Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/c596d9-9d9a-4081-a2f0-5446d86bcfc6/1/coMp5dOgndLahx2iTGXfIJ8yLLE.roa
File:                     coMp5dOgndLahx2iTGXfIJ8yLLE.roa (raw, json)
Hash identifier:          q4LCC/e7DOJLCRD77MYpRDtHZ3bvIBYyvXX9RO1rrD8=
Subject key identifier:   72:83:29:E5:D3:A0:9D:D2:DA:87:1D:A2:4C:65:DF:20:9F:32:2C:B1
Certificate issuer:       /CN=77e2ff4689d421350f76a373bc1193e451b81ef5
Certificate serial:       019B7C7FE3670909F855739CD5FEAF7316A1
Authority key identifier: 77:E2:FF:46:89:D4:21:35:0F:76:A3:73:BC:11:93:E4:51:B8:1E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-L_RonUITUPdqNzvBGT5FG4HvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/c596d9-9d9a-4081-a2f0-5446d86bcfc6/1/coMp5dOgndLahx2iTGXfIJ8yLLE.roa
Signing time:             Fri 02 Jan 2026 02:18:34 +0000
ROA not before:           Fri 02 Jan 2026 02:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216237
IP address blocks:        185.208.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/c596d9-9d9a-4081-a2f0-5446d86bcfc6/1/d-L_RonUITUPdqNzvBGT5FG4HvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/c596d9-9d9a-4081-a2f0-5446d86bcfc6/1/d-L_RonUITUPdqNzvBGT5FG4HvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d-L_RonUITUPdqNzvBGT5FG4HvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:e3:67:09:09:f8:55:73:9c:d5:fe:af:73:16:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77e2ff4689d421350f76a373bc1193e451b81ef5
        Validity
            Not Before: Jan  2 02:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=728329e5d3a09dd2da871da24c65df209f322cb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:80:84:7f:3a:02:5e:0c:46:0e:a9:10:23:5e:
                    f6:47:c8:62:7b:b0:19:3e:b6:ac:a9:a4:04:42:31:
                    c0:46:53:77:b0:cd:f0:3e:46:c7:4a:98:06:a3:97:
                    5c:e0:d3:af:b3:ff:de:14:09:bc:70:42:47:5d:cb:
                    82:43:ea:b5:82:73:87:f0:a5:0a:19:6a:c7:b1:b1:
                    bb:01:c9:83:7b:f5:14:5d:bd:13:3b:fd:a2:9b:95:
                    c3:0b:61:5f:3e:40:51:02:b3:f6:0a:8a:b0:02:35:
                    83:3f:70:ba:c3:cd:b9:49:3e:c9:14:4d:38:39:8f:
                    97:b1:c5:a9:11:12:db:b1:d9:f9:ef:74:15:98:48:
                    3d:bc:20:25:c5:fc:6d:fd:66:3d:af:f4:e2:18:66:
                    8b:e7:ea:56:66:30:a1:1d:8b:12:b9:66:3b:ea:70:
                    1b:3c:c5:73:7f:36:4d:65:9c:d9:24:1a:27:bd:c1:
                    8a:f5:93:e7:26:5c:f7:76:cb:d4:72:d2:fe:fb:27:
                    a7:b3:87:cf:0f:7a:2b:b4:df:94:54:f0:99:a4:88:
                    df:6c:85:fe:22:a9:57:22:6b:ea:79:63:d2:86:0c:
                    be:cc:89:55:21:08:25:47:09:54:3c:97:dd:8b:2a:
                    b7:9e:28:76:1f:8c:f6:7a:85:b0:7d:a2:20:ac:0b:
                    19:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:83:29:E5:D3:A0:9D:D2:DA:87:1D:A2:4C:65:DF:20:9F:32:2C:B1
            X509v3 Authority Key Identifier:
