Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/rHFkeLh05qkzhm3XqYX2jCr6Jwc.roa
File:                     rHFkeLh05qkzhm3XqYX2jCr6Jwc.roa (raw, json)
Hash identifier:          rLIRPVEJIS1dHp/fkMSEkxmJ0YQCqnoXU1iytE3RgNo=
Subject key identifier:   AC:71:64:78:B8:74:E6:A9:33:86:6D:D7:A9:85:F6:8C:2A:FA:27:07
Certificate issuer:       /CN=0a41a5a2a18339629cc1303e6dec8bb605ddca65
Certificate serial:       019B797F0CC82AB1651604ABFC0B5A4C7D53
Authority key identifier: 0A:41:A5:A2:A1:83:39:62:9C:C1:30:3E:6D:EC:8B:B6:05:DD:CA:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkGloqGDOWKcwTA-beyLtgXdymU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/rHFkeLh05qkzhm3XqYX2jCr6Jwc.roa
Signing time:             Thu 01 Jan 2026 12:18:47 +0000
ROA not before:           Thu 01 Jan 2026 12:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62200
IP address blocks:        82.202.164.0/24 maxlen: 24
                          2a09:f907::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/CkGloqGDOWKcwTA-beyLtgXdymU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/CkGloqGDOWKcwTA-beyLtgXdymU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkGloqGDOWKcwTA-beyLtgXdymU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:0c:c8:2a:b1:65:16:04:ab:fc:0b:5a:4c:7d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a41a5a2a18339629cc1303e6dec8bb605ddca65
        Validity
            Not Before: Jan  1 12:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac716478b874e6a933866dd7a985f68c2afa2707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:66:98:6d:bb:da:f0:7b:14:4a:22:4d:5a:e1:
                    6a:da:c6:1e:8d:02:cc:67:07:67:99:05:4b:1d:37:
                    91:13:cc:d3:b1:6c:81:0c:78:9d:6a:48:e8:f8:15:
                    6c:ac:dc:23:38:32:dc:ca:d6:ac:f7:00:e7:53:09:
                    2c:ae:0d:65:72:35:05:34:b4:4d:0e:ae:58:9b:a4:
                    1f:7c:dc:e3:ee:0b:35:bd:06:e4:d5:1e:1a:1d:2e:
                    b9:1b:84:3b:28:92:ad:f4:2f:2d:a2:ca:9e:48:34:
                    69:ad:e4:7d:e2:27:54:94:f8:40:5d:50:df:68:61:
                    71:16:4d:4c:14:36:08:e1:ee:74:d3:66:5e:64:51:
                    2a:6f:c3:79:1f:15:9e:19:77:d7:ac:3c:82:04:b3:
                    62:23:78:01:9f:9a:ee:ba:ba:15:55:61:41:7a:6e:
                    ac:8d:0c:86:49:e0:77:1d:62:1c:6f:91:2a:17:d0:
                    60:aa:3c:59:d2:38:16:0c:ea:4d:3e:d9:b6:e7:7f:
                    e1:58:b6:89:98:12:f8:a4:07:d6:6b:0a:b3:aa:8a:
                    e4:07:f5:35:24:21:f7:0f:82:26:dc:dd:76:36:a5:
                    df:fc:43:9e:87:d7:6f:29:34:0b:1a:48:87:d8:ba:
                    4b:a8:bb:ac:6f:28:ca:f8:7a:cf:28:b6:3c:0f:65:
                    5b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:71:64:78:B8:74:E6:A9:33:86:6D:D7:A9:85:F6:8C:2A:FA:27:07
            X509v3 Authority Key Identifier:
                keyid:0A:41:A5:A2:A1:83:39:62:9C:C1:30:3E:6D:EC:8B:B6:05:DD:CA:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkGloqGDOWKcwTA-beyLtgXdymU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/rHFkeLh05qkzhm3XqYX2jCr6Jwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/CkGloqGDOWKcwTA-beyLtgXdymU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.202.164.0/24
                IPv6:
                  2a09:f907::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:97:5f:d1:79:3c:3c:8d:47:68:26:10:29:9c:f4:4e:65:d2:
         73:ea:9f:b3:69:9b:ec:63:8f:11:7d:98:d3:0b:0e:1e:7e:20:
         16:a2:28:42:95:18:67:c3:42:8f:71:73:24:c3:40:36:45:7e:
         9a:62:4e:93:17:ae:4d:b4:b0:f2:71:7b:1a:93:86:49:61:00:
         5f:af:75:53:50:2f:e6:9c:04:9c:0f:56:54:20:66:ae:2d:5f:
         c1:ee:eb:01:17:d9:ec:bf:02:f6:cb:d6:ef:1a:17:0f:6a:5f:
         4a:e6:2e:42:24:c5:72:eb:35:5b:2f:15:3c:e8:86:b2:5d:41:
         28:d9:47:1d:f4:75:16:02:76:11:b5:c2:91:b5:f1:70:3a:52:
         e1:73:c2:67:6d:bd:e9:d8:cd:1c:91:90:93:fb:5b:65:94:2d:
         59:5c:7c:f6:f9:72:57:64:cc:82:cd:2b:b0:96:94:73:32:e9:
         63:39:e4:7b:ea:53:ae:17:39:d0:a2:b3:21:b5:4f:f8:b2:23:
         df:a0:c1:9b:11:25:09:42:eb:5b:24:90:e2:bd:1a:8a:81:50:
         cc:e0:3a:ae:41:f8:09:96:37:5e:f0:75:e9:76:2b:76:22:f3:
         f6:47:8b:8f:5b:50:fd:55:0c:38:a9:7a:34:ff:34:56:ea:0e:
         0e:16:16:76
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5fwzIKrFlFgSr/AtaTH1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNDFhNWEyYTE4MzM5NjI5Y2MxMzAzZTZkZWM4YmI2MDVk
ZGNhNjUwHhcNMjYwMTAxMTIxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzcxNjQ3OGI4NzRlNmE5MzM4NjZkZDdhOTg1ZjY4YzJhZmEyNzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2aYbbva8HsUSiJNWuFq2sYejQLM
ZwdnmQVLHTeRE8zTsWyBDHidakjo+BVsrNwjODLcytas9wDnUwksrg1lcjUFNLRN
Dq5Ym6QffNzj7gs1vQbk1R4aHS65G4Q7KJKt9C8tosqeSDRpreR94idUlPhAXVDf
aGFxFk1MFDYI4e5002ZeZFEqb8N5HxWeGXfXrDyCBLNiI3gBn5ruuroVVWFBem6s
jQyGSeB3HWIcb5EqF9BgqjxZ0jgWDOpNPtm253/hWLaJmBL4pAfWawqzqorkB/U1
JCH3D4Im3N12NqXf/EOeh9dvKTQLGkiH2LpLqLusbyjK+HrPKLY8D2VbVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKxxZHi4dOapM4Zt16mF9owq+icHMB8GA1UdIwQY
MBaAFApBpaKhgzlinMEwPm3si7YF3cplMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2tHbG9xR0RPV0tjd1RBLWJleUx0Z1hkeW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kNDNjMmMtNzRlOS00N2Q0LWJmNjIt
ODBmN2ZkNmVhOWM5LzEvckhGa2VMaDA1cWt6aG0zWHFZWDJqQ3I2SndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kNDNjMmMtNzRlOS00N2Q0LWJmNjItODBmN2ZkNmVhOWM5
LzEvQ2tHbG9xR0RPV0tjd1RBLWJleUx0Z1hkeW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUsqkMA0E
AgACMAcDBQAqCfkHMA0GCSqGSIb3DQEBCwUAA4IBAQCEl1/ReTw8jUdoJhApnPRO
ZdJz6p+zaZvsY48RfZjTCw4efiAWoihClRhnw0KPcXMkw0A2RX6aYk6TF65NtLDy
cXsak4ZJYQBfr3VTUC/mnAScD1ZUIGauLV/B7usBF9nsvwL2y9bvGhcPal9K5i5C
JMVy6zVbLxU86IayXUEo2Ucd9HUWAnYRtcKRtfFwOlLhc8Jnbb3p2M0ckZCT+1tl
lC1ZXHz2+XJXZMyCzSuwlpRzMuljOeR76lOuFznQorMhtU/4siPfoMGbESUJQutb
JJDivRqKgVDM4DquQfgJljde8HXpdit2IvP2R4uPW1D9VQw4qXo0/zRW6g4OFhZ2
-----END CERTIFICATE-----