Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/oqnabKxpFbtrqLy7jRC2pPJ8V9g.roa
File:                     oqnabKxpFbtrqLy7jRC2pPJ8V9g.roa (raw, json)
Hash identifier:          VE1/XvPZNwlf5RXLj+2jf/J7x52P9E6soQwnQ9ir++I=
Subject key identifier:   A2:A9:DA:6C:AC:69:15:BB:6B:A8:BC:BB:8D:10:B6:A4:F2:7C:57:D8
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DAF58591A2AD05879EA4353618AD49E7D
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/oqnabKxpFbtrqLy7jRC2pPJ8V9g.roa
Signing time:             Tue 21 Apr 2026 09:21:35 +0000
ROA not before:           Tue 21 Apr 2026 09:21:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203090
IP address blocks:        216.23.84.0/22 maxlen: 24
                          216.23.92.0/22 maxlen: 24
                          216.23.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 18:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:58:59:1a:2a:d0:58:79:ea:43:53:61:8a:d4:9e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 21 09:21:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2a9da6cac6915bb6ba8bcbb8d10b6a4f27c57d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d9:77:7f:0d:22:9d:cf:24:d8:b9:bf:61:df:
                    a2:bc:6a:db:1e:c7:d5:ca:5b:ab:2d:d8:52:76:80:
                    a6:6d:51:61:df:a1:51:72:10:74:3a:bd:f7:a0:30:
                    ca:38:b7:e1:c8:e0:46:8c:6e:cb:ed:55:20:66:72:
                    00:e6:fe:8c:d5:f3:da:65:7e:3f:cb:2c:73:8d:7e:
                    bf:72:70:95:b2:fb:51:6e:74:ca:cd:53:76:30:46:
                    0a:b3:bd:59:11:c9:8b:14:5f:f0:e6:d7:b0:07:b7:
                    21:83:41:7b:58:8a:7e:61:22:00:5e:dd:03:68:38:
                    2b:0e:bb:68:0d:82:22:89:10:58:57:c2:87:70:b8:
                    a2:72:8b:7a:3f:71:ee:74:bd:13:be:37:60:af:c2:
                    d6:4f:aa:4d:54:79:a0:22:9a:3f:7d:bb:a5:c1:a1:
                    00:e1:b0:62:35:9b:b9:68:57:cb:b3:a8:0c:f5:ca:
                    00:67:f7:c0:00:ea:d3:57:62:c6:94:53:33:17:0f:
                    19:1a:b8:68:2a:ef:cf:65:0a:99:c5:59:3c:52:d5:
                    6a:9d:4f:06:be:7c:00:1e:f7:7c:9d:45:b3:d4:51:
                    b7:76:4a:b9:7b:89:2b:7f:e7:c3:47:45:e4:c4:28:
                    ea:32:50:dd:d2:ec:b7:2a:12:02:61:48:1b:e4:f0:
                    b9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:A9:DA:6C:AC:69:15:BB:6B:A8:BC:BB:8D:10:B6:A4:F2:7C:57:D8
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/oqnabKxpFbtrqLy7jRC2pPJ8V9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.84.0/22
                  216.23.92.0/22
                  216.23.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:48:45:c0:94:fe:2a:39:2b:a7:fd:73:51:d0:72:9a:a6:84:
         41:09:e9:12:ae:df:79:af:b4:d2:c0:33:5e:61:df:d1:0b:6d:
         2d:0e:dd:d5:14:e4:cc:a9:7a:0c:31:88:0b:a6:bd:96:13:21:
         21:4a:fe:c1:00:36:24:40:ef:77:e7:cd:70:c0:48:2f:ab:76:
         e2:76:d2:63:17:3d:92:04:21:55:78:82:2a:82:63:ae:4f:14:
         97:14:a1:59:00:b0:0b:99:2f:15:a7:70:8f:57:37:bc:42:98:
         2f:35:f8:a9:04:b3:45:ce:e9:86:ea:77:9c:ed:2c:fa:67:58:
         e0:f2:23:34:ac:65:e7:c7:db:78:75:9b:01:d5:6e:78:99:f5:
         e8:85:c9:89:be:46:b8:de:2b:13:0c:50:b5:8e:de:00:2d:f3:
         2e:6e:ff:2e:36:07:40:43:67:fc:2e:1f:30:54:a3:53:f6:da:
         95:1c:f3:65:e1:e8:10:90:e9:4b:ef:a7:7a:2d:66:3b:e7:09:
         e0:31:b8:ea:f1:74:c2:65:53:19:5d:b5:e0:97:80:59:b3:8d:
         f0:16:bc:48:a1:eb:58:39:d7:1c:3c:61:a3:0c:49:68:85:bf:
         d1:61:f1:58:a5:ea:49:04:da:6c:54:da:6c:71:bf:3f:c1:3a:
         fa:61:1d:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2vWFkaKtBYeepDU2GK1J59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDIxMDkyMTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmE5ZGE2Y2FjNjkxNWJiNmJhOGJjYmI4ZDEwYjZhNGYyN2M1N2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9l3fw0inc8k2Lm/Yd+ivGrbHsfV
ylurLdhSdoCmbVFh36FRchB0Or33oDDKOLfhyOBGjG7L7VUgZnIA5v6M1fPaZX4/
yyxzjX6/cnCVsvtRbnTKzVN2MEYKs71ZEcmLFF/w5tewB7chg0F7WIp+YSIAXt0D
aDgrDrtoDYIiiRBYV8KHcLiicot6P3HudL0Tvjdgr8LWT6pNVHmgIpo/fbulwaEA
4bBiNZu5aFfLs6gM9coAZ/fAAOrTV2LGlFMzFw8ZGrhoKu/PZQqZxVk8UtVqnU8G
vnwAHvd8nUWz1FG3dkq5e4krf+fDR0XkxCjqMlDd0uy3KhICYUgb5PC5nwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKKp2mysaRW7a6i8u40QtqTyfFfYMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvb3FuYWJLeHBGYnRycUx5N2pSQzJwUEo4VjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQC2BdUAwQC
2BdcAwQC2Bd0MA0GCSqGSIb3DQEBCwUAA4IBAQCwSEXAlP4qOSun/XNR0HKapoRB
CekSrt95r7TSwDNeYd/RC20tDt3VFOTMqXoMMYgLpr2WEyEhSv7BADYkQO93581w
wEgvq3bidtJjFz2SBCFVeIIqgmOuTxSXFKFZALALmS8Vp3CPVze8QpgvNfipBLNF
zumG6nec7Sz6Z1jg8iM0rGXnx9t4dZsB1W54mfXohcmJvka43isTDFC1jt4ALfMu
bv8uNgdAQ2f8Lh8wVKNT9tqVHPNl4egQkOlL76d6LWY75wngMbjq8XTCZVMZXbXg
l4BZs43wFrxIoetYOdccPGGjDElohb/RYfFYpepJBNpsVNpscb8/wTr6YR21
-----END CERTIFICATE-----