Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/cMli-vLDtEWVXqBnbPb2AmIMArw.roa
File:                     cMli-vLDtEWVXqBnbPb2AmIMArw.roa (raw, json)
Hash identifier:          yaXUPoTmaKSP0dIBZd+WqyCpfByX0KSPwLkW7J++kbI=
Subject key identifier:   70:C9:62:FA:F2:C3:B4:45:95:5E:A0:67:6C:F6:F6:02:62:0C:02:BC
Certificate issuer:       /CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
Certificate serial:       019C9A9ADF4B30F87F228F8D2AE7CC521A34
Authority key identifier: 33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/cMli-vLDtEWVXqBnbPb2AmIMArw.roa
Signing time:             Thu 26 Feb 2026 15:39:26 +0000
ROA not before:           Thu 26 Feb 2026 15:39:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20001
IP address blocks:        101.60.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:9a:df:4b:30:f8:7f:22:8f:8d:2a:e7:cc:52:1a:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
        Validity
            Not Before: Feb 26 15:39:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70c962faf2c3b445955ea0676cf6f602620c02bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f5:6a:5c:81:0f:1f:1e:56:97:9c:40:55:b8:
                    e4:ec:08:4c:ae:1b:b1:d6:b4:06:73:21:12:ce:6e:
                    47:86:b9:e5:ff:cd:91:64:e5:78:80:21:39:9a:9f:
                    b1:4b:a6:f3:d3:5b:12:71:32:99:5b:a3:17:b4:79:
                    27:dd:07:96:45:0c:f3:18:d4:c7:a6:c0:81:d3:8e:
                    5f:e2:4f:ae:6b:44:4c:06:a2:5c:59:a6:dc:43:58:
                    73:a9:ba:39:1d:60:5f:f7:7f:1e:82:ab:c9:bf:e4:
                    58:7d:09:6b:53:54:5a:6a:17:e9:7e:e9:cb:2f:6d:
                    0b:b3:1f:44:87:f2:63:65:4b:06:eb:39:6e:4e:1d:
                    9b:e2:3a:02:5b:db:cf:36:cc:95:ee:3c:e0:4c:b7:
                    36:e1:73:ec:53:29:24:21:51:16:5c:97:08:35:7f:
                    15:92:40:e7:a7:3d:17:cd:72:78:66:c2:9a:7b:a3:
                    04:28:cc:37:bc:d8:98:20:11:26:f3:c7:3c:77:17:
                    6d:62:bb:01:ad:0f:df:27:e0:43:9f:25:1f:8a:10:
                    16:54:24:6e:d5:a1:83:ec:85:9b:df:2e:91:05:c0:
                    15:f3:4d:cb:21:33:64:6e:db:dc:9d:88:1d:6a:fa:
                    93:bb:f2:87:53:20:f3:1f:35:bf:13:01:de:b1:3f:
                    cd:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:C9:62:FA:F2:C3:B4:45:95:5E:A0:67:6C:F6:F6:02:62:0C:02:BC
            X509v3 Authority Key Identifier:
                keyid:33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/cMli-vLDtEWVXqBnbPb2AmIMArw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.60.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         62:16:f1:cb:7c:95:3e:b3:d7:5e:02:7e:0c:b0:96:d3:93:6e:
         cb:bd:95:45:05:c0:52:57:e3:61:44:f8:48:e2:79:7e:cd:fe:
         62:fa:3e:4f:5c:04:7f:71:80:83:d4:9b:e0:c5:7a:8e:4e:7a:
         be:86:e6:60:d6:09:6a:59:fe:05:02:03:b1:32:24:58:01:71:
         4c:10:e8:84:c4:53:38:dc:23:59:85:af:46:85:8b:aa:63:58:
         d1:e5:87:2f:98:43:77:ff:6f:82:49:53:ea:59:92:e9:4d:ae:
         e9:cb:dc:53:c3:2c:b3:3e:89:28:87:09:fa:d9:22:47:17:06:
         58:9f:d9:bd:9d:63:be:cd:02:9a:c9:eb:f5:f4:39:c8:63:3c:
         f4:09:95:4a:76:c1:1f:2c:fd:b9:40:39:76:7a:b3:55:cf:aa:
         94:c5:51:16:aa:c6:44:82:ee:5b:a2:ca:1c:1d:f4:c0:55:c5:
         fd:f4:d8:90:45:4c:74:be:45:9c:59:60:bd:e9:6f:8c:59:20:
         f6:64:95:e9:f7:0c:04:7c:a6:a1:b9:2a:c1:ec:1d:c6:a9:d3:
         45:bf:1f:c2:29:cb:79:aa:ac:11:1f:1d:9f:cd:21:ce:8a:58:
         2f:07:8d:9c:aa:38:9d:cf:7c:a1:c5:cf:f5:bd:b2:97:f9:ff:
         bf:80:cf:ea
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZyamt9LMPh/Io+NKufMUho0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGU2NDBmOWQ2M2JhOTQzYTk3YjNkYzEwZDRjNjg0NGE1
ZDNkYzEwHhcNMjYwMjI2MTUzOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGM5NjJmYWYyYzNiNDQ1OTU1ZWEwNjc2Y2Y2ZjYwMjYyMGMwMmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/VqXIEPHx5Wl5xAVbjk7AhMrhux
1rQGcyESzm5Hhrnl/82RZOV4gCE5mp+xS6bz01sScTKZW6MXtHkn3QeWRQzzGNTH
psCB045f4k+ua0RMBqJcWabcQ1hzqbo5HWBf938egqvJv+RYfQlrU1RaahfpfunL
L20Lsx9Eh/JjZUsG6zluTh2b4joCW9vPNsyV7jzgTLc24XPsUykkIVEWXJcINX8V
kkDnpz0XzXJ4ZsKae6MEKMw3vNiYIBEm88c8dxdtYrsBrQ/fJ+BDnyUfihAWVCRu
1aGD7IWb3y6RBcAV803LITNkbtvcnYgdavqTu/KHUyDzHzW/EwHesT/NDQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHDJYvryw7RFlV6gZ2z29gJiDAK8MB8GA1UdIwQY
MBaAFDMOZA+dY7qUOpez3BDUxoRKXT3BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYt
NWExNzcxOWQ0NDllLzEvY01saS12TER0RVdWWHFCbmJQYjJBbUlNQXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYtNWExNzcxOWQ0NDll
LzEvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBZTwwDQYJ
KoZIhvcNAQELBQADggEBAGIW8ct8lT6z114CfgywltOTbsu9lUUFwFJX42FE+Eji
eX7N/mL6Pk9cBH9xgIPUm+DFeo5Oer6G5mDWCWpZ/gUCA7EyJFgBcUwQ6ITEUzjc
I1mFr0aFi6pjWNHlhy+YQ3f/b4JJU+pZkulNrunL3FPDLLM+iSiHCfrZIkcXBlif
2b2dY77NAprJ6/X0OchjPPQJlUp2wR8s/blAOXZ6s1XPqpTFURaqxkSC7luiyhwd
9MBVxf302JBFTHS+RZxZYL3pb4xZIPZklen3DAR8pqG5KsHsHcap00W/H8Ipy3mq
rBEfHZ/NIc6KWC8HjZyqOJ3PfKHFz/W9spf5/7+Az+o=
-----END CERTIFICATE-----