Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/ttKRpoiVWrMwuSA7NN9prqENEvU.roa
File:                     ttKRpoiVWrMwuSA7NN9prqENEvU.roa (raw, json)
Hash identifier:          u8u7w3czL6pxqV5BhS7+ojkyQ5W209E8gaNM6IitK7k=
Subject key identifier:   B6:D2:91:A6:88:95:5A:B3:30:B9:20:3B:34:DF:69:AE:A1:0D:12:F5
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019C95E6F536553EA698A522F23A3C243A79
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/ttKRpoiVWrMwuSA7NN9prqENEvU.roa
Signing time:             Wed 25 Feb 2026 17:44:27 +0000
ROA not before:           Wed 25 Feb 2026 17:44:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152626
IP address blocks:        216.195.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:e6:f5:36:55:3e:a6:98:a5:22:f2:3a:3c:24:3a:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Feb 25 17:44:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6d291a688955ab330b9203b34df69aea10d12f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a1:df:c5:6c:91:fb:61:6b:76:06:cd:84:8d:
                    0d:8c:5c:40:d5:64:46:e1:40:80:03:31:ff:f2:9c:
                    cd:f6:be:00:43:50:f2:15:12:cf:0d:b7:76:31:2d:
                    30:d3:b6:cf:a7:95:b0:f7:d3:fa:76:33:0a:2f:df:
                    6c:b9:a9:78:f1:69:43:87:7f:45:f6:3e:19:c3:fd:
                    79:02:fd:cf:e4:88:50:49:4c:da:6b:b7:6e:6e:3b:
                    4a:6e:38:34:d4:2e:63:7b:2a:8c:d4:23:c4:ff:00:
                    58:b6:b8:f8:6a:7b:e2:0a:17:d5:3b:a6:dc:3e:d8:
                    55:2b:2c:de:d4:70:6e:34:22:b6:31:95:1a:96:67:
                    52:f3:36:61:e9:51:f5:23:0b:97:d9:d8:bf:fd:cd:
                    37:26:41:70:bc:1a:71:99:d6:92:b5:11:a9:33:d4:
                    69:7d:ee:ff:33:5e:ff:ec:fb:53:7e:da:63:52:a9:
                    d0:66:9c:f5:c6:87:b6:4f:94:bd:5e:39:c1:31:78:
                    70:4b:83:fb:0a:ec:16:11:86:24:7a:f0:b1:05:bf:
                    0d:e5:85:19:05:21:b2:d7:60:89:a8:7c:f4:f0:3a:
                    7b:03:5b:4a:0a:af:d4:17:b5:86:5f:13:c8:df:69:
                    1c:23:1c:45:94:9a:eb:47:5c:c0:4c:8c:86:7d:9c:
                    4a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:D2:91:A6:88:95:5A:B3:30:B9:20:3B:34:DF:69:AE:A1:0D:12:F5
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/ttKRpoiVWrMwuSA7NN9prqENEvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.195.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:12:03:3f:c7:e8:8e:43:3e:a0:0e:fa:c4:7d:26:53:9a:73:
         6a:ab:f1:31:fe:fb:3b:3b:ed:ff:2c:3d:52:64:3a:48:cc:52:
         aa:c1:d7:94:29:89:e5:52:e0:52:ea:75:f6:07:06:0d:d0:60:
         8b:48:81:68:7b:fe:36:ba:0c:b2:d8:e7:f4:63:ce:21:5a:ca:
         8c:e1:10:ff:40:f6:95:a4:a5:e0:74:a0:1b:a4:0a:3d:84:e7:
         fe:be:7e:ba:a6:7e:f5:5a:7b:13:ab:c4:68:18:62:2a:c1:b7:
         d9:11:c7:59:d4:e0:5a:e9:16:44:8e:e4:c5:8b:66:b3:e7:fa:
         2b:80:8d:c4:d2:f8:e8:33:37:f4:0d:29:dc:e0:e9:2a:6a:eb:
         63:de:73:4f:8e:dc:4f:1c:c7:6e:83:f3:60:14:16:39:5f:67:
         c5:e9:49:c9:b1:ea:8d:30:94:5e:c5:47:06:2c:4e:fd:e8:68:
         d5:6a:7c:8d:89:2e:b3:de:8a:81:48:11:1d:3f:b1:1d:8d:84:
         f4:51:30:95:65:02:d7:a6:11:8f:3a:22:c5:79:62:b1:db:f5:
         59:9c:14:c8:6c:6a:42:7d:7f:87:91:91:1f:48:1f:09:42:dc:
         e7:6c:53:23:f4:95:8c:d0:0f:d1:f8:be:95:6d:64:f9:06:13:
         5b:62:38:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyV5vU2VT6mmKUi8jo8JDp5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwMjI1MTc0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmQyOTFhNjg4OTU1YWIzMzBiOTIwM2IzNGRmNjlhZWExMGQxMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qHfxWyR+2FrdgbNhI0NjFxA1WRG
4UCAAzH/8pzN9r4AQ1DyFRLPDbd2MS0w07bPp5Ww99P6djMKL99sual48WlDh39F
9j4Zw/15Av3P5IhQSUzaa7dubjtKbjg01C5jeyqM1CPE/wBYtrj4anviChfVO6bc
PthVKyze1HBuNCK2MZUalmdS8zZh6VH1IwuX2di//c03JkFwvBpxmdaStRGpM9Rp
fe7/M17/7PtTftpjUqnQZpz1xoe2T5S9XjnBMXhwS4P7CuwWEYYkevCxBb8N5YUZ
BSGy12CJqHz08Dp7A1tKCq/UF7WGXxPI32kcIxxFlJrrR1zATIyGfZxKKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbSkaaIlVqzMLkgOzTfaa6hDRL1MB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvdHRLUnBvaVZXck13dVNBN05OOXBycUVORXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2MPcMA0G
CSqGSIb3DQEBCwUAA4IBAQAdEgM/x+iOQz6gDvrEfSZTmnNqq/Ex/vs7O+3/LD1S
ZDpIzFKqwdeUKYnlUuBS6nX2BwYN0GCLSIFoe/42ugyy2Of0Y84hWsqM4RD/QPaV
pKXgdKAbpAo9hOf+vn66pn71WnsTq8RoGGIqwbfZEcdZ1OBa6RZEjuTFi2az5/or
gI3E0vjoMzf0DSnc4Okqautj3nNPjtxPHMdug/NgFBY5X2fF6UnJseqNMJRexUcG
LE796GjVanyNiS6z3oqBSBEdP7EdjYT0UTCVZQLXphGPOiLFeWKx2/VZnBTIbGpC
fX+HkZEfSB8JQtznbFMj9JWM0A/R+L6VbWT5BhNbYjiX
-----END CERTIFICATE-----