Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/au2WKv16F4RefqldtFDlWWE895E.roa
File:                     au2WKv16F4RefqldtFDlWWE895E.roa (raw, json)
Hash identifier:          pySvnd00Anvn1oQzaRZ8yykcvoAisskF1FelD1QlZXA=
Subject key identifier:   6A:ED:96:2A:FD:7A:17:84:5E:7E:A9:5D:B4:50:E5:59:61:3C:F7:91
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019E2B0A1838B223143B8EDBB3FA24E1E0D7
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/au2WKv16F4RefqldtFDlWWE895E.roa
Signing time:             Fri 15 May 2026 09:49:02 +0000
ROA not before:           Fri 15 May 2026 09:49:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36002
IP address blocks:        216.236.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 20:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:0a:18:38:b2:23:14:3b:8e:db:b3:fa:24:e1:e0:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: May 15 09:49:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6aed962afd7a17845e7ea95db450e559613cf791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b8:ee:96:69:da:7b:6b:73:08:34:83:fe:a2:
                    41:e5:73:eb:65:06:a6:ad:13:21:97:13:a1:fb:8c:
                    5c:38:ea:a3:d5:b5:c4:7a:eb:75:bb:bd:0a:c0:fd:
                    b1:42:1e:e0:a1:cf:f6:be:49:74:d7:72:43:d4:5a:
                    eb:f7:91:0c:25:71:37:47:c3:5d:88:3f:4c:3b:28:
                    c3:48:63:b4:12:c4:d2:07:b3:c5:30:09:27:77:64:
                    f3:6b:da:ac:e5:4c:a8:5b:20:d3:c8:e9:81:d8:af:
                    ce:a9:5c:89:43:3b:92:97:f7:8e:a8:01:66:45:85:
                    05:dc:a6:47:43:3e:2e:f3:62:86:99:93:91:6f:d3:
                    92:8f:29:52:a5:e3:da:f2:7e:3d:a1:4a:28:da:0a:
                    ee:e6:a0:ee:6e:d1:e0:20:f9:cd:4c:cb:e1:17:1c:
                    ad:ba:3f:5f:b2:e2:b9:85:57:52:76:bb:49:cd:61:
                    49:3d:06:e6:4f:f0:3a:21:75:d5:ca:17:1f:22:2b:
                    23:b3:9c:b6:48:8d:b6:f4:3a:3d:73:97:9f:00:2c:
                    79:d2:03:11:da:f8:61:a9:37:2b:83:bf:d1:86:2c:
                    df:20:09:3b:f1:b0:a5:82:ed:20:ec:0f:84:3a:6b:
                    c5:18:3d:1d:f2:2f:45:a9:7b:03:d9:65:af:ce:95:
                    59:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:ED:96:2A:FD:7A:17:84:5E:7E:A9:5D:B4:50:E5:59:61:3C:F7:91
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/au2WKv16F4RefqldtFDlWWE895E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:72:63:c2:05:8b:e4:d6:ac:cd:7e:25:23:7e:40:e8:bc:d2:
         49:3a:80:0c:34:0d:80:f9:c2:fe:5a:35:ef:c6:a3:48:92:cc:
         9a:3b:27:bc:36:86:50:6f:77:f3:bd:8b:5b:fa:5b:88:9a:f1:
         2d:f1:99:94:fe:62:fc:c8:1a:e0:3f:e0:86:3d:0c:73:62:5d:
         bd:dd:4c:b0:7f:b9:d7:aa:2e:f8:30:ca:78:78:72:8d:54:a0:
         a9:50:89:6f:43:9d:a3:1b:7f:92:b5:e8:2f:8b:18:7c:ed:18:
         d3:8a:99:c1:e3:b5:55:39:52:d0:c9:a3:bf:95:a1:11:4b:34:
         08:cf:5f:0d:18:a7:4b:d3:5d:10:83:11:67:54:4f:4b:56:4f:
         21:bc:da:2a:84:31:3b:9c:47:90:aa:f9:2b:ea:20:26:5d:6b:
         b7:01:e9:1c:73:45:58:66:e2:38:bc:47:0f:e8:23:e5:e2:44:
         b6:ed:fb:92:fc:30:28:96:1e:d2:ad:48:27:0a:04:48:87:6a:
         3b:5b:1c:a5:b8:2a:a2:55:0a:48:0d:e8:63:a5:17:9c:ea:6d:
         04:43:39:ed:8f:cd:9d:81:91:34:d7:f4:33:bf:27:77:1c:83:
         4d:92:95:54:3d:19:04:1d:a4:1e:39:8b:cc:fd:8c:b6:4a:84:
         77:af:36:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rChg4siMUO47bs/ok4eDXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNTE1MDk0OTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWVkOTYyYWZkN2ExNzg0NWU3ZWE5NWRiNDUwZTU1OTYxM2NmNzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7julmnae2tzCDSD/qJB5XPrZQam
rRMhlxOh+4xcOOqj1bXEeut1u70KwP2xQh7goc/2vkl013JD1Frr95EMJXE3R8Nd
iD9MOyjDSGO0EsTSB7PFMAknd2Tza9qs5UyoWyDTyOmB2K/OqVyJQzuSl/eOqAFm
RYUF3KZHQz4u82KGmZORb9OSjylSpePa8n49oUoo2gru5qDubtHgIPnNTMvhFxyt
uj9fsuK5hVdSdrtJzWFJPQbmT/A6IXXVyhcfIisjs5y2SI229Do9c5efACx50gMR
2vhhqTcrg7/RhizfIAk78bClgu0g7A+EOmvFGD0d8i9FqXsD2WWvzpVZWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrtlir9eheEXn6pXbRQ5VlhPPeRMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvYXUyV0t2MTZGNFJlZnFsZHRGRGxXV0U4OTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2Ow8MA0G
CSqGSIb3DQEBCwUAA4IBAQBycmPCBYvk1qzNfiUjfkDovNJJOoAMNA2A+cL+WjXv
xqNIksyaOye8NoZQb3fzvYtb+luImvEt8ZmU/mL8yBrgP+CGPQxzYl293Uywf7nX
qi74MMp4eHKNVKCpUIlvQ52jG3+Stegvixh87RjTipnB47VVOVLQyaO/laERSzQI
z18NGKdL010QgxFnVE9LVk8hvNoqhDE7nEeQqvkr6iAmXWu3Aekcc0VYZuI4vEcP
6CPl4kS27fuS/DAolh7SrUgnCgRIh2o7WxyluCqiVQpIDehjpRec6m0EQzntj82d
gZE01/Qzvyd3HINNkpVUPRkEHaQeOYvM/Yy2SoR3rzax
-----END CERTIFICATE-----