Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/lHevGFYRn7wcZCnKHDsw6IwJxMs.roa
File:                     lHevGFYRn7wcZCnKHDsw6IwJxMs.roa (raw, json)
Hash identifier:          i2foJfzE0BcCFk/Y0lHhxD3DjcE48vObTs3x4Z6m1iE=
Subject key identifier:   94:77:AF:18:56:11:9F:BC:1C:64:29:CA:1C:3B:30:E8:8C:09:C4:CB
Certificate issuer:       /CN=32d44919fdd08afb9a4d0a8778923011251dd7f0
Certificate serial:       019CAF01F4DF37CC07CFF42D31E4431ED03C
Authority key identifier: 32:D4:49:19:FD:D0:8A:FB:9A:4D:0A:87:78:92:30:11:25:1D:D7:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MtRJGf3QivuaTQqHeJIwESUd1_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/lHevGFYRn7wcZCnKHDsw6IwJxMs.roa
Signing time:             Mon 02 Mar 2026 14:44:26 +0000
ROA not before:           Mon 02 Mar 2026 14:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30781
IP address blocks:        67.159.208.0/20 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/MtRJGf3QivuaTQqHeJIwESUd1_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/MtRJGf3QivuaTQqHeJIwESUd1_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MtRJGf3QivuaTQqHeJIwESUd1_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:af:01:f4:df:37:cc:07:cf:f4:2d:31:e4:43:1e:d0:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32d44919fdd08afb9a4d0a8778923011251dd7f0
        Validity
            Not Before: Mar  2 14:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9477af1856119fbc1c6429ca1c3b30e88c09c4cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:20:dc:35:e6:bd:e5:21:ae:2b:02:fc:07:13:
                    4b:b5:b7:05:b7:67:b5:a3:62:1e:9a:0f:ff:13:0e:
                    02:b7:35:b2:d9:de:9f:cd:d5:bc:1e:7a:b7:90:0c:
                    52:9e:49:36:ee:0b:24:3e:7a:8f:99:80:06:4d:16:
                    f3:ac:be:fa:8d:df:ff:64:53:38:a0:b4:a4:2e:38:
                    b4:34:39:4d:bd:83:1b:4b:73:79:1e:88:3f:ca:47:
                    0b:cd:6a:2a:64:e9:49:d6:86:d9:bf:6d:17:96:45:
                    16:8e:32:d1:88:23:83:b3:7c:fe:c9:cb:02:3d:2d:
                    41:3a:b9:a3:d4:b3:9b:fd:28:cd:45:fe:8d:01:ed:
                    a8:3f:9e:a9:3e:4f:49:74:f9:dc:ec:5d:7e:3d:25:
                    66:b2:9a:93:c8:4a:44:96:02:45:3c:5e:ad:3d:41:
                    ac:3e:ae:32:44:76:14:2b:25:d6:ba:9c:c0:97:64:
                    a5:6e:e2:d2:37:7f:02:74:a3:ce:c0:cb:84:d3:6b:
                    47:67:51:24:b4:62:07:5d:ca:f4:bd:4d:02:a4:96:
                    71:44:7c:3a:33:73:ba:45:07:a1:94:85:b3:b3:fb:
                    c9:40:d5:f9:cd:5c:52:1d:aa:7a:e9:25:a5:2c:fe:
                    21:9f:11:d6:30:7d:8b:36:fb:d9:f5:91:5b:47:f6:
                    47:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:77:AF:18:56:11:9F:BC:1C:64:29:CA:1C:3B:30:E8:8C:09:C4:CB
            X509v3 Authority Key Identifier:
