Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/Oma8gQPFZK3eL4SIWeiHGMksOJ8.roa
File:                     Oma8gQPFZK3eL4SIWeiHGMksOJ8.roa (raw, json)
Hash identifier:          GnVVTQd6m0A+Ro/1Fl2wXRUqSbZQynPd8mR/0XhDxek=
Subject key identifier:   3A:66:BC:81:03:C5:64:AD:DE:2F:84:88:59:E8:87:18:C9:2C:38:9F
Certificate issuer:       /CN=427b5406ecdab8e5b40ddc54bc615ca2a70922f1
Certificate serial:       019B7BA53C76762E87683583FEE8EAD60C8C
Authority key identifier: 42:7B:54:06:EC:DA:B8:E5:B4:0D:DC:54:BC:61:5C:A2:A7:09:22:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QntUBuzauOW0DdxUvGFcoqcJIvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/Oma8gQPFZK3eL4SIWeiHGMksOJ8.roa
Signing time:             Thu 01 Jan 2026 22:19:45 +0000
ROA not before:           Thu 01 Jan 2026 22:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47864
IP address blocks:        185.217.60.0/24 maxlen: 24
                          2a10:bb00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/QntUBuzauOW0DdxUvGFcoqcJIvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/QntUBuzauOW0DdxUvGFcoqcJIvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QntUBuzauOW0DdxUvGFcoqcJIvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:3c:76:76:2e:87:68:35:83:fe:e8:ea:d6:0c:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427b5406ecdab8e5b40ddc54bc615ca2a70922f1
        Validity
            Not Before: Jan  1 22:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a66bc8103c564adde2f848859e88718c92c389f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ff:eb:63:8f:31:3b:24:96:67:3d:77:75:93:
                    76:b2:fa:6d:d1:70:fd:ba:9f:ee:fb:97:c5:a7:aa:
                    4a:b0:0f:bb:89:eb:c3:00:a0:c3:60:a5:b0:6e:62:
                    28:cb:b6:32:31:36:eb:3b:ab:6f:d8:2b:83:ee:a3:
                    2d:4c:1f:ad:b3:5d:22:4d:b9:88:2a:e5:24:93:ea:
                    50:42:f5:bb:e7:c8:8f:75:93:d2:40:12:f4:94:ce:
                    55:6d:9c:43:5e:41:c5:26:57:72:46:d0:7b:3c:e0:
                    b3:6a:fb:d8:5e:d5:36:63:ac:10:16:ff:6f:7a:f5:
                    c3:3c:b0:93:a8:9e:85:4b:e0:39:e6:b0:92:61:39:
                    e5:8f:0a:ea:04:45:f8:d8:ef:1c:11:44:90:16:fd:
                    24:d3:7c:17:d1:10:45:9d:3c:d6:4f:92:28:ce:6b:
                    e6:4f:64:5d:f0:62:04:a3:77:dd:93:5f:04:07:11:
                    3a:b1:a4:fb:a7:5d:b4:ce:47:a9:c5:0a:81:0c:df:
                    bc:f4:d5:20:f5:33:1c:75:ba:8e:74:29:e5:87:0a:
                    b4:74:eb:b2:eb:90:8f:40:81:8c:24:95:13:29:14:
                    44:81:ee:c5:d3:cb:ca:98:3a:21:68:71:6e:91:a1:
                    17:1c:ae:d7:96:6a:b1:38:b6:f1:55:ac:e7:40:4e:
                    fd:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:66:BC:81:03:C5:64:AD:DE:2F:84:88:59:E8:87:18:C9:2C:38:9F
            X509v3 Authority Key Identifier:
