Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/SPoau1EEjJNUiDSFgcPH_9bzW2w.roa
File:                     SPoau1EEjJNUiDSFgcPH_9bzW2w.roa (raw, json)
Hash identifier:          b+PGonpxJwjNp5zMPGufmYaRs5LZCyUKEmEsNgj/URY=
Subject key identifier:   48:FA:1A:BB:51:04:8C:93:54:88:34:85:81:C3:C7:FF:D6:F3:5B:6C
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019D1E25125ECA275757F1D1CB5850BB3BF4
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/SPoau1EEjJNUiDSFgcPH_9bzW2w.roa
Signing time:             Tue 24 Mar 2026 04:40:39 +0000
ROA not before:           Tue 24 Mar 2026 04:40:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402310
IP address blocks:        216.236.8.0/21 maxlen: 21
                          216.236.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1e:25:12:5e:ca:27:57:57:f1:d1:cb:58:50:bb:3b:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Mar 24 04:40:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48fa1abb51048c935488348581c3c7ffd6f35b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:33:4b:33:5a:5b:be:64:35:39:bc:1d:c8:97:
                    e6:84:62:8a:ed:f3:af:38:64:09:ca:06:c0:ea:52:
                    c7:dc:ca:1d:b6:e7:89:d1:5a:3b:d2:18:d8:51:28:
                    70:fb:17:c4:43:ad:54:c6:90:62:d6:32:e9:ab:e6:
                    52:be:b1:ef:42:7a:30:8d:a8:2e:8a:02:0d:23:dc:
                    35:6b:c8:91:b5:e5:88:b3:83:2b:6a:38:de:3b:af:
                    0a:08:ce:ab:11:06:8f:3c:55:13:51:e6:7f:93:26:
                    15:62:a2:e7:ba:74:07:84:77:19:cd:65:17:65:57:
                    94:18:6e:e8:b9:5b:f2:56:c1:fa:30:4e:04:29:2f:
                    66:e5:c9:57:69:c0:19:ea:d6:75:e1:cc:73:77:d1:
                    ff:d3:41:e7:7c:e5:77:60:6b:ba:1e:e7:75:b9:60:
                    05:4e:92:1a:c4:16:28:fa:24:7f:34:87:09:57:09:
                    55:e5:6d:49:7e:5f:89:27:0d:c6:cc:12:36:a5:5e:
                    07:0c:a7:b6:4c:c9:10:a2:08:fd:32:14:66:fb:84:
                    97:c6:1f:38:ac:fd:ae:c8:13:a4:72:be:b5:5d:87:
                    54:50:a9:10:26:99:00:ef:46:b4:6e:c0:75:93:ca:
                    16:00:49:44:31:37:94:84:e9:ab:a3:13:4d:4c:bb:
                    ec:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:FA:1A:BB:51:04:8C:93:54:88:34:85:81:C3:C7:FF:D6:F3:5B:6C
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/SPoau1EEjJNUiDSFgcPH_9bzW2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.8.0-216.236.23.255

    Signature Algorithm: sha256WithRSAEncryption
         19:fd:d6:fe:f7:b6:b9:81:70:41:33:00:1e:6d:0d:a7:10:23:
         fb:2a:f8:18:63:1c:5c:43:71:c6:5e:04:29:37:d0:c5:f1:e8:
         5e:fc:fb:b4:f7:f2:73:aa:eb:65:31:8d:ef:56:0f:b4:4d:f6:
         87:d6:1f:59:b5:b5:e2:a2:c1:a4:c9:a3:73:79:0c:49:f7:f9:
         92:3e:e4:c3:e1:97:4d:ef:87:23:fa:bd:79:fe:93:7e:26:10:
         7c:1e:10:dd:3f:1b:08:12:40:3f:2c:99:d0:4c:13:c4:9d:da:
         65:0b:85:91:c5:a1:12:4e:05:5c:c1:33:b5:34:11:75:2f:7a:
         71:be:1c:b7:6b:6d:7d:8d:0a:63:c8:e8:ad:f4:86:68:e8:30:
         9a:d5:eb:ab:ba:e6:46:7d:76:a5:1e:ac:5b:a3:4d:37:f5:f1:
         bf:f3:1b:60:0c:b9:d6:14:b5:92:6d:a8:89:fe:d4:a2:d3:6d:
         15:0d:89:25:b5:1d:6e:19:08:fa:58:ca:a4:33:4e:66:40:0d:
         f7:f8:2c:98:8e:ac:12:f6:ba:07:93:a2:90:b4:ef:c9:2b:ba:
         74:75:83:dc:93:7f:54:72:4f:10:98:63:13:28:29:e3:fe:46:
         f3:37:ec:12:25:78:6d:37:8a:0a:61:90:d0:09:27:1f:75:3d:
         da:a0:68:a7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0eJRJeyidXV/HRy1hQuzv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMzI0MDQ0MDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGZhMWFiYjUxMDQ4YzkzNTQ4ODM0ODU4MWMzYzdmZmQ2ZjM1YjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjNLM1pbvmQ1ObwdyJfmhGKK7fOv
OGQJygbA6lLH3ModtueJ0Vo70hjYUShw+xfEQ61UxpBi1jLpq+ZSvrHvQnowjagu
igINI9w1a8iRteWIs4MrajjeO68KCM6rEQaPPFUTUeZ/kyYVYqLnunQHhHcZzWUX
ZVeUGG7ouVvyVsH6ME4EKS9m5clXacAZ6tZ14cxzd9H/00HnfOV3YGu6Hud1uWAF
TpIaxBYo+iR/NIcJVwlV5W1Jfl+JJw3GzBI2pV4HDKe2TMkQogj9MhRm+4SXxh84
rP2uyBOkcr61XYdUUKkQJpkA70a0bsB1k8oWAElEMTeUhOmroxNNTLvs6QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEj6GrtRBIyTVIg0hYHDx//W81tsMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvU1BvYXUxRUVqSk5VaURTRmdjUEhfOWJ6VzJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPY7AgD
BAPY7BAwDQYJKoZIhvcNAQELBQADggEBABn91v73trmBcEEzAB5tDacQI/sq+Bhj
HFxDccZeBCk30MXx6F78+7T38nOq62Uxje9WD7RN9ofWH1m1teKiwaTJo3N5DEn3
+ZI+5MPhl03vhyP6vXn+k34mEHweEN0/GwgSQD8smdBME8Sd2mULhZHFoRJOBVzB
M7U0EXUvenG+HLdrbX2NCmPI6K30hmjoMJrV66u65kZ9dqUerFujTTf18b/zG2AM
udYUtZJtqIn+1KLTbRUNiSW1HW4ZCPpYyqQzTmZADff4LJiOrBL2ugeTopC078kr
unR1g9yTf1RyTxCYYxMoKeP+RvM37BIleG03igphkNAJJx91PdqgaKc=
-----END CERTIFICATE-----