Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/NmijAg95xBjUfN3MLDCEUJYkcxk.roa
File:                     NmijAg95xBjUfN3MLDCEUJYkcxk.roa (raw, json)
Hash identifier:          gkAuQmHMahHJ5Ycz4AzRoin+osgCl2hGtjLbCF1r+qw=
Subject key identifier:   36:68:A3:02:0F:79:C4:18:D4:7C:DD:CC:2C:30:84:50:96:24:73:19
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019D28DDD1B3B08718CEF0A53A58D26C85E9
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/NmijAg95xBjUfN3MLDCEUJYkcxk.roa
Signing time:             Thu 26 Mar 2026 06:38:38 +0000
ROA not before:           Thu 26 Mar 2026 06:38:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209699
IP address blocks:        216.23.88.0/22 maxlen: 24
                          216.23.96.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:28:dd:d1:b3:b0:87:18:ce:f0:a5:3a:58:d2:6c:85:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Mar 26 06:38:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3668a3020f79c418d47cddcc2c30845096247319
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:78:2c:b0:ae:a2:07:9c:a7:ab:62:f0:1f:95:
                    d9:53:6b:e0:e4:e3:b8:35:2d:49:cb:32:a4:9e:f6:
                    b0:b3:c9:50:7f:54:85:a8:44:51:f8:c1:f9:fb:15:
                    cc:00:20:54:07:c1:e3:42:5f:34:70:5d:84:db:b0:
                    c9:6e:b5:1f:d8:2d:b8:87:83:aa:17:34:d0:7f:6c:
                    5b:70:8d:3b:bb:ad:65:a2:e5:8d:01:18:85:c1:c5:
                    6e:8f:a4:c6:f9:d0:ee:ba:6a:d4:ac:67:fd:ae:50:
                    83:bc:7e:84:c4:49:87:d7:ba:4e:31:4d:24:5f:e4:
                    c6:da:6d:83:88:6d:62:74:6f:b9:60:04:e6:2a:6a:
                    35:e1:f0:b9:4f:35:7b:8e:79:7b:97:dc:74:2d:93:
                    6f:66:4b:42:5e:17:dc:45:c6:84:44:7a:ee:fa:bc:
                    78:81:56:91:b6:8f:d3:1b:5d:85:c5:d5:ba:a5:9c:
                    7c:35:c9:5b:ea:83:b6:3b:ac:15:09:f1:9b:cc:c3:
                    60:5b:23:2b:0b:27:b2:88:fd:fb:03:46:36:10:9c:
                    7a:b4:09:91:f2:fa:99:7c:e2:da:da:45:ea:f3:d2:
                    52:1f:d7:83:13:5f:c0:5b:88:05:3a:45:79:18:38:
                    11:3b:28:14:72:a5:d2:60:e4:8a:5b:2a:55:59:5f:
                    6f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:68:A3:02:0F:79:C4:18:D4:7C:DD:CC:2C:30:84:50:96:24:73:19
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/NmijAg95xBjUfN3MLDCEUJYkcxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.88.0/22
                  216.23.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:95:6c:af:28:3b:ea:4f:6a:54:05:4c:8b:f3:ef:7c:77:86:
         ba:52:5d:d1:0e:6b:1a:35:85:20:ca:6f:72:f8:50:1c:82:3b:
         83:8f:72:15:89:98:7e:18:5c:e5:33:2c:6d:fc:1b:9e:10:48:
         d3:ef:80:83:7d:ba:eb:1e:48:f1:c4:b5:80:a6:38:55:b2:81:
         ab:98:51:fa:e8:39:21:fb:4d:a3:5c:47:e8:44:5a:e4:b8:ae:
         95:21:54:07:b7:e1:1a:64:59:5c:17:ae:dd:92:1f:31:c9:15:
         37:a4:93:f8:00:2f:4c:c3:22:82:6d:dc:2a:ed:76:6d:0c:b5:
         82:e2:5a:59:63:66:d4:ab:2c:62:c8:93:7e:d2:03:a1:db:46:
         ff:3e:45:e2:00:72:06:cd:96:eb:30:50:d4:38:14:88:27:dc:
         0b:58:dd:8d:c5:9d:f6:cf:da:0d:5c:d9:1a:03:22:2e:ae:4b:
         23:17:6e:d9:2c:dd:70:26:c9:ad:85:fb:7e:16:50:29:92:97:
         49:3a:2b:4c:9d:9d:75:48:81:ce:03:ef:78:77:db:bc:e7:a2:
         62:63:a7:1e:05:88:b7:77:a9:45:13:c5:b1:8f:27:e5:90:be:
         53:74:a4:13:e5:70:70:ee:f7:72:bb:7e:8c:fa:a5:21:37:21:
         a2:1b:eb:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0o3dGzsIcYzvClOljSbIXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMzI2MDYzODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjY4YTMwMjBmNzljNDE4ZDQ3Y2RkY2MyYzMwODQ1MDk2MjQ3MzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwngssK6iB5ynq2LwH5XZU2vg5OO4
NS1JyzKknvaws8lQf1SFqERR+MH5+xXMACBUB8HjQl80cF2E27DJbrUf2C24h4Oq
FzTQf2xbcI07u61louWNARiFwcVuj6TG+dDuumrUrGf9rlCDvH6ExEmH17pOMU0k
X+TG2m2DiG1idG+5YATmKmo14fC5TzV7jnl7l9x0LZNvZktCXhfcRcaERHru+rx4
gVaRto/TG12FxdW6pZx8Nclb6oO2O6wVCfGbzMNgWyMrCyeyiP37A0Y2EJx6tAmR
8vqZfOLa2kXq89JSH9eDE1/AW4gFOkV5GDgROygUcqXSYOSKWypVWV9vUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDZoowIPecQY1HzdzCwwhFCWJHMZMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvTm1pakFnOTV4QmpVZk4zTUxEQ0VVSllrY3hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQC2BdYAwQD
2BdgMA0GCSqGSIb3DQEBCwUAA4IBAQBklWyvKDvqT2pUBUyL8+98d4a6Ul3RDmsa
NYUgym9y+FAcgjuDj3IViZh+GFzlMyxt/BueEEjT74CDfbrrHkjxxLWApjhVsoGr
mFH66Dkh+02jXEfoRFrkuK6VIVQHt+EaZFlcF67dkh8xyRU3pJP4AC9MwyKCbdwq
7XZtDLWC4lpZY2bUqyxiyJN+0gOh20b/PkXiAHIGzZbrMFDUOBSIJ9wLWN2NxZ32
z9oNXNkaAyIurksjF27ZLN1wJsmthft+FlApkpdJOitMnZ11SIHOA+94d9u856Ji
Y6ceBYi3d6lFE8WxjyflkL5TdKQT5XBw7vdyu36M+qUhNyGiG+uF
-----END CERTIFICATE-----