Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/fJ4RTkcAcu1_glmVBKsTaz8-VOw.roa
File:                     fJ4RTkcAcu1_glmVBKsTaz8-VOw.roa (raw, json)
Hash identifier:          ylSEi7ocQYsHPL2vorGa5RyfsK8vM+dH8wAx4Jn5w88=
Subject key identifier:   7C:9E:11:4E:47:00:72:ED:7F:82:59:95:04:AB:13:6B:3F:3E:54:EC
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019D28DDD14C906E0D319D526135A6FF614B
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/fJ4RTkcAcu1_glmVBKsTaz8-VOw.roa
Signing time:             Thu 26 Mar 2026 06:38:38 +0000
ROA not before:           Thu 26 Mar 2026 06:38:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19318
IP address blocks:        216.23.80.0/22 maxlen: 24
                          216.23.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:28:dd:d1:4c:90:6e:0d:31:9d:52:61:35:a6:ff:61:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Mar 26 06:38:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c9e114e470072ed7f82599504ab136b3f3e54ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ce:bf:4e:85:61:6c:cb:da:24:08:68:d1:18:
                    0c:b6:e3:c0:92:c3:18:f7:be:1b:19:13:be:bc:df:
                    ec:0e:28:c3:44:f0:8b:58:21:82:53:96:70:30:ba:
                    88:7e:aa:b6:df:91:33:7f:92:30:57:69:3a:ba:c6:
                    83:82:c8:5d:13:ab:ff:e5:13:49:38:9c:5c:de:8b:
                    dd:b8:b2:a7:fc:14:dd:07:55:7e:5a:06:56:90:fc:
                    d1:10:12:b3:95:da:51:40:90:3c:1d:e3:a9:06:da:
                    19:96:98:3c:a2:39:ce:01:76:a6:c1:dd:34:d3:44:
                    0c:53:ee:88:34:bd:b5:0e:d8:b4:6c:1f:6f:88:ce:
                    70:9b:3f:d8:c5:d1:27:1f:a9:32:7c:65:d3:bd:29:
                    b2:82:ef:25:1a:41:5a:e4:fb:3a:3c:38:7d:65:b6:
                    1d:99:d5:4a:6e:57:97:f7:30:85:b2:2c:2f:5a:2d:
                    5d:15:d1:09:6d:b9:e3:c3:9e:4f:72:2c:2b:c9:bd:
                    6e:df:40:94:91:81:2e:5f:71:e4:53:a0:e1:80:19:
                    bb:8a:c5:40:43:48:be:e8:41:08:bb:d1:60:78:0a:
                    da:27:c0:de:8b:b6:e0:c2:c3:0d:b9:fd:19:b8:1d:
                    89:b6:d8:e8:65:9e:23:50:af:27:f9:92:12:c8:ef:
                    5a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9E:11:4E:47:00:72:ED:7F:82:59:95:04:AB:13:6B:3F:3E:54:EC
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/fJ4RTkcAcu1_glmVBKsTaz8-VOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.80.0/22
                  216.23.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:54:8c:87:11:61:f4:3d:8c:4d:72:55:9e:ce:23:59:3d:98:
         0c:63:10:2e:46:af:27:8e:3b:8a:a0:96:c0:f5:7c:e3:63:cb:
         66:86:a9:df:5b:0e:f1:4f:42:87:f1:90:b1:43:75:88:90:9f:
         e7:64:3d:15:3f:1e:93:0d:f7:8a:dd:1d:80:86:07:52:12:62:
         9c:57:62:80:50:c4:9e:22:d1:ec:48:fd:d8:8a:6b:d7:a6:d8:
         46:4e:44:90:3b:45:72:2b:80:45:f7:71:6d:c3:59:ec:59:65:
         8b:00:70:0d:17:20:e3:03:0a:d1:fd:c2:0f:fe:c4:01:de:7a:
         74:80:52:94:08:be:35:b2:1c:96:d6:45:48:06:30:a3:46:11:
         a6:05:73:1e:2d:60:f4:95:5d:3b:b9:08:76:d8:7a:db:c6:ee:
         4b:31:42:24:22:c0:98:e5:15:5d:c9:48:e7:13:b7:83:95:7a:
         1f:a7:fa:23:83:e9:51:ed:66:9c:a5:6c:32:e3:27:42:36:9f:
         1b:7e:1e:b8:fc:d4:c5:90:7f:d6:89:1f:f2:b7:e2:4f:26:3f:
         77:d0:9d:56:42:d1:e0:46:7b:45:bc:f7:d1:d7:05:8c:50:9b:
         4e:f0:4c:bc:44:d7:bc:2d:97:b6:6b:d3:77:c8:61:96:db:e1:
         e6:27:b5:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0o3dFMkG4NMZ1SYTWm/2FLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMzI2MDYzODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzllMTE0ZTQ3MDA3MmVkN2Y4MjU5OTUwNGFiMTM2YjNmM2U1NGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos6/ToVhbMvaJAho0RgMtuPAksMY
974bGRO+vN/sDijDRPCLWCGCU5ZwMLqIfqq235Ezf5IwV2k6usaDgshdE6v/5RNJ
OJxc3ovduLKn/BTdB1V+WgZWkPzREBKzldpRQJA8HeOpBtoZlpg8ojnOAXamwd00
00QMU+6INL21Dti0bB9viM5wmz/YxdEnH6kyfGXTvSmygu8lGkFa5Ps6PDh9ZbYd
mdVKbleX9zCFsiwvWi1dFdEJbbnjw55Pciwryb1u30CUkYEuX3HkU6DhgBm7isVA
Q0i+6EEIu9FgeAraJ8Dei7bgwsMNuf0ZuB2JttjoZZ4jUK8n+ZISyO9aLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHyeEU5HAHLtf4JZlQSrE2s/PlTsMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvZko0UlRrY0FjdTFfZ2xtVkJLc1RhejgtVk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQC2BdQAwQC
2BdoMA0GCSqGSIb3DQEBCwUAA4IBAQApVIyHEWH0PYxNclWeziNZPZgMYxAuRq8n
jjuKoJbA9XzjY8tmhqnfWw7xT0KH8ZCxQ3WIkJ/nZD0VPx6TDfeK3R2AhgdSEmKc
V2KAUMSeItHsSP3YimvXpthGTkSQO0VyK4BF93Ftw1nsWWWLAHANFyDjAwrR/cIP
/sQB3np0gFKUCL41shyW1kVIBjCjRhGmBXMeLWD0lV07uQh22Hrbxu5LMUIkIsCY
5RVdyUjnE7eDlXofp/ojg+lR7WacpWwy4ydCNp8bfh64/NTFkH/WiR/yt+JPJj93
0J1WQtHgRntFvPfR1wWMUJtO8Ey8RNe8LZe2a9N3yGGW2+HmJ7XV
-----END CERTIFICATE-----