Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/33u70MvUqnq9BWy8woIR9ReEp8g.roa
File:                     33u70MvUqnq9BWy8woIR9ReEp8g.roa (raw, json)
Hash identifier:          V26MFc4KPnp3FOJSScLZu9CxUcJviC6lvXRwdVknnvk=
Subject key identifier:   DF:7B:BB:D0:CB:D4:AA:7A:BD:05:6C:BC:C2:82:11:F5:17:84:A7:C8
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019CB246C022460E20CCE9F8F1D6AE28E19A
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/33u70MvUqnq9BWy8woIR9ReEp8g.roa
Signing time:             Tue 03 Mar 2026 05:58:26 +0000
ROA not before:           Tue 03 Mar 2026 05:58:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     18186
IP address blocks:        216.23.64.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 07:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b2:46:c0:22:46:0e:20:cc:e9:f8:f1:d6:ae:28:e1:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Mar  3 05:58:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df7bbbd0cbd4aa7abd056cbcc28211f51784a7c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6e:0a:6e:42:87:bc:00:e4:1d:5c:1c:f8:fc:
                    03:b1:ad:8c:47:3a:4b:47:17:5c:ee:c0:24:c5:eb:
                    0b:ad:ab:d0:c8:10:5b:a3:56:04:eb:93:1b:6f:12:
                    f4:db:bf:eb:a9:85:eb:b9:0b:7a:87:85:1a:2d:40:
                    c3:52:66:00:59:a5:d7:72:9b:47:ff:42:88:18:28:
                    b9:ba:51:fa:9b:87:70:c6:8b:61:5d:8e:58:f6:6e:
                    6a:9d:20:9a:ca:e1:8d:16:de:b0:e2:c8:a4:37:0d:
                    ea:ca:ed:5f:8e:15:5d:ab:2e:4a:1e:b0:b7:8e:fb:
                    cd:27:a2:fe:5e:1f:79:60:e5:3f:5d:13:a9:f6:be:
                    6a:ce:13:10:3f:6b:b5:08:70:9a:81:be:6d:0b:3f:
                    b0:82:e1:70:64:0b:59:48:b0:1f:26:02:f4:7a:a6:
                    cf:40:96:fa:ce:10:f4:65:d7:6a:a4:24:45:ce:f5:
                    e5:59:27:39:9f:20:2b:78:ef:b0:52:b3:ba:02:8c:
                    69:47:ed:c6:c5:72:42:42:72:19:e6:9e:95:f3:26:
                    5f:48:d0:dc:c9:6d:42:ee:d2:67:b4:aa:d9:ff:86:
                    0a:8e:8f:6f:2f:d9:1f:db:75:f8:64:52:5c:de:fa:
                    6f:03:24:79:4d:d2:f3:b5:66:03:0c:19:72:fb:e8:
                    ea:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:7B:BB:D0:CB:D4:AA:7A:BD:05:6C:BC:C2:82:11:F5:17:84:A7:C8
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/33u70MvUqnq9BWy8woIR9ReEp8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ba:a1:46:55:b0:c5:16:c6:8d:c6:3d:2e:d5:37:8d:ef:20:43:
         68:c0:08:77:d1:c4:51:40:d3:ea:9e:f4:d2:73:33:76:0b:a6:
         e3:8a:f3:2e:54:35:97:d4:ec:bb:61:37:03:c3:24:f4:98:7d:
         b5:58:39:96:a0:71:6f:87:ca:ce:0a:07:16:60:a1:a4:50:e2:
         d6:2e:00:0e:13:dd:97:6c:f4:27:69:11:66:26:8e:bf:b9:1c:
         2a:76:bf:8e:e1:40:03:5c:d5:b2:f9:e4:38:e4:3e:85:a4:d7:
         43:6f:6b:62:bd:e3:b6:5e:2b:0f:65:d8:bd:f6:87:35:81:f9:
         66:99:ae:cc:d1:0b:f9:a9:3b:d0:1f:e3:e0:e7:f9:a2:d8:fa:
         6d:28:16:60:60:ff:9a:0f:c8:7f:d7:8f:cd:9e:b8:37:4b:ff:
         22:06:ea:03:9a:af:48:c5:4c:cd:d5:5f:c6:8d:12:ca:42:6e:
         d1:ad:7f:d7:42:d7:60:e3:24:07:a7:89:d1:fb:5f:31:70:2d:
         b9:c6:98:b1:45:a7:89:5e:1a:d4:b3:67:a4:a5:c9:e2:83:b9:
         10:77:f1:8b:94:13:14:3b:f5:3f:30:f9:aa:ae:2a:1f:52:0a:
         7d:d6:83:dd:8d:1b:1e:58:7d:b5:2a:65:c7:b6:26:ae:07:40:
         f0:13:40:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyyRsAiRg4gzOn48dauKOGaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMzAzMDU1ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjdiYmJkMGNiZDRhYTdhYmQwNTZjYmNjMjgyMTFmNTE3ODRhN2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAum4KbkKHvADkHVwc+PwDsa2MRzpL
Rxdc7sAkxesLravQyBBbo1YE65MbbxL027/rqYXruQt6h4UaLUDDUmYAWaXXcptH
/0KIGCi5ulH6m4dwxothXY5Y9m5qnSCayuGNFt6w4sikNw3qyu1fjhVdqy5KHrC3
jvvNJ6L+Xh95YOU/XROp9r5qzhMQP2u1CHCagb5tCz+wguFwZAtZSLAfJgL0eqbP
QJb6zhD0ZddqpCRFzvXlWSc5nyAreO+wUrO6AoxpR+3GxXJCQnIZ5p6V8yZfSNDc
yW1C7tJntKrZ/4YKjo9vL9kf23X4ZFJc3vpvAyR5TdLztWYDDBly++jqZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN97u9DL1Kp6vQVsvMKCEfUXhKfIMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvMzN1NzBNdlVxbnE5Qld5OHdvSVI5UmVFcDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2BdAMA0G
CSqGSIb3DQEBCwUAA4IBAQC6oUZVsMUWxo3GPS7VN43vIENowAh30cRRQNPqnvTS
czN2C6bjivMuVDWX1Oy7YTcDwyT0mH21WDmWoHFvh8rOCgcWYKGkUOLWLgAOE92X
bPQnaRFmJo6/uRwqdr+O4UADXNWy+eQ45D6FpNdDb2tiveO2XisPZdi99oc1gflm
ma7M0Qv5qTvQH+Pg5/mi2PptKBZgYP+aD8h/14/Nnrg3S/8iBuoDmq9IxUzN1V/G
jRLKQm7RrX/XQtdg4yQHp4nR+18xcC25xpixRaeJXhrUs2ekpcnig7kQd/GLlBMU
O/U/MPmqriofUgp91oPdjRseWH21KmXHtiauB0DwE0Dx
-----END CERTIFICATE-----