Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/1YdqHceUTAJVaWEaWNHB657Hojk.roa
File:                     1YdqHceUTAJVaWEaWNHB657Hojk.roa (raw, json)
Hash identifier:          M7yspIucYhPtZQOl9itMxGQaPaYB33ThzI2dg1R1O/8=
Subject key identifier:   D5:87:6A:1D:C7:94:4C:02:55:69:61:1A:58:D1:C1:EB:9E:C7:A2:39
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       019D4EBB39284704F51C673C30EE24C99621
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/1YdqHceUTAJVaWEaWNHB657Hojk.roa
Signing time:             Thu 02 Apr 2026 15:06:25 +0000
ROA not before:           Thu 02 Apr 2026 15:06:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209207
IP address blocks:        153.80.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4e:bb:39:28:47:04:f5:1c:67:3c:30:ee:24:c9:96:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Apr  2 15:06:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5876a1dc7944c025569611a58d1c1eb9ec7a239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:37:14:46:1e:e8:f0:46:54:d0:92:51:06:cf:
                    66:74:24:b6:bb:8b:fe:bd:88:cd:33:3e:b3:fb:a0:
                    ae:f1:0b:f1:22:c7:e6:7d:86:9d:57:64:6f:13:ce:
                    01:80:1a:1c:b9:61:c5:4b:b8:37:a1:7b:f7:bb:b8:
                    e3:e8:23:af:13:3b:d5:c2:68:40:b8:bd:b0:9d:aa:
                    f8:1b:ff:16:eb:f2:9d:89:db:54:f5:80:96:be:46:
                    3d:4f:6f:d2:1b:69:93:c8:b9:6f:99:86:ea:4e:19:
                    dd:30:a1:29:a6:9d:b3:82:e1:4a:af:1d:16:1c:fd:
                    8c:3b:8d:45:9b:31:0c:86:2e:98:23:71:bf:f5:c8:
                    65:28:66:ae:50:94:b1:e9:18:4c:72:61:8f:15:61:
                    77:e4:6f:b8:6e:e8:2d:49:41:1a:1b:20:af:02:0f:
                    d0:a5:7b:31:45:a7:09:ad:ba:05:76:e8:25:11:3b:
                    ad:5f:19:bb:59:e1:a5:a0:5c:0b:57:a2:3a:57:3c:
                    cb:e0:3d:6f:55:76:b4:bc:0a:a5:85:1b:8d:fe:ab:
                    8d:5b:3d:72:cb:ea:88:92:e4:18:cc:5b:e1:cf:02:
                    a6:c4:ca:1a:30:b8:4c:af:82:4b:29:cc:74:4c:62:
                    a3:4a:85:56:e5:d3:67:97:ce:ce:dc:bd:61:02:8b:
                    aa:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:87:6A:1D:C7:94:4C:02:55:69:61:1A:58:D1:C1:EB:9E:C7:A2:39
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/1YdqHceUTAJVaWEaWNHB657Hojk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.80.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:9d:72:58:7a:69:79:f6:18:cd:29:b2:15:5d:3d:82:b3:b3:
         de:a5:71:ed:ac:b5:ca:cd:7f:42:d7:6c:a1:30:ad:a0:e4:40:
         00:0d:61:01:b2:3f:0c:78:eb:76:df:d7:3d:69:85:27:d9:7c:
         85:bd:f5:70:df:e5:b1:84:58:c7:1b:9a:e2:57:48:6e:66:dc:
         fd:64:1c:01:72:be:87:2c:dd:6a:a6:00:a4:bb:4c:10:d7:35:
         de:65:c4:d4:85:a9:f9:c3:1a:d8:bd:75:ad:21:57:fe:64:ff:
         43:7f:d3:1a:b2:80:f6:64:3b:64:35:03:23:d4:2c:53:d8:8d:
         a5:d7:02:5c:9a:dd:ae:4f:62:77:bc:ed:d4:77:f1:d9:c5:93:
         fd:95:f2:17:3f:5a:de:dd:48:e0:2a:20:74:52:03:0c:26:ac:
         31:c9:21:dc:2d:43:10:24:d7:3b:7d:d9:a7:83:e7:4e:b0:73:
         7e:c8:6b:30:f4:c3:f4:2f:6b:d3:87:16:65:a2:fd:11:f7:e8:
         96:43:bf:fb:fe:cb:e4:e8:bb:c5:93:34:d8:2c:da:58:54:e4:
         ea:ea:8c:b7:50:d4:1f:3c:8e:fe:a5:a4:40:39:b0:9d:62:5b:
         ad:5f:33:2b:a7:d5:a7:3f:3d:79:cd:48:06:1a:36:60:d8:78:
         07:ad:69:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1OuzkoRwT1HGc8MO4kyZYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjYwNDAyMTUwNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTg3NmExZGM3OTQ0YzAyNTU2OTYxMWE1OGQxYzFlYjllYzdhMjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTcURh7o8EZU0JJRBs9mdCS2u4v+
vYjNMz6z+6Cu8QvxIsfmfYadV2RvE84BgBocuWHFS7g3oXv3u7jj6COvEzvVwmhA
uL2wnar4G/8W6/KdidtU9YCWvkY9T2/SG2mTyLlvmYbqThndMKEppp2zguFKrx0W
HP2MO41FmzEMhi6YI3G/9chlKGauUJSx6RhMcmGPFWF35G+4bugtSUEaGyCvAg/Q
pXsxRacJrboFduglETutXxm7WeGloFwLV6I6VzzL4D1vVXa0vAqlhRuN/quNWz1y
y+qIkuQYzFvhzwKmxMoaMLhMr4JLKcx0TGKjSoVW5dNnl87O3L1hAouqGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWHah3HlEwCVWlhGljRweuex6I5MB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvMVlkcUhjZVVUQUpWYVdFYVdOSEI2NTdIb2prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmVD5MA0G
CSqGSIb3DQEBCwUAA4IBAQCEnXJYeml59hjNKbIVXT2Cs7PepXHtrLXKzX9C12yh
MK2g5EAADWEBsj8MeOt239c9aYUn2XyFvfVw3+WxhFjHG5riV0huZtz9ZBwBcr6H
LN1qpgCku0wQ1zXeZcTUhan5wxrYvXWtIVf+ZP9Df9MasoD2ZDtkNQMj1CxT2I2l
1wJcmt2uT2J3vO3Ud/HZxZP9lfIXP1re3UjgKiB0UgMMJqwxySHcLUMQJNc7fdmn
g+dOsHN+yGsw9MP0L2vThxZlov0R9+iWQ7/7/svk6LvFkzTYLNpYVOTq6oy3UNQf
PI7+paRAObCdYlutXzMrp9WnPz15zUgGGjZg2HgHrWkH
-----END CERTIFICATE-----