                keyid:77:E2:FF:46:89:D4:21:35:0F:76:A3:73:BC:11:93:E4:51:B8:1E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-L_RonUITUPdqNzvBGT5FG4HvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c596d9-9d9a-4081-a2f0-5446d86bcfc6/1/coMp5dOgndLahx2iTGXfIJ8yLLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c596d9-9d9a-4081-a2f0-5446d86bcfc6/1/d-L_RonUITUPdqNzvBGT5FG4HvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:84:ca:b7:47:9b:ec:f0:34:88:46:6c:bf:53:87:4a:e7:dc:
         a1:71:4e:19:96:4f:3a:aa:bf:ce:ef:b7:ad:bc:17:43:48:ea:
         3b:bf:8a:81:07:02:bd:72:be:0a:c1:4f:96:48:76:c8:67:30:
         b5:4d:cb:7c:52:00:f6:e5:6d:b8:0f:1a:d9:d8:54:fe:05:5b:
         3c:fc:98:3d:1b:c1:c3:c6:41:8e:e5:3b:c4:26:3c:d7:b9:dd:
         e8:79:7d:14:14:c9:3a:cc:b0:fd:71:fa:25:24:c1:0d:d6:32:
         e4:63:3b:6c:4b:a1:1f:1d:5a:64:58:a4:06:db:9e:a8:8a:70:
         08:1d:cb:13:d1:7a:14:de:cd:01:96:78:9a:50:db:3d:0d:03:
         97:46:a2:c1:93:82:f1:6f:e7:dc:cb:04:22:51:7a:af:46:80:
         20:6f:32:3a:be:42:45:0c:13:c6:2a:2b:a8:a2:6d:ae:d3:54:
         c3:6b:b7:d7:d2:17:34:dd:db:ce:3f:9e:16:8c:58:fe:28:8d:
         78:cd:2f:98:d4:0e:9d:73:bf:cd:91:d4:7e:68:0a:f5:70:b5:
         9a:36:84:80:b9:c5:ee:26:91:93:88:23:8c:d3:89:87:9a:1f:
         0f:5d:67:40:c5:0d:51:8b:00:e7:35:c3:37:a9:a7:27:54:de:
         7b:c9:78:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f+NnCQn4VXOc1f6vcxahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZTJmZjQ2ODlkNDIxMzUwZjc2YTM3M2JjMTE5M2U0NTFi
ODFlZjUwHhcNMjYwMTAyMDIxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjgzMjllNWQzYTA5ZGQyZGE4NzFkYTI0YzY1ZGYyMDlmMzIyY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYCEfzoCXgxGDqkQI172R8hie7AZ
PrasqaQEQjHARlN3sM3wPkbHSpgGo5dc4NOvs//eFAm8cEJHXcuCQ+q1gnOH8KUK
GWrHsbG7AcmDe/UUXb0TO/2im5XDC2FfPkBRArP2CoqwAjWDP3C6w825ST7JFE04
OY+XscWpERLbsdn573QVmEg9vCAlxfxt/WY9r/TiGGaL5+pWZjChHYsSuWY76nAb
PMVzfzZNZZzZJBonvcGK9ZPnJlz3dsvUctL++yens4fPD3ortN+UVPCZpIjfbIX+
IqlXImvqeWPShgy+zIlVIQglRwlUPJfdiyq3nih2H4z2eoWwfaIgrAsZuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKDKeXToJ3S2ocdokxl3yCfMiyxMB8GA1UdIwQY
MBaAFHfi/0aJ1CE1D3ajc7wRk+RRuB71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC1MX1JvblVJVFVQZHFOenZCR1Q1Rkc0SHZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9jNTk2ZDktOWQ5YS00MDgxLWEyZjAt
NTQ0NmQ4NmJjZmM2LzEvY29NcDVkT2duZExhaHgyaVRHWGZJSjh5TExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9jNTk2ZDktOWQ5YS00MDgxLWEyZjAtNTQ0NmQ4NmJjZmM2
LzEvZC1MX1JvblVJVFVQZHFOenZCR1Q1Rkc0SHZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudDLMA0G
CSqGSIb3DQEBCwUAA4IBAQAShMq3R5vs8DSIRmy/U4dK59yhcU4Zlk86qr/O77et
vBdDSOo7v4qBBwK9cr4KwU+WSHbIZzC1Tct8UgD25W24DxrZ2FT+BVs8/Jg9G8HD
xkGO5TvEJjzXud3oeX0UFMk6zLD9cfolJMEN1jLkYztsS6EfHVpkWKQG256oinAI
HcsT0XoU3s0BlniaUNs9DQOXRqLBk4Lxb+fcywQiUXqvRoAgbzI6vkJFDBPGKiuo
om2u01TDa7fX0hc03dvOP54WjFj+KI14zS+Y1A6dc7/NkdR+aAr1cLWaNoSAucXu
JpGTiCOM04mHmh8PXWdAxQ1RiwDnNcM3qacnVN57yXjA
-----END CERTIFICATE-----