Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e932cd-be0c-4017-b114-fe83b9c2ad7a/1/J30Uy6gqwHaFt6wmeXIH9IzCZrM.roa
File:                     J30Uy6gqwHaFt6wmeXIH9IzCZrM.roa (raw, json)
Hash identifier:          2dDwKwUupmkxJSwCisq+lWow/CZtDHfp1eWe22XuURw=
Subject key identifier:   27:7D:14:CB:A8:2A:C0:76:85:B7:AC:26:79:72:07:F4:8C:C2:66:B3
Certificate issuer:       /CN=c16a9f3946af7648b2b3e9e22cb808d6367fb90f
Certificate serial:       019D068A71A44E978F025A206BD8149916E7
Authority key identifier: C1:6A:9F:39:46:AF:76:48:B2:B3:E9:E2:2C:B8:08:D6:36:7F:B9:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wWqfOUavdkiys-niLLgI1jZ_uQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e932cd-be0c-4017-b114-fe83b9c2ad7a/1/J30Uy6gqwHaFt6wmeXIH9IzCZrM.roa
Signing time:             Thu 19 Mar 2026 14:40:29 +0000
ROA not before:           Thu 19 Mar 2026 14:40:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16097
IP address blocks:        89.28.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e932cd-be0c-4017-b114-fe83b9c2ad7a/1/wWqfOUavdkiys-niLLgI1jZ_uQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e932cd-be0c-4017-b114-fe83b9c2ad7a/1/wWqfOUavdkiys-niLLgI1jZ_uQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wWqfOUavdkiys-niLLgI1jZ_uQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:8a:71:a4:4e:97:8f:02:5a:20:6b:d8:14:99:16:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c16a9f3946af7648b2b3e9e22cb808d6367fb90f
        Validity
            Not Before: Mar 19 14:40:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=277d14cba82ac07685b7ac26797207f48cc266b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a9:09:a5:a8:53:aa:76:7b:bf:4b:25:d0:be:
                    1c:88:76:ef:fc:ed:01:81:bd:e0:6a:7b:8d:20:f4:
                    f7:89:2a:b5:db:15:1b:b1:5a:bd:9f:6e:7e:4d:dc:
                    99:12:c4:ac:64:a4:03:e6:79:af:37:5f:61:df:4e:
                    fc:ba:19:4f:b1:fe:65:03:7e:e3:54:c3:2a:c7:ee:
                    59:c3:35:40:65:a5:0e:c1:82:c5:fd:3c:94:14:31:
                    c2:70:76:50:85:94:f0:a2:af:bc:38:cf:c1:af:0c:
                    8a:e7:01:72:03:82:93:9e:99:82:94:48:35:18:5c:
                    94:c6:53:9b:8c:67:bd:76:1b:bc:98:fe:28:e1:ae:
                    fc:d4:be:4a:9f:f0:e9:5c:e9:45:bf:f1:74:71:32:
                    83:6c:bc:c2:51:51:c2:08:57:10:85:4a:d8:67:dd:
                    78:4e:68:e1:5a:b4:e5:72:32:0a:85:aa:96:03:18:
                    f3:85:37:5d:1c:a5:69:8a:e8:db:63:63:0f:62:33:
                    da:28:63:ef:27:eb:d1:72:2f:d8:b9:a6:26:35:12:
                    6a:5f:1e:a9:e9:33:b1:0a:54:c6:47:92:49:ed:d0:
                    c3:c2:1b:06:26:ef:30:1e:bd:c5:a3:90:4c:e5:de:
                    91:f6:c2:68:49:8d:d9:bf:b3:7b:f7:5f:5e:da:f8:
                    4a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:7D:14:CB:A8:2A:C0:76:85:B7:AC:26:79:72:07:F4:8C:C2:66:B3
            X509v3 Authority Key Identifier:
