Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1171f8-edeb-40e8-9588-874302109b00/1/Dg75WaAECc2_16xSrrua_Jl9vNA.roa
File:                     Dg75WaAECc2_16xSrrua_Jl9vNA.roa (raw, json)
Hash identifier:          Sqm9spSXxwwPSmf7/I85TDjTAS8g51LglO7cWoTaYU0=
Subject key identifier:   0E:0E:F9:59:A0:04:09:CD:BF:D7:AC:52:AE:BB:9A:FC:99:7D:BC:D0
Certificate issuer:       /CN=13529d09c62919e2afa4536af106e3f4a4f3dd0c
Certificate serial:       019D965EFC2C621FE3C9AAAA3938ECD9526F
Authority key identifier: 13:52:9D:09:C6:29:19:E2:AF:A4:53:6A:F1:06:E3:F4:A4:F3:DD:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E1KdCcYpGeKvpFNq8Qbj9KTz3Qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1171f8-edeb-40e8-9588-874302109b00/1/Dg75WaAECc2_16xSrrua_Jl9vNA.roa
Signing time:             Thu 16 Apr 2026 12:58:20 +0000
ROA not before:           Thu 16 Apr 2026 12:58:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12849
IP address blocks:        192.115.248.0/24 maxlen: 24
                          192.115.249.0/24 maxlen: 24
                          192.115.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/1171f8-edeb-40e8-9588-874302109b00/1/E1KdCcYpGeKvpFNq8Qbj9KTz3Qw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/1171f8-edeb-40e8-9588-874302109b00/1/E1KdCcYpGeKvpFNq8Qbj9KTz3Qw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E1KdCcYpGeKvpFNq8Qbj9KTz3Qw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:5e:fc:2c:62:1f:e3:c9:aa:aa:39:38:ec:d9:52:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13529d09c62919e2afa4536af106e3f4a4f3dd0c
        Validity
            Not Before: Apr 16 12:58:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e0ef959a00409cdbfd7ac52aebb9afc997dbcd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4d:59:4d:8d:d3:87:50:4c:f4:4f:fb:a2:0a:
                    0e:59:75:ab:0a:34:57:0a:7f:bc:c4:da:de:5d:91:
                    45:ac:14:a3:3d:43:ab:57:9a:34:a8:82:ac:55:b8:
                    16:60:b4:11:0b:04:47:b5:47:1c:30:bc:d0:5a:f3:
                    7b:a4:9d:b8:57:8e:72:90:ab:7a:83:0f:49:dd:ad:
                    d2:19:67:7c:05:fb:f0:71:b4:6a:65:37:c0:6c:37:
                    f5:07:50:5f:bc:8c:c8:99:8b:ef:33:de:33:d8:a3:
                    58:22:14:f4:0d:50:55:ac:06:3f:76:b8:c1:c6:33:
                    94:00:68:43:ba:1a:95:90:66:bd:48:21:38:2a:88:
                    57:49:87:f1:49:4e:e4:d1:9e:23:60:09:73:d3:ab:
                    de:a1:55:e2:6c:ea:a0:78:85:ae:7a:b9:91:39:40:
                    10:a3:ef:67:90:0b:a4:b3:fd:62:61:ae:08:72:b5:
                    ca:3f:ab:81:7c:80:6f:bb:8d:7d:07:8a:99:8b:44:
                    60:1a:d4:5e:fe:d2:f0:22:62:09:c1:5b:31:25:aa:
                    6f:c6:75:a0:69:c5:a7:52:34:52:fd:a3:88:cb:bc:
                    cd:ad:c9:41:49:d4:dd:46:d5:94:39:72:7f:12:1e:
                    b9:28:3f:be:89:98:4a:62:ed:45:0a:88:26:3a:e3:
                    6c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:0E:F9:59:A0:04:09:CD:BF:D7:AC:52:AE:BB:9A:FC:99:7D:BC:D0
            X509v3 Authority Key Identifier:
