Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/56rLaOuag9KwZkcYaOX_GJMDkPk.roa
File:                     56rLaOuag9KwZkcYaOX_GJMDkPk.roa (raw, json)
Hash identifier:          sYmw76c+cEmSCZkQgN00c26RCOGuzQ7Akuth74V/XDM=
Subject key identifier:   E7:AA:CB:68:EB:9A:83:D2:B0:66:47:18:68:E5:FF:18:93:03:90:F9
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C9DC8C751DAD445A92CB94C11935157FD
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/56rLaOuag9KwZkcYaOX_GJMDkPk.roa
Signing time:             Fri 27 Feb 2026 06:28:26 +0000
ROA not before:           Fri 27 Feb 2026 06:28:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216245
IP address blocks:        216.23.64.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9d:c8:c7:51:da:d4:45:a9:2c:b9:4c:11:93:51:57:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 27 06:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e7aacb68eb9a83d2b066471868e5ff18930390f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e7:36:c3:77:e9:eb:6d:48:4e:ab:49:69:9b:
                    df:e9:d1:10:30:f8:a6:fe:30:3c:e5:f0:99:d0:56:
                    d5:95:be:ce:cb:be:38:69:1b:cf:eb:59:86:7d:3f:
                    81:11:9e:a9:89:ee:b3:f5:67:0a:de:a7:c1:c7:ae:
                    a0:b7:ff:e4:95:05:00:fa:70:49:6a:87:96:92:6a:
                    b4:d5:b0:0c:9b:8c:3d:a4:2e:9c:6b:ed:e1:a0:68:
                    ef:85:0e:08:f1:cd:bd:0f:58:c9:ea:fc:95:42:80:
                    1f:c2:56:fd:3f:16:a1:43:98:65:82:3c:34:a1:92:
                    fa:6b:68:14:75:94:12:1c:4c:25:99:9d:65:24:b3:
                    b2:ae:30:8b:d6:89:fe:cb:16:0b:7f:66:42:d5:0c:
                    5d:a3:14:e5:d8:be:0a:19:5b:1a:48:bf:96:58:4b:
                    1d:1b:0e:a5:70:08:10:08:89:76:d1:2d:d9:d7:10:
                    86:7b:ac:8c:06:7e:7a:a9:9f:8a:26:23:d5:a8:f5:
                    fa:d3:10:a2:bc:86:2a:11:05:26:bb:65:20:f8:a7:
                    58:cf:71:e7:cb:4b:0d:7a:8d:62:26:e5:51:42:b3:
                    6e:11:c4:6c:ff:18:f6:4c:90:d4:b0:b7:7f:67:5d:
                    f1:cb:24:4e:a2:06:99:a2:15:de:20:4e:76:3c:0a:
                    7a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:AA:CB:68:EB:9A:83:D2:B0:66:47:18:68:E5:FF:18:93:03:90:F9
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/56rLaOuag9KwZkcYaOX_GJMDkPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         37:f4:91:2b:b3:c5:33:a1:2f:c8:35:e4:cb:d4:a4:1b:cf:12:
         96:44:46:e3:27:59:1d:8a:9b:12:aa:ce:6a:d5:bc:4c:96:a2:
         94:6f:48:b9:e9:d0:3a:95:16:ee:bf:dc:94:af:e3:fa:12:9c:
         c2:c9:2a:97:4a:6f:50:18:85:c9:6e:69:da:ed:d4:9d:06:7f:
         73:26:c0:b3:e6:86:49:7c:06:86:70:90:4b:f3:8b:01:22:70:
         94:b0:d8:09:75:d5:e4:c5:12:38:be:73:cf:41:6b:d4:4e:ab:
         3d:d9:92:fb:6d:da:16:8c:f7:0a:13:95:f7:7e:eb:52:20:66:
         e8:64:ba:6e:d8:37:0c:86:da:44:a0:e7:35:93:8c:15:2c:55:
         da:12:3e:c2:f8:f0:ca:68:4f:66:e6:27:1d:ac:3b:9e:76:3e:
         49:8e:07:7e:52:14:b5:6d:9c:db:ad:f9:11:f7:a5:55:47:2c:
         05:38:5c:25:18:97:e9:4f:b3:0d:52:c2:6a:bd:e8:57:fb:7d:
         99:d0:59:24:74:3f:94:ba:66:4f:e8:11:d9:39:7d:b7:a0:7f:
         2d:71:4a:f8:86:eb:9d:ed:42:d4:fa:e6:5a:ec:af:39:72:85:
         2c:01:4f:44:b7:c3:a2:b5:89:8d:e9:12:96:60:7b:44:b2:65:
         70:66:eb:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZydyMdR2tRFqSy5TBGTUVf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjI3MDYyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2FhY2I2OGViOWE4M2QyYjA2NjQ3MTg2OGU1ZmYxODkzMDM5MGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkec2w3fp621ITqtJaZvf6dEQMPim
/jA85fCZ0FbVlb7Oy744aRvP61mGfT+BEZ6pie6z9WcK3qfBx66gt//klQUA+nBJ
aoeWkmq01bAMm4w9pC6ca+3hoGjvhQ4I8c29D1jJ6vyVQoAfwlb9PxahQ5hlgjw0
oZL6a2gUdZQSHEwlmZ1lJLOyrjCL1on+yxYLf2ZC1QxdoxTl2L4KGVsaSL+WWEsd
Gw6lcAgQCIl20S3Z1xCGe6yMBn56qZ+KJiPVqPX60xCivIYqEQUmu2Ug+KdYz3Hn
y0sNeo1iJuVRQrNuEcRs/xj2TJDUsLd/Z13xyyROogaZohXeIE52PAp6AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOeqy2jrmoPSsGZHGGjl/xiTA5D5MB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvNTZyTGFPdWFnOUt3WmtjWWFPWF9HSk1Ea1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2BdAMA0G
CSqGSIb3DQEBCwUAA4IBAQA39JErs8UzoS/INeTL1KQbzxKWREbjJ1kdipsSqs5q
1bxMlqKUb0i56dA6lRbuv9yUr+P6EpzCySqXSm9QGIXJbmna7dSdBn9zJsCz5oZJ
fAaGcJBL84sBInCUsNgJddXkxRI4vnPPQWvUTqs92ZL7bdoWjPcKE5X3futSIGbo
ZLpu2DcMhtpEoOc1k4wVLFXaEj7C+PDKaE9m5icdrDuedj5Jjgd+UhS1bZzbrfkR
96VVRywFOFwlGJfpT7MNUsJqvehX+32Z0FkkdD+UumZP6BHZOX23oH8tcUr4huud
7ULU+uZa7K85coUsAU9Et8OitYmN6RKWYHtEsmVwZutE
-----END CERTIFICATE-----