Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/e42800-c8c7-4599-b1fd-88a74d039f7f/1/Dcw-9xDEt0LNQllufwK5cz5PrZk.roa
File:                     Dcw-9xDEt0LNQllufwK5cz5PrZk.roa (raw, json)
Hash identifier:          GXNoM6IBXntm7+w+WV0lZ7wmbCHNUEG3uFWcTka2eaY=
Subject key identifier:   0D:CC:3E:F7:10:C4:B7:42:CD:42:59:6E:7F:02:B9:73:3E:4F:AD:99
Certificate issuer:       /CN=9fc6e87709ae9d0447940f23d754df8ba8175b0d
Certificate serial:       019B78A27DC45ABCCFD1434FBA1D655AD325
Authority key identifier: 9F:C6:E8:77:09:AE:9D:04:47:94:0F:23:D7:54:DF:8B:A8:17:5B:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n8bodwmunQRHlA8j11Tfi6gXWw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/e42800-c8c7-4599-b1fd-88a74d039f7f/1/Dcw-9xDEt0LNQllufwK5cz5PrZk.roa
Signing time:             Thu 01 Jan 2026 08:17:53 +0000
ROA not before:           Thu 01 Jan 2026 08:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213146
IP address blocks:        94.158.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/e42800-c8c7-4599-b1fd-88a74d039f7f/1/n8bodwmunQRHlA8j11Tfi6gXWw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/e42800-c8c7-4599-b1fd-88a74d039f7f/1/n8bodwmunQRHlA8j11Tfi6gXWw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n8bodwmunQRHlA8j11Tfi6gXWw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:7d:c4:5a:bc:cf:d1:43:4f:ba:1d:65:5a:d3:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fc6e87709ae9d0447940f23d754df8ba8175b0d
        Validity
            Not Before: Jan  1 08:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0dcc3ef710c4b742cd42596e7f02b9733e4fad99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5e:f1:4a:c9:6b:1d:0d:98:2f:c1:4b:2c:41:
                    fe:d0:2e:a3:4e:1d:92:b6:e1:0f:c2:ff:cc:a2:d4:
                    ad:c4:ac:05:fa:09:1e:a9:39:1d:cf:db:c3:53:6e:
                    a3:be:37:bd:01:94:f9:56:ce:72:18:d9:fc:eb:40:
                    eb:28:a2:d0:d4:60:30:0f:75:1f:ba:33:cb:cb:fb:
                    11:5b:59:23:48:5b:b2:de:2f:8c:b1:ba:32:5e:58:
                    97:03:93:0a:9e:87:82:8c:fa:cf:5a:df:58:ef:ea:
                    38:70:b2:d4:4a:e1:ac:2b:c9:e3:85:55:60:2f:53:
                    b2:e5:4f:91:ec:ee:00:6a:07:20:d5:3a:54:25:57:
                    df:89:f2:d7:4b:32:1a:07:46:0a:73:0e:48:73:60:
                    6e:ff:74:31:1f:f9:3d:83:26:d3:1a:7a:33:9c:13:
                    83:ff:2a:e7:a2:b7:0d:27:24:33:83:63:ac:b2:20:
                    a0:b2:23:8d:77:43:55:55:d6:f1:11:6e:b6:9f:9c:
                    1f:38:7d:56:5c:83:d8:b3:ac:00:b9:2b:18:59:78:
                    66:e6:77:87:82:70:f5:91:03:05:5a:76:ae:98:7a:
                    99:74:f1:80:07:d7:29:24:02:17:60:98:d1:ba:e4:
                    9a:1b:c1:61:bc:12:72:58:1e:b8:79:a5:16:6a:a4:
                    05:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:CC:3E:F7:10:C4:B7:42:CD:42:59:6E:7F:02:B9:73:3E:4F:AD:99
            X509v3 Authority Key Identifier:
