Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/vP7i6OhT9RS_QltONA8pY4JCnao.roa
File:                     vP7i6OhT9RS_QltONA8pY4JCnao.roa (raw, json)
Hash identifier:          ndOKjlpStXo6zJu2z4MrDPKsNu8GHMjvXhr76nuuHqI=
Subject key identifier:   BC:FE:E2:E8:E8:53:F5:14:BF:42:5B:4E:34:0F:29:63:82:42:9D:AA
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DD344AE7F393F14882CE502FE307C39F0
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/vP7i6OhT9RS_QltONA8pY4JCnao.roa
Signing time:             Tue 28 Apr 2026 08:46:26 +0000
ROA not before:           Tue 28 Apr 2026 08:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209699
IP address blocks:        216.23.88.0/22 maxlen: 24
                          216.23.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:44:ae:7f:39:3f:14:88:2c:e5:02:fe:30:7c:39:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 28 08:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bcfee2e8e853f514bf425b4e340f296382429daa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b4:52:b7:fe:93:ad:67:8d:df:f7:de:69:8f:
                    3e:b6:40:85:74:47:b5:f4:1b:5c:46:e6:e0:95:30:
                    fe:5b:47:ca:67:33:68:e6:b9:7f:2c:ac:3d:30:46:
                    b0:8c:9a:53:1c:7f:11:61:04:0e:11:e2:02:d6:6c:
                    17:85:92:83:b6:bf:54:01:07:23:a4:e3:58:51:6f:
                    c0:58:e2:01:cd:ed:9e:bb:42:2b:4a:eb:97:88:04:
                    b9:87:bc:41:2b:84:b4:d8:2a:7c:92:25:3b:41:5e:
                    ee:c0:3e:1c:f3:25:a8:46:4d:5f:7d:dd:bd:5e:60:
                    16:a0:ff:46:a3:a0:0b:0f:38:3b:17:6e:1c:a4:d4:
                    eb:58:be:32:a4:c1:a5:b0:24:7f:30:86:ba:f4:11:
                    6e:7d:fe:1e:c9:35:e8:16:4c:d3:29:c2:03:14:6f:
                    1f:43:88:82:40:a2:0e:17:69:28:40:f0:57:3d:dc:
                    0c:9c:03:d9:5d:ff:c7:ff:24:75:a1:b6:ff:d9:65:
                    55:2e:99:4d:27:c8:97:d5:47:1d:c6:5c:35:c7:cd:
                    cf:74:3b:9f:40:fb:4b:30:fa:71:fd:fa:fe:32:7a:
                    2a:8d:11:6c:e7:99:71:58:56:dd:e9:b4:0c:78:90:
                    ee:15:58:f3:c0:ef:87:6f:b0:c9:c7:41:dc:36:0c:
                    d6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:FE:E2:E8:E8:53:F5:14:BF:42:5B:4E:34:0F:29:63:82:42:9D:AA
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/vP7i6OhT9RS_QltONA8pY4JCnao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.88.0/22
                  216.23.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1b:1b:b5:d2:8a:80:4b:b0:44:59:ff:95:93:b9:3a:a9:67:18:
         bf:ea:cf:53:ff:06:8d:ee:73:99:92:15:04:3a:8e:76:42:7a:
         e6:dc:cf:8f:03:62:bd:be:92:d3:a0:18:ef:d7:ab:87:88:48:
         5c:4e:3a:1a:80:9d:46:3c:fb:01:4c:5a:26:eb:94:2c:de:f3:
         cb:17:4f:d4:3d:18:5a:92:b9:54:82:ef:4d:db:b1:05:6b:89:
         d2:c6:87:5b:f0:01:35:37:49:76:b6:b8:54:43:06:ec:3e:25:
         eb:0c:e2:c8:04:41:89:05:5e:19:ca:32:dd:37:96:5a:5f:2f:
         79:6c:ec:4c:13:fe:3f:31:9f:5f:20:bf:7f:19:f9:a6:15:e2:
         74:5f:df:92:d9:42:4e:a1:65:2c:60:2a:ff:29:65:da:53:2a:
         c7:78:c3:bb:e7:53:df:e2:17:56:46:ee:95:bd:28:11:02:05:
         26:04:25:1a:53:06:41:5b:99:74:11:3b:32:79:45:1a:82:93:
         2e:43:69:53:d8:5f:24:4b:ae:44:46:20:db:98:69:a2:d9:0b:
         04:ff:c0:49:7a:e2:5c:89:77:f2:75:c8:c1:e0:c9:5a:35:8b:
         55:2c:7d:10:7b:be:71:5e:45:4e:c6:60:8b:1e:5e:56:48:3b:
         dc:cb:15:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3TRK5/OT8UiCzlAv4wfDnwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDI4MDg0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2ZlZTJlOGU4NTNmNTE0YmY0MjViNGUzNDBmMjk2MzgyNDI5ZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLRSt/6TrWeN3/feaY8+tkCFdEe1
9BtcRubglTD+W0fKZzNo5rl/LKw9MEawjJpTHH8RYQQOEeIC1mwXhZKDtr9UAQcj
pONYUW/AWOIBze2eu0IrSuuXiAS5h7xBK4S02Cp8kiU7QV7uwD4c8yWoRk1ffd29
XmAWoP9Go6ALDzg7F24cpNTrWL4ypMGlsCR/MIa69BFuff4eyTXoFkzTKcIDFG8f
Q4iCQKIOF2koQPBXPdwMnAPZXf/H/yR1obb/2WVVLplNJ8iX1Ucdxlw1x83PdDuf
QPtLMPpx/fr+MnoqjRFs55lxWFbd6bQMeJDuFVjzwO+Hb7DJx0HcNgzW4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLz+4ujoU/UUv0JbTjQPKWOCQp2qMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvdlA3aTZPaFQ5UlNfUWx0T05BOHBZNEpDbmFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQC2BdYAwQD
2BdgMA0GCSqGSIb3DQEBCwUAA4IBAQAbG7XSioBLsERZ/5WTuTqpZxi/6s9T/waN
7nOZkhUEOo52Qnrm3M+PA2K9vpLToBjv16uHiEhcTjoagJ1GPPsBTFom65Qs3vPL
F0/UPRhakrlUgu9N27EFa4nSxodb8AE1N0l2trhUQwbsPiXrDOLIBEGJBV4ZyjLd
N5ZaXy95bOxME/4/MZ9fIL9/GfmmFeJ0X9+S2UJOoWUsYCr/KWXaUyrHeMO751Pf
4hdWRu6VvSgRAgUmBCUaUwZBW5l0ETsyeUUagpMuQ2lT2F8kS65ERiDbmGmi2QsE
/8BJeuJciXfydcjB4MlaNYtVLH0Qe75xXkVOxmCLHl5WSDvcyxWy
-----END CERTIFICATE-----