Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/oMGIzpCIk1MpYh7JUJDeE6V61o8.roa
File:                     oMGIzpCIk1MpYh7JUJDeE6V61o8.roa (raw, json)
Hash identifier:          UWABj3txYPzJG90mw1O5Kxp8Tsmo7+bGd8ThwRqlhzk=
Subject key identifier:   A0:C1:88:CE:90:88:93:53:29:62:1E:C9:50:90:DE:13:A5:7A:D6:8F
Certificate issuer:       /CN=08828bc7dd784850b896ed7ded9483db5f01e059
Certificate serial:       019DB75EA64BD53802ED1E0D3A49F690E359
Authority key identifier: 08:82:8B:C7:DD:78:48:50:B8:96:ED:7D:ED:94:83:DB:5F:01:E0:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIKLx914SFC4lu197ZSD218B4Fk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/oMGIzpCIk1MpYh7JUJDeE6V61o8.roa
Signing time:             Wed 22 Apr 2026 22:45:26 +0000
ROA not before:           Wed 22 Apr 2026 22:45:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215826
IP address blocks:        213.177.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/CIKLx914SFC4lu197ZSD218B4Fk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/CIKLx914SFC4lu197ZSD218B4Fk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIKLx914SFC4lu197ZSD218B4Fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b7:5e:a6:4b:d5:38:02:ed:1e:0d:3a:49:f6:90:e3:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08828bc7dd784850b896ed7ded9483db5f01e059
        Validity
            Not Before: Apr 22 22:45:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0c188ce9088935329621ec95090de13a57ad68f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:97:68:b9:b3:4c:72:d9:51:09:ff:5a:49:21:
                    dd:9b:82:72:4f:a8:13:53:6f:be:aa:2d:89:93:cd:
                    0b:68:8a:b6:2f:0c:06:f4:60:bb:15:cc:7e:5c:94:
                    26:f6:86:62:2e:22:24:4b:b4:63:aa:db:5e:59:1d:
                    64:f2:3b:3c:35:22:3e:32:84:a8:dd:4a:1f:1f:92:
                    32:1d:93:53:48:24:f8:0d:ce:88:c7:4f:33:3b:ff:
                    72:80:29:11:d2:83:47:37:83:6f:39:a0:90:61:c5:
                    f6:cb:dd:47:4e:ab:2f:e8:bb:12:1a:5c:c4:de:0d:
                    5e:13:41:5e:0e:08:2d:23:65:e8:d7:95:4d:23:dc:
                    f9:6b:64:d3:be:90:49:fe:24:0b:1f:e0:b0:1b:98:
                    4a:47:d6:cb:72:74:a0:05:5b:f1:f6:dc:3a:1c:51:
                    56:6b:5b:0a:e0:60:fb:86:63:87:57:4e:18:f6:e6:
                    ad:48:0b:0f:d6:2d:50:1e:a9:8d:0c:8f:6b:ed:14:
                    92:2e:c5:50:88:89:8d:7d:c3:8c:28:4b:50:cb:a2:
                    99:8b:75:6c:1c:a8:df:f7:60:25:d4:e1:c1:2f:7b:
                    86:57:58:48:27:c8:01:2b:e8:5a:cf:ce:42:33:1c:
                    a8:fd:1c:dd:2d:d9:d9:e0:b8:8d:fd:ec:0b:47:96:
                    ba:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:C1:88:CE:90:88:93:53:29:62:1E:C9:50:90:DE:13:A5:7A:D6:8F
            X509v3 Authority Key Identifier:
