Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/coXqMHKib-sn22ZEmVL4c4YPBzI.roa
File:                     coXqMHKib-sn22ZEmVL4c4YPBzI.roa (raw, json)
Hash identifier:          m/f2FxxNOo0PJVGCb4IMQyNlrMZaGhuA43y2Bq1/DIo=
Subject key identifier:   72:85:EA:30:72:A2:6F:EB:27:DB:66:44:99:52:F8:73:86:0F:07:32
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C9DC8C6C1E60C3412A8C9C612898CF050
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/coXqMHKib-sn22ZEmVL4c4YPBzI.roa
Signing time:             Fri 27 Feb 2026 06:28:26 +0000
ROA not before:           Fri 27 Feb 2026 06:28:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216211
IP address blocks:        216.23.64.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9d:c8:c6:c1:e6:0c:34:12:a8:c9:c6:12:89:8c:f0:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 27 06:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7285ea3072a26feb27db66449952f873860f0732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:75:6a:30:d6:b7:79:da:54:78:60:20:46:8d:
                    24:b9:99:04:fb:b1:bb:95:49:aa:76:5a:9f:49:dc:
                    60:ac:9b:28:f1:80:8a:ea:c4:d9:b5:c2:de:87:19:
                    bd:a2:75:c7:6c:00:75:1c:bf:b7:e8:03:73:23:a1:
                    e0:1c:16:82:9f:a0:8f:5d:a3:9a:39:7d:19:dd:d2:
                    fa:a6:38:bd:04:60:59:36:7d:08:3b:4a:5d:7b:c0:
                    0f:11:bc:ac:9d:71:39:e4:26:1e:5c:91:ac:85:a0:
                    a3:6d:0b:94:ec:39:63:a3:53:29:1f:4e:76:c5:49:
                    89:b6:c7:06:19:12:16:97:6a:5f:a9:0a:9f:09:19:
                    76:7e:3f:1c:67:fb:cf:34:67:c5:20:91:7a:55:24:
                    5f:0f:7d:29:25:52:0c:03:be:6b:ab:5c:99:ac:44:
                    2b:fe:dc:89:34:67:72:76:28:0b:cd:76:49:68:23:
                    dd:11:d8:7f:14:3d:6f:2a:f3:5f:de:2a:85:a4:56:
                    7a:88:3f:fe:7a:17:d1:f6:d7:ff:3a:72:c3:7f:50:
                    ea:38:01:1d:09:d3:20:e8:d1:d7:37:96:6e:ff:f0:
                    ac:1d:3e:e8:89:26:83:42:f0:ab:f7:f3:85:b9:6a:
                    d4:96:e4:15:f8:0b:96:61:73:8c:0a:3c:dc:fc:8e:
                    92:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:85:EA:30:72:A2:6F:EB:27:DB:66:44:99:52:F8:73:86:0F:07:32
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/coXqMHKib-sn22ZEmVL4c4YPBzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1f:02:a5:ba:e5:6a:2f:f7:bc:6d:fb:94:90:e0:ef:9c:92:d9:
         a1:6d:71:ad:9c:6b:c4:86:78:02:1d:d6:37:19:86:eb:3e:32:
         c5:57:07:7e:b0:84:fa:ae:9c:8e:f8:58:34:9b:45:72:b2:4c:
         a9:a6:d1:15:ab:23:9c:e8:c0:53:e8:70:cc:d8:71:e3:3f:6a:
         47:5b:0d:cd:2a:c1:3b:24:b4:87:e8:60:5a:87:ea:cf:30:78:
         29:94:82:c2:42:8e:e3:0d:2c:a0:fa:ac:8b:e3:64:a9:94:3d:
         67:dc:be:2a:47:05:6d:db:1f:85:b1:5f:b1:f2:bf:a5:fc:17:
         01:51:4f:49:96:ec:2c:9c:c2:90:07:fd:90:5e:ce:5a:72:75:
         8a:1d:be:27:af:51:95:a9:10:5d:08:22:92:6c:62:16:a7:b9:
         8a:8c:1c:50:a6:53:51:75:56:57:cd:45:73:f3:d1:0c:c8:1d:
         a7:34:8c:b1:4a:52:cc:f4:10:37:ef:1b:d1:1c:74:43:5e:94:
         90:6e:1e:44:12:f9:bd:d4:29:50:90:11:fe:26:98:ac:70:19:
         d9:79:be:c9:5b:b0:01:2b:f0:d6:76:25:e6:97:d2:8a:0f:f9:
         4b:7a:09:16:7f:ad:eb:17:19:d8:bf:66:20:f9:3c:94:3a:c7:
         27:54:cb:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZydyMbB5gw0EqjJxhKJjPBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjI3MDYyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjg1ZWEzMDcyYTI2ZmViMjdkYjY2NDQ5OTUyZjg3Mzg2MGYwNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnVqMNa3edpUeGAgRo0kuZkE+7G7
lUmqdlqfSdxgrJso8YCK6sTZtcLehxm9onXHbAB1HL+36ANzI6HgHBaCn6CPXaOa
OX0Z3dL6pji9BGBZNn0IO0pde8APEbysnXE55CYeXJGshaCjbQuU7Dljo1MpH052
xUmJtscGGRIWl2pfqQqfCRl2fj8cZ/vPNGfFIJF6VSRfD30pJVIMA75rq1yZrEQr
/tyJNGdydigLzXZJaCPdEdh/FD1vKvNf3iqFpFZ6iD/+ehfR9tf/OnLDf1DqOAEd
CdMg6NHXN5Zu//CsHT7oiSaDQvCr9/OFuWrUluQV+AuWYXOMCjzc/I6SJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKF6jByom/rJ9tmRJlS+HOGDwcyMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvY29YcU1IS2liLXNuMjJaRW1WTDRjNFlQQnpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2BdAMA0G
CSqGSIb3DQEBCwUAA4IBAQAfAqW65Wov97xt+5SQ4O+cktmhbXGtnGvEhngCHdY3
GYbrPjLFVwd+sIT6rpyO+Fg0m0VyskypptEVqyOc6MBT6HDM2HHjP2pHWw3NKsE7
JLSH6GBah+rPMHgplILCQo7jDSyg+qyL42SplD1n3L4qRwVt2x+FsV+x8r+l/BcB
UU9JluwsnMKQB/2QXs5acnWKHb4nr1GVqRBdCCKSbGIWp7mKjBxQplNRdVZXzUVz
89EMyB2nNIyxSlLM9BA37xvRHHRDXpSQbh5EEvm91ClQkBH+JpiscBnZeb7JW7AB
K/DWdiXml9KKD/lLegkWf63rFxnYv2Yg+TyUOscnVMu0
-----END CERTIFICATE-----