Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/cI3avh87O39OTH2EDCZqQutH5Ns.roa
File:                     cI3avh87O39OTH2EDCZqQutH5Ns.roa (raw, json)
Hash identifier:          PWvhR3t5RRJ4KX9H65mhTT6EDfYi6lc1qIh3TLRHz2Y=
Subject key identifier:   70:8D:DA:BE:1F:3B:3B:7F:4E:4C:7D:84:0C:26:6A:42:EB:47:E4:DB
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       019F025905491ACC90C090827C459D52451C
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/cI3avh87O39OTH2EDCZqQutH5Ns.roa
Signing time:             Fri 26 Jun 2026 05:13:36 +0000
ROA not before:           Fri 26 Jun 2026 05:13:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16047
IP address blocks:        37.60.176.0/21 maxlen: 21
                          185.220.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:02:59:05:49:1a:cc:90:c0:90:82:7c:45:9d:52:45:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Jun 26 05:13:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=708ddabe1f3b3b7f4e4c7d840c266a42eb47e4db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bf:dd:a9:51:0a:d8:ce:3e:3f:47:95:e5:7b:
                    d3:e5:cb:07:96:e1:67:27:5e:31:70:e4:00:96:9e:
                    90:9b:75:97:27:89:ef:ce:2d:d4:65:51:0f:52:2a:
                    ee:f3:6f:33:94:59:ef:50:87:3f:53:2b:ab:a3:df:
                    61:28:72:94:2e:f5:0d:45:d7:05:15:22:15:74:a8:
                    52:28:75:7d:5f:52:da:d5:56:11:2c:ae:fc:46:d8:
                    cd:af:43:85:c6:6d:c9:9f:3e:ce:50:3a:64:53:91:
                    de:2d:25:71:d2:f8:66:89:2b:4b:9d:c0:1c:54:5a:
                    6f:f7:07:a0:88:7c:bc:7a:fd:7e:3a:37:d1:03:4b:
                    95:c6:23:78:4b:3c:ea:91:2d:dd:6b:04:e7:90:d2:
                    27:dd:bb:48:04:dc:29:9e:ad:fd:a2:07:f3:e8:c5:
                    cf:ec:4a:d9:25:49:ed:fc:01:0f:f1:79:cf:d2:de:
                    d1:98:c7:16:5f:66:b6:27:60:75:f7:44:16:62:61:
                    19:bd:a4:a3:b2:53:c6:74:8a:de:dc:16:77:2c:f7:
                    93:de:6f:6a:c8:5d:26:9d:58:0f:bd:27:5c:63:73:
                    23:09:2d:dd:6d:91:2c:b2:ee:20:9b:7b:fc:ca:f3:
                    0a:50:cf:07:35:19:a0:81:5b:cf:74:0f:8c:bd:73:
                    23:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:8D:DA:BE:1F:3B:3B:7F:4E:4C:7D:84:0C:26:6A:42:EB:47:E4:DB
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/cI3avh87O39OTH2EDCZqQutH5Ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.176.0/21
                  185.220.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:bd:cc:c6:4f:58:02:98:b7:79:ff:10:55:21:e4:da:de:d0:
         77:bf:45:e0:61:8c:50:bb:21:f3:f1:ca:51:a2:0d:c3:55:0f:
         95:aa:be:7a:03:e8:f4:93:fe:57:87:a6:bf:ac:47:b2:88:29:
         99:77:d2:15:cc:ba:38:a5:ce:59:99:da:ac:b7:58:a3:cd:70:
         dc:4a:59:15:df:a1:8e:fc:29:68:65:8b:18:1e:a6:c1:87:c0:
         97:9c:39:f1:d5:3d:b8:88:e9:3e:dc:c8:03:66:8d:2c:1a:10:
         00:c5:e8:31:7a:7f:d6:84:83:dc:66:7f:78:23:d8:89:b3:50:
         99:0f:29:7b:4c:66:ac:67:79:e1:0a:47:7d:79:a8:24:dd:c4:
         08:da:56:ee:b5:f7:05:c7:20:67:a8:55:0c:64:21:33:84:db:
         84:ba:02:65:3d:3c:e6:9c:5a:ba:6f:81:15:7c:a1:48:19:1f:
         a8:f0:af:43:cf:00:bb:d0:d4:ba:aa:4b:92:7f:e8:cb:2e:5d:
         e7:71:de:a7:4c:20:e7:47:7f:ed:bc:ca:ba:12:cf:50:b3:a8:
         d5:5d:03:36:28:ac:c9:ed:30:09:b3:99:43:73:a3:70:fe:2a:
         46:2b:6b:7d:f7:e8:09:01:01:12:95:df:30:df:78:79:39:ec:
         81:1f:ed:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8CWQVJGsyQwJCCfEWdUkUcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjYwNjI2MDUxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDhkZGFiZTFmM2IzYjdmNGU0YzdkODQwYzI2NmE0MmViNDdlNGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL/dqVEK2M4+P0eV5XvT5csHluFn
J14xcOQAlp6Qm3WXJ4nvzi3UZVEPUiru828zlFnvUIc/Uyuro99hKHKULvUNRdcF
FSIVdKhSKHV9X1La1VYRLK78RtjNr0OFxm3Jnz7OUDpkU5HeLSVx0vhmiStLncAc
VFpv9wegiHy8ev1+OjfRA0uVxiN4SzzqkS3dawTnkNIn3btIBNwpnq39ogfz6MXP
7ErZJUnt/AEP8XnP0t7RmMcWX2a2J2B190QWYmEZvaSjslPGdIre3BZ3LPeT3m9q
yF0mnVgPvSdcY3MjCS3dbZEssu4gm3v8yvMKUM8HNRmggVvPdA+MvXMj0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHCN2r4fOzt/Tkx9hAwmakLrR+TbMB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvY0kzYXZoODdPMzlPVEgyRURDWnFRdXRINU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJTywAwQC
udwoMA0GCSqGSIb3DQEBCwUAA4IBAQBEvczGT1gCmLd5/xBVIeTa3tB3v0XgYYxQ
uyHz8cpRog3DVQ+Vqr56A+j0k/5Xh6a/rEeyiCmZd9IVzLo4pc5Zmdqst1ijzXDc
SlkV36GO/CloZYsYHqbBh8CXnDnx1T24iOk+3MgDZo0sGhAAxegxen/WhIPcZn94
I9iJs1CZDyl7TGasZ3nhCkd9eagk3cQI2lbutfcFxyBnqFUMZCEzhNuEugJlPTzm
nFq6b4EVfKFIGR+o8K9DzwC70NS6qkuSf+jLLl3ncd6nTCDnR3/tvMq6Es9Qs6jV
XQM2KKzJ7TAJs5lDc6Nw/ipGK2t99+gJAQESld8w33h5OeyBH+2d
-----END CERTIFICATE-----