Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/l_OtXNVrTIJOg1BB7RzWG8ARoM4.roa
File:                     l_OtXNVrTIJOg1BB7RzWG8ARoM4.roa (raw, json)
Hash identifier:          Mw4PK7cmibSwEXPETc3oNPZi0T+bvVwJzq8QuAMIqGc=
Subject key identifier:   97:F3:AD:5C:D5:6B:4C:82:4E:83:50:41:ED:1C:D6:1B:C0:11:A0:CE
Certificate issuer:       /CN=72cc24221420b75f95edb9ceba1f7738fa17379e
Certificate serial:       019D40134420BDAA4CDD7F93550538192A2B
Authority key identifier: 72:CC:24:22:14:20:B7:5F:95:ED:B9:CE:BA:1F:77:38:FA:17:37:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cswkIhQgt1-V7bnOuh93OPoXN54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/l_OtXNVrTIJOg1BB7RzWG8ARoM4.roa
Signing time:             Mon 30 Mar 2026 18:48:17 +0000
ROA not before:           Mon 30 Mar 2026 18:48:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49592
IP address blocks:        157.173.0.0/22 maxlen: 22
                          157.173.4.0/23 maxlen: 23
                          157.173.6.0/24 maxlen: 24
                          157.173.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/cswkIhQgt1-V7bnOuh93OPoXN54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/cswkIhQgt1-V7bnOuh93OPoXN54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cswkIhQgt1-V7bnOuh93OPoXN54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:40:13:44:20:bd:aa:4c:dd:7f:93:55:05:38:19:2a:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72cc24221420b75f95edb9ceba1f7738fa17379e
        Validity
            Not Before: Mar 30 18:48:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97f3ad5cd56b4c824e835041ed1cd61bc011a0ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c1:2a:f7:67:bf:50:60:0b:8d:b4:22:a4:8f:
                    4b:06:f8:d6:c1:26:92:21:8b:3a:64:47:42:a6:fe:
                    5c:ec:06:c3:05:e5:a4:35:36:80:8e:ab:74:9d:55:
                    9b:f7:cd:9b:a9:da:68:25:dd:74:cf:98:d5:25:b3:
                    4e:da:1b:97:a5:57:cc:28:1b:51:88:25:1f:ef:87:
                    f5:aa:9f:d7:f0:25:44:04:b4:1d:cd:e7:b9:1d:35:
                    5c:81:f3:0a:6e:60:be:f7:de:e3:29:e7:4f:d6:85:
                    ad:b2:6c:27:1f:aa:b3:b1:25:85:f5:1b:d4:91:69:
                    46:93:7a:5d:fc:a5:f3:61:f0:a2:d3:40:f5:80:09:
                    e3:3e:2e:c2:99:4f:27:40:29:09:6b:fa:a9:bc:82:
                    f4:58:5f:5b:2b:c5:16:0d:1d:09:f1:9c:3d:1e:ff:
                    61:5b:98:48:89:b7:27:17:92:bd:6a:22:ea:1c:87:
                    bf:9c:b5:0e:ec:e0:ab:78:01:6c:4a:f0:be:02:2f:
                    93:af:f8:c6:1f:a8:6e:bf:08:e8:e0:d2:3c:78:7a:
                    b2:ac:58:f4:e0:12:bf:27:07:c6:30:7c:20:12:1f:
                    9b:69:f0:35:d4:76:14:38:a2:53:a9:d3:a1:07:af:
                    8b:54:bc:3f:76:df:87:3c:19:d5:0f:2c:0f:d8:e4:
                    27:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F3:AD:5C:D5:6B:4C:82:4E:83:50:41:ED:1C:D6:1B:C0:11:A0:CE
            X509v3 Authority Key Identifier:
