Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/22ae14-e45e-4eee-bd07-4482ada232e3/1/Dry5_ZM0-5UWueV3Xh-0UF6oy_8.roa
File:                     Dry5_ZM0-5UWueV3Xh-0UF6oy_8.roa (raw, json)
Hash identifier:          loIcYvo+tpFSssRwcMc7jqSuMGlvbkxXG14SU3atHhw=
Subject key identifier:   0E:BC:B9:FD:93:34:FB:95:16:B9:E5:77:5E:1F:B4:50:5E:A8:CB:FF
Certificate issuer:       /CN=16b198b6ee3af68debc2347a5e98f711fb30f28b
Certificate serial:       019B7AC81B4381FD164D93CC8351CF43EFFD
Authority key identifier: 16:B1:98:B6:EE:3A:F6:8D:EB:C2:34:7A:5E:98:F7:11:FB:30:F2:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FrGYtu469o3rwjR6Xpj3Efsw8os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/22ae14-e45e-4eee-bd07-4482ada232e3/1/Dry5_ZM0-5UWueV3Xh-0UF6oy_8.roa
Signing time:             Thu 01 Jan 2026 18:18:13 +0000
ROA not before:           Thu 01 Jan 2026 18:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214058
IP address blocks:        62.68.78.0/24 maxlen: 24
                          212.108.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/22ae14-e45e-4eee-bd07-4482ada232e3/1/FrGYtu469o3rwjR6Xpj3Efsw8os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/22ae14-e45e-4eee-bd07-4482ada232e3/1/FrGYtu469o3rwjR6Xpj3Efsw8os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FrGYtu469o3rwjR6Xpj3Efsw8os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:1b:43:81:fd:16:4d:93:cc:83:51:cf:43:ef:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16b198b6ee3af68debc2347a5e98f711fb30f28b
        Validity
            Not Before: Jan  1 18:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ebcb9fd9334fb9516b9e5775e1fb4505ea8cbff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:04:49:3b:35:91:2f:43:a8:b9:d6:13:71:9c:
                    5b:25:e0:d1:4a:98:05:83:76:7b:a5:fb:98:ba:05:
                    34:2f:c1:91:b3:4c:a4:54:cb:f3:81:50:1d:9c:3c:
                    33:03:43:a2:a3:b2:f9:88:c6:70:77:a2:91:ba:ba:
                    ab:2d:35:81:31:b6:6d:22:54:4f:1d:3d:b1:aa:26:
                    fb:ab:3c:f2:50:b0:95:e4:2d:28:af:cf:c3:52:9e:
                    35:28:55:7c:1b:cc:23:db:26:73:21:77:71:9a:e5:
                    f5:bd:48:ed:87:71:85:84:36:46:46:40:48:3d:49:
                    65:0b:02:9a:e3:89:3b:4a:f9:05:70:9d:a6:6c:41:
                    a8:02:08:99:25:2d:a7:0f:a5:36:0d:74:10:84:63:
                    f8:b3:c3:56:cb:97:5d:2f:0a:92:7c:db:9e:19:56:
                    d3:2a:c0:04:03:dc:3c:9e:05:29:0c:2e:15:fe:6e:
                    bb:55:d7:d8:7c:a5:52:69:e0:b5:77:c7:0e:98:10:
                    75:19:31:af:fd:5f:ee:45:98:c8:36:5f:94:c8:c2:
                    8e:c2:a3:ee:ad:6e:81:12:c3:b6:c6:26:d4:e5:c4:
                    8b:30:e4:a6:e0:9b:05:f5:b5:42:7b:93:e2:8d:95:
                    bf:46:ca:26:6c:3d:81:31:cc:f1:2d:ab:95:73:14:
                    3b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:BC:B9:FD:93:34:FB:95:16:B9:E5:77:5E:1F:B4:50:5E:A8:CB:FF
            X509v3 Authority Key Identifier:
                keyid:16:B1:98:B6:EE:3A:F6:8D:EB:C2:34:7A:5E:98:F7:11:FB:30:F2:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FrGYtu469o3rwjR6Xpj3Efsw8os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/22ae14-e45e-4eee-bd07-4482ada232e3/1/Dry5_ZM0-5UWueV3Xh-0UF6oy_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/22ae14-e45e-4eee-bd07-4482ada232e3/1/FrGYtu469o3rwjR6Xpj3Efsw8os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.78.0/24
                  212.108.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:e9:a8:6a:0f:1d:f0:73:28:ba:9a:48:3e:01:16:36:ff:25:
         53:6a:d1:66:db:7c:02:0c:59:b5:2e:45:cd:5c:e3:a9:d6:f3:
         fb:38:14:0e:a5:f4:01:a7:e1:1a:15:06:d6:61:48:8e:c0:0a:
         f7:af:32:c5:e4:b2:b9:10:42:eb:60:11:36:ff:39:33:06:ae:
         c9:7b:c0:41:b1:e8:45:40:bb:a7:79:e0:9a:d3:07:1c:4d:8b:
         45:d8:14:fc:75:47:95:26:05:71:36:ed:fa:0e:39:e5:d1:5f:
         6c:26:61:3e:f5:ff:1b:53:8b:55:59:34:f6:f6:dc:0d:ba:14:
         c7:4d:5f:48:c9:61:f5:1d:8e:d1:d1:3d:75:fa:a6:59:f9:76:
         80:23:04:a9:34:55:91:38:39:d6:5e:26:f9:03:69:49:d5:5e:
         d7:77:10:af:3a:88:86:3d:2e:11:93:4d:fe:17:66:ab:18:44:
         c1:cc:fa:ba:42:10:3b:95:93:e8:14:73:26:90:db:de:d3:d1:
         e7:d1:71:03:01:5e:1c:6a:6a:c9:4b:fa:e7:1b:e7:15:60:16:
         25:f8:2c:0c:a7:52:cc:cd:d8:0d:c3:05:3a:c1:0d:46:7e:b8:
         35:e1:36:76:95:13:02:27:42:78:b2:20:cf:03:17:26:cd:47:
         85:16:1a:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt6yBtDgf0WTZPMg1HPQ+/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2YjE5OGI2ZWUzYWY2OGRlYmMyMzQ3YTVlOThmNzExZmIz
MGYyOGIwHhcNMjYwMTAxMTgxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWJjYjlmZDkzMzRmYjk1MTZiOWU1Nzc1ZTFmYjQ1MDVlYThjYmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQRJOzWRL0OoudYTcZxbJeDRSpgF
g3Z7pfuYugU0L8GRs0ykVMvzgVAdnDwzA0Oio7L5iMZwd6KRurqrLTWBMbZtIlRP
HT2xqib7qzzyULCV5C0or8/DUp41KFV8G8wj2yZzIXdxmuX1vUjth3GFhDZGRkBI
PUllCwKa44k7SvkFcJ2mbEGoAgiZJS2nD6U2DXQQhGP4s8NWy5ddLwqSfNueGVbT
KsAEA9w8ngUpDC4V/m67VdfYfKVSaeC1d8cOmBB1GTGv/V/uRZjINl+UyMKOwqPu
rW6BEsO2xibU5cSLMOSm4JsF9bVCe5PijZW/RsombD2BMczxLauVcxQ7iQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA68uf2TNPuVFrnld14ftFBeqMv/MB8GA1UdIwQY
MBaAFBaxmLbuOvaN68I0el6Y9xH7MPKLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnJHWXR1NDY5bzNyd2pSNlhwajNFZnN3OG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yMmFlMTQtZTQ1ZS00ZWVlLWJkMDct
NDQ4MmFkYTIzMmUzLzEvRHJ5NV9aTTAtNVVXdWVWM1hoLTBVRjZveV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yMmFlMTQtZTQ1ZS00ZWVlLWJkMDctNDQ4MmFkYTIzMmUz
LzEvRnJHWXR1NDY5bzNyd2pSNlhwajNFZnN3OG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkROAwQA
1GxjMA0GCSqGSIb3DQEBCwUAA4IBAQBN6ahqDx3wcyi6mkg+ARY2/yVTatFm23wC
DFm1LkXNXOOp1vP7OBQOpfQBp+EaFQbWYUiOwAr3rzLF5LK5EELrYBE2/zkzBq7J
e8BBsehFQLuneeCa0wccTYtF2BT8dUeVJgVxNu36Djnl0V9sJmE+9f8bU4tVWTT2
9twNuhTHTV9IyWH1HY7R0T11+qZZ+XaAIwSpNFWRODnWXib5A2lJ1V7XdxCvOoiG
PS4Rk03+F2arGETBzPq6QhA7lZPoFHMmkNve09Hn0XEDAV4camrJS/rnG+cVYBYl
+CwMp1LMzdgNwwU6wQ1Gfrg14TZ2lRMCJ0J4siDPAxcmzUeFFhq/
-----END CERTIFICATE-----