                keyid:C1:6A:9F:39:46:AF:76:48:B2:B3:E9:E2:2C:B8:08:D6:36:7F:B9:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wWqfOUavdkiys-niLLgI1jZ_uQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e932cd-be0c-4017-b114-fe83b9c2ad7a/1/J30Uy6gqwHaFt6wmeXIH9IzCZrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e932cd-be0c-4017-b114-fe83b9c2ad7a/1/wWqfOUavdkiys-niLLgI1jZ_uQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:6d:af:44:59:7e:df:d7:db:ec:f7:17:fc:ea:29:eb:4b:37:
         6c:a9:db:99:a2:83:b2:ac:4a:e6:e4:96:fe:f5:9e:bd:2d:07:
         58:61:56:45:06:f6:aa:3e:db:3c:19:f4:78:34:12:f4:14:c1:
         55:04:2f:32:04:39:28:24:d2:b5:60:fa:67:15:0f:9d:0d:f7:
         0e:82:d0:01:a2:4d:d7:bd:02:72:5c:dc:82:17:01:b8:59:6d:
         44:60:a8:a4:d4:48:99:4f:18:20:7c:48:2d:b6:f7:69:95:3b:
         08:34:c6:df:23:b6:e6:33:9f:1d:08:74:2a:52:d6:06:45:a4:
         68:f2:30:c9:75:a4:14:b4:c6:7b:06:83:a0:c9:a9:64:f6:f7:
         2d:4a:31:b1:8c:3f:19:4b:37:68:67:6f:91:ca:e9:a8:20:bb:
         d3:56:4c:35:ff:01:fa:8b:ca:51:74:17:29:68:98:76:63:6f:
         f0:48:a4:cb:b3:12:cc:b6:57:38:5c:b2:ca:1f:48:74:9b:c0:
         55:48:ef:f4:22:82:14:76:38:50:2b:94:5f:b1:b8:82:5e:bc:
         0f:48:81:af:86:66:d5:0f:4c:d1:4c:a3:5b:d1:07:d8:1c:36:
         c4:3e:05:a3:8f:cd:3f:1d:e2:e8:4a:ad:e0:eb:0d:ad:18:46:
         5c:a0:7d:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0GinGkTpePAloga9gUmRbnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNmE5ZjM5NDZhZjc2NDhiMmIzZTllMjJjYjgwOGQ2MzY3
ZmI5MGYwHhcNMjYwMzE5MTQ0MDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzdkMTRjYmE4MmFjMDc2ODViN2FjMjY3OTcyMDdmNDhjYzI2NmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxakJpahTqnZ7v0sl0L4ciHbv/O0B
gb3ganuNIPT3iSq12xUbsVq9n25+TdyZEsSsZKQD5nmvN19h3078uhlPsf5lA37j
VMMqx+5ZwzVAZaUOwYLF/TyUFDHCcHZQhZTwoq+8OM/BrwyK5wFyA4KTnpmClEg1
GFyUxlObjGe9dhu8mP4o4a781L5Kn/DpXOlFv/F0cTKDbLzCUVHCCFcQhUrYZ914
TmjhWrTlcjIKhaqWAxjzhTddHKVpiujbY2MPYjPaKGPvJ+vRci/YuaYmNRJqXx6p
6TOxClTGR5JJ7dDDwhsGJu8wHr3Fo5BM5d6R9sJoSY3Zv7N7919e2vhKIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCd9FMuoKsB2hbesJnlyB/SMwmazMB8GA1UdIwQY
MBaAFMFqnzlGr3ZIsrPp4iy4CNY2f7kPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1dxZk9VYXZka2l5cy1uaUxMZ0kxalpfdVE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lOTMyY2QtYmUwYy00MDE3LWIxMTQt
ZmU4M2I5YzJhZDdhLzEvSjMwVXk2Z3F3SGFGdDZ3bWVYSUg5SXpDWnJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lOTMyY2QtYmUwYy00MDE3LWIxMTQtZmU4M2I5YzJhZDdh
LzEvd1dxZk9VYXZka2l5cy1uaUxMZ0kxalpfdVE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzxMA0G
CSqGSIb3DQEBCwUAA4IBAQByba9EWX7f19vs9xf86inrSzdsqduZooOyrErm5Jb+
9Z69LQdYYVZFBvaqPts8GfR4NBL0FMFVBC8yBDkoJNK1YPpnFQ+dDfcOgtABok3X
vQJyXNyCFwG4WW1EYKik1EiZTxggfEgttvdplTsINMbfI7bmM58dCHQqUtYGRaRo
8jDJdaQUtMZ7BoOgyalk9vctSjGxjD8ZSzdoZ2+RyumoILvTVkw1/wH6i8pRdBcp
aJh2Y2/wSKTLsxLMtlc4XLLKH0h0m8BVSO/0IoIUdjhQK5RfsbiCXrwPSIGvhmbV
D0zRTKNb0QfYHDbEPgWjj80/HeLoSq3g6w2tGEZcoH1U
-----END CERTIFICATE-----