Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/614d64-37d3-4bbc-8f3d-b43cd4d97c8e/1/bFdRA8o5_UpENHMKjwuGfjeNXVw.roa
File:                     bFdRA8o5_UpENHMKjwuGfjeNXVw.roa (raw, json)
Hash identifier:          yaNxb7pY6X9q5Y1UEFLPjsoOUNJ1qMlMp9e/X5rn5XM=
Subject key identifier:   6C:57:51:03:CA:39:FD:4A:44:34:73:0A:8F:0B:86:7E:37:8D:5D:5C
Certificate issuer:       /CN=15b595260f72c222547ac3e367f2c887ae38a3fc
Certificate serial:       019B7CECC63605E44333F44551AA903E1CE4
Authority key identifier: 15:B5:95:26:0F:72:C2:22:54:7A:C3:E3:67:F2:C8:87:AE:38:A3:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FbWVJg9ywiJUesPjZ_LIh644o_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/614d64-37d3-4bbc-8f3d-b43cd4d97c8e/1/bFdRA8o5_UpENHMKjwuGfjeNXVw.roa
Signing time:             Fri 02 Jan 2026 04:17:30 +0000
ROA not before:           Fri 02 Jan 2026 04:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205665
IP address blocks:        185.209.232.0/22 maxlen: 22
                          185.209.232.0/24 maxlen: 24
                          185.209.233.0/24 maxlen: 24
                          185.209.234.0/24 maxlen: 24
                          185.209.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/614d64-37d3-4bbc-8f3d-b43cd4d97c8e/1/FbWVJg9ywiJUesPjZ_LIh644o_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/614d64-37d3-4bbc-8f3d-b43cd4d97c8e/1/FbWVJg9ywiJUesPjZ_LIh644o_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FbWVJg9ywiJUesPjZ_LIh644o_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:c6:36:05:e4:43:33:f4:45:51:aa:90:3e:1c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15b595260f72c222547ac3e367f2c887ae38a3fc
        Validity
            Not Before: Jan  2 04:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c575103ca39fd4a4434730a8f0b867e378d5d5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fc:e6:ed:0d:8b:59:2e:1e:39:19:68:86:3f:
                    22:da:c6:1c:e4:da:d8:31:3c:62:da:7c:44:0a:4a:
                    f4:10:93:9a:66:93:5c:a9:55:e4:5d:5d:ae:82:fc:
                    64:de:55:21:ae:8e:72:6b:b9:3e:3b:58:e3:db:46:
                    e8:60:55:75:03:3a:9f:99:97:f4:a9:58:f1:df:78:
                    5f:11:47:01:da:5e:86:8f:9e:d8:b4:68:ad:5d:73:
                    d4:21:e5:1a:c7:3e:5a:7f:55:ae:3e:db:c8:db:00:
                    6d:71:c8:67:e4:46:69:ba:9f:38:85:96:d7:58:45:
                    53:73:35:a9:8d:0a:cd:cb:32:ff:b8:dc:f2:de:da:
                    8f:31:07:26:65:dc:b9:f9:63:a0:dd:5f:ea:27:29:
                    59:51:4c:a9:8c:b6:ca:e6:b3:1d:33:66:c5:a4:46:
                    8a:6b:bf:40:82:2d:f1:4a:9f:d7:bf:57:2d:03:53:
                    ce:af:2e:42:32:05:a6:eb:c2:a0:ab:8d:d7:ac:b7:
                    89:a3:42:db:2d:e4:60:bb:33:08:d2:78:18:e3:d3:
                    12:4d:ed:03:da:3d:55:57:0b:2a:3c:45:24:cc:f2:
                    c6:4e:12:f2:fc:bc:62:bc:29:8a:9a:75:7a:50:37:
                    77:cc:bb:66:80:2d:f2:07:e7:18:5e:63:96:45:89:
                    ed:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:57:51:03:CA:39:FD:4A:44:34:73:0A:8F:0B:86:7E:37:8D:5D:5C