                keyid:42:7B:54:06:EC:DA:B8:E5:B4:0D:DC:54:BC:61:5C:A2:A7:09:22:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QntUBuzauOW0DdxUvGFcoqcJIvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/Oma8gQPFZK3eL4SIWeiHGMksOJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/QntUBuzauOW0DdxUvGFcoqcJIvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.60.0/24
                IPv6:
                  2a10:bb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:1f:69:b2:87:bb:fe:a1:d0:92:d3:a8:67:76:46:2d:2d:00:
         c5:2e:58:bc:41:00:0a:0f:b3:ec:72:ba:73:7b:87:52:69:5e:
         71:75:80:18:73:5e:84:3c:1a:12:97:01:68:87:18:7c:8d:86:
         10:fa:a6:13:b3:38:5c:75:f5:33:6e:8a:37:e7:02:bd:2b:c5:
         cd:1d:53:25:70:02:a6:84:74:6e:59:4c:e6:1c:70:4b:ed:68:
         32:11:c6:c1:c0:8e:77:77:91:83:d7:c4:8e:d1:bb:60:b8:6f:
         83:e6:b5:2f:82:c8:11:52:e3:83:93:a4:6d:a8:d8:52:2c:48:
         2d:3d:81:b7:c8:da:5f:f4:6f:dc:a9:16:5a:32:84:38:b6:df:
         8c:d3:00:3f:94:00:a3:85:98:48:f2:89:96:98:f0:53:52:48:
         40:f9:54:7c:01:f0:f0:74:ff:e8:5f:82:d6:6b:ee:d2:7f:5b:
         d0:ec:b9:d5:12:5e:47:2b:a1:79:b2:ed:7e:76:c7:cb:ae:31:
         98:63:9a:2c:82:b0:16:99:68:1f:87:8c:55:e2:d5:c3:2d:83:
         bf:12:07:f4:00:e3:4e:e4:ad:39:10:d8:67:32:a1:d5:af:e2:
         4e:42:7e:5b:7b:bd:a8:de:27:e5:37:ce:26:82:f7:c0:e6:ca:
         88:bc:c9:14
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt7pTx2di6HaDWD/ujq1gyMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2I1NDA2ZWNkYWI4ZTViNDBkZGM1NGJjNjE1Y2EyYTcw
OTIyZjEwHhcNMjYwMTAxMjIxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTY2YmM4MTAzYzU2NGFkZGUyZjg0ODg1OWU4ODcxOGM5MmMzODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6v/rY48xOySWZz13dZN2svpt0XD9
up/u+5fFp6pKsA+7ievDAKDDYKWwbmIoy7YyMTbrO6tv2CuD7qMtTB+ts10iTbmI
KuUkk+pQQvW758iPdZPSQBL0lM5VbZxDXkHFJldyRtB7POCzavvYXtU2Y6wQFv9v
evXDPLCTqJ6FS+A55rCSYTnljwrqBEX42O8cEUSQFv0k03wX0RBFnTzWT5Iozmvm
T2Rd8GIEo3fdk18EBxE6saT7p120zkepxQqBDN+89NUg9TMcdbqOdCnlhwq0dOuy
65CPQIGMJJUTKRREge7F08vKmDohaHFukaEXHK7XlmqxOLbxVaznQE79iwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDpmvIEDxWSt3i+EiFnohxjJLDifMB8GA1UdIwQY
MBaAFEJ7VAbs2rjltA3cVLxhXKKnCSLxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW50VUJ1emF1T1cwRGR4VXZHRmNvcWNKSXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8yNzhiN2QtY2Y0My00YWMyLWFkNmIt
N2JjMTJhNjJhMGQzLzEvT21hOGdRUEZaSzNlTDRTSVdlaUhHTWtzT0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8yNzhiN2QtY2Y0My00YWMyLWFkNmItN2JjMTJhNjJhMGQz
LzEvUW50VUJ1emF1T1cwRGR4VXZHRmNvcWNKSXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudk8MA0E
AgACMAcDBQMqELsAMA0GCSqGSIb3DQEBCwUAA4IBAQB3H2myh7v+odCS06hndkYt
LQDFLli8QQAKD7Pscrpze4dSaV5xdYAYc16EPBoSlwFohxh8jYYQ+qYTszhcdfUz
boo35wK9K8XNHVMlcAKmhHRuWUzmHHBL7WgyEcbBwI53d5GD18SO0btguG+D5rUv
gsgRUuODk6RtqNhSLEgtPYG3yNpf9G/cqRZaMoQ4tt+M0wA/lACjhZhI8omWmPBT
UkhA+VR8AfDwdP/oX4LWa+7Sf1vQ7LnVEl5HK6F5su1+dsfLrjGYY5osgrAWmWgf
h4xV4tXDLYO/Egf0AONO5K05ENhnMqHVr+JOQn5be72o3iflN84mgvfA5sqIvMkU
-----END CERTIFICATE-----