Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/O0S8wpXTO6ZfS1N1kOZ3UQlC6eQ.roa
File:                     O0S8wpXTO6ZfS1N1kOZ3UQlC6eQ.roa (raw, json)
Hash identifier:          bb5Aw3Wth5cpLBSgblsvH1ZMSUY2UqNKpY+JLd4x8qk=
Subject key identifier:   3B:44:BC:C2:95:D3:3B:A6:5F:4B:53:75:90:E6:77:51:09:42:E9:E4
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019E39AECA37E6507D07B6B89119F91A970E
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/O0S8wpXTO6ZfS1N1kOZ3UQlC6eQ.roa
Signing time:             Mon 18 May 2026 06:03:36 +0000
ROA not before:           Mon 18 May 2026 06:03:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8216
IP address blocks:        216.23.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:39:ae:ca:37:e6:50:7d:07:b6:b8:91:19:f9:1a:97:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: May 18 06:03:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b44bcc295d33ba65f4b537590e677510942e9e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ce:85:7a:ae:11:95:99:d7:33:e8:1c:e3:72:
                    81:18:eb:2f:7c:9b:7b:5f:09:aa:d4:b2:6b:b1:57:
                    c8:3a:69:44:b6:39:ac:5f:e2:f4:c6:e8:e9:5f:ab:
                    2c:d3:b0:9c:b1:3f:6f:f1:48:ba:2e:a0:43:de:2a:
                    5c:33:9c:d6:70:34:7d:55:fd:b5:4f:97:ac:4b:11:
                    f3:57:16:a0:17:db:3f:e9:08:35:41:0b:f0:43:0e:
                    97:62:ce:c8:87:ed:08:14:31:f8:89:c5:de:e5:e8:
                    f4:7e:24:35:7e:5e:72:49:1a:96:29:69:c7:e6:73:
                    65:a1:30:22:a5:25:1d:3e:41:e3:14:52:26:ce:58:
                    1e:b4:53:4a:87:24:da:a1:bd:36:e9:d4:1b:28:f2:
                    55:ff:22:07:21:4e:c1:95:78:53:b0:c3:43:b0:78:
                    01:e2:e0:fd:11:d8:e0:29:1f:51:e2:b3:af:93:fe:
                    23:0b:2e:9a:49:99:10:73:be:18:2c:49:23:12:e6:
                    14:1a:c2:86:f5:20:f9:d3:bc:1f:31:ad:69:1b:74:
                    37:bc:0c:1d:f1:cd:35:42:ff:60:77:47:cd:38:d7:
                    34:8b:0f:ca:84:1c:f0:18:95:ed:85:64:e7:f6:45:
                    df:33:b3:04:cb:d6:d2:bf:4c:96:bd:cb:8d:d5:11:
                    63:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:44:BC:C2:95:D3:3B:A6:5F:4B:53:75:90:E6:77:51:09:42:E9:E4
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/O0S8wpXTO6ZfS1N1kOZ3UQlC6eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bc:bf:a4:71:e1:f7:c5:d4:a9:a7:cd:d9:34:f1:d0:a6:d9:95:
         0a:09:f4:02:54:10:8e:9d:3f:ed:48:89:36:65:44:db:ae:2b:
         67:62:e2:fc:0b:7d:5c:ca:0b:9e:2c:52:6b:17:60:98:0a:f3:
         a0:f2:4b:92:c0:d5:aa:78:ae:68:35:cb:bc:bc:f4:bc:eb:6a:
         3a:1a:37:5b:b2:4e:75:d4:02:4f:31:68:6b:37:29:e6:e3:da:
         d1:af:f8:57:a7:b9:4c:e1:43:0f:91:7c:19:b7:44:f6:ac:f7:
         76:68:27:ff:8b:68:24:4d:fa:a0:78:60:f7:ee:cf:48:75:0a:
         eb:a2:c0:4e:45:32:a3:7a:a8:7d:00:e7:51:22:82:36:11:be:
         d2:58:84:3a:c5:8e:45:ff:e4:45:e0:b9:fe:14:97:0f:6c:26:
         b1:3f:0c:f5:6b:f0:d2:fd:93:f3:66:62:59:fb:b1:9a:67:9c:
         de:2e:02:a0:02:eb:1d:f3:a7:10:02:32:24:e0:f5:eb:fb:29:
         dd:60:eb:7a:88:cb:69:3c:38:34:d3:8b:45:15:d0:f1:fd:b7:
         3a:ed:41:4d:0d:ea:ba:dd:d1:54:27:10:a9:71:68:f9:79:80:
         d2:0c:a0:bd:aa:47:46:04:7b:25:bc:30:e8:9b:61:f3:23:cb:
         40:65:4b:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ45rso35lB9B7a4kRn5GpcOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNTE4MDYwMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjQ0YmNjMjk1ZDMzYmE2NWY0YjUzNzU5MGU2Nzc1MTA5NDJlOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c6Feq4RlZnXM+gc43KBGOsvfJt7
Xwmq1LJrsVfIOmlEtjmsX+L0xujpX6ss07CcsT9v8Ui6LqBD3ipcM5zWcDR9Vf21
T5esSxHzVxagF9s/6Qg1QQvwQw6XYs7Ih+0IFDH4icXe5ej0fiQ1fl5ySRqWKWnH
5nNloTAipSUdPkHjFFImzlgetFNKhyTaob026dQbKPJV/yIHIU7BlXhTsMNDsHgB
4uD9EdjgKR9R4rOvk/4jCy6aSZkQc74YLEkjEuYUGsKG9SD507wfMa1pG3Q3vAwd
8c01Qv9gd0fNONc0iw/KhBzwGJXthWTn9kXfM7MEy9bSv0yWvcuN1RFjuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtEvMKV0zumX0tTdZDmd1EJQunkMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvTzBTOHdwWFRPNlpmUzFOMWtPWjNVUWxDNmVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2Bd8MA0G
CSqGSIb3DQEBCwUAA4IBAQC8v6Rx4ffF1Kmnzdk08dCm2ZUKCfQCVBCOnT/tSIk2
ZUTbritnYuL8C31cygueLFJrF2CYCvOg8kuSwNWqeK5oNcu8vPS862o6Gjdbsk51
1AJPMWhrNynm49rRr/hXp7lM4UMPkXwZt0T2rPd2aCf/i2gkTfqgeGD37s9IdQrr
osBORTKjeqh9AOdRIoI2Eb7SWIQ6xY5F/+RF4Ln+FJcPbCaxPwz1a/DS/ZPzZmJZ
+7GaZ5zeLgKgAusd86cQAjIk4PXr+yndYOt6iMtpPDg004tFFdDx/bc67UFNDeq6
3dFUJxCpcWj5eYDSDKC9qkdGBHslvDDom2HzI8tAZUvw
-----END CERTIFICATE-----