            X509v3 Authority Key Identifier:
                keyid:15:B5:95:26:0F:72:C2:22:54:7A:C3:E3:67:F2:C8:87:AE:38:A3:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FbWVJg9ywiJUesPjZ_LIh644o_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/614d64-37d3-4bbc-8f3d-b43cd4d97c8e/1/bFdRA8o5_UpENHMKjwuGfjeNXVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/614d64-37d3-4bbc-8f3d-b43cd4d97c8e/1/FbWVJg9ywiJUesPjZ_LIh644o_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:b7:54:c3:ec:e7:8a:ed:af:c6:38:e1:9f:73:e6:76:60:ff:
         fd:a0:78:45:58:33:ad:eb:7c:d7:e8:fc:47:54:b5:63:20:4c:
         4b:e0:25:6a:af:40:ce:3b:3c:dd:f8:50:59:58:1c:24:81:22:
         24:38:3b:b3:07:29:aa:90:92:c7:91:59:a3:69:84:a1:4e:d5:
         74:7b:0b:9e:b8:05:fb:b6:e4:fe:8d:0d:27:56:23:dd:a3:16:
         e8:05:42:21:98:24:be:5b:a7:35:6a:76:92:90:d8:3a:47:63:
         46:42:08:de:ec:5b:96:0d:b0:e4:69:b0:ba:22:7b:25:3e:e4:
         c1:ae:4b:7e:a4:ae:84:41:bb:bc:a7:a1:e7:89:6e:e7:86:81:
         02:d5:60:4b:8b:74:a1:38:65:e0:95:84:bf:da:ab:aa:ad:dd:
         c1:81:04:e8:69:d2:08:98:53:65:1f:54:a4:51:21:36:6e:98:
         95:19:17:07:ec:d9:d1:a7:7e:6e:46:51:d6:1d:84:02:7f:d1:
         7a:81:47:d6:84:f7:a3:1f:76:b9:6a:de:5a:67:17:aa:2f:80:
         4c:27:77:68:fb:34:71:33:0f:bb:95:03:50:b0:9b:45:bf:b6:
         05:49:96:68:77:f8:13:08:d3:22:bb:7c:3c:da:7d:35:64:84:
         d3:53:d8:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87MY2BeRDM/RFUaqQPhzkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1YjU5NTI2MGY3MmMyMjI1NDdhYzNlMzY3ZjJjODg3YWUz
OGEzZmMwHhcNMjYwMTAyMDQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzU3NTEwM2NhMzlmZDRhNDQzNDczMGE4ZjBiODY3ZTM3OGQ1ZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPzm7Q2LWS4eORlohj8i2sYc5NrY
MTxi2nxECkr0EJOaZpNcqVXkXV2ugvxk3lUhro5ya7k+O1jj20boYFV1AzqfmZf0
qVjx33hfEUcB2l6Gj57YtGitXXPUIeUaxz5af1WuPtvI2wBtcchn5EZpup84hZbX
WEVTczWpjQrNyzL/uNzy3tqPMQcmZdy5+WOg3V/qJylZUUypjLbK5rMdM2bFpEaK
a79Agi3xSp/Xv1ctA1POry5CMgWm68Kgq43XrLeJo0LbLeRguzMI0ngY49MSTe0D
2j1VVwsqPEUkzPLGThLy/LxivCmKmnV6UDd3zLtmgC3yB+cYXmOWRYnt6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxXUQPKOf1KRDRzCo8Lhn43jV1cMB8GA1UdIwQY
MBaAFBW1lSYPcsIiVHrD42fyyIeuOKP8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmJXVkpnOXl3aUpVZXNQalpfTEloNjQ0b193LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi82MTRkNjQtMzdkMy00YmJjLThmM2Qt
YjQzY2Q0ZDk3YzhlLzEvYkZkUkE4bzVfVXBFTkhNS2p3dUdmamVOWFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi82MTRkNjQtMzdkMy00YmJjLThmM2QtYjQzY2Q0ZDk3Yzhl
LzEvRmJXVkpnOXl3aUpVZXNQalpfTEloNjQ0b193LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudHoMA0G
CSqGSIb3DQEBCwUAA4IBAQAMt1TD7OeK7a/GOOGfc+Z2YP/9oHhFWDOt63zX6PxH
VLVjIExL4CVqr0DOOzzd+FBZWBwkgSIkODuzBymqkJLHkVmjaYShTtV0ewueuAX7
tuT+jQ0nViPdoxboBUIhmCS+W6c1anaSkNg6R2NGQgje7FuWDbDkabC6InslPuTB
rkt+pK6EQbu8p6HniW7nhoEC1WBLi3ShOGXglYS/2quqrd3BgQToadIImFNlH1Sk
USE2bpiVGRcH7NnRp35uRlHWHYQCf9F6gUfWhPejH3a5at5aZxeqL4BMJ3do+zRx
Mw+7lQNQsJtFv7YFSZZod/gTCNMiu3w82n01ZITTU9iq
-----END CERTIFICATE-----