Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/1-hh9oUik_fgG0pgOi2euMsbUc8I.roa
File:                     1-hh9oUik_fgG0pgOi2euMsbUc8I.roa (raw, json)
Hash identifier:          5XeiiUduwL7++J0/nVwnyuu5MftAJfIvwRN3qDdzSlY=
Subject key identifier:   FA:18:7D:A1:48:A4:FD:F8:06:D2:98:0E:8B:67:AE:32:C6:D4:73:C2
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DA9A2BAECEA7E00458478B497384E9D5B
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/1-hh9oUik_fgG0pgOi2euMsbUc8I.roa
Signing time:             Mon 20 Apr 2026 06:45:07 +0000
ROA not before:           Mon 20 Apr 2026 06:45:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7289
IP address blocks:        216.116.188.0/24 maxlen: 24
                          216.116.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 18:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:a2:ba:ec:ea:7e:00:45:84:78:b4:97:38:4e:9d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 20 06:45:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa187da148a4fdf806d2980e8b67ae32c6d473c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a8:82:3b:88:84:de:41:95:89:ed:01:12:2a:
                    c2:3c:7f:ca:5d:a9:c6:87:7a:03:70:f0:5b:9f:9f:
                    7a:34:38:f4:b6:98:6d:da:d9:6b:02:64:27:dc:2d:
                    b6:3b:e8:9e:76:46:c2:5e:1a:94:fd:c9:ad:04:82:
                    b0:25:0e:80:ea:d0:3d:93:f3:dd:39:0f:11:0f:70:
                    1c:22:d8:56:c6:5a:42:b9:4e:de:e0:6f:31:36:a0:
                    ad:47:09:6e:96:28:73:52:2c:a6:24:fa:17:2b:3b:
                    dd:e5:b0:dd:55:f5:17:86:58:98:4e:3a:e5:dd:fd:
                    bc:d8:69:bf:8e:c2:7c:5b:c2:ba:71:f5:a4:1d:d0:
                    9d:e6:0c:a7:df:c3:b8:a1:0d:f6:90:ac:01:cc:7e:
                    7d:07:f7:4c:0a:45:7b:6e:51:92:53:b9:a8:78:a3:
                    e1:83:cc:e5:1a:8e:ab:1b:98:a2:e5:c2:a1:18:3d:
                    7b:5b:99:69:cc:d3:a2:07:65:42:56:d6:66:95:b3:
                    68:b1:99:05:e8:e9:ec:85:97:ee:5d:0e:a4:8e:42:
                    41:2b:d8:d0:9a:bb:6d:cd:37:9d:54:e7:5c:eb:e6:
                    14:c6:19:39:99:4b:cf:67:e8:0b:3a:62:e5:05:00:
                    6b:27:0e:81:ed:65:9f:34:c2:6f:72:61:ce:03:8b:
                    e0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:18:7D:A1:48:A4:FD:F8:06:D2:98:0E:8B:67:AE:32:C6:D4:73:C2
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/1-hh9oUik_fgG0pgOi2euMsbUc8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.116.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:89:0e:6e:4e:57:03:0c:51:d1:9e:dd:36:b6:b7:d1:8d:e7:
         e2:80:69:a3:e3:81:57:09:48:c3:55:a8:8a:8b:d6:b4:e8:dd:
         d5:11:bb:3d:48:f8:24:a5:af:b2:91:a7:7b:e8:9b:26:58:12:
         0b:b2:26:c1:3e:72:85:38:2d:91:d4:ef:b9:5d:26:6a:54:67:
         3a:32:0a:cb:af:96:a7:ac:60:ad:52:23:4b:e6:37:64:5d:ac:
         3c:ea:1a:ae:17:c7:ba:6e:96:e1:a3:7a:ab:78:28:03:fb:fd:
         c4:b1:aa:3e:ff:d6:48:d2:93:d6:68:5f:b5:37:95:95:1b:f0:
         78:ad:9e:53:10:b3:96:7e:73:f8:8b:a3:c3:22:d4:88:4b:de:
         63:48:72:7b:da:b0:72:ed:6f:39:28:d5:58:ea:49:39:72:89:
         8c:11:2c:35:2a:2e:6c:6e:71:6c:86:d0:ed:a6:93:a7:ec:97:
         aa:58:c7:8d:b6:02:26:81:fe:41:ce:38:37:c8:74:94:2f:3b:
         eb:7e:03:86:60:c9:a4:98:1d:41:cc:62:7f:6d:93:ce:93:0c:
         87:73:f0:ab:ed:09:ce:a3:b4:a1:f2:15:ce:d5:f5:4c:6f:86:
         7e:76:1e:33:70:57:d5:85:a1:2a:48:36:1d:d3:a5:7b:06:ce:
         0e:53:01:d0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2porrs6n4ARYR4tJc4Tp1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDIwMDY0NTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTE4N2RhMTQ4YTRmZGY4MDZkMjk4MGU4YjY3YWUzMmM2ZDQ3M2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6iCO4iE3kGVie0BEirCPH/KXanG
h3oDcPBbn596NDj0tpht2tlrAmQn3C22O+iedkbCXhqU/cmtBIKwJQ6A6tA9k/Pd
OQ8RD3AcIthWxlpCuU7e4G8xNqCtRwlulihzUiymJPoXKzvd5bDdVfUXhliYTjrl
3f282Gm/jsJ8W8K6cfWkHdCd5gyn38O4oQ32kKwBzH59B/dMCkV7blGSU7moeKPh
g8zlGo6rG5ii5cKhGD17W5lpzNOiB2VCVtZmlbNosZkF6OnshZfuXQ6kjkJBK9jQ
mrttzTedVOdc6+YUxhk5mUvPZ+gLOmLlBQBrJw6B7WWfNMJvcmHOA4vgrwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoYfaFIpP34BtKYDotnrjLG1HPCMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvMS1oaDlvVWlrX2ZnRzBwZ09pMmV1TXNiVWM4SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDEvMDg5NWQyLWI3NzgtNDZjNC1hNjkxLWYxMjM3ZjRjNWNm
Ni8xL0NEZkpteXBNQmkxY0lHZVBuYzh5QjY3OVhuZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAdh0vDAN
BgkqhkiG9w0BAQsFAAOCAQEAZYkObk5XAwxR0Z7dNra30Y3n4oBpo+OBVwlIw1Wo
iovWtOjd1RG7PUj4JKWvspGne+ibJlgSC7ImwT5yhTgtkdTvuV0malRnOjIKy6+W
p6xgrVIjS+Y3ZF2sPOoarhfHum6W4aN6q3goA/v9xLGqPv/WSNKT1mhftTeVlRvw
eK2eUxCzln5z+IujwyLUiEveY0hye9qwcu1vOSjVWOpJOXKJjBEsNSoubG5xbIbQ
7aaTp+yXqljHjbYCJoH+Qc44N8h0lC87634DhmDJpJgdQcxif22TzpMMh3Pwq+0J
zqO0ofIVztX1TG+GfnYeM3BX1YWhKkg2HdOlewbODlMB0A==
-----END CERTIFICATE-----