Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/woRyUDAXu2ll3itSZhcE_qzCHpQ.roa
File:                     woRyUDAXu2ll3itSZhcE_qzCHpQ.roa (raw, json)
Hash identifier:          YiZB9BX69sjWmQksPP2IGJL2U8tsB2a/OXEzKj1z6FU=
Subject key identifier:   C2:84:72:50:30:17:BB:69:65:DE:2B:52:66:17:04:FE:AC:C2:1E:94
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019CEB316851E47BFD89B07B8C87A0F367A4
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/woRyUDAXu2ll3itSZhcE_qzCHpQ.roa
Signing time:             Sat 14 Mar 2026 07:13:29 +0000
ROA not before:           Sat 14 Mar 2026 07:13:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26042
IP address blocks:        216.236.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:38:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:eb:31:68:51:e4:7b:fd:89:b0:7b:8c:87:a0:f3:67:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Mar 14 07:13:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c28472503017bb6965de2b52661704feacc21e94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6c:5b:a6:47:d5:93:1d:3e:27:0f:f9:6a:c9:
                    86:1a:84:03:91:2c:f5:87:d9:3d:f9:3f:61:33:3c:
                    87:c6:1f:39:b3:d2:39:f6:11:0e:ca:02:1c:82:65:
                    b1:85:25:7f:b7:35:17:a8:49:13:2c:89:0d:b6:21:
                    6f:f2:80:97:88:bf:3d:04:45:82:ea:9f:27:8b:f1:
                    58:12:cb:e6:5e:f3:1d:84:2c:c0:84:fb:98:ae:1e:
                    d0:84:9e:1e:21:24:a6:04:3c:a5:e7:53:c0:66:e7:
                    e5:2b:a7:ff:35:2f:f4:b0:bc:86:8a:7d:b6:c3:d0:
                    ef:2d:fd:b8:bb:f6:cf:d6:13:05:94:d8:02:d3:d3:
                    76:59:d3:01:74:88:14:73:eb:5b:53:66:0a:eb:26:
                    08:d7:ef:f1:22:29:f3:3c:e5:34:29:eb:7f:a0:04:
                    61:69:d5:2b:43:a8:10:90:51:1c:61:66:6f:6a:c3:
                    c2:e4:f6:3d:95:bd:04:70:a7:1d:8e:36:58:dd:e5:
                    ce:9b:e3:61:6a:f2:38:5f:87:ff:14:20:dc:45:9e:
                    73:01:ce:df:3d:88:ab:f4:39:2a:29:b0:e4:54:58:
                    fe:56:51:4b:ad:cd:c4:cf:c5:be:41:4c:25:4c:e1:
                    9c:c7:4d:a3:35:52:1c:63:b6:df:e7:cf:b9:d3:6c:
                    38:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:84:72:50:30:17:BB:69:65:DE:2B:52:66:17:04:FE:AC:C2:1E:94
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/woRyUDAXu2ll3itSZhcE_qzCHpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:06:e8:9b:5b:b8:44:df:ea:95:ab:6b:5b:75:9b:12:38:5b:
         61:30:38:97:af:48:5b:a2:c8:da:88:d9:f1:b4:4e:6f:c3:60:
         a4:76:aa:3d:58:ee:bd:3b:cc:0b:ae:32:bd:a6:65:fe:89:36:
         24:40:d0:52:13:a4:1e:f5:4d:0b:bd:54:9e:d0:01:95:a9:bd:
         96:65:45:20:f6:f2:c0:95:a0:e2:18:5e:ce:ef:d6:f3:9a:7a:
         bb:d2:f7:9f:e2:75:39:c6:1c:e5:7d:d6:21:0f:24:8c:8e:76:
         bc:c5:af:11:ef:98:f4:4e:03:e2:9b:08:c4:e2:27:3a:2a:93:
         2c:2a:7e:49:3a:77:03:46:cc:6f:24:bf:82:86:a4:87:6d:dc:
         ff:b2:17:9e:8a:cf:7a:3d:a8:5c:4e:0b:14:6f:6f:3a:8d:8e:
         73:11:97:3a:c4:fb:bf:e0:0d:5c:76:c8:8c:36:6a:a2:a5:32:
         2d:4c:48:fa:13:b6:c0:62:e5:7d:7b:6b:7a:75:f0:50:6c:e3:
         93:86:97:d4:8f:f6:df:48:b1:af:5b:47:15:b8:d1:04:0a:31:
         69:cf:d3:82:28:2d:e1:9b:b5:42:3b:58:bf:22:c7:3e:de:0c:
         be:cf:09:23:88:3b:6e:6f:14:88:5e:6d:e7:4e:b4:aa:06:2c:
         af:a4:d1:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzrMWhR5Hv9ibB7jIeg82ekMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMzE0MDcxMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjg0NzI1MDMwMTdiYjY5NjVkZTJiNTI2NjE3MDRmZWFjYzIxZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWxbpkfVkx0+Jw/5asmGGoQDkSz1
h9k9+T9hMzyHxh85s9I59hEOygIcgmWxhSV/tzUXqEkTLIkNtiFv8oCXiL89BEWC
6p8ni/FYEsvmXvMdhCzAhPuYrh7QhJ4eISSmBDyl51PAZuflK6f/NS/0sLyGin22
w9DvLf24u/bP1hMFlNgC09N2WdMBdIgUc+tbU2YK6yYI1+/xIinzPOU0Ket/oARh
adUrQ6gQkFEcYWZvasPC5PY9lb0EcKcdjjZY3eXOm+NhavI4X4f/FCDcRZ5zAc7f
PYir9DkqKbDkVFj+VlFLrc3Ez8W+QUwlTOGcx02jNVIcY7bf58+502w4mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKEclAwF7tpZd4rUmYXBP6swh6UMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvd29SeVVEQVh1MmxsM2l0U1poY0VfcXpDSHBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2OwaMA0G
CSqGSIb3DQEBCwUAA4IBAQAPBuibW7hE3+qVq2tbdZsSOFthMDiXr0hbosjaiNnx
tE5vw2Ckdqo9WO69O8wLrjK9pmX+iTYkQNBSE6Qe9U0LvVSe0AGVqb2WZUUg9vLA
laDiGF7O79bzmnq70vef4nU5xhzlfdYhDySMjna8xa8R75j0TgPimwjE4ic6KpMs
Kn5JOncDRsxvJL+ChqSHbdz/sheeis96PahcTgsUb286jY5zEZc6xPu/4A1cdsiM
NmqipTItTEj6E7bAYuV9e2t6dfBQbOOThpfUj/bfSLGvW0cVuNEECjFpz9OCKC3h
m7VCO1i/Isc+3gy+zwkjiDtubxSIXm3nTrSqBiyvpNEB
-----END CERTIFICATE-----