Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/DQmnIWjppD6xsd09qRryvwrR_Ts.roa
File:                     DQmnIWjppD6xsd09qRryvwrR_Ts.roa (raw, json)
Hash identifier:          pqVCZAlzgUmVOYZddP471lk6z4x2stCu2izgZpVrd9c=
Subject key identifier:   0D:09:A7:21:68:E9:A4:3E:B1:B1:DD:3D:A9:1A:F2:BF:0A:D1:FD:3B
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019E9548B3B660F8661A4FDFB4F56E68194F
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/DQmnIWjppD6xsd09qRryvwrR_Ts.roa
Signing time:             Fri 05 Jun 2026 00:57:10 +0000
ROA not before:           Fri 05 Jun 2026 00:57:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214467
IP address blocks:        202.71.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:95:48:b3:b6:60:f8:66:1a:4f:df:b4:f5:6e:68:19:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jun  5 00:57:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d09a72168e9a43eb1b1dd3da91af2bf0ad1fd3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:07:87:d8:23:46:6c:28:84:ca:e6:03:82:cd:
                    b5:50:0e:30:25:33:70:73:16:67:ad:7f:38:74:2e:
                    cc:ff:bf:5a:c0:9e:39:fe:0f:b9:d1:9b:53:66:36:
                    35:b3:3a:24:f7:b0:cf:31:12:50:c2:11:96:0a:bd:
                    86:ed:09:f3:2c:16:4a:02:99:5a:76:4e:82:ff:70:
                    6d:20:7d:3c:ee:73:f7:44:7e:ce:75:63:98:1d:db:
                    52:bf:53:98:6c:74:d5:a0:76:12:84:90:25:6a:fd:
                    f8:c4:28:db:b8:72:6f:9f:64:06:0e:6f:82:44:65:
                    20:76:3f:37:4e:5a:cb:77:e0:82:e5:16:cc:f1:3c:
                    bf:e0:f0:4d:dc:4f:2d:c9:03:5b:db:2a:c9:8d:fc:
                    0c:06:18:a7:09:79:26:ae:7b:e9:86:4f:48:bd:bb:
                    5e:13:70:fa:d8:58:bc:40:28:56:88:4e:b5:e4:3e:
                    c4:e7:f2:2f:16:c8:e7:c0:af:af:87:94:71:b3:dd:
                    65:18:4f:78:05:8f:77:ca:ed:46:b2:e6:d5:97:6b:
                    46:29:c9:1b:c5:a3:01:56:26:bf:80:19:ef:af:22:
                    78:ab:67:8c:d2:2c:30:94:90:52:fd:e8:55:4f:70:
                    24:cb:7d:52:7f:d4:49:24:a6:6e:92:5c:f7:eb:27:
                    54:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:09:A7:21:68:E9:A4:3E:B1:B1:DD:3D:A9:1A:F2:BF:0A:D1:FD:3B
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/DQmnIWjppD6xsd09qRryvwrR_Ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.71.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:6b:2e:76:61:c5:0d:a4:7f:2a:64:91:9d:8a:07:f2:49:7a:
         f5:b0:19:df:55:24:15:a5:f1:d0:39:72:f1:ef:3c:ec:3e:c1:
         5e:9f:fd:32:cb:08:72:0e:36:5a:bf:95:74:4e:e6:41:16:3f:
         33:d2:4d:6d:dc:77:a7:1f:8a:1d:13:b4:57:78:da:bb:3e:31:
         0c:29:a0:47:e4:c2:bb:ea:35:9d:ba:55:56:28:53:ee:74:4b:
         de:87:a8:bd:c6:40:55:79:2c:ec:9a:69:2c:c4:bb:b6:78:29:
         49:44:f9:f5:4e:93:1a:00:7e:ff:fd:7d:23:66:d4:7c:ed:13:
         ae:c2:f8:fe:33:7d:fa:e4:5b:b9:45:fd:4e:94:01:ae:cd:1d:
         b8:fa:2f:0a:3f:a9:7a:37:b2:7c:43:87:62:dc:a8:0b:a0:c3:
         4c:fd:51:ef:17:56:fb:d4:ce:1c:1a:47:ad:1f:33:c8:2b:3e:
         74:b4:f7:9a:9f:37:e9:e3:aa:44:16:65:fd:3f:fd:d1:d8:44:
         7f:c4:3f:a1:e7:38:9a:40:86:27:d9:36:3f:10:fa:a4:60:33:
         08:ef:53:49:96:a3:7d:e3:fa:a5:3c:7a:46:9e:93:4c:c1:0e:
         8e:21:61:87:e8:8d:b4:b8:9a:f4:dc:99:a7:1c:ad:79:62:eb:
         6b:e6:3f:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6VSLO2YPhmGk/ftPVuaBlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwNjA1MDA1NzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDA5YTcyMTY4ZTlhNDNlYjFiMWRkM2RhOTFhZjJiZjBhZDFmZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QeH2CNGbCiEyuYDgs21UA4wJTNw
cxZnrX84dC7M/79awJ45/g+50ZtTZjY1szok97DPMRJQwhGWCr2G7QnzLBZKApla
dk6C/3BtIH087nP3RH7OdWOYHdtSv1OYbHTVoHYShJAlav34xCjbuHJvn2QGDm+C
RGUgdj83TlrLd+CC5RbM8Ty/4PBN3E8tyQNb2yrJjfwMBhinCXkmrnvphk9Ivbte
E3D62Fi8QChWiE615D7E5/IvFsjnwK+vh5Rxs91lGE94BY93yu1GsubVl2tGKckb
xaMBVia/gBnvryJ4q2eM0iwwlJBS/ehVT3Aky31Sf9RJJKZuklz36ydUkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0JpyFo6aQ+sbHdPaka8r8K0f07MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvRFFtbklXanBwRDZ4c2QwOXFScnl2d3JSX1RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAykcIMA0G
CSqGSIb3DQEBCwUAA4IBAQAPay52YcUNpH8qZJGdigfySXr1sBnfVSQVpfHQOXLx
7zzsPsFen/0yywhyDjZav5V0TuZBFj8z0k1t3HenH4odE7RXeNq7PjEMKaBH5MK7
6jWdulVWKFPudEveh6i9xkBVeSzsmmksxLu2eClJRPn1TpMaAH7//X0jZtR87ROu
wvj+M3365Fu5Rf1OlAGuzR24+i8KP6l6N7J8Q4di3KgLoMNM/VHvF1b71M4cGket
HzPIKz50tPeanzfp46pEFmX9P/3R2ER/xD+h5ziaQIYn2TY/EPqkYDMI71NJlqN9
4/qlPHpGnpNMwQ6OIWGH6I20uJr03JmnHK15Yutr5j/L
-----END CERTIFICATE-----