
                    18:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B2:F0:E9:51:4F:EB:07:D7:51:18:A4:23:A7:D7:CF:9A:8E:F5:E7
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/0bLw6VFP6wfXURikI6fXz5qO9ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.195.198.0/24
                  216.236.8.0-216.236.23.255

    Signature Algorithm: sha256WithRSAEncryption
         bf:49:a3:1c:e9:b5:3f:9f:fb:e0:06:15:36:79:b3:ca:d4:d4:
         bc:72:b9:3e:36:72:15:1d:f2:05:4a:ff:41:a9:0f:1a:f5:0c:
         51:a6:02:70:c8:ce:96:06:b3:0d:2e:cb:b0:4d:3c:b6:13:01:
         59:9e:60:b0:99:bf:c5:03:1a:5a:f0:1f:b2:b7:f6:58:6a:8c:
         a2:37:6a:d8:37:94:b8:25:11:c1:46:0a:8f:b9:78:7e:ce:bb:
         0d:01:df:91:93:e5:62:11:8f:95:f9:1a:41:20:d4:ba:38:b0:
         fe:30:e6:17:b5:2f:b5:80:46:4c:e2:e4:a6:29:0d:bd:f8:c2:
         1f:5d:c6:91:f1:3d:ba:45:fe:80:25:d1:fc:43:1f:c6:ce:d4:
         f3:7f:6d:b5:48:f3:28:61:04:b2:29:20:12:35:d4:9b:6f:98:
         3d:b6:82:35:21:79:7e:c5:1f:71:95:5e:0c:03:1a:3c:56:eb:
         73:71:31:8f:e7:1a:83:c1:dc:c2:89:b1:48:88:3d:21:1e:3b:
         41:05:66:ac:94:f3:f7:39:05:c6:29:50:9e:bf:9a:ee:1e:68:
         42:21:92:c9:5b:73:c1:df:a7:44:e6:35:9a:32:63:06:6d:d8:
         66:4d:b5:6f:a1:a7:e5:92:8e:3c:5a:6e:40:ea:33:12:85:9e:
         af:72:b1:ca
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ20uwEYLjZEu0l0wQS1lWeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDIyMTAyNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWIyZjBlOTUxNGZlYjA3ZDc1MTE4YTQyM2E3ZDdjZjlhOGVmNWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRxN9VpDjx7U5T+wETRCGIsL6ODQ
/wDA4nWPCQHIxOpZvEFHv+C5loatu7SkslXe5fNgIx5ZFzuHzxzXkJHiVvRstvJv
rLFoTyjir05J+FdbsEfYZxOr44YvEcsTVcOEKL5S4f4C7bAw02bfxbPLV/WvaZ4F
UXDxPYmI9aY7Wi6YewzK/Qu193geMMj0SkMLBe3+/usdhokCN3xeFie0RhwLROJk
UlPUZwEf2akjsr6s+xyI1NF4y2c0i/SPDfNzbnYWvCk0vGo0zCTy+KNbPKlcyEN0
8oTc5kOQJMHkNr7SW8LCi/GO0iMhnL0FdQsSdVv7g6HlavQVDSHBUOYYFwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNGy8OlRT+sH11EYpCOn18+ajvXnMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvMGJMdzZWRlA2d2ZYVVJpa0k2Zlh6NXFPOWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQA2MPGMAwD
BAPY7AgDBAPY7BAwDQYJKoZIhvcNAQELBQADggEBAL9JoxzptT+f++AGFTZ5s8rU
1LxyuT42chUd8gVK/0GpDxr1DFGmAnDIzpYGsw0uy7BNPLYTAVmeYLCZv8UDGlrw
H7K39lhqjKI3atg3lLglEcFGCo+5eH7Ouw0B35GT5WIRj5X5GkEg1Lo4sP4w5he1
L7WARkzi5KYpDb34wh9dxpHxPbpF/oAl0fxDH8bO1PN/bbVI8yhhBLIpIBI11Jtv
mD22gjUheX7FH3GVXgwDGjxW63NxMY/nGoPB3MKJsUiIPSEeO0EFZqyU8/c5BcYp
UJ6/mu4eaEIhkslbc8Hfp0TmNZoyYwZt2GZNtW+hp+WSjjxabkDqMxKFnq9ysco=
-----END CERTIFICATE-----