Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/kv9bULYb1zCfMOBRSjI9nH8sv_Y.roa
File:                     kv9bULYb1zCfMOBRSjI9nH8sv_Y.roa (raw, json)
Hash identifier:          P1HCtzPK52K7SvuHFToWVccNae4mm7lEoXBNxIQ8Ff0=
Subject key identifier:   92:FF:5B:50:B6:1B:D7:30:9F:30:E0:51:4A:32:3D:9C:7F:2C:BF:F6
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019D95C52E108B5723A2F1CD2906E185EC0C
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/kv9bULYb1zCfMOBRSjI9nH8sv_Y.roa
Signing time:             Thu 16 Apr 2026 10:10:20 +0000
ROA not before:           Thu 16 Apr 2026 10:10:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154615
IP address blocks:        216.195.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:c5:2e:10:8b:57:23:a2:f1:cd:29:06:e1:85:ec:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 16 10:10:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92ff5b50b61bd7309f30e0514a323d9c7f2cbff6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:14:11:87:b4:8d:65:a6:07:43:35:35:af:03:
                    e3:cf:53:6f:b4:cb:c4:61:e5:c9:cb:b7:0e:70:c3:
                    2f:1f:89:49:ce:e1:e1:35:46:fc:34:fe:53:4c:a5:
                    59:61:f9:11:20:09:e8:20:05:87:6b:2f:17:34:11:
                    be:d7:08:38:63:2e:24:2e:ed:c9:74:86:78:4f:b5:
                    d4:aa:4d:f4:65:be:75:6c:66:47:79:32:34:a2:aa:
                    b9:30:d0:f1:b8:8c:01:1c:4a:41:59:fa:19:7a:12:
                    dd:11:c6:cf:bf:67:c1:c3:47:1a:88:da:49:1a:c0:
                    66:aa:dc:54:75:a4:e8:3b:a8:6b:1d:df:80:f1:8d:
                    14:82:8f:a1:a1:3d:33:25:79:58:8d:87:e5:86:f2:
                    25:ea:37:95:8c:25:91:72:26:1c:da:23:ef:fd:fb:
                    15:a2:dd:9f:bd:2c:f2:d1:89:bb:70:0e:36:a3:33:
                    65:6b:3c:a1:0c:b5:8d:75:b4:ad:b1:1c:f5:18:e9:
                    76:dd:4f:0e:a2:7e:f2:b5:61:1e:f8:cd:a6:3b:00:
                    21:d0:5b:73:ee:18:a4:83:b8:48:94:4f:e2:6d:8b:
                    f9:d1:72:98:f5:d3:a1:db:44:01:c7:1d:58:db:96:
                    5b:b2:f5:df:ec:ac:b4:b1:9e:c3:c3:0b:2e:1f:62:
                    00:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:FF:5B:50:B6:1B:D7:30:9F:30:E0:51:4A:32:3D:9C:7F:2C:BF:F6
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/kv9bULYb1zCfMOBRSjI9nH8sv_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.195.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:39:fe:c9:0f:c8:a6:77:3a:dd:03:c6:00:76:73:f8:ee:54:
         b3:0d:ae:d3:ba:5c:cd:78:42:af:ca:ff:b2:0d:da:e8:de:d9:
         df:5a:03:20:19:5e:39:cc:58:9d:4f:18:55:11:12:7e:a2:42:
         7f:8e:fb:5c:ca:53:1e:d2:29:3a:05:06:38:5e:7c:b1:85:79:
         c4:27:1f:bc:48:5d:d8:ba:b5:c8:4e:c4:fe:32:83:6b:5b:a5:
         ad:f0:24:82:bd:34:af:9d:7e:5d:fe:05:9f:45:d2:11:31:9d:
         74:8b:71:22:55:6f:d0:96:b1:41:78:e5:f6:56:96:33:27:73:
         5f:50:77:fa:83:ac:f4:2c:98:a5:53:46:78:26:c7:a3:f6:6c:
         4f:48:53:8b:22:a9:33:33:7e:1b:4d:0d:ab:2d:e1:81:10:9e:
         a1:52:75:28:5c:ff:87:67:d3:8a:33:a6:ef:24:c5:ca:80:34:
         66:e2:64:47:87:c9:3e:c2:ea:eb:d5:13:53:59:0b:b5:c3:a2:
         30:90:73:a6:fd:23:ac:fc:57:59:07:6e:a1:39:25:73:ad:31:
         60:21:f8:dc:61:70:a8:b0:2c:8e:45:09:42:58:4d:06:ac:36:
         35:59:8a:e3:64:e5:ad:03:c2:3f:08:d4:74:2c:da:d1:59:59:
         b4:56:fe:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2VxS4Qi1cjovHNKQbhhewMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDE2MTAxMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmZmNWI1MGI2MWJkNzMwOWYzMGUwNTE0YTMyM2Q5YzdmMmNiZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBQRh7SNZaYHQzU1rwPjz1NvtMvE
YeXJy7cOcMMvH4lJzuHhNUb8NP5TTKVZYfkRIAnoIAWHay8XNBG+1wg4Yy4kLu3J
dIZ4T7XUqk30Zb51bGZHeTI0oqq5MNDxuIwBHEpBWfoZehLdEcbPv2fBw0caiNpJ
GsBmqtxUdaToO6hrHd+A8Y0Ugo+hoT0zJXlYjYflhvIl6jeVjCWRciYc2iPv/fsV
ot2fvSzy0Ym7cA42ozNlazyhDLWNdbStsRz1GOl23U8Oon7ytWEe+M2mOwAh0Ftz
7hikg7hIlE/ibYv50XKY9dOh20QBxx1Y25ZbsvXf7Ky0sZ7DwwsuH2IAIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJL/W1C2G9cwnzDgUUoyPZx/LL/2MB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEva3Y5YlVMWWIxekNmTU9CUlNqSTluSDhzdl9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2MPBMA0G
CSqGSIb3DQEBCwUAA4IBAQCoOf7JD8imdzrdA8YAdnP47lSzDa7TulzNeEKvyv+y
Ddro3tnfWgMgGV45zFidTxhVERJ+okJ/jvtcylMe0ik6BQY4XnyxhXnEJx+8SF3Y
urXITsT+MoNrW6Wt8CSCvTSvnX5d/gWfRdIRMZ10i3EiVW/QlrFBeOX2VpYzJ3Nf
UHf6g6z0LJilU0Z4Jsej9mxPSFOLIqkzM34bTQ2rLeGBEJ6hUnUoXP+HZ9OKM6bv
JMXKgDRm4mRHh8k+wurr1RNTWQu1w6IwkHOm/SOs/FdZB26hOSVzrTFgIfjcYXCo
sCyORQlCWE0GrDY1WYrjZOWtA8I/CNR0LNrRWVm0Vv6Z
-----END CERTIFICATE-----