Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/MydiaKGPyhqQGpu_6Ww1zeyR0Ts.roa
File:                     MydiaKGPyhqQGpu_6Ww1zeyR0Ts.roa (raw, json)
Hash identifier:          jwfgqX9BVx8vpHACig+2Pu5XbpnXcVkyxwcxPzeEiVE=
Subject key identifier:   33:27:62:68:A1:8F:CA:1A:90:1A:9B:BF:E9:6C:35:CD:EC:91:D1:3B
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019D812BBBC74FE19270C51481974CD691E2
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/MydiaKGPyhqQGpu_6Ww1zeyR0Ts.roa
Signing time:             Sun 12 Apr 2026 10:10:20 +0000
ROA not before:           Sun 12 Apr 2026 10:10:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214026
IP address blocks:        216.23.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:81:2b:bb:c7:4f:e1:92:70:c5:14:81:97:4c:d6:91:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 12 10:10:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=33276268a18fca1a901a9bbfe96c35cdec91d13b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1d:07:78:92:24:f7:0e:1b:cf:c8:3d:a8:8b:
                    20:fd:42:c2:96:18:87:90:0e:a9:53:65:8d:1c:c7:
                    81:22:34:a2:63:e6:0e:d6:f1:f0:f0:aa:b4:4d:f1:
                    8a:e9:f5:21:02:52:4b:a7:77:27:3e:de:cc:97:20:
                    00:70:8b:3a:41:12:00:e8:b5:3b:17:2d:be:89:e5:
                    47:da:82:cf:c0:f8:7e:1a:06:a3:e4:81:c6:e1:2e:
                    08:28:e1:98:91:84:7e:98:ac:57:90:c6:8c:0d:4d:
                    e1:e6:5f:bc:79:ad:f9:9a:3d:9e:01:06:36:95:ab:
                    bb:55:2d:4a:85:f7:1d:21:a4:31:51:e8:18:9e:04:
                    d1:26:18:e7:b3:d0:a5:f7:27:19:64:b9:1e:bd:dc:
                    da:c2:94:a3:bc:cc:0a:3a:0d:98:bf:a9:5d:3e:b6:
                    a1:99:ab:bc:a5:e0:56:9a:61:06:d6:84:a5:1f:47:
                    cb:e9:fb:e7:60:eb:26:c7:f6:15:72:0c:8a:f9:6f:
                    15:df:87:e6:2d:9b:0f:13:86:63:cc:66:82:c7:58:
                    1b:2a:e9:4d:e2:b9:23:87:16:1b:bc:cc:50:26:90:
                    fb:0d:a5:9c:ea:49:f7:fb:b2:1f:73:92:36:41:0f:
                    69:45:a0:dd:af:62:e3:cb:59:27:53:96:9f:2a:59:
                    f4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:27:62:68:A1:8F:CA:1A:90:1A:9B:BF:E9:6C:35:CD:EC:91:D1:3B
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/MydiaKGPyhqQGpu_6Ww1zeyR0Ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:62:53:0d:58:07:a0:c4:17:62:39:86:7e:7e:83:86:af:53:
         31:50:07:ad:4c:eb:f1:70:45:bd:6f:d7:da:94:94:ea:28:e0:
         f8:9c:42:84:20:ec:4d:86:ac:07:2e:0c:b4:98:5d:00:51:ec:
         c7:ce:d6:61:c1:16:7a:09:2c:68:f1:64:e0:65:b2:d2:31:ca:
         33:3f:48:b3:e0:26:93:50:18:68:ff:f3:c5:5a:f8:87:a3:eb:
         b4:32:64:76:3c:10:fc:a8:b8:df:2e:de:fd:47:c1:04:4b:79:
         6e:2f:3a:93:e5:14:53:e7:82:aa:e2:be:97:e4:01:57:7b:0d:
         be:ca:ea:5f:b1:1e:1a:f8:ad:b7:b9:d9:ec:c2:9e:08:80:30:
         3c:3c:d8:b7:80:19:14:cc:67:33:1b:8c:93:ba:d1:03:12:a3:
         65:73:c5:d5:d1:e2:73:f6:8a:4a:4f:32:66:ec:47:4e:dc:8b:
         d6:d6:b3:06:02:a8:e9:4a:ac:22:52:1a:0e:36:e4:79:53:04:
         41:df:c7:58:de:dd:c6:98:81:75:53:6e:88:8a:c5:95:82:d1:
         78:b5:8c:0a:05:c7:70:51:3c:c1:0d:15:a1:ea:85:24:95:5a:
         f7:d9:47:51:64:61:55:d9:ab:ea:82:91:de:bb:dd:01:e9:35:
         d0:92:fc:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2BK7vHT+GScMUUgZdM1pHiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDEyMTAxMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzI3NjI2OGExOGZjYTFhOTAxYTliYmZlOTZjMzVjZGVjOTFkMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsx0HeJIk9w4bz8g9qIsg/ULClhiH
kA6pU2WNHMeBIjSiY+YO1vHw8Kq0TfGK6fUhAlJLp3cnPt7MlyAAcIs6QRIA6LU7
Fy2+ieVH2oLPwPh+Ggaj5IHG4S4IKOGYkYR+mKxXkMaMDU3h5l+8ea35mj2eAQY2
lau7VS1KhfcdIaQxUegYngTRJhjns9Cl9ycZZLkevdzawpSjvMwKOg2Yv6ldPrah
mau8peBWmmEG1oSlH0fL6fvnYOsmx/YVcgyK+W8V34fmLZsPE4ZjzGaCx1gbKulN
4rkjhxYbvMxQJpD7DaWc6kn3+7Ifc5I2QQ9pRaDdr2Ljy1knU5afKln0WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMnYmihj8oakBqbv+lsNc3skdE7MB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvTXlkaWFLR1B5aHFRR3B1XzZXdzF6ZXlSMFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2BdsMA0G
CSqGSIb3DQEBCwUAA4IBAQAOYlMNWAegxBdiOYZ+foOGr1MxUAetTOvxcEW9b9fa
lJTqKOD4nEKEIOxNhqwHLgy0mF0AUezHztZhwRZ6CSxo8WTgZbLSMcozP0iz4CaT
UBho//PFWviHo+u0MmR2PBD8qLjfLt79R8EES3luLzqT5RRT54Kq4r6X5AFXew2+
yupfsR4a+K23udnswp4IgDA8PNi3gBkUzGczG4yTutEDEqNlc8XV0eJz9opKTzJm
7EdO3IvW1rMGAqjpSqwiUhoONuR5UwRB38dY3t3GmIF1U26IisWVgtF4tYwKBcdw
UTzBDRWh6oUklVr32UdRZGFV2avqgpHeu90B6TXQkvwJ
-----END CERTIFICATE-----