Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/nVtVrlWVO6-BB0kLGx-GtQPawcM.roa
File:                     nVtVrlWVO6-BB0kLGx-GtQPawcM.roa (raw, json)
Hash identifier:          MxpF4UAnKSFZ2sxK+iSk252AT48ndRK1EDRB7adFJRM=
Subject key identifier:   9D:5B:55:AE:55:95:3B:AF:81:07:49:0B:1B:1F:86:B5:03:DA:C1:C3
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C8EC2A564642ED68ACEEE2F49D8035B33
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/nVtVrlWVO6-BB0kLGx-GtQPawcM.roa
Signing time:             Tue 24 Feb 2026 08:27:26 +0000
ROA not before:           Tue 24 Feb 2026 08:27:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212628
IP address blocks:        66.51.64.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:c2:a5:64:64:2e:d6:8a:ce:ee:2f:49:d8:03:5b:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 24 08:27:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d5b55ae55953baf8107490b1b1f86b503dac1c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c8:1f:7c:02:c0:4e:f0:43:13:b2:cc:c8:87:
                    1f:84:a6:46:17:9f:64:14:76:a4:d0:b7:e6:d2:c2:
                    38:97:05:70:db:85:c8:49:cc:52:2f:75:59:19:6f:
                    a6:67:09:f3:15:e2:03:ae:f9:fa:53:d6:65:8a:58:
                    d0:e1:11:f5:9d:c9:2a:1d:6c:7c:91:dd:5a:03:0b:
                    40:c0:80:4e:24:eb:a8:a5:5c:b9:c9:be:7e:31:f9:
                    cb:d1:5b:7a:72:1c:06:18:2c:b0:98:48:57:8f:a8:
                    5f:76:8d:6f:41:a0:10:ac:13:ef:4a:95:42:ec:53:
                    cf:12:c6:e1:8f:83:8b:b9:8b:14:76:14:05:04:6a:
                    81:cf:82:b6:6b:29:cd:b7:bf:cb:84:17:21:95:0f:
                    f3:e7:69:23:46:67:ae:df:de:64:bb:da:02:f2:31:
                    8b:60:8e:cb:31:45:ec:e0:f2:61:f5:a6:01:c0:9b:
                    cd:35:0c:7c:a5:12:09:38:24:11:4e:11:9e:38:99:
                    94:d6:c9:10:95:aa:f7:e7:9a:9f:63:46:35:94:f0:
                    a7:e6:72:f8:65:8d:83:94:59:d8:74:a5:ec:8f:ff:
                    5e:8c:9e:8a:c2:2a:fc:db:62:01:7c:50:0a:28:25:
                    ba:85:c2:20:16:9f:ff:32:76:b9:79:bc:11:60:14:
                    92:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:5B:55:AE:55:95:3B:AF:81:07:49:0B:1B:1F:86:B5:03:DA:C1:C3
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/nVtVrlWVO6-BB0kLGx-GtQPawcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.51.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6e:a5:08:dc:85:2d:be:54:28:90:d2:35:db:a2:dd:83:f2:e0:
         25:f4:10:40:9b:6f:5e:e0:59:b7:8d:0e:62:94:f3:36:54:aa:
         68:d0:3b:c3:e5:c0:37:7b:f5:f5:f1:35:3b:7b:df:84:cb:db:
         5d:1e:b1:69:4d:9d:55:3c:12:3f:e1:10:09:8d:84:76:f9:99:
         31:a4:8b:d5:a0:4d:29:e0:ab:2f:3f:8e:d2:d9:fc:3b:0b:ef:
         7b:b0:22:60:2e:b6:34:4a:01:5f:35:5c:39:43:7f:0c:d1:fb:
         0d:4d:f4:cd:fb:e8:a3:89:f9:85:32:a8:a3:ca:fd:ae:1e:bd:
         fb:b6:9f:17:d4:2a:38:f4:c2:03:ce:a1:64:ee:35:c0:17:64:
         c7:b9:87:d0:0a:7d:53:de:23:42:ee:0b:ec:a4:9c:d3:13:35:
         41:fe:7e:2b:35:b6:24:2c:36:47:99:d2:2d:49:be:32:5a:55:
         f9:0f:f3:56:eb:99:67:1a:89:8a:80:d5:70:18:14:cf:73:8d:
         c4:3e:32:7f:78:3b:ba:29:7a:96:d3:ea:31:c4:78:e9:31:e8:
         64:b2:6c:0e:18:35:a6:ca:35:cf:32:47:9e:92:f3:f4:ea:3d:
         1b:95:ca:99:b1:7d:38:9f:11:62:8a:4f:6b:34:81:ee:16:8f:
         af:4d:8f:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyOwqVkZC7Wis7uL0nYA1szMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjI0MDgyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDViNTVhZTU1OTUzYmFmODEwNzQ5MGIxYjFmODZiNTAzZGFjMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycgffALATvBDE7LMyIcfhKZGF59k
FHak0Lfm0sI4lwVw24XIScxSL3VZGW+mZwnzFeIDrvn6U9ZliljQ4RH1nckqHWx8
kd1aAwtAwIBOJOuopVy5yb5+MfnL0Vt6chwGGCywmEhXj6hfdo1vQaAQrBPvSpVC
7FPPEsbhj4OLuYsUdhQFBGqBz4K2aynNt7/LhBchlQ/z52kjRmeu395ku9oC8jGL
YI7LMUXs4PJh9aYBwJvNNQx8pRIJOCQRThGeOJmU1skQlar355qfY0Y1lPCn5nL4
ZY2DlFnYdKXsj/9ejJ6Kwir822IBfFAKKCW6hcIgFp//Mna5ebwRYBSS/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1bVa5VlTuvgQdJCxsfhrUD2sHDMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvblZ0VnJsV1ZPNi1CQjBrTEd4LUd0UVBhd2NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEQjNAMA0G
CSqGSIb3DQEBCwUAA4IBAQBupQjchS2+VCiQ0jXbot2D8uAl9BBAm29e4Fm3jQ5i
lPM2VKpo0DvD5cA3e/X18TU7e9+Ey9tdHrFpTZ1VPBI/4RAJjYR2+ZkxpIvVoE0p
4KsvP47S2fw7C+97sCJgLrY0SgFfNVw5Q38M0fsNTfTN++ijifmFMqijyv2uHr37
tp8X1Co49MIDzqFk7jXAF2THuYfQCn1T3iNC7gvspJzTEzVB/n4rNbYkLDZHmdIt
Sb4yWlX5D/NW65lnGomKgNVwGBTPc43EPjJ/eDu6KXqW0+oxxHjpMehksmwOGDWm
yjXPMkeekvP06j0blcqZsX04nxFiik9rNIHuFo+vTY8S
-----END CERTIFICATE-----