Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/Ck8M77HakpPGYwHWR3tKMn6oX5I.roa
File:                     Ck8M77HakpPGYwHWR3tKMn6oX5I.roa (raw, json)
Hash identifier:          /KHOK0banE/sW4SbVXZMrQo7GnXfsS39k2T0rCWRPJY=
Subject key identifier:   0A:4F:0C:EF:B1:DA:92:93:C6:63:01:D6:47:7B:4A:32:7E:A8:5F:92
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       019E9BB7BBEB248DDC8B901B216C9E2B25A6
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/Ck8M77HakpPGYwHWR3tKMn6oX5I.roa
Signing time:             Sat 06 Jun 2026 06:56:10 +0000
ROA not before:           Sat 06 Jun 2026 06:56:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203861
IP address blocks:        176.65.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9b:b7:bb:eb:24:8d:dc:8b:90:1b:21:6c:9e:2b:25:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: Jun  6 06:56:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a4f0cefb1da9293c66301d6477b4a327ea85f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:cd:0c:45:7a:0f:35:c8:54:df:60:36:89:8d:
                    6a:fa:84:4b:33:6d:81:85:58:d6:54:5e:c4:2d:b0:
                    af:58:b9:4a:cb:03:0d:e9:6e:98:ed:06:20:82:70:
                    6d:b3:42:0c:8e:5c:7b:52:2c:37:df:ce:3d:7e:d3:
                    57:78:23:99:d1:9f:8d:60:2b:b6:f2:de:15:b1:46:
                    ed:f2:fc:02:2c:18:f3:93:e7:4a:34:23:1a:47:4b:
                    e1:a0:68:ea:30:a8:7a:b8:48:06:52:44:a3:25:54:
                    a5:40:10:bb:8c:03:64:4e:2f:14:73:08:9a:a9:28:
                    02:3b:9d:42:67:f2:2d:3a:d1:66:03:7e:4c:8f:ff:
                    6f:b3:14:01:29:93:aa:36:e7:8f:d4:d7:ff:8a:b1:
                    08:d7:6a:b0:cb:8e:8e:1e:e9:c8:93:38:ed:22:b2:
                    8d:6e:69:d8:2f:e9:5b:cb:94:92:26:52:ba:3a:db:
                    08:7f:42:5b:b6:c4:57:af:c4:4a:00:a6:3d:c8:42:
                    1c:27:1c:dd:fa:c6:ec:cd:ae:2e:38:5c:2c:63:6f:
                    f7:e3:fd:cd:bd:2f:3a:20:1f:22:a9:1e:8c:b4:50:
                    c3:f9:76:cb:3b:2b:e0:99:a1:a3:e4:f9:38:44:38:
                    2c:26:a1:09:1d:5a:b9:ab:20:89:c6:2e:3e:00:dc:
                    9c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:4F:0C:EF:B1:DA:92:93:C6:63:01:D6:47:7B:4A:32:7E:A8:5F:92
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/Ck8M77HakpPGYwHWR3tKMn6oX5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:2f:0d:39:fd:2c:aa:74:e1:61:2e:a1:6a:21:db:8a:d1:a5:
         6c:ee:81:10:3b:f6:bf:b0:04:d6:bd:b5:59:51:82:c8:29:f4:
         3e:d8:83:81:4e:96:3a:ef:ad:40:29:25:65:33:6c:51:8c:21:
         78:a4:d1:da:17:20:36:06:d9:bf:1f:27:21:83:62:e6:21:61:
         f8:91:d6:1c:d8:96:1d:9d:27:d9:fb:3f:2a:2c:8e:0e:03:b7:
         db:17:3b:a5:8a:28:25:da:3c:9c:25:cd:fb:41:0f:69:a0:bd:
         ae:f3:31:42:2b:b0:ec:30:d1:b4:d2:e8:36:29:90:45:98:26:
         33:a7:47:81:a9:0a:c5:83:10:e4:f6:e2:fa:8b:71:4c:3f:f6:
         10:a2:74:a6:af:9e:be:5d:b2:94:bd:79:7c:6d:36:54:b0:d4:
         95:c2:e1:dc:45:35:7d:e3:04:92:9d:ba:8b:9a:3e:c6:ab:d0:
         82:48:aa:75:54:39:0b:6c:2c:0a:fc:0b:2e:6d:b8:39:a0:d1:
         8d:99:44:cd:47:e0:d6:54:94:b1:3d:ff:51:b1:fc:e5:c7:e7:
         18:09:2b:c0:64:fc:e4:1c:20:5f:0a:82:83:fa:8d:e3:c1:e4:
         43:22:d3:fd:42:6a:3a:60:8a:f0:8a:d2:92:88:f7:82:1a:61:
         e4:3f:3a:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6bt7vrJI3ci5AbIWyeKyWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjYwNjA2MDY1NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTRmMGNlZmIxZGE5MjkzYzY2MzAxZDY0NzdiNGEzMjdlYTg1ZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5s0MRXoPNchU32A2iY1q+oRLM22B
hVjWVF7ELbCvWLlKywMN6W6Y7QYggnBts0IMjlx7Uiw33849ftNXeCOZ0Z+NYCu2
8t4VsUbt8vwCLBjzk+dKNCMaR0vhoGjqMKh6uEgGUkSjJVSlQBC7jANkTi8Ucwia
qSgCO51CZ/ItOtFmA35Mj/9vsxQBKZOqNueP1Nf/irEI12qwy46OHunIkzjtIrKN
bmnYL+lby5SSJlK6OtsIf0JbtsRXr8RKAKY9yEIcJxzd+sbsza4uOFwsY2/34/3N
vS86IB8iqR6MtFDD+XbLOyvgmaGj5Pk4RDgsJqEJHVq5qyCJxi4+ANyc0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApPDO+x2pKTxmMB1kd7SjJ+qF+SMB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEvQ2s4TTc3SGFrcFBHWXdIV1IzdEtNbjZvWDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEGPMA0G
CSqGSIb3DQEBCwUAA4IBAQCBLw05/SyqdOFhLqFqIduK0aVs7oEQO/a/sATWvbVZ
UYLIKfQ+2IOBTpY6761AKSVlM2xRjCF4pNHaFyA2Btm/Hychg2LmIWH4kdYc2JYd
nSfZ+z8qLI4OA7fbFzuliigl2jycJc37QQ9poL2u8zFCK7DsMNG00ug2KZBFmCYz
p0eBqQrFgxDk9uL6i3FMP/YQonSmr56+XbKUvXl8bTZUsNSVwuHcRTV94wSSnbqL
mj7Gq9CCSKp1VDkLbCwK/Asubbg5oNGNmUTNR+DWVJSxPf9Rsfzlx+cYCSvAZPzk
HCBfCoKD+o3jweRDItP9Qmo6YIrwitKSiPeCGmHkPzqP
-----END CERTIFICATE-----