Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/0_vDnDRF9RJXjQRo2pH5Tit2G6k.roa
File:                     0_vDnDRF9RJXjQRo2pH5Tit2G6k.roa (raw, json)
Hash identifier:          IvBfnkpqBkHgNd2fPdtTwy3ZEe1XX9CROdeaKsRCiZg=
Subject key identifier:   D3:FB:C3:9C:34:45:F5:12:57:8D:04:68:DA:91:F9:4E:2B:76:1B:A9
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       019CF80AE69C5E7B18D70F263E1FDD87189A
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/0_vDnDRF9RJXjQRo2pH5Tit2G6k.roa
Signing time:             Mon 16 Mar 2026 19:06:29 +0000
ROA not before:           Mon 16 Mar 2026 19:06:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213999
IP address blocks:        92.60.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f8:0a:e6:9c:5e:7b:18:d7:0f:26:3e:1f:dd:87:18:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Mar 16 19:06:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3fbc39c3445f512578d0468da91f94e2b761ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9a:9a:89:37:0b:d8:35:81:5d:a0:35:1e:1d:
                    7d:68:96:4f:45:95:18:e1:32:68:1a:69:81:d8:c8:
                    15:84:dc:8e:45:61:98:07:6c:f8:4d:4d:dd:56:c9:
                    b7:27:cc:72:dd:d2:71:a4:7d:df:c5:cf:29:37:24:
                    56:3a:38:3d:86:84:cd:9c:5c:4c:65:45:52:95:57:
                    97:7f:18:61:ef:f5:37:94:b2:bf:df:02:6b:02:43:
                    73:29:8c:74:65:ec:52:3f:4f:fd:c9:2f:b6:0f:d4:
                    23:6a:50:84:06:1b:e0:c2:d3:bc:e1:94:91:d3:0e:
                    22:df:5c:3c:b6:af:49:fd:35:32:5e:89:8d:68:a4:
                    11:6d:f0:0e:59:45:24:de:d8:54:f3:70:48:0f:f2:
                    0e:95:83:8a:f0:90:cd:b4:92:04:c0:b2:2d:96:16:
                    10:2f:5a:7f:9b:26:44:24:a9:68:c2:bf:e1:09:c5:
                    ee:60:ba:3d:55:a0:d4:08:4a:11:9a:e7:53:94:5b:
                    c4:c8:40:dd:7c:d0:d3:75:f7:5d:d6:1c:48:77:56:
                    33:c0:13:93:98:dd:aa:43:99:ce:9e:29:a7:cf:5a:
                    0c:36:eb:7a:e1:c7:66:5b:46:5b:43:75:6c:4f:c1:
                    d1:04:09:ac:b6:df:5c:f5:14:b8:ac:bf:d8:0c:cb:
                    9e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FB:C3:9C:34:45:F5:12:57:8D:04:68:DA:91:F9:4E:2B:76:1B:A9
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/0_vDnDRF9RJXjQRo2pH5Tit2G6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:cd:30:37:82:b9:55:e2:68:e8:65:e4:99:2b:83:f4:e5:56:
         2c:1e:42:fe:c4:3e:71:79:d6:c3:00:1d:d4:13:61:2c:6e:18:
         c0:fb:c0:69:64:96:0e:dd:05:b4:36:55:c9:6d:f0:ad:ed:b3:
         90:56:b3:5b:65:41:ad:c8:ad:a8:d2:00:b3:19:ae:89:5e:3d:
         ce:36:c6:46:44:85:33:52:e2:c0:12:3f:39:d5:73:93:37:2f:
         2a:93:b7:73:1d:18:61:df:0f:87:ff:08:38:eb:51:68:27:96:
         5e:5b:3b:13:9a:2b:b7:a4:dd:68:93:c4:5c:0b:fd:3c:86:45:
         3a:b9:9c:8c:38:f1:8a:aa:4a:47:03:24:b0:83:73:f0:3f:13:
         89:f2:df:63:be:f3:4c:70:40:0c:e6:50:bb:4b:6c:a2:26:37:
         b3:03:31:d5:f6:2c:de:31:ac:f4:7c:52:aa:1f:aa:78:5f:b4:
         b9:ff:15:0f:a8:1f:89:2d:e6:db:6a:25:74:fe:c8:16:9c:cf:
         bd:f3:85:8f:b4:e3:4d:28:b3:74:e3:c2:6a:c2:cd:d6:59:5b:
         75:1a:86:2d:57:f3:8f:47:83:82:69:1f:5f:dd:c9:8a:d2:74:
         a8:23:3f:6b:a6:46:c0:b8:23:66:83:2a:b9:3d:58:85:70:cd:
         98:90:67:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz4CuacXnsY1w8mPh/dhxiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjYwMzE2MTkwNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZiYzM5YzM0NDVmNTEyNTc4ZDA0NjhkYTkxZjk0ZTJiNzYxYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupqaiTcL2DWBXaA1Hh19aJZPRZUY
4TJoGmmB2MgVhNyORWGYB2z4TU3dVsm3J8xy3dJxpH3fxc8pNyRWOjg9hoTNnFxM
ZUVSlVeXfxhh7/U3lLK/3wJrAkNzKYx0ZexSP0/9yS+2D9QjalCEBhvgwtO84ZSR
0w4i31w8tq9J/TUyXomNaKQRbfAOWUUk3thU83BID/IOlYOK8JDNtJIEwLItlhYQ
L1p/myZEJKlowr/hCcXuYLo9VaDUCEoRmudTlFvEyEDdfNDTdfdd1hxId1YzwBOT
mN2qQ5nOnimnz1oMNut64cdmW0ZbQ3VsT8HRBAmstt9c9RS4rL/YDMuetwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNP7w5w0RfUSV40EaNqR+U4rdhupMB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEvMF92RG5EUkY5UkpYalFSbzJwSDVUaXQyRzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYtMmJhZGNlNDY2ODUz
LzEvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDxOMA0G
CSqGSIb3DQEBCwUAA4IBAQB3zTA3grlV4mjoZeSZK4P05VYsHkL+xD5xedbDAB3U
E2EsbhjA+8BpZJYO3QW0NlXJbfCt7bOQVrNbZUGtyK2o0gCzGa6JXj3ONsZGRIUz
UuLAEj851XOTNy8qk7dzHRhh3w+H/wg461FoJ5ZeWzsTmiu3pN1ok8RcC/08hkU6
uZyMOPGKqkpHAySwg3PwPxOJ8t9jvvNMcEAM5lC7S2yiJjezAzHV9izeMaz0fFKq
H6p4X7S5/xUPqB+JLebbaiV0/sgWnM+984WPtONNKLN048Jqws3WWVt1GoYtV/OP
R4OCaR9f3cmK0nSoIz9rpkbAuCNmgyq5PViFcM2YkGdX
-----END CERTIFICATE-----