                keyid:32:D4:49:19:FD:D0:8A:FB:9A:4D:0A:87:78:92:30:11:25:1D:D7:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MtRJGf3QivuaTQqHeJIwESUd1_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/lHevGFYRn7wcZCnKHDsw6IwJxMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/MtRJGf3QivuaTQqHeJIwESUd1_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.159.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         71:c7:3e:f5:ba:ce:a2:de:2e:8f:1d:15:30:ef:18:c9:f2:b5:
         2c:09:00:46:17:f9:07:5e:72:e6:bc:4b:5c:68:54:47:a5:a3:
         eb:63:01:c7:69:76:4c:03:66:7e:e3:c2:6a:13:67:37:ac:2f:
         49:3a:b6:c9:4a:53:cc:94:a1:81:74:20:14:0e:88:23:56:d5:
         d6:b8:09:49:64:2a:82:a4:f2:d8:21:f5:90:b6:b5:6c:3e:65:
         87:43:38:f1:4f:77:8f:71:4d:91:64:05:2e:53:65:b7:bc:a2:
         9e:b8:08:fb:aa:95:b9:6d:5c:71:a1:36:ca:d4:ce:47:7a:7c:
         41:30:24:8f:ce:87:f1:7c:53:4e:91:e2:12:09:16:d4:b4:78:
         93:42:78:ca:09:69:ae:74:90:a6:dc:45:f0:93:08:80:b3:46:
         12:22:32:2f:f5:69:6a:3d:72:60:ec:04:d1:6b:ec:0f:ab:0f:
         1f:04:fe:f4:7f:d7:f1:e5:e3:d1:70:9c:eb:d3:28:95:6d:5f:
         88:3a:6a:52:58:90:cd:7e:2d:d5:1f:84:b8:67:4c:a2:88:31:
         7b:f5:b5:37:57:80:68:8d:1e:ef:d2:2c:3c:5e:ac:1d:dd:72:
         53:73:a9:32:92:ca:e5:c2:ae:c6:c8:66:93:1f:97:70:14:c8:
         17:67:40:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyvAfTfN8wHz/QtMeRDHtA8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZDQ0OTE5ZmRkMDhhZmI5YTRkMGE4Nzc4OTIzMDExMjUx
ZGQ3ZjAwHhcNMjYwMzAyMTQ0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDc3YWYxODU2MTE5ZmJjMWM2NDI5Y2ExYzNiMzBlODhjMDljNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5CDcNea95SGuKwL8BxNLtbcFt2e1
o2Iemg//Ew4CtzWy2d6fzdW8Hnq3kAxSnkk27gskPnqPmYAGTRbzrL76jd//ZFM4
oLSkLji0NDlNvYMbS3N5Hog/ykcLzWoqZOlJ1obZv20XlkUWjjLRiCODs3z+ycsC
PS1BOrmj1LOb/SjNRf6NAe2oP56pPk9JdPnc7F1+PSVmspqTyEpElgJFPF6tPUGs
Pq4yRHYUKyXWupzAl2SlbuLSN38CdKPOwMuE02tHZ1EktGIHXcr0vU0CpJZxRHw6
M3O6RQehlIWzs/vJQNX5zVxSHap66SWlLP4hnxHWMH2LNvvZ9ZFbR/ZH/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJR3rxhWEZ+8HGQpyhw7MOiMCcTLMB8GA1UdIwQY
MBaAFDLUSRn90Ir7mk0Kh3iSMBElHdfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXRSSkdmM1FpdnVhVFFxSGVKSXdFU1VkMV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9mZDIyOTQtY2YzNy00ZmM5LTllZGQt
YTRmN2IwODhiYzFhLzEvbEhldkdGWVJuN3djWkNuS0hEc3c2SXdKeE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9mZDIyOTQtY2YzNy00ZmM5LTllZGQtYTRmN2IwODhiYzFh
LzEvTXRSSkdmM1FpdnVhVFFxSGVKSXdFU1VkMV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEQ5/QMA0G
CSqGSIb3DQEBCwUAA4IBAQBxxz71us6i3i6PHRUw7xjJ8rUsCQBGF/kHXnLmvEtc
aFRHpaPrYwHHaXZMA2Z+48JqE2c3rC9JOrbJSlPMlKGBdCAUDogjVtXWuAlJZCqC
pPLYIfWQtrVsPmWHQzjxT3ePcU2RZAUuU2W3vKKeuAj7qpW5bVxxoTbK1M5HenxB
MCSPzofxfFNOkeISCRbUtHiTQnjKCWmudJCm3EXwkwiAs0YSIjIv9WlqPXJg7ATR
a+wPqw8fBP70f9fx5ePRcJzr0yiVbV+IOmpSWJDNfi3VH4S4Z0yiiDF79bU3V4Bo
jR7v0iw8Xqwd3XJTc6kyksrlwq7GyGaTH5dwFMgXZ0B/
-----END CERTIFICATE-----