Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/dpkTcewoOFivlYP8ZfaDchOlXYI.roa
File:                     dpkTcewoOFivlYP8ZfaDchOlXYI.roa (raw, json)
Hash identifier:          WPqIYEeg07gwRzKYbFkHzZWDE9s/k84RXCACEvHkDRE=
Subject key identifier:   76:99:13:71:EC:28:38:58:AF:95:83:FC:65:F6:83:72:13:A5:5D:82
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019D1B6508FEC6B22172EA0B3CDF296D7408
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/dpkTcewoOFivlYP8ZfaDchOlXYI.roa
Signing time:             Mon 23 Mar 2026 15:51:39 +0000
ROA not before:           Mon 23 Mar 2026 15:51:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1653
IP address blocks:        192.36.125.0/24 maxlen: 24
                          194.14.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:65:08:fe:c6:b2:21:72:ea:0b:3c:df:29:6d:74:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Mar 23 15:51:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76991371ec283858af9583fc65f6837213a55d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9e:85:e5:f1:6d:e0:ed:26:3d:7a:89:a1:7d:
                    46:3e:18:47:97:d1:49:0b:ce:7e:a7:73:3a:33:6e:
                    1c:39:7e:02:43:38:04:b5:71:ac:bb:6f:92:18:99:
                    3b:80:43:1e:2a:ee:1a:02:98:32:25:26:89:9f:d0:
                    20:da:c0:19:08:c2:eb:9a:96:b6:fc:df:53:c7:6b:
                    b8:21:3b:3f:c1:6f:59:8a:ee:3c:d1:e6:24:ce:3a:
                    5a:35:7a:42:59:87:92:55:b7:87:26:a7:c7:1c:eb:
                    d9:b5:42:ea:d0:44:2a:50:c0:0c:52:0b:f8:7c:4b:
                    46:87:72:76:c9:fb:97:a6:fa:12:5a:2e:3b:a2:fc:
                    dd:c8:f7:af:f2:55:cb:75:0e:f3:6b:4d:b8:be:f5:
                    fb:2a:8d:2f:fe:34:e8:e8:c3:91:f5:e0:78:2e:d3:
                    04:f3:3d:ca:12:b6:df:9c:3c:01:a2:db:cf:81:89:
                    c5:28:9a:65:02:ad:4b:7b:8d:a9:29:50:3f:ca:50:
                    3b:92:3e:a1:96:93:58:02:7c:82:4e:36:56:a3:4f:
                    57:26:44:e0:37:aa:1d:5a:40:ac:87:e1:4e:91:a4:
                    e9:81:dd:8e:24:a3:52:5c:f8:58:ad:e8:9f:9b:0e:
                    d0:d9:b3:97:62:f2:5a:39:35:1f:98:ac:a1:6d:68:
                    21:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:99:13:71:EC:28:38:58:AF:95:83:FC:65:F6:83:72:13:A5:5D:82
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/dpkTcewoOFivlYP8ZfaDchOlXYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.125.0/24
                  194.14.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:0e:c0:b2:e0:31:94:91:06:d0:44:a0:39:55:9a:78:0a:c8:
         f8:9b:5f:0b:8d:00:69:dc:ba:bd:2c:8a:63:04:d0:52:c8:32:
         be:3f:5c:70:ad:93:dc:27:23:36:59:e9:df:b3:80:3c:97:d2:
         b2:e4:69:89:b4:e2:b9:dc:94:9e:aa:31:a3:58:5d:24:7f:e2:
         52:b6:eb:a8:ef:85:98:32:05:6b:a5:33:f2:0c:78:e9:f2:3f:
         06:52:fa:1f:78:4f:b3:8c:ed:65:cb:62:64:62:89:f7:4a:21:
         20:1c:bc:10:23:7b:f5:1d:2d:ce:2e:78:8a:cb:94:de:ea:d8:
         c1:68:b4:b0:bf:f0:be:5d:ce:02:9f:8d:69:ef:92:33:00:b2:
         7b:e9:fb:54:a8:a9:46:b0:d2:d8:e6:c9:1f:bb:dd:92:df:e8:
         10:f8:03:c8:38:a2:c7:59:c9:d2:1b:b0:9f:73:20:dc:e9:25:
         d4:ce:e9:56:27:16:9b:c9:14:ed:95:f7:9c:e6:3f:d3:b8:85:
         99:8a:c7:07:b7:b3:64:00:63:3a:be:02:b8:f4:f3:63:ad:53:
         b0:1d:9b:76:bc:14:fd:9f:95:22:0a:9e:bc:34:7d:01:3e:38:
         1b:1a:47:18:a4:6b:3a:b4:5d:40:18:98:12:f3:05:85:79:8c:
         57:6d:ef:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0bZQj+xrIhcuoLPN8pbXQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMzIzMTU1MTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njk5MTM3MWVjMjgzODU4YWY5NTgzZmM2NWY2ODM3MjEzYTU1ZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJ6F5fFt4O0mPXqJoX1GPhhHl9FJ
C85+p3M6M24cOX4CQzgEtXGsu2+SGJk7gEMeKu4aApgyJSaJn9Ag2sAZCMLrmpa2
/N9Tx2u4ITs/wW9Ziu480eYkzjpaNXpCWYeSVbeHJqfHHOvZtULq0EQqUMAMUgv4
fEtGh3J2yfuXpvoSWi47ovzdyPev8lXLdQ7za024vvX7Ko0v/jTo6MOR9eB4LtME
8z3KErbfnDwBotvPgYnFKJplAq1Le42pKVA/ylA7kj6hlpNYAnyCTjZWo09XJkTg
N6odWkCsh+FOkaTpgd2OJKNSXPhYreifmw7Q2bOXYvJaOTUfmKyhbWghEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHaZE3HsKDhYr5WD/GX2g3ITpV2CMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvZHBrVGNld29PRml2bFlQOFpmYURjaE9sWFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwCR9AwQA
wg4tMA0GCSqGSIb3DQEBCwUAA4IBAQA1DsCy4DGUkQbQRKA5VZp4Csj4m18LjQBp
3Lq9LIpjBNBSyDK+P1xwrZPcJyM2Wenfs4A8l9Ky5GmJtOK53JSeqjGjWF0kf+JS
tuuo74WYMgVrpTPyDHjp8j8GUvofeE+zjO1ly2JkYon3SiEgHLwQI3v1HS3OLniK
y5Te6tjBaLSwv/C+Xc4Cn41p75IzALJ76ftUqKlGsNLY5skfu92S3+gQ+APIOKLH
WcnSG7CfcyDc6SXUzulWJxabyRTtlfec5j/TuIWZiscHt7NkAGM6vgK49PNjrVOw
HZt2vBT9n5UiCp68NH0BPjgbGkcYpGs6tF1AGJgS8wWFeYxXbe9H
-----END CERTIFICATE-----