Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/lGhTp3LLyxy8beBvhY8lnM4Yjhs.roa
File:                     lGhTp3LLyxy8beBvhY8lnM4Yjhs.roa (raw, json)
Hash identifier:          /3CeCfqpeIvLkc9UntZNryGgsw4LpxUtcTdUNK/e4Hk=
Subject key identifier:   94:68:53:A7:72:CB:CB:1C:BC:6D:E0:6F:85:8F:25:9C:CE:18:8E:1B
Certificate issuer:       /CN=810cd50db437c789464cb64dfabfe405ca981b1a
Certificate serial:       019D2A7451554E2BC8B6AEFE014788A8215D
Authority key identifier: 81:0C:D5:0D:B4:37:C7:89:46:4C:B6:4D:FA:BF:E4:05:CA:98:1B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/lGhTp3LLyxy8beBvhY8lnM4Yjhs.roa
Signing time:             Thu 26 Mar 2026 14:02:39 +0000
ROA not before:           Thu 26 Mar 2026 14:02:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44622
IP address blocks:        176.62.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:74:51:55:4e:2b:c8:b6:ae:fe:01:47:88:a8:21:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=810cd50db437c789464cb64dfabfe405ca981b1a
        Validity
            Not Before: Mar 26 14:02:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=946853a772cbcb1cbc6de06f858f259cce188e1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:0d:2d:2a:89:97:a9:28:39:43:80:54:36:45:
                    17:50:1b:29:2b:58:3d:91:55:24:81:76:69:0e:24:
                    15:8a:74:17:c2:38:cd:aa:be:48:61:bf:06:ff:59:
                    02:ad:0c:47:95:4d:db:cd:18:de:c9:be:a0:24:3c:
                    4f:39:25:88:50:95:0e:72:82:26:0a:eb:d3:55:36:
                    c5:e2:4a:a4:32:64:97:90:61:27:b7:c9:a6:7f:51:
                    45:32:8c:13:f1:58:41:10:3a:04:51:b5:f4:34:0a:
                    16:ec:6a:3e:8b:6a:bb:fa:6d:85:63:98:85:92:be:
                    52:30:f9:da:e4:49:e0:25:a8:16:7d:28:f6:6a:b1:
                    f0:08:d0:94:c5:b8:f7:ac:9a:af:1f:25:8a:6e:a8:
                    97:ff:ac:be:8f:3e:1f:3c:89:a2:3a:a8:e0:15:ff:
                    ea:78:0f:60:1d:c4:91:94:6b:b0:7c:4b:cf:70:5b:
                    ce:40:75:90:07:20:54:f4:95:f7:18:5e:76:f4:05:
                    86:23:29:3b:40:37:ea:2e:c8:d7:62:12:65:61:d3:
                    72:92:75:3f:fa:ae:02:60:6c:e2:0e:14:b1:17:dd:
                    54:75:f4:c3:e0:a7:94:0a:dc:be:ec:80:d6:fa:dc:
                    07:ca:1d:1d:4c:1a:0a:73:db:eb:a4:89:5b:af:a6:
                    f6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:68:53:A7:72:CB:CB:1C:BC:6D:E0:6F:85:8F:25:9C:CE:18:8E:1B
            X509v3 Authority Key Identifier:
                keyid:81:0C:D5:0D:B4:37:C7:89:46:4C:B6:4D:FA:BF:E4:05:CA:98:1B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/lGhTp3LLyxy8beBvhY8lnM4Yjhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.62.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:1d:a0:72:00:40:9e:4b:d6:6b:9f:5c:6b:be:f0:95:75:23:
         9d:48:27:40:58:57:b7:09:1e:74:da:25:01:f7:63:0f:3e:61:
         f8:d7:28:14:cc:e8:e7:15:96:98:b2:f9:cd:8a:a2:9c:05:ef:
         6f:bf:6b:2f:48:3a:a8:bb:a4:ef:e3:31:65:84:70:d0:86:fc:
         1d:ec:03:cd:6c:3e:d4:d3:06:9c:ad:98:62:8b:b4:bd:5c:4d:
         8b:82:f2:9f:fd:22:2f:b3:f9:71:65:53:36:d1:bd:73:e9:44:
         4c:af:73:c7:a3:f4:a4:43:03:f6:b8:c1:22:6a:66:cc:7e:0c:
         8a:bf:7a:c5:1d:76:0d:b9:aa:52:d1:cf:2f:db:66:da:29:a6:
         b5:b6:8a:f6:36:21:9b:fa:c6:45:42:98:c0:37:6d:18:04:a0:
         0c:f5:17:91:0b:f1:1e:06:89:ff:d5:52:85:53:04:ac:8e:14:
         b4:9a:22:bb:85:52:82:8d:17:2f:06:5a:1b:75:ba:ec:5e:70:
         b0:d8:89:71:de:d4:66:28:6e:66:8d:b2:0e:7d:40:06:3c:4b:
         4f:fc:a5:11:61:64:7c:d4:1d:19:7a:bd:0f:14:f1:03:7e:b5:
         84:ba:ba:dc:79:79:7c:cc:f1:9e:87:77:88:23:39:d3:24:d9:
         1b:a1:3c:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0qdFFVTivItq7+AUeIqCFdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMGNkNTBkYjQzN2M3ODk0NjRjYjY0ZGZhYmZlNDA1Y2E5
ODFiMWEwHhcNMjYwMzI2MTQwMjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDY4NTNhNzcyY2JjYjFjYmM2ZGUwNmY4NThmMjU5Y2NlMTg4ZTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7g0tKomXqSg5Q4BUNkUXUBspK1g9
kVUkgXZpDiQVinQXwjjNqr5IYb8G/1kCrQxHlU3bzRjeyb6gJDxPOSWIUJUOcoIm
CuvTVTbF4kqkMmSXkGEnt8mmf1FFMowT8VhBEDoEUbX0NAoW7Go+i2q7+m2FY5iF
kr5SMPna5EngJagWfSj2arHwCNCUxbj3rJqvHyWKbqiX/6y+jz4fPImiOqjgFf/q
eA9gHcSRlGuwfEvPcFvOQHWQByBU9JX3GF529AWGIyk7QDfqLsjXYhJlYdNyknU/
+q4CYGziDhSxF91UdfTD4KeUCty+7IDW+twHyh0dTBoKc9vrpIlbr6b25QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRoU6dyy8scvG3gb4WPJZzOGI4bMB8GA1UdIwQY
MBaAFIEM1Q20N8eJRky2Tfq/5AXKmBsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1F6VkRiUTN4NGxHVExaTi1yX2tCY3FZR3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9lY2FhOTYtOWFmNi00Yjk5LTk1N2Yt
NmI3NTk5ZmNkYzMzLzEvbEdoVHAzTEx5eHk4YmVCdmhZOGxuTTRZamhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9lY2FhOTYtOWFmNi00Yjk5LTk1N2YtNmI3NTk5ZmNkYzMz
LzEvZ1F6VkRiUTN4NGxHVExaTi1yX2tCY3FZR3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsD7cMA0G
CSqGSIb3DQEBCwUAA4IBAQB3HaByAECeS9Zrn1xrvvCVdSOdSCdAWFe3CR502iUB
92MPPmH41ygUzOjnFZaYsvnNiqKcBe9vv2svSDqou6Tv4zFlhHDQhvwd7APNbD7U
0wacrZhii7S9XE2LgvKf/SIvs/lxZVM20b1z6URMr3PHo/SkQwP2uMEiambMfgyK
v3rFHXYNuapS0c8v22baKaa1tor2NiGb+sZFQpjAN20YBKAM9ReRC/EeBon/1VKF
UwSsjhS0miK7hVKCjRcvBlobdbrsXnCw2Ilx3tRmKG5mjbIOfUAGPEtP/KURYWR8
1B0Zer0PFPEDfrWEurrceXl8zPGeh3eIIznTJNkboTwX
-----END CERTIFICATE-----