Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/pXQUKLQGLhckSIvpsa2VL54Uxa4.roa
File:                     pXQUKLQGLhckSIvpsa2VL54Uxa4.roa (raw, json)
Hash identifier:          pxVzwowTxbXt7CA8ylAQ8NwPwJGfKJGc5L84cDe95WA=
Subject key identifier:   A5:74:14:28:B4:06:2E:17:24:48:8B:E9:B1:AD:95:2F:9E:14:C5:AE
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C9DC9B12BD529BC241CD7A57BCFFC5D5D
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/pXQUKLQGLhckSIvpsa2VL54Uxa4.roa
Signing time:             Fri 27 Feb 2026 06:29:26 +0000
ROA not before:           Fri 27 Feb 2026 06:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209699
IP address blocks:        216.23.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9d:c9:b1:2b:d5:29:bc:24:1c:d7:a5:7b:cf:fc:5d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 27 06:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5741428b4062e1724488be9b1ad952f9e14c5ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:db:ba:e2:c2:6d:72:86:15:58:0d:48:d3:d4:
                    ea:9f:26:72:dc:a0:1d:c1:4e:00:5e:bc:cf:68:fb:
                    97:8c:ab:56:85:25:46:7b:8b:18:09:95:1e:33:aa:
                    26:71:86:6b:46:23:3a:20:ac:72:4d:27:bc:dd:20:
                    b3:33:3f:0c:21:be:6a:f6:86:b5:92:55:26:28:58:
                    a1:24:1e:ab:dd:17:69:be:58:89:88:1f:03:15:6b:
                    55:67:39:64:50:39:fc:36:9a:71:8a:94:4d:3c:7b:
                    e3:2c:51:f9:e5:73:73:b2:54:70:60:d9:36:83:c6:
                    a0:2c:71:1f:1b:ca:66:36:99:d1:cc:bb:63:70:0b:
                    4d:69:99:7f:41:72:d0:fe:d2:45:46:01:fc:95:05:
                    e2:2c:bb:85:5d:43:ce:db:49:c1:ba:9a:cf:de:d0:
                    14:b5:88:dc:1c:68:61:f0:4f:55:1b:ad:44:e6:35:
                    f1:24:bb:ce:1b:ec:45:44:c8:d7:18:28:9a:10:97:
                    fc:db:33:57:9b:c4:03:b7:4a:fa:b0:19:9b:0f:b4:
                    e0:69:bf:be:6d:12:8f:7e:3a:c9:d7:3e:7f:1c:d1:
                    1d:a9:9e:b0:b7:43:05:1d:a6:9d:98:1d:f5:ff:89:
                    64:2b:b3:45:d4:5f:9a:73:63:cf:4a:78:74:0a:64:
                    aa:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:74:14:28:B4:06:2E:17:24:48:8B:E9:B1:AD:95:2F:9E:14:C5:AE
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/pXQUKLQGLhckSIvpsa2VL54Uxa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:17:6c:5d:79:3b:41:5a:4f:e2:49:51:09:83:b9:bc:d4:19:
         5c:1f:74:c8:ca:9d:c4:ff:72:7e:0e:56:44:84:f0:b0:50:6b:
         d5:68:32:77:82:fc:d7:19:4c:1e:b6:4d:26:04:24:84:9f:7c:
         30:9f:c7:80:79:5b:1b:ea:a9:b2:b0:ad:41:42:db:0e:13:fd:
         6e:87:bc:6d:f2:f2:b4:8e:d2:7f:92:7c:56:fe:b2:4b:ba:7f:
         54:ae:f3:15:92:a0:92:ff:b7:f0:d6:71:bc:88:39:d9:bb:20:
         b0:a2:9a:de:87:37:2b:c5:a1:51:b9:5b:ae:32:1a:18:1f:c5:
         7a:c1:06:53:d6:f7:b0:f7:69:a0:a4:e2:5a:ed:d7:d7:9e:5d:
         b1:6d:1c:6c:b2:6c:a4:78:9e:e8:94:0c:29:cb:96:73:f2:45:
         90:8c:3e:62:7b:37:92:db:d8:2c:95:80:d8:a7:96:a0:14:51:
         73:56:56:9b:15:08:68:2c:18:8f:e3:78:30:7d:d3:75:07:30:
         6e:45:4d:4f:2a:33:a8:fa:ab:10:3b:fc:3c:5d:51:46:ab:1f:
         9d:a3:8b:90:6f:7c:4d:b0:e0:0d:59:fb:66:52:ad:0b:28:c4:
         7f:4f:5b:d7:b3:d4:e2:de:b2:dd:5b:ee:ce:33:4e:b4:a2:2f:
         c0:ca:d1:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZydybEr1Sm8JBzXpXvP/F1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjI3MDYyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTc0MTQyOGI0MDYyZTE3MjQ0ODhiZTliMWFkOTUyZjllMTRjNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNu64sJtcoYVWA1I09TqnyZy3KAd
wU4AXrzPaPuXjKtWhSVGe4sYCZUeM6omcYZrRiM6IKxyTSe83SCzMz8MIb5q9oa1
klUmKFihJB6r3RdpvliJiB8DFWtVZzlkUDn8NppxipRNPHvjLFH55XNzslRwYNk2
g8agLHEfG8pmNpnRzLtjcAtNaZl/QXLQ/tJFRgH8lQXiLLuFXUPO20nBuprP3tAU
tYjcHGhh8E9VG61E5jXxJLvOG+xFRMjXGCiaEJf82zNXm8QDt0r6sBmbD7Tgab++
bRKPfjrJ1z5/HNEdqZ6wt0MFHaadmB31/4lkK7NF1F+ac2PPSnh0CmSqDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKV0FCi0Bi4XJEiL6bGtlS+eFMWuMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvcFhRVUtMUUdMaGNrU0l2cHNhMlZMNTRVeGE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2BdYMA0G
CSqGSIb3DQEBCwUAA4IBAQAIF2xdeTtBWk/iSVEJg7m81BlcH3TIyp3E/3J+DlZE
hPCwUGvVaDJ3gvzXGUwetk0mBCSEn3wwn8eAeVsb6qmysK1BQtsOE/1uh7xt8vK0
jtJ/knxW/rJLun9UrvMVkqCS/7fw1nG8iDnZuyCwoprehzcrxaFRuVuuMhoYH8V6
wQZT1vew92mgpOJa7dfXnl2xbRxssmykeJ7olAwpy5Zz8kWQjD5iezeS29gslYDY
p5agFFFzVlabFQhoLBiP43gwfdN1BzBuRU1PKjOo+qsQO/w8XVFGqx+do4uQb3xN
sOANWftmUq0LKMR/T1vXs9Ti3rLdW+7OM060oi/AytHU
-----END CERTIFICATE-----