Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/8ZRiGncNcjHqslAWDZvpmqheFTw.roa
File:                     8ZRiGncNcjHqslAWDZvpmqheFTw.roa (raw, json)
Hash identifier:          s4IpAyjn7GGORIQCaMdBiHmT+ZC8BZOYe6/UFm0+qIQ=
Subject key identifier:   F1:94:62:1A:77:0D:72:31:EA:B2:50:16:0D:9B:E9:9A:A8:5E:15:3C
Certificate issuer:       /CN=2b78cdca1616c3c6b5f191fc33a934789b12c069
Certificate serial:       019E91C3D1A7820114D0F740EFD5C6449623
Authority key identifier: 2B:78:CD:CA:16:16:C3:C6:B5:F1:91:FC:33:A9:34:78:9B:12:C0:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K3jNyhYWw8a18ZH8M6k0eJsSwGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/8ZRiGncNcjHqslAWDZvpmqheFTw.roa
Signing time:             Thu 04 Jun 2026 08:33:09 +0000
ROA not before:           Thu 04 Jun 2026 08:33:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44283
IP address blocks:        185.151.64.0/22 maxlen: 22
                          2a13:7300::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/K3jNyhYWw8a18ZH8M6k0eJsSwGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/K3jNyhYWw8a18ZH8M6k0eJsSwGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K3jNyhYWw8a18ZH8M6k0eJsSwGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 19:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:91:c3:d1:a7:82:01:14:d0:f7:40:ef:d5:c6:44:96:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b78cdca1616c3c6b5f191fc33a934789b12c069
        Validity
            Not Before: Jun  4 08:33:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f194621a770d7231eab250160d9be99aa85e153c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ac:69:36:48:c1:c6:fa:74:3d:f9:fa:b9:b3:
                    e7:e8:01:79:21:9a:d0:8f:a9:a2:d4:87:68:ca:65:
                    ec:cb:5a:d9:03:0e:3e:a3:70:8f:0b:63:a4:53:e6:
                    f1:1f:5b:5d:25:c1:1b:ab:a0:d8:d7:37:30:83:88:
                    99:f7:c5:7c:11:d6:5c:f6:5a:7e:6b:9a:87:b9:c6:
                    3c:e9:25:00:1e:57:f8:d2:8b:77:6e:a0:2b:02:6b:
                    5c:f6:72:b5:0d:ce:1e:fd:22:a4:b7:d9:78:ce:cf:
                    b0:d6:38:ec:18:0f:ef:0a:b5:21:b5:21:dc:25:f7:
                    c0:3a:97:51:1e:cc:51:fb:a3:a3:14:50:2e:22:de:
                    79:31:22:f7:8f:42:f4:7b:a5:da:49:9c:b6:3d:1e:
                    cf:f3:4a:ca:c2:e6:91:14:eb:37:14:08:40:f2:7e:
                    ba:7e:34:bf:0f:6e:68:04:c1:77:26:14:95:c4:3b:
                    b0:95:ae:da:21:25:d8:f7:53:b8:e8:40:6a:6b:14:
                    04:da:e0:01:65:3c:88:d8:37:78:5d:e6:72:f5:bc:
                    1c:46:d5:48:6b:5e:c4:90:21:fa:38:2f:72:17:3d:
                    fa:c4:e2:62:66:38:fd:06:08:da:93:f0:c5:50:cc:
                    5e:ab:6b:3c:85:37:af:23:06:b5:23:9d:b9:b2:a6:
                    95:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:94:62:1A:77:0D:72:31:EA:B2:50:16:0D:9B:E9:9A:A8:5E:15:3C
            X509v3 Authority Key Identifier:
