Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/USubDOC3xDx87K_ZTK3Z8oHsnzk.roa
File:                     USubDOC3xDx87K_ZTK3Z8oHsnzk.roa (raw, json)
Hash identifier:          9vyXWFhXgTXFACbWChjUbuv0OPwPRlxioKYF+gj4N1w=
Subject key identifier:   51:2B:9B:0C:E0:B7:C4:3C:7C:EC:AF:D9:4C:AD:D9:F2:81:EC:9F:39
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C90219181E1583DD9122C659F3DA629B2
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/USubDOC3xDx87K_ZTK3Z8oHsnzk.roa
Signing time:             Tue 24 Feb 2026 14:50:44 +0000
ROA not before:           Tue 24 Feb 2026 14:50:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1405
IP address blocks:        216.195.216.0/22 maxlen: 24
                          2a01:4244::/30 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:21:91:81:e1:58:3d:d9:12:2c:65:9f:3d:a6:29:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 24 14:50:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=512b9b0ce0b7c43c7cecafd94cadd9f281ec9f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b3:29:f4:0b:9a:79:85:98:63:45:ed:fd:32:
                    8b:dd:9e:55:55:88:bd:83:47:4c:aa:54:25:79:e4:
                    b2:73:b8:5d:04:9a:60:38:ea:60:ee:8f:1d:f2:16:
                    90:96:3a:82:4b:5e:2d:6d:2b:1b:98:9b:bd:1e:e5:
                    7e:57:f9:58:65:fe:15:80:01:78:13:16:0e:06:4b:
                    1b:cc:ec:b6:24:1a:e9:f0:f6:3b:89:6a:4c:85:1b:
                    2f:a0:e4:4f:8b:f9:6c:0f:5f:cf:28:6f:52:64:5b:
                    56:ef:18:82:ef:3c:8a:9c:ca:d4:59:36:98:c6:0a:
                    d0:b5:7d:24:ea:6a:ba:3f:1f:54:ae:49:d1:a6:24:
                    fa:8e:3b:c3:5f:c3:39:43:34:84:50:87:9f:17:6c:
                    10:f4:e8:77:5d:94:44:ad:aa:a1:4e:5e:75:d6:c2:
                    94:a8:f3:89:67:46:36:d8:bf:a5:6e:f8:d6:08:0e:
                    5c:a7:e9:91:aa:99:9c:47:bb:b8:7d:e9:8a:40:e5:
                    49:58:78:61:0d:35:6d:dc:85:60:b2:e3:ad:98:92:
                    1e:35:a2:10:2e:6a:66:f0:b8:30:0c:74:86:9c:50:
                    2c:d7:ba:f8:0a:ea:e7:40:33:4e:73:13:16:bd:d2:
                    03:e0:14:9b:49:48:94:70:31:55:0c:c6:55:0d:1f:
                    51:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:2B:9B:0C:E0:B7:C4:3C:7C:EC:AF:D9:4C:AD:D9:F2:81:EC:9F:39
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/USubDOC3xDx87K_ZTK3Z8oHsnzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.195.216.0/22
                IPv6:
                  2a01:4244::/30

    Signature Algorithm: sha256WithRSAEncryption
         21:b6:5a:93:e3:f5:dd:bc:f4:a2:c3:09:79:98:f1:b2:7e:1d:
         9a:67:da:3b:9c:e4:a3:f7:f0:95:7f:68:e3:72:f5:71:4a:2b:
         57:d4:69:0a:62:6a:0d:b0:74:41:8b:d7:a9:5b:59:f2:f2:21:
         c1:e3:d5:d5:01:9c:43:d3:b1:86:7d:b6:c2:84:0f:4f:d7:9a:
         21:81:b8:04:ce:ff:a0:b1:dc:4b:0d:d7:d8:47:2d:b7:7d:b4:
         be:07:ee:4e:ec:21:d1:83:c6:f0:87:6a:c4:8b:ed:b4:28:14:
         f3:42:32:c4:5b:b9:a1:32:d9:fe:2b:bb:a2:7d:78:37:2a:ae:
         62:31:a9:20:00:b7:5a:06:f0:11:1c:c6:dd:2a:1c:12:c3:18:
         d1:2b:10:bc:a0:3d:fd:4c:22:93:c9:d2:4d:40:f3:3d:89:78:
         1b:98:42:c0:64:1a:0f:72:82:dd:e0:15:95:ad:ca:70:6e:6a:
         a7:e0:f2:55:44:81:fb:7a:d2:8e:77:45:3b:b2:a0:29:bb:08:
         33:9d:41:41:84:26:79:43:e1:de:37:92:2f:db:e8:4b:74:d2:
         22:16:82:ab:a0:d4:3d:39:1e:2c:d6:da:69:b9:4e:6f:ad:6a:
         b7:5a:1b:05:80:49:17:80:5b:58:bb:5f:91:ab:28:b9:24:22:
         dd:7d:c1:67
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyQIZGB4Vg92RIsZZ89pimyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjI0MTQ1MDQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTJiOWIwY2UwYjdjNDNjN2NlY2FmZDk0Y2FkZDlmMjgxZWM5ZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7Mp9AuaeYWYY0Xt/TKL3Z5VVYi9
g0dMqlQleeSyc7hdBJpgOOpg7o8d8haQljqCS14tbSsbmJu9HuV+V/lYZf4VgAF4
ExYOBksbzOy2JBrp8PY7iWpMhRsvoORPi/lsD1/PKG9SZFtW7xiC7zyKnMrUWTaY
xgrQtX0k6mq6Px9UrknRpiT6jjvDX8M5QzSEUIefF2wQ9Oh3XZREraqhTl511sKU
qPOJZ0Y22L+lbvjWCA5cp+mRqpmcR7u4femKQOVJWHhhDTVt3IVgsuOtmJIeNaIQ
Lmpm8LgwDHSGnFAs17r4CurnQDNOcxMWvdID4BSbSUiUcDFVDMZVDR9RMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFErmwzgt8Q8fOyv2Uyt2fKB7J85MB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvVVN1YkRPQzN4RHg4N0tfWlRLM1o4b0hzbnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQC2MPYMA0E
AgACMAcDBQIqAUJEMA0GCSqGSIb3DQEBCwUAA4IBAQAhtlqT4/XdvPSiwwl5mPGy
fh2aZ9o7nOSj9/CVf2jjcvVxSitX1GkKYmoNsHRBi9epW1ny8iHB49XVAZxD07GG
fbbChA9P15ohgbgEzv+gsdxLDdfYRy23fbS+B+5O7CHRg8bwh2rEi+20KBTzQjLE
W7mhMtn+K7uifXg3Kq5iMakgALdaBvARHMbdKhwSwxjRKxC8oD39TCKTydJNQPM9
iXgbmELAZBoPcoLd4BWVrcpwbmqn4PJVRIH7etKOd0U7sqApuwgznUFBhCZ5Q+He
N5Iv2+hLdNIiFoKroNQ9OR4s1tppuU5vrWq3WhsFgEkXgFtYu1+Rqyi5JCLdfcFn
-----END CERTIFICATE-----