Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/pYqyRDZ3yKoa2ihOr54mHCL3tRc.roa
File:                     pYqyRDZ3yKoa2ihOr54mHCL3tRc.roa (raw, json)
Hash identifier:          ZEIRLcKve49FAAP8uRktT/jxMpkhtZPvKW4kSe/sfOo=
Subject key identifier:   A5:8A:B2:44:36:77:C8:AA:1A:DA:28:4E:AF:9E:26:1C:22:F7:B5:17
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019CC14679A5FE388D6D1FBB0B277FD7176E
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/pYqyRDZ3yKoa2ihOr54mHCL3tRc.roa
Signing time:             Fri 06 Mar 2026 03:52:27 +0000
ROA not before:           Fri 06 Mar 2026 03:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400618
IP address blocks:        216.236.4.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 04:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c1:46:79:a5:fe:38:8d:6d:1f:bb:0b:27:7f:d7:17:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Mar  6 03:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a58ab2443677c8aa1ada284eaf9e261c22f7b517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6b:4f:6d:64:10:8c:78:8d:8e:9a:68:21:a3:
                    17:c6:f6:62:76:16:f7:ee:73:de:00:0b:1e:d5:c2:
                    c3:67:e1:e2:25:b2:67:59:5f:fb:3e:ff:6c:92:7b:
                    e2:08:b8:10:9b:f1:26:9f:cb:8a:61:1b:e2:12:b5:
                    9c:89:91:87:b5:04:a0:71:b1:ec:ca:5a:20:09:9d:
                    90:d2:33:3b:67:1b:78:21:51:ad:15:53:09:81:6d:
                    a8:ab:9c:27:bb:5f:e4:f5:35:67:e8:04:b7:8b:e8:
                    c4:d0:9a:2b:a2:e4:15:c5:f9:97:5d:e9:d3:d7:f8:
                    cf:33:8a:be:2c:13:e9:5a:84:9e:bc:11:77:05:2c:
                    bf:8e:70:43:7e:1a:e6:1f:a7:59:7f:20:b7:69:11:
                    06:1b:98:b3:5c:5d:08:9e:2c:1c:0b:60:e4:f3:d9:
                    9c:e6:5a:05:6b:dc:51:5c:25:c7:b6:55:18:4d:0c:
                    bd:b5:cd:00:f4:75:66:85:ca:36:99:48:fc:f9:b5:
                    a8:c3:ed:e5:90:ae:31:c2:21:25:ea:63:73:9b:a3:
                    cb:94:3f:b8:54:18:46:aa:05:68:e1:80:66:91:c9:
                    17:e7:ee:22:60:c2:c7:6b:b2:a5:70:2d:11:4c:c2:
                    1c:4a:98:a6:98:a3:2c:18:67:d9:57:f9:4d:fd:04:
                    57:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:8A:B2:44:36:77:C8:AA:1A:DA:28:4E:AF:9E:26:1C:22:F7:B5:17
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/pYqyRDZ3yKoa2ihOr54mHCL3tRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:4c:df:33:dd:eb:03:05:1a:70:53:b1:ac:2f:e1:0f:03:5e:
         47:a5:49:c0:0b:ad:10:5b:c7:8d:5a:f6:d1:40:6f:7c:37:62:
         5d:93:03:d6:e9:3d:ce:26:f4:78:c0:38:e0:ab:3f:62:a5:f8:
         ec:0e:09:d6:22:95:a3:51:11:90:75:3a:d2:32:e5:e0:e6:72:
         c9:72:e8:50:96:19:5e:ad:a6:2f:68:a9:6c:a6:91:af:d7:ae:
         23:f7:94:a1:cb:15:22:32:2c:d8:32:16:05:67:1f:a6:6f:03:
         94:c4:2f:28:78:44:ce:29:e4:58:64:c5:6e:68:c9:eb:4a:35:
         f1:28:ac:bb:e0:cf:45:df:3c:e7:17:05:51:65:08:dc:92:82:
         1e:9f:8b:cb:5a:92:60:93:50:fb:b6:3e:d0:2d:99:85:f0:e9:
         d3:23:d5:fb:38:df:0f:1e:e6:42:60:fc:7b:48:ea:20:02:f7:
         4b:1d:cc:7e:c2:a0:a6:c3:f3:11:36:61:92:23:14:89:ac:bf:
         25:bd:5c:97:65:2e:fd:fd:15:bd:4a:f4:0a:4b:0f:b0:3c:f5:
         66:66:41:5b:ae:85:d4:d1:45:10:63:91:34:08:f6:19:34:01:
         55:f6:a3:23:cf:25:69:5b:31:ab:19:69:43:dd:1e:a0:aa:3d:
         4c:b6:d2:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzBRnml/jiNbR+7Cyd/1xduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMzA2MDM1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNThhYjI0NDM2NzdjOGFhMWFkYTI4NGVhZjllMjYxYzIyZjdiNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWtPbWQQjHiNjppoIaMXxvZidhb3
7nPeAAse1cLDZ+HiJbJnWV/7Pv9sknviCLgQm/Emn8uKYRviErWciZGHtQSgcbHs
ylogCZ2Q0jM7Zxt4IVGtFVMJgW2oq5wnu1/k9TVn6AS3i+jE0JorouQVxfmXXenT
1/jPM4q+LBPpWoSevBF3BSy/jnBDfhrmH6dZfyC3aREGG5izXF0IniwcC2Dk89mc
5loFa9xRXCXHtlUYTQy9tc0A9HVmhco2mUj8+bWow+3lkK4xwiEl6mNzm6PLlD+4
VBhGqgVo4YBmkckX5+4iYMLHa7KlcC0RTMIcSpimmKMsGGfZV/lN/QRXFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWKskQ2d8iqGtooTq+eJhwi97UXMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvcFlxeVJEWjN5S29hMmloT3I1NG1IQ0wzdFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2OwEMA0G
CSqGSIb3DQEBCwUAA4IBAQA+TN8z3esDBRpwU7GsL+EPA15HpUnAC60QW8eNWvbR
QG98N2JdkwPW6T3OJvR4wDjgqz9ipfjsDgnWIpWjURGQdTrSMuXg5nLJcuhQlhle
raYvaKlsppGv164j95ShyxUiMizYMhYFZx+mbwOUxC8oeETOKeRYZMVuaMnrSjXx
KKy74M9F3zznFwVRZQjckoIen4vLWpJgk1D7tj7QLZmF8OnTI9X7ON8PHuZCYPx7
SOogAvdLHcx+wqCmw/MRNmGSIxSJrL8lvVyXZS79/RW9SvQKSw+wPPVmZkFbroXU
0UUQY5E0CPYZNAFV9qMjzyVpWzGrGWlD3R6gqj1MttLT
-----END CERTIFICATE-----