                keyid:08:82:8B:C7:DD:78:48:50:B8:96:ED:7D:ED:94:83:DB:5F:01:E0:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIKLx914SFC4lu197ZSD218B4Fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/oMGIzpCIk1MpYh7JUJDeE6V61o8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/CIKLx914SFC4lu197ZSD218B4Fk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.177.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:11:54:b2:e1:4f:71:58:fe:8b:b5:59:52:23:fd:03:94:fd:
         cf:ef:a9:9f:0c:c2:4f:82:93:66:64:6c:a3:b9:77:71:8b:0b:
         96:e0:66:05:e9:c1:13:6a:59:c2:03:ab:89:ed:c7:f9:90:0f:
         7b:4b:fa:21:f4:2f:37:d0:f4:ca:d2:8a:d6:84:cf:40:8e:fc:
         bd:45:0b:22:98:7d:6b:2d:89:a8:87:8c:e8:73:97:b1:4d:64:
         05:7b:87:ff:f0:1f:54:b4:a1:3f:c5:a0:4d:e4:6e:b6:5d:3f:
         b4:8e:5b:b5:f1:24:3b:29:7c:46:3f:5c:06:d9:9f:1d:5d:16:
         75:44:1d:60:b3:20:60:1a:0e:19:95:46:f8:9b:ec:9d:40:a1:
         c3:af:4a:25:1b:78:2e:48:40:1b:d2:7a:e0:25:6c:fa:5e:99:
         78:c1:d3:56:92:14:a3:1f:6a:7c:4b:14:c7:22:7c:fc:87:0d:
         03:62:9a:d3:c2:2b:ca:ad:21:d6:17:7b:18:55:f0:93:be:a3:
         51:e4:03:93:ce:b5:ad:4f:25:6f:77:9d:6e:dd:7e:37:a1:d2:
         50:ec:e0:fc:e9:3e:23:32:45:4e:75:21:d6:90:9d:29:fd:40:
         5e:85:d1:cf:a4:54:b5:72:bd:df:9c:63:d6:57:28:9b:e9:2d:
         16:d0:42:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ23XqZL1TgC7R4NOkn2kONZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODI4YmM3ZGQ3ODQ4NTBiODk2ZWQ3ZGVkOTQ4M2RiNWYw
MWUwNTkwHhcNMjYwNDIyMjI0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGMxODhjZTkwODg5MzUzMjk2MjFlYzk1MDkwZGUxM2E1N2FkNjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5doubNMctlRCf9aSSHdm4JyT6gT
U2++qi2Jk80LaIq2LwwG9GC7Fcx+XJQm9oZiLiIkS7RjqtteWR1k8js8NSI+MoSo
3UofH5IyHZNTSCT4Dc6Ix08zO/9ygCkR0oNHN4NvOaCQYcX2y91HTqsv6LsSGlzE
3g1eE0FeDggtI2Xo15VNI9z5a2TTvpBJ/iQLH+CwG5hKR9bLcnSgBVvx9tw6HFFW
a1sK4GD7hmOHV04Y9uatSAsP1i1QHqmNDI9r7RSSLsVQiImNfcOMKEtQy6KZi3Vs
HKjf92Al1OHBL3uGV1hIJ8gBK+haz85CMxyo/RzdLdnZ4LiN/ewLR5a6mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDBiM6QiJNTKWIeyVCQ3hOletaPMB8GA1UdIwQY
MBaAFAiCi8fdeEhQuJbtfe2Ug9tfAeBZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lLTHg5MTRTRkM0bHUxOTdaU0QyMThCNEZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy84NjY3NTQtZjBlZi00OTAwLThkZDAt
NmMwNDAzYzlhNDQwLzEvb01HSXpwQ0lrMU1wWWg3SlVKRGVFNlY2MW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy84NjY3NTQtZjBlZi00OTAwLThkZDAtNmMwNDAzYzlhNDQw
LzEvQ0lLTHg5MTRTRkM0bHUxOTdaU0QyMThCNEZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bGqMA0G
CSqGSIb3DQEBCwUAA4IBAQBHEVSy4U9xWP6LtVlSI/0DlP3P76mfDMJPgpNmZGyj
uXdxiwuW4GYF6cETalnCA6uJ7cf5kA97S/oh9C830PTK0orWhM9Ajvy9RQsimH1r
LYmoh4zoc5exTWQFe4f/8B9UtKE/xaBN5G62XT+0jlu18SQ7KXxGP1wG2Z8dXRZ1
RB1gsyBgGg4ZlUb4m+ydQKHDr0olG3guSEAb0nrgJWz6Xpl4wdNWkhSjH2p8SxTH
Inz8hw0DYprTwivKrSHWF3sYVfCTvqNR5AOTzrWtTyVvd51u3X43odJQ7OD86T4j
MkVOdSHWkJ0p/UBehdHPpFS1cr3fnGPWVyib6S0W0EK3
-----END CERTIFICATE-----