                keyid:2B:78:CD:CA:16:16:C3:C6:B5:F1:91:FC:33:A9:34:78:9B:12:C0:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K3jNyhYWw8a18ZH8M6k0eJsSwGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/8ZRiGncNcjHqslAWDZvpmqheFTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/K3jNyhYWw8a18ZH8M6k0eJsSwGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.64.0/22
                IPv6:
                  2a13:7300::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:d8:34:ca:c4:f6:df:e0:40:85:ad:95:7e:cc:c7:c5:3e:9e:
         75:e7:fe:dc:ba:a1:f5:e9:53:4b:d8:01:a5:bd:45:9b:7f:dc:
         f7:6c:49:d0:3d:5e:b6:80:e0:ae:a2:58:a6:bb:46:bb:07:3b:
         36:2e:8c:9d:fb:73:e4:05:da:1d:58:31:35:38:dd:4d:ed:f2:
         d9:fe:f3:c7:fc:30:70:f5:02:25:46:04:47:8c:32:fc:b5:45:
         e8:ce:35:45:bd:e0:ea:88:f5:98:7c:99:95:5f:44:48:29:c7:
         1a:21:3c:41:1b:1f:38:b9:27:a7:71:d7:4e:33:6a:a1:7f:41:
         6a:09:0b:7e:05:77:98:4c:40:0c:12:3a:e5:f4:9f:68:b8:ce:
         f5:5d:0b:90:a5:f4:68:e2:90:84:b9:f8:dc:f2:5f:b0:78:22:
         b2:5e:2b:d8:b4:01:62:3d:76:f7:aa:02:b6:55:03:f7:0d:dc:
         2b:8f:de:57:e5:da:9c:e8:d8:20:f4:02:49:e6:a1:9c:28:90:
         7c:69:58:a9:00:3c:04:d2:f8:5b:e8:43:04:8f:fc:0e:ba:8a:
         3c:5e:f0:ac:fd:db:20:12:ac:d4:61:bc:85:50:40:53:0f:ea:
         e4:76:24:43:65:ec:94:24:65:84:b2:35:45:25:0b:1c:e0:52:
         26:de:d2:14
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ6Rw9GnggEU0PdA79XGRJYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNzhjZGNhMTYxNmMzYzZiNWYxOTFmYzMzYTkzNDc4OWIx
MmMwNjkwHhcNMjYwNjA0MDgzMzA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTk0NjIxYTc3MGQ3MjMxZWFiMjUwMTYwZDliZTk5YWE4NWUxNTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qxpNkjBxvp0Pfn6ubPn6AF5IZrQ
j6mi1IdoymXsy1rZAw4+o3CPC2OkU+bxH1tdJcEbq6DY1zcwg4iZ98V8EdZc9lp+
a5qHucY86SUAHlf40ot3bqArAmtc9nK1Dc4e/SKkt9l4zs+w1jjsGA/vCrUhtSHc
JffAOpdRHsxR+6OjFFAuIt55MSL3j0L0e6XaSZy2PR7P80rKwuaRFOs3FAhA8n66
fjS/D25oBMF3JhSVxDuwla7aISXY91O46EBqaxQE2uABZTyI2Dd4XeZy9bwcRtVI
a17EkCH6OC9yFz36xOJiZjj9Bgjak/DFUMxeq2s8hTevIwa1I525sqaVIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPGUYhp3DXIx6rJQFg2b6ZqoXhU8MB8GA1UdIwQY
MBaAFCt4zcoWFsPGtfGR/DOpNHibEsBpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzNqTnloWVd3OGExOFpIOE02azBlSnNTd0drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9lN2M0OWMtYjZkMC00NWRlLWJmYmEt
M2VhYTAzNGE4OTc4LzEvOFpSaUduY05jakhxc2xBV0RadnBtcWhlRlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9lN2M0OWMtYjZkMC00NWRlLWJmYmEtM2VhYTAzNGE4OTc4
LzEvSzNqTnloWVd3OGExOFpIOE02azBlSnNTd0drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZdAMA0E
AgACMAcDBQMqE3MAMA0GCSqGSIb3DQEBCwUAA4IBAQAl2DTKxPbf4ECFrZV+zMfF
Pp515/7cuqH16VNL2AGlvUWbf9z3bEnQPV62gOCuolimu0a7Bzs2Loyd+3PkBdod
WDE1ON1N7fLZ/vPH/DBw9QIlRgRHjDL8tUXozjVFveDqiPWYfJmVX0RIKccaITxB
Gx84uSencddOM2qhf0FqCQt+BXeYTEAMEjrl9J9ouM71XQuQpfRo4pCEufjc8l+w
eCKyXivYtAFiPXb3qgK2VQP3Ddwrj95X5dqc6Ngg9AJJ5qGcKJB8aVipADwE0vhb
6EMEj/wOuoo8XvCs/dsgEqzUYbyFUEBTD+rkdiRDZeyUJGWEsjVFJQsc4FIm3tIU
-----END CERTIFICATE-----