Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/_tIJodTF0tjZ2BRpzO06esyTMcc.roa
File:                     _tIJodTF0tjZ2BRpzO06esyTMcc.roa (raw, json)
Hash identifier:          klg/XfnwGn0Trf6tOz+sC9FOx5B+7q/m4bYYCvOzprs=
Subject key identifier:   FE:D2:09:A1:D4:C5:D2:D8:D9:D8:14:69:CC:ED:3A:7A:CC:93:31:C7
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019CBD366FBED1515A09F24F06ACFC1F66D0
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/_tIJodTF0tjZ2BRpzO06esyTMcc.roa
Signing time:             Thu 05 Mar 2026 08:56:27 +0000
ROA not before:           Thu 05 Mar 2026 08:56:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150423
IP address blocks:        72.63.54.0/23 maxlen: 23
                          152.163.110.0/23 maxlen: 23
                          205.188.238.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:36:6f:be:d1:51:5a:09:f2:4f:06:ac:fc:1f:66:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Mar  5 08:56:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fed209a1d4c5d2d8d9d81469cced3a7acc9331c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:39:89:49:a2:be:fa:54:ac:e0:ac:8b:9c:e2:
                    84:5f:8e:0a:d8:3e:94:c3:48:89:67:41:3d:3a:78:
                    0a:48:cc:67:5d:17:f9:2f:8b:db:7f:41:0d:b5:df:
                    10:b1:22:bf:b3:65:06:a1:53:63:7a:08:76:34:71:
                    57:0f:7d:4a:e1:24:b3:a0:93:ee:1d:53:a1:bc:6b:
                    d3:4c:e8:ec:05:bd:c3:a9:d5:ab:7d:aa:eb:94:5d:
                    ae:c9:1d:be:aa:5e:0f:43:e6:37:b7:bf:eb:be:66:
                    fc:50:da:78:64:3f:a0:06:a4:96:70:70:8d:e9:f3:
                    80:2f:47:81:26:b2:0d:ce:ac:b3:12:89:18:e8:e2:
                    4f:76:76:3a:1b:0f:18:67:5b:87:3a:f4:dd:2a:a0:
                    11:27:4c:d9:e2:bb:1d:e0:7c:57:03:57:a2:23:41:
                    6a:73:05:42:e9:d0:ed:3c:16:11:5a:64:24:ea:66:
                    4a:35:cb:60:ed:ea:02:f1:18:26:8a:81:88:45:40:
                    b1:c5:9e:98:8c:cb:17:f9:f8:93:29:a2:68:af:9a:
                    15:76:77:0d:61:c5:dc:f5:46:8b:34:fb:3b:3d:6f:
                    16:d1:76:38:66:e3:66:fc:3c:87:2d:0e:38:cc:95:
                    5a:e8:f6:01:6d:76:7a:2b:1b:93:41:6c:3b:d4:6b:
                    55:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D2:09:A1:D4:C5:D2:D8:D9:D8:14:69:CC:ED:3A:7A:CC:93:31:C7
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/_tIJodTF0tjZ2BRpzO06esyTMcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.63.54.0/23
                  152.163.110.0/23
                  205.188.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:fb:29:72:b6:fd:70:34:a2:18:45:c2:72:81:85:05:3a:9c:
         8e:01:22:05:24:2e:a7:d5:7e:49:52:10:87:60:69:30:23:0c:
         d0:2d:85:fe:28:47:ff:d9:46:2f:8b:ea:45:a9:1a:0a:1b:2c:
         81:c3:85:c0:7c:e4:05:86:c4:e5:b3:c9:12:ba:1e:f3:04:96:
         aa:cd:14:74:68:8c:04:77:b5:1e:2e:3f:60:70:04:54:91:e8:
         8d:bc:53:05:c2:21:17:c7:0e:e6:c8:1a:fa:7f:ca:c0:1d:30:
         fe:43:7b:11:e5:d9:b2:2e:ad:2f:d1:c7:3c:7c:b8:93:40:31:
         18:b8:b3:d0:b2:05:ec:2c:2c:d4:23:50:76:bf:00:f4:9a:57:
         53:1e:ae:52:97:b4:4c:65:ad:0a:d0:d7:02:09:43:ec:f3:9d:
         7f:5a:5e:dd:a6:3d:f1:15:9d:0d:fc:6c:8d:89:a1:cf:66:b7:
         1d:10:f9:e8:e2:46:dd:de:3a:73:63:81:8e:19:3d:3f:85:b1:
         56:1d:5f:31:97:b1:b2:91:88:33:c0:3b:0f:ea:1f:28:37:b5:
         28:72:e5:83:b9:79:45:d7:f5:39:80:e2:94:9a:9e:31:a4:31:
         d0:28:e0:1f:3b:3a:1f:05:dc:06:b9:3d:a2:23:1e:bf:20:55:
         94:cc:2f:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy9Nm++0VFaCfJPBqz8H2bQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjYwMzA1MDg1NjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWQyMDlhMWQ0YzVkMmQ4ZDlkODE0NjljY2VkM2E3YWNjOTMzMWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDmJSaK++lSs4KyLnOKEX44K2D6U
w0iJZ0E9OngKSMxnXRf5L4vbf0ENtd8QsSK/s2UGoVNjegh2NHFXD31K4SSzoJPu
HVOhvGvTTOjsBb3DqdWrfarrlF2uyR2+ql4PQ+Y3t7/rvmb8UNp4ZD+gBqSWcHCN
6fOAL0eBJrINzqyzEokY6OJPdnY6Gw8YZ1uHOvTdKqARJ0zZ4rsd4HxXA1eiI0Fq
cwVC6dDtPBYRWmQk6mZKNctg7eoC8RgmioGIRUCxxZ6YjMsX+fiTKaJor5oVdncN
YcXc9UaLNPs7PW8W0XY4ZuNm/DyHLQ44zJVa6PYBbXZ6KxuTQWw71GtVIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP7SCaHUxdLY2dgUacztOnrMkzHHMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvX3RJSm9kVEYwdGpaMkJScHpPMDZlc3lUTWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBSD82AwQB
mKNuAwQBzbzuMA0GCSqGSIb3DQEBCwUAA4IBAQB1+ylytv1wNKIYRcJygYUFOpyO
ASIFJC6n1X5JUhCHYGkwIwzQLYX+KEf/2UYvi+pFqRoKGyyBw4XAfOQFhsTls8kS
uh7zBJaqzRR0aIwEd7UeLj9gcARUkeiNvFMFwiEXxw7myBr6f8rAHTD+Q3sR5dmy
Lq0v0cc8fLiTQDEYuLPQsgXsLCzUI1B2vwD0mldTHq5Sl7RMZa0K0NcCCUPs851/
Wl7dpj3xFZ0N/GyNiaHPZrcdEPno4kbd3jpzY4GOGT0/hbFWHV8xl7GykYgzwDsP
6h8oN7UocuWDuXlF1/U5gOKUmp4xpDHQKOAfOzofBdwGuT2iIx6/IFWUzC//
-----END CERTIFICATE-----