                keyid:13:52:9D:09:C6:29:19:E2:AF:A4:53:6A:F1:06:E3:F4:A4:F3:DD:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E1KdCcYpGeKvpFNq8Qbj9KTz3Qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1171f8-edeb-40e8-9588-874302109b00/1/Dg75WaAECc2_16xSrrua_Jl9vNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1171f8-edeb-40e8-9588-874302109b00/1/E1KdCcYpGeKvpFNq8Qbj9KTz3Qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.115.248.0-192.115.250.255

    Signature Algorithm: sha256WithRSAEncryption
         34:33:a7:4c:29:6d:92:2f:d2:45:d9:76:62:47:90:11:b0:a9:
         4b:08:e8:ce:bf:b5:00:49:26:d6:2d:d3:09:aa:5e:d1:3a:cb:
         6e:61:de:9e:2a:78:cd:93:9f:5f:fa:2e:1a:e9:6d:3d:cd:25:
         cc:c3:67:11:87:b8:e4:e0:b5:2d:95:b4:c8:d0:00:36:3e:83:
         ac:16:06:3b:99:c2:6a:90:f6:15:56:62:f2:36:41:ab:d9:0e:
         b8:3a:24:17:cc:27:fb:41:32:3d:d2:2c:99:b0:a5:2b:9c:e5:
         4d:5a:51:63:a4:9c:2f:75:80:4a:17:d9:dc:05:4f:38:b8:3e:
         29:69:d5:97:7d:d8:65:dd:08:3b:19:af:fe:e2:88:6b:d5:c6:
         9b:55:21:f0:cb:88:26:c7:99:ec:e0:89:91:ea:14:96:a5:6f:
         05:73:73:5e:c1:0d:e6:80:bd:f4:58:ba:14:9d:71:9c:5b:18:
         50:de:02:d8:94:20:56:44:e9:a6:ba:df:9f:12:28:3f:ca:95:
         db:1c:5b:73:c2:33:fb:38:66:39:0c:45:5a:cd:3d:80:11:97:
         92:23:43:e4:60:ba:09:bb:f9:1c:9d:75:bc:1e:5e:e6:9c:a5:
         85:7e:35:3e:ca:16:a2:a6:b1:00:12:ea:fb:2b:97:02:47:f6:
         f3:c3:02:c5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ2WXvwsYh/jyaqqOTjs2VJvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNTI5ZDA5YzYyOTE5ZTJhZmE0NTM2YWYxMDZlM2Y0YTRm
M2RkMGMwHhcNMjYwNDE2MTI1ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTBlZjk1OWEwMDQwOWNkYmZkN2FjNTJhZWJiOWFmYzk5N2RiY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnk1ZTY3Th1BM9E/7ogoOWXWrCjRX
Cn+8xNreXZFFrBSjPUOrV5o0qIKsVbgWYLQRCwRHtUccMLzQWvN7pJ24V45ykKt6
gw9J3a3SGWd8BfvwcbRqZTfAbDf1B1BfvIzImYvvM94z2KNYIhT0DVBVrAY/drjB
xjOUAGhDuhqVkGa9SCE4KohXSYfxSU7k0Z4jYAlz06veoVXibOqgeIWuermROUAQ
o+9nkAuks/1iYa4IcrXKP6uBfIBvu419B4qZi0RgGtRe/tLwImIJwVsxJapvxnWg
acWnUjRS/aOIy7zNrclBSdTdRtWUOXJ/Eh65KD++iZhKYu1FCogmOuNsQQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFA4O+VmgBAnNv9esUq67mvyZfbzQMB8GA1UdIwQY
MBaAFBNSnQnGKRnir6RTavEG4/Sk890MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTFLZENjWXBHZUt2cEZOcThRYmo5S1R6M1F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xMTcxZjgtZWRlYi00MGU4LTk1ODgt
ODc0MzAyMTA5YjAwLzEvRGc3NVdhQUVDYzJfMTZ4U3JydWFfSmw5dk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xMTcxZjgtZWRlYi00MGU4LTk1ODgtODc0MzAyMTA5YjAw
LzEvRTFLZENjWXBHZUt2cEZOcThRYmo5S1R6M1F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPAc/gD
BADAc/owDQYJKoZIhvcNAQELBQADggEBADQzp0wpbZIv0kXZdmJHkBGwqUsI6M6/
tQBJJtYt0wmqXtE6y25h3p4qeM2Tn1/6LhrpbT3NJczDZxGHuOTgtS2VtMjQADY+
g6wWBjuZwmqQ9hVWYvI2QavZDrg6JBfMJ/tBMj3SLJmwpSuc5U1aUWOknC91gEoX
2dwFTzi4Pilp1Zd92GXdCDsZr/7iiGvVxptVIfDLiCbHmezgiZHqFJalbwVzc17B
DeaAvfRYuhSdcZxbGFDeAtiUIFZE6aa6358SKD/KldscW3PCM/s4ZjkMRVrNPYAR
l5IjQ+Rgugm7+RyddbweXuacpYV+NT7KFqKmsQAS6vsrlwJH9vPDAsU=
-----END CERTIFICATE-----