                keyid:9F:C6:E8:77:09:AE:9D:04:47:94:0F:23:D7:54:DF:8B:A8:17:5B:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n8bodwmunQRHlA8j11Tfi6gXWw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/e42800-c8c7-4599-b1fd-88a74d039f7f/1/Dcw-9xDEt0LNQllufwK5cz5PrZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/e42800-c8c7-4599-b1fd-88a74d039f7f/1/n8bodwmunQRHlA8j11Tfi6gXWw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.158.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:86:4e:8b:1e:12:98:5d:fd:d8:d5:52:63:89:a6:0c:04:5a:
         65:63:af:1a:50:94:0c:fa:10:e4:a2:61:85:07:b0:07:0f:88:
         6b:89:ab:5d:57:6c:39:ef:5a:38:d9:25:c0:9c:05:ba:c7:63:
         59:ed:4b:de:58:4f:b3:bd:d9:80:f4:64:ae:9b:84:db:df:31:
         55:46:72:04:46:53:5a:39:d3:2e:6c:b0:c5:db:b7:86:63:9a:
         78:13:7a:c8:27:cd:f5:f9:ed:08:36:fd:82:d6:aa:5a:90:e1:
         d0:0c:b9:78:6a:53:70:36:d7:81:7e:02:0d:d6:16:da:93:b4:
         79:12:f6:0e:12:7c:eb:2c:26:30:d0:d7:93:21:3b:29:7a:80:
         b9:49:75:32:6f:bb:01:51:6e:ab:7e:80:02:67:25:ca:fa:1d:
         8f:8e:11:e1:2c:51:99:7f:65:21:1b:60:c8:8a:9b:42:02:67:
         ff:59:e3:b3:a9:cb:34:99:5c:39:0d:b6:01:b1:32:01:43:1c:
         8f:9a:b0:d8:de:40:1f:31:86:d3:6e:4e:ea:f6:30:73:b4:4d:
         1e:07:44:05:59:0f:02:8b:3a:12:07:43:38:e8:69:17:93:ca:
         12:25:9d:49:b0:76:12:b5:de:7e:0f:80:82:cc:f3:0e:7c:0d:
         9b:fb:50:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4on3EWrzP0UNPuh1lWtMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYzZlODc3MDlhZTlkMDQ0Nzk0MGYyM2Q3NTRkZjhiYTgx
NzViMGQwHhcNMjYwMTAxMDgxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGNjM2VmNzEwYzRiNzQyY2Q0MjU5NmU3ZjAyYjk3MzNlNGZhZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq17xSslrHQ2YL8FLLEH+0C6jTh2S
tuEPwv/MotStxKwF+gkeqTkdz9vDU26jvje9AZT5Vs5yGNn860DrKKLQ1GAwD3Uf
ujPLy/sRW1kjSFuy3i+MsboyXliXA5MKnoeCjPrPWt9Y7+o4cLLUSuGsK8njhVVg
L1Oy5U+R7O4Aagcg1TpUJVffifLXSzIaB0YKcw5Ic2Bu/3QxH/k9gybTGnoznBOD
/yrnorcNJyQzg2OssiCgsiONd0NVVdbxEW62n5wfOH1WXIPYs6wAuSsYWXhm5neH
gnD1kQMFWnaumHqZdPGAB9cpJAIXYJjRuuSaG8FhvBJyWB64eaUWaqQF5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3MPvcQxLdCzUJZbn8CuXM+T62ZMB8GA1UdIwQY
MBaAFJ/G6HcJrp0ER5QPI9dU34uoF1sNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjhib2R3bXVuUVJIbEE4ajExVGZpNmdYV3cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lNDI4MDAtYzhjNy00NTk5LWIxZmQt
ODhhNzRkMDM5ZjdmLzEvRGN3LTl4REV0MExOUWxsdWZ3SzVjejVQclprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lNDI4MDAtYzhjNy00NTk5LWIxZmQtODhhNzRkMDM5Zjdm
LzEvbjhib2R3bXVuUVJIbEE4ajExVGZpNmdYV3cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXp7fMA0G
CSqGSIb3DQEBCwUAA4IBAQAFhk6LHhKYXf3Y1VJjiaYMBFplY68aUJQM+hDkomGF
B7AHD4hriatdV2w571o42SXAnAW6x2NZ7UveWE+zvdmA9GSum4Tb3zFVRnIERlNa
OdMubLDF27eGY5p4E3rIJ831+e0INv2C1qpakOHQDLl4alNwNteBfgIN1hbak7R5
EvYOEnzrLCYw0NeTITspeoC5SXUyb7sBUW6rfoACZyXK+h2PjhHhLFGZf2UhG2DI
iptCAmf/WeOzqcs0mVw5DbYBsTIBQxyPmrDY3kAfMYbTbk7q9jBztE0eB0QFWQ8C
izoSB0M46GkXk8oSJZ1JsHYStd5+D4CCzPMOfA2b+1BF
-----END CERTIFICATE-----