Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/PMbKQ_uUlrPevpZsNx0eXksTqOY.roa
File:                     PMbKQ_uUlrPevpZsNx0eXksTqOY.roa (raw, json)
Hash identifier:          SnQSjPH+aFHvy6nc0KoA3L9eJTHfO0AG19ulVcVHwqI=
Subject key identifier:   3C:C6:CA:43:FB:94:96:B3:DE:BE:96:6C:37:1D:1E:5E:4B:13:A8:E6
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C902192766CE7D084B27B1343A8C71F61
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/PMbKQ_uUlrPevpZsNx0eXksTqOY.roa
Signing time:             Tue 24 Feb 2026 14:50:45 +0000
ROA not before:           Tue 24 Feb 2026 14:50:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21859
IP address blocks:        216.195.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:21:92:76:6c:e7:d0:84:b2:7b:13:43:a8:c7:1f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 24 14:50:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3cc6ca43fb9496b3debe966c371d1e5e4b13a8e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:59:5a:c0:cf:81:74:bb:25:57:5d:93:39:65:
                    a7:ee:24:02:c7:29:e6:c7:8d:ba:23:37:49:f7:6f:
                    db:6f:78:a7:b3:0d:f3:dc:d3:d3:c1:a9:a7:fc:94:
                    ca:bb:4f:51:bf:ec:a3:16:b7:33:14:f2:0b:e8:0b:
                    49:85:a1:4a:dc:1c:96:dd:27:dc:00:12:c8:ae:e5:
                    ae:6d:9f:4b:62:ec:e7:9e:9f:a0:e1:be:ad:9a:8f:
                    0d:68:be:c7:e8:e9:e7:3b:a3:40:65:7f:9d:dc:0b:
                    d9:d9:61:65:1b:0e:6f:4e:dd:9b:65:0f:67:3f:19:
                    ae:a8:89:17:a0:49:3e:06:95:ff:8e:23:51:05:ef:
                    7b:fa:61:70:9e:f1:81:53:e5:d6:80:82:29:4a:e7:
                    bf:a3:4b:32:66:b0:b6:c8:59:a1:6a:8a:a4:bb:7b:
                    c0:25:72:e2:c8:9d:c5:64:a5:f5:d6:18:03:5c:cf:
                    cc:dc:69:a3:02:7a:64:6e:40:26:a1:e7:06:7b:ea:
                    86:e2:1a:68:30:ff:88:59:d2:51:10:18:ae:c9:96:
                    6c:e4:21:d0:fd:3b:47:63:5b:65:c9:28:43:fb:e2:
                    23:b3:72:70:0d:37:8c:b0:99:50:79:09:fd:48:c1:
                    e5:ac:ff:c8:4b:0c:bb:83:0f:a7:8f:2b:a5:dc:40:
                    51:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C6:CA:43:FB:94:96:B3:DE:BE:96:6C:37:1D:1E:5E:4B:13:A8:E6
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/PMbKQ_uUlrPevpZsNx0eXksTqOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.195.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:31:6a:d1:b7:68:2b:94:53:f0:41:49:46:9d:43:5c:df:29:
         aa:f6:ed:bf:07:65:59:4e:c2:91:a7:1c:9b:44:0f:88:50:72:
         d5:9d:00:60:1a:b5:9e:8d:ad:6f:14:ae:42:7f:42:01:2c:c1:
         5f:08:11:59:3e:67:eb:ce:04:40:8a:15:68:cb:95:69:f2:e4:
         90:e5:cf:b2:da:cc:3c:af:40:9f:f2:43:5b:8d:57:fb:fd:db:
         7b:60:57:84:8d:56:ff:11:31:87:94:41:6c:7e:7f:bd:ce:88:
         01:73:39:de:05:16:c3:0d:16:40:a6:a7:92:9d:96:09:8c:00:
         48:56:c1:ca:1a:8c:e9:fd:08:18:32:69:36:16:c3:a3:5f:95:
         38:8d:d5:3f:74:00:49:f9:53:99:ec:f2:74:79:a6:08:23:71:
         1b:96:43:26:25:92:fb:20:f6:96:7a:74:da:e0:12:97:67:91:
         94:a3:9a:d5:27:fd:50:3b:72:99:67:21:2a:d0:d2:b9:1d:a0:
         7b:e9:5b:bc:af:19:b0:23:b5:3c:e3:2d:d5:18:96:9f:73:c0:
         cb:0c:fe:76:e9:9f:0f:f8:f6:99:9e:f0:bb:60:05:0c:76:2b:
         dc:0f:62:a0:81:6f:f8:2d:5a:a1:42:76:cb:a9:15:db:c2:82:
         00:54:d7:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyQIZJ2bOfQhLJ7E0Ooxx9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjI0MTQ1MDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2M2Y2E0M2ZiOTQ5NmIzZGViZTk2NmMzNzFkMWU1ZTRiMTNhOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1lawM+BdLslV12TOWWn7iQCxynm
x426IzdJ92/bb3insw3z3NPTwamn/JTKu09Rv+yjFrczFPIL6AtJhaFK3ByW3Sfc
ABLIruWubZ9LYuznnp+g4b6tmo8NaL7H6OnnO6NAZX+d3AvZ2WFlGw5vTt2bZQ9n
PxmuqIkXoEk+BpX/jiNRBe97+mFwnvGBU+XWgIIpSue/o0syZrC2yFmhaoqku3vA
JXLiyJ3FZKX11hgDXM/M3GmjAnpkbkAmoecGe+qG4hpoMP+IWdJREBiuyZZs5CHQ
/TtHY1tlyShD++Ijs3JwDTeMsJlQeQn9SMHlrP/ISwy7gw+njyul3EBR6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzGykP7lJaz3r6WbDcdHl5LE6jmMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvUE1iS1FfdVVsclBldnBac054MGVYa3NUcU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2MPYMA0G
CSqGSIb3DQEBCwUAA4IBAQBxMWrRt2grlFPwQUlGnUNc3ymq9u2/B2VZTsKRpxyb
RA+IUHLVnQBgGrWeja1vFK5Cf0IBLMFfCBFZPmfrzgRAihVoy5Vp8uSQ5c+y2sw8
r0Cf8kNbjVf7/dt7YFeEjVb/ETGHlEFsfn+9zogBczneBRbDDRZApqeSnZYJjABI
VsHKGozp/QgYMmk2FsOjX5U4jdU/dABJ+VOZ7PJ0eaYII3EblkMmJZL7IPaWenTa
4BKXZ5GUo5rVJ/1QO3KZZyEq0NK5HaB76Vu8rxmwI7U84y3VGJafc8DLDP526Z8P
+PaZnvC7YAUMdivcD2KggW/4LVqhQnbLqRXbwoIAVNfT
-----END CERTIFICATE-----