                keyid:72:CC:24:22:14:20:B7:5F:95:ED:B9:CE:BA:1F:77:38:FA:17:37:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cswkIhQgt1-V7bnOuh93OPoXN54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/l_OtXNVrTIJOg1BB7RzWG8ARoM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/cswkIhQgt1-V7bnOuh93OPoXN54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.173.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         82:1c:94:fe:fe:7d:b1:f5:f0:3d:7a:15:c1:8a:3c:2c:a4:66:
         49:56:1d:d4:ec:a3:c6:ba:17:99:eb:f3:ba:1b:06:e3:27:4d:
         3c:1e:74:e6:98:e0:0e:3a:77:38:95:13:d3:1b:cd:c4:21:ca:
         5b:a6:ce:8c:62:48:1a:df:7f:00:8e:c6:ca:6e:22:d7:91:23:
         6a:dc:38:ca:42:89:c5:58:24:d9:ea:3b:ba:d3:47:74:46:06:
         f2:f6:8d:b0:4f:95:9e:8e:3e:2b:de:d0:24:b0:f6:3c:42:72:
         e2:e6:f6:b2:b8:42:55:b0:8a:f2:b0:53:b1:68:75:17:f8:ab:
         e5:58:e0:b6:1b:03:58:72:33:6f:f5:41:8c:35:39:65:a1:d1:
         74:d9:01:0f:a4:bc:14:5f:a5:e0:d9:be:42:02:69:37:92:e9:
         51:0a:3e:ea:cf:80:d9:5a:85:9a:c7:16:9c:14:0a:52:e7:83:
         19:12:22:c0:24:e1:c4:9b:26:40:d6:dd:95:0a:e1:08:5c:13:
         40:7a:84:ed:96:a7:41:24:d5:4f:35:d0:b1:ab:16:59:20:bb:
         1b:b2:46:73:78:cf:67:62:e0:98:a8:4f:fe:ec:6f:27:4a:95:
         7f:c7:75:4b:fc:4b:20:a0:8d:9f:8e:31:b4:8e:f3:f0:a5:55:
         3f:79:ba:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1AE0QgvapM3X+TVQU4GSorMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyY2MyNDIyMTQyMGI3NWY5NWVkYjljZWJhMWY3NzM4ZmEx
NzM3OWUwHhcNMjYwMzMwMTg0ODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2YzYWQ1Y2Q1NmI0YzgyNGU4MzUwNDFlZDFjZDYxYmMwMTFhMGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcEq92e/UGALjbQipI9LBvjWwSaS
IYs6ZEdCpv5c7AbDBeWkNTaAjqt0nVWb982bqdpoJd10z5jVJbNO2huXpVfMKBtR
iCUf74f1qp/X8CVEBLQdzee5HTVcgfMKbmC+997jKedP1oWtsmwnH6qzsSWF9RvU
kWlGk3pd/KXzYfCi00D1gAnjPi7CmU8nQCkJa/qpvIL0WF9bK8UWDR0J8Zw9Hv9h
W5hIibcnF5K9aiLqHIe/nLUO7OCreAFsSvC+Ai+Tr/jGH6huvwjo4NI8eHqyrFj0
4BK/JwfGMHwgEh+bafA11HYUOKJTqdOhB6+LVLw/dt+HPBnVDywP2OQnuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfzrVzVa0yCToNQQe0c1hvAEaDOMB8GA1UdIwQY
MBaAFHLMJCIUILdfle25zrofdzj6FzeeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3N3a0loUWd0MS1WN2JuT3VoOTNPUG9YTjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iZDRkZjItYjc4MS00MzQ4LWJjNTQt
ZGIzODdjNzgwMWU4LzEvbF9PdFhOVnJUSUpPZzFCQjdSeldHOEFSb000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iZDRkZjItYjc4MS00MzQ4LWJjNTQtZGIzODdjNzgwMWU4
LzEvY3N3a0loUWd0MS1WN2JuT3VoOTNPUG9YTjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDna0AMA0G
CSqGSIb3DQEBCwUAA4IBAQCCHJT+/n2x9fA9ehXBijwspGZJVh3U7KPGuheZ6/O6
GwbjJ008HnTmmOAOOnc4lRPTG83EIcpbps6MYkga338AjsbKbiLXkSNq3DjKQonF
WCTZ6ju600d0Rgby9o2wT5Wejj4r3tAksPY8QnLi5vayuEJVsIrysFOxaHUX+Kvl
WOC2GwNYcjNv9UGMNTllodF02QEPpLwUX6Xg2b5CAmk3kulRCj7qz4DZWoWaxxac
FApS54MZEiLAJOHEmyZA1t2VCuEIXBNAeoTtlqdBJNVPNdCxqxZZILsbskZzeM9n
YuCYqE/+7G8nSpV/x3VL/EsgoI2fjjG0jvPwpVU/ebrM
-----END CERTIFICATE-----