Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Sjoe0y3s2MFPOX1Jy9ehXCbaafo.roa
File:                     Sjoe0y3s2MFPOX1Jy9ehXCbaafo.roa (raw, json)
Hash identifier:          DlhJ8k3RdxzZ7MDO8N1LI0cx5yjegyR5I1SrHHMW0Cs=
Subject key identifier:   4A:3A:1E:D3:2D:EC:D8:C1:4F:39:7D:49:CB:D7:A1:5C:26:DA:69:FA
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019CA9AEBE6F036B3F244BE2A916641B05BE
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Sjoe0y3s2MFPOX1Jy9ehXCbaafo.roa
Signing time:             Sun 01 Mar 2026 13:55:27 +0000
ROA not before:           Sun 01 Mar 2026 13:55:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        160.20.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a9:ae:be:6f:03:6b:3f:24:4b:e2:a9:16:64:1b:05:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Mar  1 13:55:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a3a1ed32decd8c14f397d49cbd7a15c26da69fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:78:4a:da:6f:56:5c:5e:fe:0e:38:ef:4a:df:
                    ad:e5:48:c6:cf:cc:31:b7:8d:60:32:3f:dc:78:ce:
                    c4:01:9e:0a:a7:5f:c1:30:54:1c:2c:fb:59:c3:d3:
                    69:3a:fc:7e:6d:25:79:47:38:a5:75:4e:93:89:6d:
                    10:1c:5f:d8:0b:d9:ac:29:65:b4:8d:5c:ea:8a:02:
                    7f:2d:b3:64:4e:82:f8:c0:ed:5f:c1:c2:1e:32:eb:
                    cd:af:7b:3a:e0:05:35:54:fb:66:b6:8d:c5:32:5a:
                    3b:70:cc:c7:1d:92:5c:59:24:ed:6b:b9:de:92:11:
                    6e:f0:0b:f8:07:1d:5e:1f:da:87:a1:e9:14:63:c8:
                    3b:56:93:56:14:0d:66:ab:69:fb:d4:3d:22:19:fb:
                    87:c8:87:60:5a:dc:cb:31:28:ce:65:28:52:60:97:
                    c0:17:40:aa:bc:59:6a:34:57:1a:38:a0:c2:4e:2d:
                    e8:dd:1e:a5:dc:5c:5a:18:bd:bd:5b:2a:66:ae:91:
                    a6:de:a6:4d:f7:15:39:64:a2:4b:b2:e5:ea:55:78:
                    81:a3:e8:b5:97:5d:4d:b0:d8:04:d1:f9:0f:3f:87:
                    c8:94:6e:b1:8d:f7:26:59:cc:8f:23:9a:a0:25:8f:
                    47:76:b9:e3:ab:d5:bd:e4:26:5b:30:a6:94:89:ca:
                    a1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:3A:1E:D3:2D:EC:D8:C1:4F:39:7D:49:CB:D7:A1:5C:26:DA:69:FA
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Sjoe0y3s2MFPOX1Jy9ehXCbaafo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:f0:06:fd:2c:d5:91:4a:8c:0f:c2:05:04:5b:c5:ff:34:d2:
         2c:e8:50:c8:7a:a4:da:5f:f3:74:74:7b:63:40:2b:ce:c4:01:
         dc:32:14:26:c1:aa:25:ad:f5:7a:73:5a:bf:b8:15:81:a9:e9:
         79:35:75:22:0b:2c:a3:a1:7e:99:f4:49:1e:df:11:37:cc:21:
         7b:31:a9:31:66:26:8d:05:08:54:47:f5:b1:f5:97:91:37:9f:
         3b:74:81:d9:5f:2c:2d:6d:82:0b:2b:d0:7d:43:10:5d:4d:78:
         ad:2d:ce:4e:5c:f4:97:c2:cc:0b:29:c8:e3:72:57:5d:b5:16:
         8e:1b:b0:c4:86:16:8d:c7:47:51:75:80:34:bb:91:b2:92:41:
         c4:c5:b7:d0:21:6d:c0:20:45:ab:9f:9e:79:a0:87:d3:ff:25:
         ab:e1:53:7f:9e:92:39:56:44:02:1c:d7:84:a5:60:55:5c:0c:
         a3:46:ff:17:85:6a:3a:a6:ac:cb:01:84:51:07:8f:c8:35:92:
         bc:da:7b:07:e8:7e:6c:39:a8:26:aa:7f:a6:3f:e8:65:0d:be:
         a7:8b:a8:10:ad:00:be:fa:f5:7c:eb:e1:88:6c:dc:f8:37:f7:
         b8:5e:02:5f:9c:23:fe:01:2f:03:ad:1d:bd:cc:39:28:64:81:
         b1:00:e4:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyprr5vA2s/JEviqRZkGwW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMzAxMTM1NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTNhMWVkMzJkZWNkOGMxNGYzOTdkNDljYmQ3YTE1YzI2ZGE2OWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnhK2m9WXF7+DjjvSt+t5UjGz8wx
t41gMj/ceM7EAZ4Kp1/BMFQcLPtZw9NpOvx+bSV5RzildU6TiW0QHF/YC9msKWW0
jVzqigJ/LbNkToL4wO1fwcIeMuvNr3s64AU1VPtmto3FMlo7cMzHHZJcWSTta7ne
khFu8Av4Bx1eH9qHoekUY8g7VpNWFA1mq2n71D0iGfuHyIdgWtzLMSjOZShSYJfA
F0CqvFlqNFcaOKDCTi3o3R6l3FxaGL29WypmrpGm3qZN9xU5ZKJLsuXqVXiBo+i1
l11NsNgE0fkPP4fIlG6xjfcmWcyPI5qgJY9Hdrnjq9W95CZbMKaUicqhrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEo6HtMt7NjBTzl9ScvXoVwm2mn6MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvU2pvZTB5M3MyTUZQT1gxSnk5ZWhYQ2JhYWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoBRsMA0G
CSqGSIb3DQEBCwUAA4IBAQB38Ab9LNWRSowPwgUEW8X/NNIs6FDIeqTaX/N0dHtj
QCvOxAHcMhQmwaolrfV6c1q/uBWBqel5NXUiCyyjoX6Z9Eke3xE3zCF7MakxZiaN
BQhUR/Wx9ZeRN587dIHZXywtbYILK9B9QxBdTXitLc5OXPSXwswLKcjjclddtRaO
G7DEhhaNx0dRdYA0u5GykkHExbfQIW3AIEWrn555oIfT/yWr4VN/npI5VkQCHNeE
pWBVXAyjRv8XhWo6pqzLAYRRB4/INZK82nsH6H5sOagmqn+mP+hlDb6ni6gQrQC+
+vV86+GIbNz4N/e4XgJfnCP+AS8DrR29zDkoZIGxAOQu
-----END CERTIFICATE-----