Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/MjH7rYvcoIBIIXOCcWnHyYzaWGU.roa
File:                     MjH7rYvcoIBIIXOCcWnHyYzaWGU.roa (raw, json)
Hash identifier:          A7+Nj4h3vWqBFhVvrrR+Y6W3dHM5p+6Sf560u65fizo=
Subject key identifier:   32:31:FB:AD:8B:DC:A0:80:48:21:73:82:71:69:C7:C9:8C:DA:58:65
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019CB246C118B03F5B90F9BBA5E3DDE92A60
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/MjH7rYvcoIBIIXOCcWnHyYzaWGU.roa
Signing time:             Tue 03 Mar 2026 05:58:27 +0000
ROA not before:           Tue 03 Mar 2026 05:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19318
IP address blocks:        216.23.80.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b2:46:c1:18:b0:3f:5b:90:f9:bb:a5:e3:dd:e9:2a:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Mar  3 05:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3231fbad8bdca080482173827169c7c98cda5865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:96:e0:ed:b6:76:c7:75:9b:17:3d:66:5b:e3:
                    c2:55:af:a2:47:cd:92:80:75:5d:78:d4:31:a1:d2:
                    8d:28:82:9f:4d:bb:52:96:a9:83:37:cf:78:7e:d9:
                    61:6c:12:11:78:27:16:8f:c7:d0:79:f0:c4:c4:18:
                    86:ae:e4:a1:c4:71:2b:e8:37:4f:a4:0c:ed:80:8b:
                    05:12:6f:c0:4d:96:4f:98:d9:ea:81:dd:0d:55:44:
                    b7:81:af:a8:e4:0f:92:1a:f5:37:bb:d9:5e:e2:d3:
                    9a:94:fa:b1:15:21:09:61:f1:57:e2:3d:d4:ab:bd:
                    ca:94:d9:27:e8:81:cb:3b:2a:59:b9:a7:b2:5d:78:
                    4f:dd:da:d9:b4:d3:db:92:51:3a:e1:88:f2:09:f6:
                    cb:03:55:05:eb:4e:dc:62:b4:7e:a4:a4:21:ae:26:
                    c6:a4:86:7d:37:17:5c:5b:d2:21:2b:15:95:9a:02:
                    53:d7:1c:65:0e:c0:57:7d:e8:22:97:18:53:84:41:
                    79:f0:9a:3d:02:35:c4:f0:03:c9:fb:9d:fd:b2:59:
                    a8:15:4d:1a:a0:66:fd:31:98:36:33:14:97:7b:c6:
                    58:65:d7:dd:dd:2c:c6:e6:7f:7e:0b:88:55:d5:1a:
                    a2:23:5f:36:69:f0:b6:30:a3:94:27:ca:6a:16:07:
                    60:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:31:FB:AD:8B:DC:A0:80:48:21:73:82:71:69:C7:C9:8C:DA:58:65
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/MjH7rYvcoIBIIXOCcWnHyYzaWGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:97:87:51:c7:80:df:2f:9e:28:78:33:e8:2e:1f:75:f1:a8:
         59:87:ac:3c:cf:03:3d:54:ed:08:2a:94:56:cb:94:e5:e3:1f:
         d4:11:4c:ea:83:db:2f:ce:40:2c:6f:5e:48:7e:ff:7c:5d:6b:
         1c:c8:19:b8:ed:80:0f:0b:c1:d7:82:47:81:8f:df:dc:f2:4f:
         52:b6:66:38:f2:0b:6c:a0:1f:ce:d2:d6:1d:ad:e7:3f:d0:d2:
         95:3a:a3:9f:a5:1f:70:75:86:3d:2b:2c:4d:5a:61:b6:95:19:
         dd:e9:b0:4b:fa:e7:88:bf:7a:ff:6b:49:b6:ff:4d:c9:c3:38:
         6e:f2:11:4f:cc:a0:8a:f2:57:31:aa:7f:3f:65:2c:4a:96:79:
         db:2d:fd:69:8f:dc:24:ee:8d:13:b4:c1:bc:c7:99:c5:e4:fd:
         e2:1b:17:c8:a4:0b:74:5a:99:dd:78:77:80:c4:75:ec:44:47:
         a7:6f:14:3f:1a:a1:64:38:a1:d5:76:88:4e:0e:81:be:cf:18:
         6b:4d:d3:f5:56:7b:6c:55:8c:56:08:f8:a4:a0:0c:34:c1:5d:
         e2:88:8f:f6:ab:cd:d4:80:c5:7f:3a:9e:62:00:91:00:ad:cc:
         27:bd:fc:35:8d:95:11:51:1f:e0:65:33:35:b3:54:1a:5f:2c:
         f7:e3:a0:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyyRsEYsD9bkPm7pePd6SpgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMzAzMDU1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjMxZmJhZDhiZGNhMDgwNDgyMTczODI3MTY5YzdjOThjZGE1ODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZbg7bZ2x3WbFz1mW+PCVa+iR82S
gHVdeNQxodKNKIKfTbtSlqmDN894ftlhbBIReCcWj8fQefDExBiGruShxHEr6DdP
pAztgIsFEm/ATZZPmNnqgd0NVUS3ga+o5A+SGvU3u9le4tOalPqxFSEJYfFX4j3U
q73KlNkn6IHLOypZuaeyXXhP3drZtNPbklE64YjyCfbLA1UF607cYrR+pKQhribG
pIZ9NxdcW9IhKxWVmgJT1xxlDsBXfegilxhThEF58Jo9AjXE8APJ+539slmoFU0a
oGb9MZg2MxSXe8ZYZdfd3SzG5n9+C4hV1RqiI182afC2MKOUJ8pqFgdgbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIx+62L3KCASCFzgnFpx8mM2lhlMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvTWpIN3JZdmNvSUJJSVhPQ2NXbkh5WXphV0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2BdQMA0G
CSqGSIb3DQEBCwUAA4IBAQBal4dRx4DfL54oeDPoLh918ahZh6w8zwM9VO0IKpRW
y5Tl4x/UEUzqg9svzkAsb15Ifv98XWscyBm47YAPC8HXgkeBj9/c8k9StmY48gts
oB/O0tYdrec/0NKVOqOfpR9wdYY9KyxNWmG2lRnd6bBL+ueIv3r/a0m2/03Jwzhu
8hFPzKCK8lcxqn8/ZSxKlnnbLf1pj9wk7o0TtMG8x5nF5P3iGxfIpAt0WpndeHeA
xHXsREenbxQ/GqFkOKHVdohODoG+zxhrTdP1VntsVYxWCPikoAw0wV3iiI/2q83U
gMV/Op5iAJEArcwnvfw1jZURUR/gZTM1s1QaXyz346Dh
-----END CERTIFICATE-----