Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/3be6e6-6e9d-410b-a2ed-d74637005b2c/1/_tT1XC7nkQRWgQdxKibbMXrzVoc.roa
File:                     _tT1XC7nkQRWgQdxKibbMXrzVoc.roa (raw, json)
Hash identifier:          zg0b/n4wXZx1538KhR67xdLnhn+vJRWK90TV+fz8uiU=
Subject key identifier:   FE:D4:F5:5C:2E:E7:91:04:56:81:07:71:2A:26:DB:31:7A:F3:56:87
Certificate issuer:       /CN=0f53e60bda64658488cea6a330f05c7749d5b9c6
Certificate serial:       019DCE65BCC1F61CFEC5F8F4C8EE5A54CBCC
Authority key identifier: 0F:53:E6:0B:DA:64:65:84:88:CE:A6:A3:30:F0:5C:77:49:D5:B9:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D1PmC9pkZYSIzqajMPBcd0nVucY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/3be6e6-6e9d-410b-a2ed-d74637005b2c/1/_tT1XC7nkQRWgQdxKibbMXrzVoc.roa
Signing time:             Mon 27 Apr 2026 10:04:27 +0000
ROA not before:           Mon 27 Apr 2026 10:04:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198484
IP address blocks:        162.27.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/3be6e6-6e9d-410b-a2ed-d74637005b2c/1/D1PmC9pkZYSIzqajMPBcd0nVucY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/3be6e6-6e9d-410b-a2ed-d74637005b2c/1/D1PmC9pkZYSIzqajMPBcd0nVucY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D1PmC9pkZYSIzqajMPBcd0nVucY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 10:04:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:65:bc:c1:f6:1c:fe:c5:f8:f4:c8:ee:5a:54:cb:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f53e60bda64658488cea6a330f05c7749d5b9c6
        Validity
            Not Before: Apr 27 10:04:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fed4f55c2ee79104568107712a26db317af35687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a9:a5:b9:65:9c:99:5a:0b:24:d2:35:75:ea:
                    01:13:94:88:2e:93:71:33:8d:12:7a:e3:0a:ce:59:
                    1d:6d:65:10:12:2e:1f:76:32:4e:c7:35:9f:56:2c:
                    99:c4:9f:eb:5c:bf:06:9e:ed:57:de:d5:1f:6b:d2:
                    ff:f0:17:4a:4a:53:61:bd:49:9d:a6:6b:64:b7:77:
                    bd:3f:20:30:1f:54:22:ea:c2:46:75:c4:77:b4:10:
                    72:8d:9b:d2:69:28:0a:16:99:fd:cb:d1:fb:ec:6a:
                    da:0f:2c:c1:bd:f9:d4:4e:ac:20:d4:ed:ee:33:8c:
                    aa:e7:c4:55:4b:c2:f4:85:97:51:ae:53:92:a0:36:
                    ec:6f:cb:f8:14:a9:e8:21:3c:a4:3a:ab:57:cc:6a:
                    03:00:1d:6c:46:a8:7f:ec:8b:64:41:a0:28:97:ab:
                    7c:7e:b3:23:bc:ef:1b:fc:37:07:4c:b4:6b:30:99:
                    09:16:d6:ab:b8:5c:11:b4:66:e2:61:04:46:5e:4f:
                    bd:e5:03:f1:39:91:67:c2:cc:57:3a:67:af:74:7f:
                    e4:5b:c0:ce:e1:71:9a:3d:f2:78:24:98:d9:b2:15:
                    7b:82:f8:fe:bc:26:bc:10:a6:e0:6c:25:14:ba:8e:
                    d1:7c:11:ce:32:ba:53:ab:20:6d:67:71:7e:38:6b:
                    d9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D4:F5:5C:2E:E7:91:04:56:81:07:71:2A:26:DB:31:7A:F3:56:87
            X509v3 Authority Key Identifier:
