Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/8Gvof7po5-v9E0jq0yIDs4A09gQ.roa
File:                     8Gvof7po5-v9E0jq0yIDs4A09gQ.roa (raw, json)
Hash identifier:          kD14pUKAJWYG2mhNvoc9jqi5c48Giw+3Z2sxuHaup5E=
Subject key identifier:   F0:6B:E8:7F:BA:68:E7:EB:FD:13:48:EA:D3:22:03:B3:80:34:F6:04
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DD344ADCCAF2EE19995456F817CBFA24F
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/8Gvof7po5-v9E0jq0yIDs4A09gQ.roa
Signing time:             Tue 28 Apr 2026 08:46:26 +0000
ROA not before:           Tue 28 Apr 2026 08:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     932
IP address blocks:        216.23.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:44:ad:cc:af:2e:e1:99:95:45:6f:81:7c:bf:a2:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 28 08:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f06be87fba68e7ebfd1348ead32203b38034f604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b4:04:b4:58:9a:67:1e:ae:6f:b8:29:90:15:
                    3d:4b:07:fc:cd:96:22:92:2c:ed:42:9d:6f:93:dd:
                    87:18:3b:aa:ee:cf:b2:b8:29:f8:c4:51:b0:a3:7d:
                    5f:92:59:fa:bc:eb:92:0c:51:63:8d:51:55:c4:6e:
                    db:c6:62:cb:34:ae:b3:8f:e6:a7:f4:43:19:56:c0:
                    9d:f1:b2:81:23:1a:47:f7:bb:59:7a:02:51:55:a8:
                    e5:4b:53:dc:c1:8f:5d:03:cd:0c:be:33:32:64:bc:
                    46:19:92:bb:79:ab:87:30:04:e5:46:cc:02:95:0a:
                    88:4c:ba:9b:34:bc:c3:2b:73:75:6d:08:62:5c:86:
                    3b:97:e9:c4:b8:9a:ac:eb:d5:d4:57:a2:4c:24:85:
                    f8:cd:6a:b4:c7:78:79:61:44:bc:58:b4:e9:69:75:
                    4d:76:c8:2b:9f:b6:a8:90:9b:29:bd:d0:17:98:4b:
                    3e:9c:ab:a0:04:d9:f4:3b:c4:af:24:e0:89:29:6c:
                    36:c9:9a:4d:7d:e6:c8:af:37:d7:12:b0:13:cb:ca:
                    b7:1e:18:f0:00:f5:e8:ba:50:ba:cb:99:08:b0:f5:
                    20:11:ca:4a:3c:4a:b1:f8:08:6c:76:aa:de:dc:2d:
                    ff:6c:58:19:30:52:01:65:b3:ec:52:fd:43:79:93:
                    d3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:6B:E8:7F:BA:68:E7:EB:FD:13:48:EA:D3:22:03:B3:80:34:F6:04
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/8Gvof7po5-v9E0jq0yIDs4A09gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:c8:b8:53:2d:f5:fc:1c:44:2f:f5:34:d2:d5:d5:fa:1d:b7:
         2c:62:ff:88:06:3f:ad:5f:cb:81:18:dc:e9:c4:09:a7:5f:2a:
         4d:03:41:a1:f7:ef:76:9f:98:48:6c:49:79:fe:ef:17:cb:04:
         4b:d0:02:42:e2:bd:a8:c0:68:37:cf:cc:93:94:93:02:8b:2c:
         2a:cb:3e:d3:ec:78:ec:98:b3:08:1d:ce:0a:7a:93:23:e1:02:
         44:e1:6d:3c:e9:12:f8:41:29:46:d1:12:b4:53:8c:11:bc:76:
         ad:c3:c7:18:c6:c9:99:ab:cc:22:97:de:95:b3:fd:a8:6c:99:
         03:86:0a:5b:5d:e3:c3:8a:41:b2:71:ad:a2:d6:ea:0f:64:93:
         31:8d:b2:61:23:e5:3a:4d:d0:7c:5e:f5:51:f8:b3:58:f0:79:
         bf:19:cf:c2:97:12:8e:4e:74:4c:a0:b1:d4:40:61:40:78:68:
         ac:6d:55:12:15:75:b4:33:08:e6:0f:5f:43:d8:9e:16:d7:9a:
         b1:ac:6a:3e:b5:e6:d6:0c:d4:86:0c:83:b0:68:f4:76:ed:b2:
         85:11:2e:da:2f:55:93:50:f8:c2:c3:85:76:d5:ee:93:06:0f:
         3c:bd:b7:ce:a1:6e:a3:f6:25:c0:3d:75:62:97:88:dd:71:f7:
         d6:7b:41:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3TRK3Mry7hmZVFb4F8v6JPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDI4MDg0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDZiZTg3ZmJhNjhlN2ViZmQxMzQ4ZWFkMzIyMDNiMzgwMzRmNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLQEtFiaZx6ub7gpkBU9Swf8zZYi
kiztQp1vk92HGDuq7s+yuCn4xFGwo31fkln6vOuSDFFjjVFVxG7bxmLLNK6zj+an
9EMZVsCd8bKBIxpH97tZegJRVajlS1PcwY9dA80MvjMyZLxGGZK7eauHMATlRswC
lQqITLqbNLzDK3N1bQhiXIY7l+nEuJqs69XUV6JMJIX4zWq0x3h5YUS8WLTpaXVN
dsgrn7aokJspvdAXmEs+nKugBNn0O8SvJOCJKWw2yZpNfebIrzfXErATy8q3Hhjw
APXoulC6y5kIsPUgEcpKPEqx+Ahsdqre3C3/bFgZMFIBZbPsUv1DeZPTNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBr6H+6aOfr/RNI6tMiA7OANPYEMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvOEd2b2Y3cG81LXY5RTBqcTB5SURzNEEwOWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2Bd0MA0G
CSqGSIb3DQEBCwUAA4IBAQCGyLhTLfX8HEQv9TTS1dX6HbcsYv+IBj+tX8uBGNzp
xAmnXypNA0Gh9+92n5hIbEl5/u8XywRL0AJC4r2owGg3z8yTlJMCiywqyz7T7Hjs
mLMIHc4KepMj4QJE4W086RL4QSlG0RK0U4wRvHatw8cYxsmZq8wil96Vs/2obJkD
hgpbXePDikGyca2i1uoPZJMxjbJhI+U6TdB8XvVR+LNY8Hm/Gc/ClxKOTnRMoLHU
QGFAeGisbVUSFXW0MwjmD19D2J4W15qxrGo+tebWDNSGDIOwaPR27bKFES7aL1WT
UPjCw4V21e6TBg88vbfOoW6j9iXAPXVil4jdcffWe0Hx
-----END CERTIFICATE-----