Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/s164bmBS4p-apZhM-MctZkXpN0U.roa
File:                     s164bmBS4p-apZhM-MctZkXpN0U.roa (raw, json)
Hash identifier:          0N/gWItg7SgNePmyijXaKOfBIxoVYTgbI5wvLIcYwgA=
Subject key identifier:   B3:5E:B8:6E:60:52:E2:9F:9A:A5:98:4C:F8:C7:2D:66:45:E9:37:45
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019D7613C42DDAE7F3E46800FBACC155E467
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/s164bmBS4p-apZhM-MctZkXpN0U.roa
Signing time:             Fri 10 Apr 2026 06:28:20 +0000
ROA not before:           Fri 10 Apr 2026 06:28:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     140595
IP address blocks:        216.116.169.0/24 maxlen: 24
                          216.116.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 21:23:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:13:c4:2d:da:e7:f3:e4:68:00:fb:ac:c1:55:e4:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 10 06:28:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b35eb86e6052e29f9aa5984cf8c72d6645e93745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b9:00:83:64:0b:3c:d6:b9:bc:19:c0:ce:f0:
                    37:7f:d4:aa:55:48:76:71:0c:0f:37:17:f9:81:02:
                    51:71:02:db:de:18:45:b1:cd:28:af:2c:36:44:6f:
                    30:eb:ce:e3:b6:76:1c:1f:46:97:37:ad:81:0e:63:
                    b1:27:72:2d:1e:57:03:9d:69:07:de:a7:47:a8:42:
                    a5:2e:f1:3c:b3:64:f9:5e:93:9b:77:ef:d0:85:29:
                    4e:1c:87:8e:b7:3c:bf:6f:a6:18:76:28:23:c5:db:
                    37:37:c0:bc:c6:15:0d:a6:72:55:43:e5:1e:f0:41:
                    cd:04:53:a2:5b:4d:e6:d3:67:77:d4:75:9c:bd:a6:
                    af:5d:67:35:42:71:26:ac:cf:14:e5:7f:a0:1b:e5:
                    0f:b1:fe:c0:6b:7e:2f:78:6c:4a:21:03:35:59:31:
                    38:f8:28:03:96:f1:1d:79:66:28:74:d2:3c:dd:90:
                    e3:a2:05:10:1d:5b:9f:fe:2a:46:32:f5:96:7d:fb:
                    5d:a6:b0:33:11:15:91:34:6d:b2:16:b0:c5:09:98:
                    57:09:40:0c:1c:b7:26:d3:50:e3:8d:0f:a5:b1:85:
                    b0:05:e1:3f:c4:f9:74:32:4c:d5:b6:c2:80:e8:1f:
                    92:75:75:8e:10:12:be:ad:1f:82:55:17:13:9d:71:
                    26:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5E:B8:6E:60:52:E2:9F:9A:A5:98:4C:F8:C7:2D:66:45:E9:37:45
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/s164bmBS4p-apZhM-MctZkXpN0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.116.169.0-216.116.170.255

    Signature Algorithm: sha256WithRSAEncryption
         c4:4a:ad:52:42:e3:d5:fa:f0:60:da:e2:c6:a8:20:fb:f8:42:
         2d:00:26:af:d8:f9:c7:44:5e:5d:86:b8:46:21:7b:58:df:39:
         b2:ad:67:82:94:9c:9e:19:b5:c3:84:a8:2f:40:85:43:8b:54:
         21:4d:ed:71:78:f4:57:62:8b:1f:1a:b8:db:34:45:6d:aa:00:
         87:b5:4e:42:68:d8:14:ec:38:3f:d9:3a:b9:08:86:7b:47:e9:
         72:df:a0:88:b2:a9:c2:84:ec:eb:40:d4:1d:b5:73:d8:61:28:
         32:b3:2a:59:1c:bd:63:4c:03:d9:8b:24:30:7f:b0:a9:15:a6:
         83:69:39:98:6a:5f:ea:d7:b1:c2:0d:e5:cc:7a:60:9a:fa:10:
         95:31:20:0f:fe:ae:d3:f9:85:8e:da:c2:8e:e0:0f:2e:56:1a:
         9d:aa:14:be:5b:03:4c:ef:0c:1a:81:87:50:d6:a0:ac:83:27:
         ff:b2:6f:ec:02:d9:fd:20:ab:c0:1f:56:f4:1b:60:d4:32:c7:
         e2:b9:31:81:3e:bc:b9:f8:c2:86:7a:97:b5:14:27:17:99:87:
         84:13:0f:19:f1:72:f1:c3:ce:eb:25:e3:52:5f:48:ef:1e:9c:
         ac:82:72:da:f3:41:df:83:00:a6:d4:8c:a9:01:de:02:45:1a:
         d4:a5:b2:63
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ12E8Qt2ufz5GgA+6zBVeRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDEwMDYyODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzVlYjg2ZTYwNTJlMjlmOWFhNTk4NGNmOGM3MmQ2NjQ1ZTkzNzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7kAg2QLPNa5vBnAzvA3f9SqVUh2
cQwPNxf5gQJRcQLb3hhFsc0oryw2RG8w687jtnYcH0aXN62BDmOxJ3ItHlcDnWkH
3qdHqEKlLvE8s2T5XpObd+/QhSlOHIeOtzy/b6YYdigjxds3N8C8xhUNpnJVQ+Ue
8EHNBFOiW03m02d31HWcvaavXWc1QnEmrM8U5X+gG+UPsf7Aa34veGxKIQM1WTE4
+CgDlvEdeWYodNI83ZDjogUQHVuf/ipGMvWWfftdprAzERWRNG2yFrDFCZhXCUAM
HLcm01DjjQ+lsYWwBeE/xPl0MkzVtsKA6B+SdXWOEBK+rR+CVRcTnXEm8wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLNeuG5gUuKfmqWYTPjHLWZF6TdFMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvczE2NGJtQlM0cC1hcFpoTS1NY3Raa1hwTjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADYdKkD
BADYdKowDQYJKoZIhvcNAQELBQADggEBAMRKrVJC49X68GDa4saoIPv4Qi0AJq/Y
+cdEXl2GuEYhe1jfObKtZ4KUnJ4ZtcOEqC9AhUOLVCFN7XF49Fdiix8auNs0RW2q
AIe1TkJo2BTsOD/ZOrkIhntH6XLfoIiyqcKE7OtA1B21c9hhKDKzKlkcvWNMA9mL
JDB/sKkVpoNpOZhqX+rXscIN5cx6YJr6EJUxIA/+rtP5hY7awo7gDy5WGp2qFL5b
A0zvDBqBh1DWoKyDJ/+yb+wC2f0gq8AfVvQbYNQyx+K5MYE+vLn4woZ6l7UUJxeZ
h4QTDxnxcvHDzusl41JfSO8enKyCctrzQd+DAKbUjKkB3gJFGtSlsmM=
-----END CERTIFICATE-----