Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/rh1t8AdtW5X_mU-XGymyiJ42L4E.roa
File:                     rh1t8AdtW5X_mU-XGymyiJ42L4E.roa (raw, json)
Hash identifier:          bE17I2YtvcQbQ3CE6y2GVp/jGGc4qiczIu6MK7Pc540=
Subject key identifier:   AE:1D:6D:F0:07:6D:5B:95:FF:99:4F:97:1B:29:B2:88:9E:36:2F:81
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019CD3BFD8613C184F18921349AA656DE80D
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/rh1t8AdtW5X_mU-XGymyiJ42L4E.roa
Signing time:             Mon 09 Mar 2026 17:58:11 +0000
ROA not before:           Mon 09 Mar 2026 17:58:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200235
IP address blocks:        92.119.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Mar 2026 15:19:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d3:bf:d8:61:3c:18:4f:18:92:13:49:aa:65:6d:e8:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar  9 17:58:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae1d6df0076d5b95ff994f971b29b2889e362f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:98:df:e9:6d:a1:eb:88:59:bf:e2:20:4a:3d:
                    e3:6c:21:0b:c0:d7:f8:f8:c6:5c:02:60:93:d2:6b:
                    1f:43:00:e8:de:52:e0:df:b5:76:4d:16:60:17:c5:
                    32:ee:96:f2:94:87:e8:55:00:a9:4b:76:8d:ab:43:
                    c3:8c:1d:7c:da:dd:0d:6c:91:6f:d6:83:a2:92:42:
                    86:e3:13:4f:2d:af:38:ff:ec:05:db:6b:3b:3b:8c:
                    1a:23:97:0d:d0:a4:89:ad:80:9c:56:d6:45:c9:9d:
                    a5:2e:d1:95:db:f5:a8:27:e5:e0:0f:f9:9b:7f:dd:
                    12:cf:ed:a3:16:3d:3a:a1:45:e8:1c:50:5a:c2:97:
                    03:6b:e3:f0:bc:6d:df:bd:c4:09:a1:69:21:d3:9d:
                    31:71:88:20:32:c0:db:3a:1e:75:56:d8:b0:5b:49:
                    ba:af:9f:6b:f6:12:ec:a2:e8:03:a6:f5:c0:45:55:
                    96:ca:11:96:f3:e6:37:53:14:98:cf:0a:6d:bc:5e:
                    5a:37:81:f8:4d:94:06:35:c3:63:69:d5:27:82:92:
                    50:cf:ee:95:29:40:ab:29:61:2e:cd:d5:22:2b:0b:
                    01:12:25:e7:1c:38:e9:97:a9:e3:97:03:43:db:f0:
                    c3:8a:cd:f5:8d:ff:84:9a:d1:de:ef:28:23:81:17:
                    06:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:1D:6D:F0:07:6D:5B:95:FF:99:4F:97:1B:29:B2:88:9E:36:2F:81
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/rh1t8AdtW5X_mU-XGymyiJ42L4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:fe:f1:e2:62:31:57:f6:76:d6:7f:2f:c6:7b:2f:db:71:59:
         bc:43:9f:2b:59:ba:e3:b7:67:c3:d9:25:34:04:0d:be:20:02:
         e4:d9:82:e5:23:db:8c:12:a6:a0:4c:17:6d:5c:9d:6a:d4:55:
         1b:c8:c4:1b:38:12:2c:fe:24:3a:8c:5b:8c:8c:57:b0:a0:8c:
         45:b8:09:3d:a1:d7:fa:ea:6a:9a:79:01:46:7b:1b:f5:d4:74:
         b1:ec:bb:68:46:4c:a2:52:55:d3:a7:c2:93:4b:e2:ef:df:0f:
         c6:44:16:f0:d7:39:5c:93:cb:28:72:f0:ae:30:60:65:39:92:
         8e:92:e4:fd:03:c6:2b:3e:b8:a2:17:69:18:fd:69:68:e5:e8:
         1f:7f:15:10:a3:bd:80:a5:d2:56:e1:0a:cc:a1:50:f4:5b:20:
         b8:9b:ba:f1:62:fc:44:1c:a3:4e:cf:8a:76:8c:b8:78:6a:9f:
         3f:52:88:ac:db:11:8b:99:58:de:4a:1a:3f:6d:05:97:62:e0:
         84:c0:5e:a0:16:cf:1a:75:cf:e2:b7:16:30:e2:94:7f:23:f8:
         8f:30:ba:c3:89:78:4a:d7:91:61:d0:f7:99:b9:0b:93:6d:ef:
         ff:63:86:4d:b8:d4:76:a2:b1:68:c8:30:d3:d0:d1:a5:b4:ef:
         28:2a:ff:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzTv9hhPBhPGJITSaplbegNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMzA5MTc1ODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTFkNmRmMDA3NmQ1Yjk1ZmY5OTRmOTcxYjI5YjI4ODllMzYyZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJjf6W2h64hZv+IgSj3jbCELwNf4
+MZcAmCT0msfQwDo3lLg37V2TRZgF8Uy7pbylIfoVQCpS3aNq0PDjB182t0NbJFv
1oOikkKG4xNPLa84/+wF22s7O4waI5cN0KSJrYCcVtZFyZ2lLtGV2/WoJ+XgD/mb
f90Sz+2jFj06oUXoHFBawpcDa+PwvG3fvcQJoWkh050xcYggMsDbOh51VtiwW0m6
r59r9hLsougDpvXARVWWyhGW8+Y3UxSYzwptvF5aN4H4TZQGNcNjadUngpJQz+6V
KUCrKWEuzdUiKwsBEiXnHDjpl6njlwND2/DDis31jf+EmtHe7ygjgRcGVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4dbfAHbVuV/5lPlxspsoieNi+BMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvcmgxdDhBZHRXNVhfbVUtWEd5bXlpSjQyTDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHeiMA0G
CSqGSIb3DQEBCwUAA4IBAQBU/vHiYjFX9nbWfy/Gey/bcVm8Q58rWbrjt2fD2SU0
BA2+IALk2YLlI9uMEqagTBdtXJ1q1FUbyMQbOBIs/iQ6jFuMjFewoIxFuAk9odf6
6mqaeQFGexv11HSx7LtoRkyiUlXTp8KTS+Lv3w/GRBbw1zlck8socvCuMGBlOZKO
kuT9A8YrPriiF2kY/Wlo5egffxUQo72ApdJW4QrMoVD0WyC4m7rxYvxEHKNOz4p2
jLh4ap8/Uois2xGLmVjeSho/bQWXYuCEwF6gFs8adc/itxYw4pR/I/iPMLrDiXhK
15Fh0PeZuQuTbe//Y4ZNuNR2orFoyDDT0NGltO8oKv9u
-----END CERTIFICATE-----