Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/COjqaYnsYuyAQnOfRow1LSaHRvU.roa
File:                     COjqaYnsYuyAQnOfRow1LSaHRvU.roa (raw, json)
Hash identifier:          OG1wPC551mpOORC3dI+5e8bO42vNDHRLBsbdrz/BicA=
Subject key identifier:   08:E8:EA:69:89:EC:62:EC:80:42:73:9F:46:8C:35:2D:26:87:46:F5
Certificate issuer:       /CN=951664521d503959212f55b2a59aec6d207b0a28
Certificate serial:       019B7F15915CB7636A6742BDAD1E294A9B11
Authority key identifier: 95:16:64:52:1D:50:39:59:21:2F:55:B2:A5:9A:EC:6D:20:7B:0A:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lRZkUh1QOVkhL1WypZrsbSB7Cig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/COjqaYnsYuyAQnOfRow1LSaHRvU.roa
Signing time:             Fri 02 Jan 2026 14:21:18 +0000
ROA not before:           Fri 02 Jan 2026 14:21:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6883
IP address blocks:        161.110.0.0/16 maxlen: 16
                          2a0a:f500::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/lRZkUh1QOVkhL1WypZrsbSB7Cig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/lRZkUh1QOVkhL1WypZrsbSB7Cig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lRZkUh1QOVkhL1WypZrsbSB7Cig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:91:5c:b7:63:6a:67:42:bd:ad:1e:29:4a:9b:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=951664521d503959212f55b2a59aec6d207b0a28
        Validity
            Not Before: Jan  2 14:21:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08e8ea6989ec62ec8042739f468c352d268746f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7e:bb:4a:a5:b1:a9:d0:5e:23:23:2d:3b:6a:
                    14:f8:69:54:fc:09:9d:07:cc:d1:1e:b0:df:47:9a:
                    11:11:b1:dd:22:18:40:40:87:62:d1:d5:85:f1:a5:
                    ab:03:d8:a8:fe:11:85:68:f0:b4:0a:0e:00:3f:b1:
                    df:e7:4f:a6:9e:5f:da:86:81:41:63:be:04:94:bf:
                    a9:67:10:ce:10:4f:2c:e5:b6:38:65:2c:36:60:4b:
                    1c:76:21:2d:62:c8:81:79:4a:0c:c1:30:c6:6a:61:
                    00:b5:df:95:93:af:ee:d1:b0:23:96:26:4a:c4:00:
                    79:64:22:09:82:7f:cd:a6:f5:d5:56:be:63:30:ba:
                    7c:0e:73:8c:58:b3:44:17:6e:50:bc:30:54:cd:36:
                    3b:97:db:6d:89:93:18:61:ef:42:11:85:1e:ea:6e:
                    d8:08:80:63:bc:c1:40:07:ec:d8:04:a8:09:c0:15:
                    77:74:30:6c:47:d1:66:69:d6:2f:31:18:17:7d:2e:
                    9d:99:b2:87:9c:90:a8:98:73:33:44:53:f0:4b:dd:
                    57:99:44:39:5c:f7:56:4f:12:9d:a1:c9:96:7c:ca:
                    41:e7:2d:b3:90:3c:72:4d:29:93:2f:79:4a:45:64:
                    6e:43:73:46:5c:e3:75:a5:58:82:5b:60:91:b5:43:
                    5c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E8:EA:69:89:EC:62:EC:80:42:73:9F:46:8C:35:2D:26:87:46:F5
            X509v3 Authority Key Identifier:
                keyid:95:16:64:52:1D:50:39:59:21:2F:55:B2:A5:9A:EC:6D:20:7B:0A:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lRZkUh1QOVkhL1WypZrsbSB7Cig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/COjqaYnsYuyAQnOfRow1LSaHRvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/lRZkUh1QOVkhL1WypZrsbSB7Cig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.110.0.0/16
                IPv6:
                  2a0a:f500::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:66:c2:0a:67:2a:e6:ca:fb:24:93:02:82:b5:f5:44:c6:6b:
         25:1a:2a:7f:f0:5f:45:19:8c:7f:6d:dc:32:b6:84:e2:4c:51:
         61:08:9c:4c:fd:4a:c5:70:2e:c6:38:74:20:94:df:a0:65:8d:
         ca:6e:b5:ad:54:71:77:89:b8:e8:71:34:d0:79:8c:7b:49:b6:
         0b:ff:04:74:b1:fd:06:c2:a0:73:fc:02:6e:bd:db:d4:8d:18:
         9b:72:0c:93:60:fb:a3:51:d9:40:a4:6f:ba:08:77:13:c1:b9:
         7e:03:62:cb:50:b2:48:60:93:25:39:29:4b:94:e3:a3:5f:a5:
         e7:c6:d1:06:45:ec:4e:a3:71:c8:cd:eb:15:54:f0:c5:81:4c:
         d7:e0:0d:3a:5e:79:67:7f:a5:d3:0c:88:dc:d7:fd:c7:d0:41:
         3c:a5:bb:47:ab:72:4c:4d:4b:00:b4:08:bb:34:7c:22:56:5e:
         74:8b:de:71:01:f7:61:f8:ba:c5:c0:3d:05:a4:9c:1c:04:ef:
         bf:1c:2d:e5:4d:2c:a2:be:c6:cf:75:d6:d4:dc:21:5a:43:16:
         d6:72:5b:04:eb:bd:54:bc:b8:91:fb:87:ab:b8:ec:4b:11:9b:
         07:25:86:10:9c:85:0f:88:bb:e9:6f:5f:ea:94:a4:a7:5e:7a:
         da:b9:92:33
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZt/FZFct2NqZ0K9rR4pSpsRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MTY2NDUyMWQ1MDM5NTkyMTJmNTViMmE1OWFlYzZkMjA3
YjBhMjgwHhcNMjYwMTAyMTQyMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGU4ZWE2OTg5ZWM2MmVjODA0MjczOWY0NjhjMzUyZDI2ODc0NmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn67SqWxqdBeIyMtO2oU+GlU/Amd
B8zRHrDfR5oREbHdIhhAQIdi0dWF8aWrA9io/hGFaPC0Cg4AP7Hf50+mnl/ahoFB
Y74ElL+pZxDOEE8s5bY4ZSw2YEscdiEtYsiBeUoMwTDGamEAtd+Vk6/u0bAjliZK
xAB5ZCIJgn/NpvXVVr5jMLp8DnOMWLNEF25QvDBUzTY7l9ttiZMYYe9CEYUe6m7Y
CIBjvMFAB+zYBKgJwBV3dDBsR9FmadYvMRgXfS6dmbKHnJComHMzRFPwS91XmUQ5
XPdWTxKdocmWfMpB5y2zkDxyTSmTL3lKRWRuQ3NGXON1pViCW2CRtUNc8wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAjo6mmJ7GLsgEJzn0aMNS0mh0b1MB8GA1UdIwQY
MBaAFJUWZFIdUDlZIS9VsqWa7G0gewooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFJaa1VoMVFPVmtoTDFXeXBacnNiU0I3Q2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8yYzM2MTktMmM1OS00NmQyLWFhYWUt
ZWY3NDUzYWQwOTlmLzEvQ09qcWFZbnNZdXlBUW5PZlJvdzFMU2FIUnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8yYzM2MTktMmM1OS00NmQyLWFhYWUtZWY3NDUzYWQwOTlm
LzEvbFJaa1VoMVFPVmtoTDFXeXBacnNiU0I3Q2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAoW4wDQQC
AAIwBwMFACoK9QAwDQYJKoZIhvcNAQELBQADggEBAIlmwgpnKubK+ySTAoK19UTG
ayUaKn/wX0UZjH9t3DK2hOJMUWEInEz9SsVwLsY4dCCU36Bljcputa1UcXeJuOhx
NNB5jHtJtgv/BHSx/QbCoHP8Am6929SNGJtyDJNg+6NR2UCkb7oIdxPBuX4DYstQ
skhgkyU5KUuU46NfpefG0QZF7E6jccjN6xVU8MWBTNfgDTpeeWd/pdMMiNzX/cfQ
QTylu0erckxNSwC0CLs0fCJWXnSL3nEB92H4usXAPQWknBwE778cLeVNLKK+xs91
1tTcIVpDFtZyWwTrvVS8uJH7h6u47EsRmwclhhCchQ+Iu+lvX+qUpKdeetq5kjM=
-----END CERTIFICATE-----