                keyid:0F:53:E6:0B:DA:64:65:84:88:CE:A6:A3:30:F0:5C:77:49:D5:B9:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D1PmC9pkZYSIzqajMPBcd0nVucY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3be6e6-6e9d-410b-a2ed-d74637005b2c/1/_tT1XC7nkQRWgQdxKibbMXrzVoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3be6e6-6e9d-410b-a2ed-d74637005b2c/1/D1PmC9pkZYSIzqajMPBcd0nVucY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.27.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:cf:97:71:52:a3:ff:58:68:61:c0:40:bc:fc:54:17:83:46:
         9a:8f:98:ec:55:d4:5b:6d:3c:13:c2:83:24:3b:c1:52:f7:83:
         cd:a3:01:92:a3:10:c3:df:49:bd:d9:92:db:c1:68:b9:b6:c3:
         c9:cb:17:a5:13:3c:57:36:1e:b3:ad:22:37:b4:41:66:8d:89:
         98:a3:5d:e1:aa:70:30:70:9b:86:ca:c4:ad:61:47:aa:84:1f:
         32:60:8a:5c:b9:d3:c2:d6:3d:a2:3f:64:5f:d8:5c:ce:85:00:
         10:45:b1:3d:ed:bb:95:34:97:2a:f2:0d:b9:88:28:7e:51:98:
         04:36:25:cf:6e:db:02:13:39:e0:ed:d6:3b:14:b1:52:e2:55:
         3e:14:93:88:c8:04:95:b3:8f:ba:cf:df:55:7e:57:00:9b:f3:
         37:51:0e:cf:37:41:69:18:45:af:41:d0:70:17:0f:16:62:42:
         86:50:c0:c5:f7:3f:29:33:a2:2b:ae:01:86:11:1a:54:4a:77:
         63:49:71:30:8a:80:6a:7e:98:35:0c:4c:8e:4f:76:59:cd:60:
         38:82:4a:73:b2:fc:a9:ac:68:ea:68:e0:c9:50:db:d8:3e:9e:
         b0:22:d9:b9:c0:8a:e1:cf:23:4a:06:8b:ba:db:38:d3:e8:34:
         2c:af:ca:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3OZbzB9hz+xfj0yO5aVMvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNTNlNjBiZGE2NDY1ODQ4OGNlYTZhMzMwZjA1Yzc3NDlk
NWI5YzYwHhcNMjYwNDI3MTAwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWQ0ZjU1YzJlZTc5MTA0NTY4MTA3NzEyYTI2ZGIzMTdhZjM1Njg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmamluWWcmVoLJNI1deoBE5SILpNx
M40SeuMKzlkdbWUQEi4fdjJOxzWfViyZxJ/rXL8Gnu1X3tUfa9L/8BdKSlNhvUmd
pmtkt3e9PyAwH1Qi6sJGdcR3tBByjZvSaSgKFpn9y9H77GraDyzBvfnUTqwg1O3u
M4yq58RVS8L0hZdRrlOSoDbsb8v4FKnoITykOqtXzGoDAB1sRqh/7ItkQaAol6t8
frMjvO8b/DcHTLRrMJkJFtaruFwRtGbiYQRGXk+95QPxOZFnwsxXOmevdH/kW8DO
4XGaPfJ4JJjZshV7gvj+vCa8EKbgbCUUuo7RfBHOMrpTqyBtZ3F+OGvZ3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7U9Vwu55EEVoEHcSom2zF681aHMB8GA1UdIwQY
MBaAFA9T5gvaZGWEiM6mozDwXHdJ1bnGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDFQbUM5cGtaWVNJenFhak1QQmNkMG5WdWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zYmU2ZTYtNmU5ZC00MTBiLWEyZWQt
ZDc0NjM3MDA1YjJjLzEvX3RUMVhDN25rUVJXZ1FkeEtpYmJNWHJ6Vm9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zYmU2ZTYtNmU5ZC00MTBiLWEyZWQtZDc0NjM3MDA1YjJj
LzEvRDFQbUM5cGtaWVNJenFhak1QQmNkMG5WdWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAohuiMA0G
CSqGSIb3DQEBCwUAA4IBAQCdz5dxUqP/WGhhwEC8/FQXg0aaj5jsVdRbbTwTwoMk
O8FS94PNowGSoxDD30m92ZLbwWi5tsPJyxelEzxXNh6zrSI3tEFmjYmYo13hqnAw
cJuGysStYUeqhB8yYIpcudPC1j2iP2Rf2FzOhQAQRbE97buVNJcq8g25iCh+UZgE
NiXPbtsCEzng7dY7FLFS4lU+FJOIyASVs4+6z99VflcAm/M3UQ7PN0FpGEWvQdBw
Fw8WYkKGUMDF9z8pM6IrrgGGERpUSndjSXEwioBqfpg1DEyOT3ZZzWA4gkpzsvyp
rGjqaODJUNvYPp6wItm5wIrhzyNKBou62zjT6DQsr8oe
-----END CERTIFICATE-----