Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/4hg0NnklZUKEkYITHinO4XgRltI.roa
File:                     4hg0NnklZUKEkYITHinO4XgRltI.roa (raw, json)
Hash identifier:          kpbA6ZYrYnW/umlW9B55Y6L8ty5MPzE2m5MIoOkeyYw=
Subject key identifier:   E2:18:34:36:79:25:65:42:84:91:82:13:1E:29:CE:E1:78:11:96:D2
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019E92782E209DD5AAC81058BA475BFE54E5
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/4hg0NnklZUKEkYITHinO4XgRltI.roa
Signing time:             Thu 04 Jun 2026 11:50:10 +0000
ROA not before:           Thu 04 Jun 2026 11:50:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212336
IP address blocks:        69.8.128.0/24 maxlen: 24
                          216.23.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:78:2e:20:9d:d5:aa:c8:10:58:ba:47:5b:fe:54:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Jun  4 11:50:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e218343679256542849182131e29cee1781196d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:93:28:c8:ce:00:46:31:25:96:28:37:07:be:
                    fd:1e:e8:77:de:cd:77:c5:f2:c4:fb:ca:15:b3:88:
                    f2:6d:91:55:b9:bb:9f:d7:5e:28:4e:4b:64:53:1a:
                    9d:56:2d:28:1c:00:07:28:16:14:6f:31:05:41:29:
                    63:5d:3a:1b:21:43:7c:4f:d0:cf:47:e0:ad:16:c1:
                    19:88:65:44:25:3e:5a:db:94:ac:2f:5f:a5:7b:f0:
                    73:89:2d:d6:17:49:77:70:57:39:d7:c5:de:bc:f1:
                    b9:36:a8:9a:8d:63:a5:ee:af:11:de:8f:6d:0a:a1:
                    19:1f:a4:b9:8e:bd:81:c4:b1:29:b6:14:c8:e8:ad:
                    2a:95:c6:f9:5b:b8:69:9d:4f:88:27:f6:81:ba:f3:
                    67:63:7d:f6:66:fc:df:72:ba:9d:81:d5:cd:e8:c9:
                    e0:fc:76:c4:68:10:c2:1d:83:8c:5b:b6:dd:f1:ae:
                    11:de:57:9c:c0:b9:64:fd:e4:1f:c8:ae:84:07:1c:
                    3e:31:99:2e:90:56:eb:34:70:6f:fd:6f:e4:ba:d4:
                    4e:d3:6d:b9:a7:74:61:9a:c9:52:1f:06:a6:6b:20:
                    e2:20:77:30:22:cf:55:78:63:81:ec:12:21:33:bb:
                    f9:db:fb:6f:d2:f2:44:a6:c4:66:fa:63:f2:3e:f6:
                    eb:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:18:34:36:79:25:65:42:84:91:82:13:1E:29:CE:E1:78:11:96:D2
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/4hg0NnklZUKEkYITHinO4XgRltI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.8.128.0/24
                  216.23.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:58:c4:f3:c2:9f:db:53:63:2e:08:ba:e6:f5:73:84:c2:5e:
         3f:15:43:3b:4d:d3:f5:41:8f:af:fe:d1:22:c5:f1:37:b4:f9:
         b9:e7:5d:e2:99:9b:ba:92:b0:06:e3:ac:69:43:63:e6:33:f9:
         9b:34:b6:0e:87:8d:11:25:d8:39:14:a7:ea:59:81:ab:f3:27:
         21:53:e4:90:49:68:47:0e:a0:05:75:ed:05:19:85:6c:08:33:
         08:5e:3e:c6:f6:36:14:da:2e:72:fc:37:7a:9f:36:88:aa:61:
         c6:7d:30:7f:0f:85:d2:02:88:2e:d0:0b:98:d4:af:70:5d:60:
         e2:f5:e2:7a:c8:da:a1:96:ff:bd:3f:31:b8:aa:e2:54:b9:3f:
         fc:ed:26:c5:71:c9:ce:58:de:d8:f0:4f:a3:c9:2c:8e:ea:2f:
         96:19:71:8c:22:b7:24:3b:ff:a9:67:41:4f:14:8d:b8:38:ad:
         a5:33:f8:6a:11:6b:dd:39:24:fb:b0:c8:6b:5a:87:53:d9:f0:
         fc:e9:23:d4:1a:26:ef:0a:27:eb:df:e8:dd:c1:00:2e:a7:66:
         84:a2:01:e7:92:eb:93:e6:66:b8:64:37:ea:eb:19:8e:13:12:
         81:28:8d:d3:b9:cf:6f:1b:41:17:40:a5:ce:15:15:8b:95:21:
         4b:d0:a4:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6SeC4gndWqyBBYukdb/lTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNjA0MTE1MDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjE4MzQzNjc5MjU2NTQyODQ5MTgyMTMxZTI5Y2VlMTc4MTE5NmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZMoyM4ARjEllig3B779Huh33s13
xfLE+8oVs4jybZFVubuf114oTktkUxqdVi0oHAAHKBYUbzEFQSljXTobIUN8T9DP
R+CtFsEZiGVEJT5a25SsL1+le/BziS3WF0l3cFc518XevPG5NqiajWOl7q8R3o9t
CqEZH6S5jr2BxLEpthTI6K0qlcb5W7hpnU+IJ/aBuvNnY332ZvzfcrqdgdXN6Mng
/HbEaBDCHYOMW7bd8a4R3lecwLlk/eQfyK6EBxw+MZkukFbrNHBv/W/kutRO0225
p3RhmslSHwamayDiIHcwIs9VeGOB7BIhM7v52/tv0vJEpsRm+mPyPvbrnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOIYNDZ5JWVChJGCEx4pzuF4EZbSMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvNGhnME5ua2xaVUtFa1lJVEhpbk80WGdSbHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQARQiAAwQC
2Bd8MA0GCSqGSIb3DQEBCwUAA4IBAQAHWMTzwp/bU2MuCLrm9XOEwl4/FUM7TdP1
QY+v/tEixfE3tPm5513imZu6krAG46xpQ2PmM/mbNLYOh40RJdg5FKfqWYGr8ych
U+SQSWhHDqAFde0FGYVsCDMIXj7G9jYU2i5y/Dd6nzaIqmHGfTB/D4XSAogu0AuY
1K9wXWDi9eJ6yNqhlv+9PzG4quJUuT/87SbFccnOWN7Y8E+jySyO6i+WGXGMIrck
O/+pZ0FPFI24OK2lM/hqEWvdOST7sMhrWodT2fD86SPUGibvCifr3+jdwQAup2aE
ogHnkuuT5ma4ZDfq6xmOExKBKI3Tuc9vG0EXQKXOFRWLlSFL0KQU
-----END CERTIFICATE-----