Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/NOjwhYI2kirt2v9grg41qI9kmHc.roa
File:                     NOjwhYI2kirt2v9grg41qI9kmHc.roa (raw, json)
Hash identifier:          x8Wpo+e0e+Kqahdvx8uTXaGfiFvikF4EXAN4AWDoJKA=
Subject key identifier:   34:E8:F0:85:82:36:92:2A:ED:DA:FF:60:AE:0E:35:A8:8F:64:98:77
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019CD23BA8D163DD529DE325CE3B9EB72E44
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/NOjwhYI2kirt2v9grg41qI9kmHc.roa
Signing time:             Mon 09 Mar 2026 10:54:10 +0000
ROA not before:           Mon 09 Mar 2026 10:54:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152179
IP address blocks:        216.116.160.0/19 maxlen: 24
                          216.116.160.0/20 maxlen: 20
                          216.116.176.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:3b:a8:d1:63:dd:52:9d:e3:25:ce:3b:9e:b7:2e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Mar  9 10:54:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34e8f0858236922aeddaff60ae0e35a88f649877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:86:c0:57:0a:10:3c:80:2e:b2:6c:cb:46:ba:
                    2d:00:56:da:e1:8d:9f:0d:63:09:d3:d8:be:95:f2:
                    98:34:71:ba:7b:4a:a1:d1:8a:b5:7e:02:9b:db:22:
                    44:37:c5:c8:ba:2c:4b:47:71:d9:d0:02:3f:25:49:
                    30:c6:99:ab:e7:1c:2f:91:0c:a7:dc:b8:06:e6:da:
                    51:56:01:c7:f4:d2:2b:75:81:83:72:50:17:2d:6d:
                    53:ba:6d:9a:9d:03:55:66:2e:e4:b8:ff:31:19:b6:
                    99:89:22:5e:31:6d:ba:ef:7f:40:c1:d8:1a:73:19:
                    85:92:cf:bc:ef:47:f3:fd:79:9c:7e:59:8c:42:e9:
                    3d:51:5f:bb:0a:30:4c:c3:9b:7a:42:b1:58:ab:2d:
                    5c:89:18:1e:17:60:d9:ab:f7:94:39:76:79:53:d6:
                    8f:ba:5b:56:42:59:ef:9d:08:57:5a:e5:38:7c:2d:
                    f8:59:36:b2:4f:72:46:54:50:ac:75:bf:7f:f7:3d:
                    15:fc:e1:ec:5a:54:de:fc:a6:2f:e6:0b:79:10:70:
                    d8:32:c8:0d:83:cf:91:ad:5f:cf:0a:29:a9:0d:2f:
                    b5:61:66:92:46:61:45:41:37:5f:9f:c5:46:f5:f5:
                    08:17:85:4c:01:34:5e:64:20:7a:b2:a9:cd:50:a2:
                    70:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E8:F0:85:82:36:92:2A:ED:DA:FF:60:AE:0E:35:A8:8F:64:98:77
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/NOjwhYI2kirt2v9grg41qI9kmHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.116.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         63:18:b8:2e:ed:0f:9c:81:61:4d:12:a7:53:10:eb:fa:c1:2e:
         e2:a7:00:89:27:45:80:9c:72:25:d7:83:8c:fe:bc:59:93:0b:
         5c:db:1a:58:d1:3a:46:de:31:d6:74:d3:b1:d2:10:1f:0a:61:
         67:65:65:6f:c2:c2:46:20:e8:f3:50:e3:04:bf:cc:ba:bd:06:
         5c:68:3f:e8:24:56:67:b4:a0:ea:a6:71:5c:a4:4e:ab:f8:9b:
         28:69:9f:2b:af:15:c5:a4:eb:73:39:90:5c:26:f4:9e:61:e7:
         a7:ab:d5:87:70:5f:2a:ac:f6:ed:8e:fd:68:d2:33:31:dc:b0:
         c6:9b:f7:49:8e:b2:de:e6:91:97:9b:41:73:41:7e:a3:91:b0:
         97:ae:9b:f1:1a:24:02:7e:d4:26:dc:01:d1:23:ee:57:b4:71:
         01:da:dc:18:6d:c9:00:42:fe:d5:97:07:c1:a4:81:29:92:55:
         ae:e1:89:e5:80:73:82:f3:3c:33:98:7a:11:bb:22:75:7a:38:
         4f:9f:11:26:b1:90:26:14:cb:0c:e9:90:34:cd:aa:dc:6a:2e:
         5e:39:a9:bf:b2:52:3a:0f:0c:0a:06:f8:c5:b5:2a:af:37:ec:
         47:a9:f7:2c:f0:bf:63:f7:7b:9d:87:00:0c:62:94:bb:0c:a4:
         d1:52:b0:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzSO6jRY91SneMlzjuety5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMzA5MTA1NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGU4ZjA4NTgyMzY5MjJhZWRkYWZmNjBhZTBlMzVhODhmNjQ5ODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYbAVwoQPIAusmzLRrotAFba4Y2f
DWMJ09i+lfKYNHG6e0qh0Yq1fgKb2yJEN8XIuixLR3HZ0AI/JUkwxpmr5xwvkQyn
3LgG5tpRVgHH9NIrdYGDclAXLW1Tum2anQNVZi7kuP8xGbaZiSJeMW26739Awdga
cxmFks+870fz/XmcflmMQuk9UV+7CjBMw5t6QrFYqy1ciRgeF2DZq/eUOXZ5U9aP
ultWQlnvnQhXWuU4fC34WTayT3JGVFCsdb9/9z0V/OHsWlTe/KYv5gt5EHDYMsgN
g8+RrV/PCimpDS+1YWaSRmFFQTdfn8VG9fUIF4VMATReZCB6sqnNUKJwnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTo8IWCNpIq7dr/YK4ONaiPZJh3MB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvTk9qd2hZSTJraXJ0MnY5Z3JnNDFxSTlrbUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF2HSgMA0G
CSqGSIb3DQEBCwUAA4IBAQBjGLgu7Q+cgWFNEqdTEOv6wS7ipwCJJ0WAnHIl14OM
/rxZkwtc2xpY0TpG3jHWdNOx0hAfCmFnZWVvwsJGIOjzUOMEv8y6vQZcaD/oJFZn
tKDqpnFcpE6r+JsoaZ8rrxXFpOtzOZBcJvSeYeenq9WHcF8qrPbtjv1o0jMx3LDG
m/dJjrLe5pGXm0FzQX6jkbCXrpvxGiQCftQm3AHRI+5XtHEB2twYbckAQv7VlwfB
pIEpklWu4YnlgHOC8zwzmHoRuyJ1ejhPnxEmsZAmFMsM6ZA0zarcai5eOam/slI6
DwwKBvjFtSqvN+xHqfcs8L9j93udhwAMYpS7DKTRUrCh
-----END CERTIFICATE-----