Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/AXN9IfFxwxJxmSciUO562i03GBQ.roa
File:                     AXN9IfFxwxJxmSciUO562i03GBQ.roa (raw, json)
Hash identifier:          aE9WRbqK5RvY1U9hnYBJDivpu+TeAOIFVcCzqHQcPew=
Subject key identifier:   01:73:7D:21:F1:71:C3:12:71:99:27:22:50:EE:7A:DA:2D:37:18:14
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019D6BDDF2991A3C34877C4443E751A4A771
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/AXN9IfFxwxJxmSciUO562i03GBQ.roa
Signing time:             Wed 08 Apr 2026 06:53:20 +0000
ROA not before:           Wed 08 Apr 2026 06:53:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        216.236.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6b:dd:f2:99:1a:3c:34:87:7c:44:43:e7:51:a4:a7:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr  8 06:53:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01737d21f171c3127199272250ee7ada2d371814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:58:d6:8a:e4:68:43:a7:ba:80:7f:ca:4b:50:
                    82:14:6f:b7:80:45:94:2d:4e:da:27:33:62:52:1e:
                    47:aa:a2:8e:bd:b2:1c:c7:84:44:48:40:04:0b:24:
                    83:3b:60:1a:29:bd:d3:1a:44:02:fb:64:06:57:78:
                    f8:4e:1f:3b:c2:19:cc:cc:c8:7f:05:94:e3:fd:60:
                    09:f2:c6:5c:bf:09:68:75:3c:0b:f4:18:0b:45:2a:
                    11:22:d3:6e:a3:85:5b:89:cf:95:e4:52:b4:a8:8f:
                    db:11:81:f1:33:97:41:4d:df:29:b2:89:0e:f2:1f:
                    46:72:de:bf:10:cf:d4:78:78:59:5e:9b:0e:c6:7e:
                    8b:98:a1:37:b4:d7:c5:b9:27:e6:b1:ca:a7:73:80:
                    eb:09:16:23:c3:9a:ef:f3:b1:ef:d1:d7:50:35:3c:
                    d0:06:69:1a:0a:c6:cd:61:f2:be:25:a8:51:77:63:
                    84:42:f7:27:77:51:14:21:71:b8:69:c0:d4:bb:3f:
                    0c:55:1f:3b:ad:0c:0e:69:28:ad:ef:7c:a5:f0:38:
                    f2:23:2c:1b:51:04:03:e0:57:17:55:70:27:14:1d:
                    3f:ae:fb:10:93:99:5a:e5:37:ef:18:31:f4:76:ab:
                    a9:6e:60:bf:fb:a8:04:e0:ac:4d:ef:81:16:d0:84:
                    59:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:73:7D:21:F1:71:C3:12:71:99:27:22:50:EE:7A:DA:2D:37:18:14
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/AXN9IfFxwxJxmSciUO562i03GBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:37:20:52:c9:c6:5e:ed:80:f0:81:b4:e5:9a:b6:05:b9:a2:
         14:82:f4:7f:d6:04:e7:b8:a5:0f:22:9b:51:62:33:2a:d5:22:
         8b:04:ec:47:73:4f:00:a2:44:5e:a1:96:0a:e4:06:4b:78:6d:
         93:c2:8a:49:f7:5b:64:62:88:1c:db:91:8a:a8:63:46:a4:70:
         18:ad:59:6a:49:9c:d7:32:9a:ec:75:c3:b9:a3:10:c9:e4:5c:
         f7:4c:b4:94:52:7a:17:28:1e:64:03:51:52:af:49:b3:5f:21:
         9e:52:a2:cb:4a:20:1e:b5:55:a7:e0:a6:34:5f:cb:60:72:10:
         60:be:95:0a:aa:94:b6:89:b2:f1:aa:95:f5:e9:3c:ab:26:64:
         98:bc:e0:91:a9:22:8d:32:d0:b3:3f:ed:f6:6e:54:77:15:c0:
         2e:2f:79:70:da:b5:d8:43:ab:02:72:af:68:f2:48:4a:cb:af:
         bb:9f:d2:b9:c0:28:c8:00:a7:2f:9f:01:f7:23:cf:6f:c1:ee:
         74:d4:4b:6e:76:fd:71:d9:0a:8e:c7:4a:f3:7b:cb:77:cf:85:
         af:90:15:89:45:d4:7f:08:6c:a5:b2:ff:5a:c5:a3:e4:80:99:
         b0:c0:91:29:5f:0b:d0:66:65:e8:3b:02:89:88:e7:98:e0:d2:
         60:36:89:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1r3fKZGjw0h3xEQ+dRpKdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDA4MDY1MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTczN2QyMWYxNzFjMzEyNzE5OTI3MjI1MGVlN2FkYTJkMzcxODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FjWiuRoQ6e6gH/KS1CCFG+3gEWU
LU7aJzNiUh5HqqKOvbIcx4RESEAECySDO2AaKb3TGkQC+2QGV3j4Th87whnMzMh/
BZTj/WAJ8sZcvwlodTwL9BgLRSoRItNuo4Vbic+V5FK0qI/bEYHxM5dBTd8psokO
8h9Gct6/EM/UeHhZXpsOxn6LmKE3tNfFuSfmscqnc4DrCRYjw5rv87Hv0ddQNTzQ
BmkaCsbNYfK+JahRd2OEQvcnd1EUIXG4acDUuz8MVR87rQwOaSit73yl8DjyIywb
UQQD4FcXVXAnFB0/rvsQk5la5TfvGDH0dqupbmC/+6gE4KxN74EW0IRZkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFzfSHxccMScZknIlDuetotNxgUMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvQVhOOUlmRnh3eEp4bVNjaVVPNTYyaTAzR0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2OwwMA0G
CSqGSIb3DQEBCwUAA4IBAQA0NyBSycZe7YDwgbTlmrYFuaIUgvR/1gTnuKUPIptR
YjMq1SKLBOxHc08AokReoZYK5AZLeG2TwopJ91tkYogc25GKqGNGpHAYrVlqSZzX
MprsdcO5oxDJ5Fz3TLSUUnoXKB5kA1FSr0mzXyGeUqLLSiAetVWn4KY0X8tgchBg
vpUKqpS2ibLxqpX16TyrJmSYvOCRqSKNMtCzP+32blR3FcAuL3lw2rXYQ6sCcq9o
8khKy6+7n9K5wCjIAKcvnwH3I89vwe501Etudv1x2QqOx0rze8t3z4WvkBWJRdR/
CGylsv9axaPkgJmwwJEpXwvQZmXoOwKJiOeY4NJgNomm
-----END CERTIFICATE-----