Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/e2mICNZ-ktWR8rRC8DNSqAlzYS0.roa
File:                     e2mICNZ-ktWR8rRC8DNSqAlzYS0.roa (raw, json)
Hash identifier:          Felav9tNWd/FcQPP7GRNQiXa/u4OHWKkmJPe4XvqDUM=
Subject key identifier:   7B:69:88:08:D6:7E:92:D5:91:F2:B4:42:F0:33:52:A8:09:73:61:2D
Certificate issuer:       /CN=45bbd2193642530a017f4f1cbe562e2170b3dfbd
Certificate serial:       019C9EB23C14A52E5540C9B5024151749427
Authority key identifier: 45:BB:D2:19:36:42:53:0A:01:7F:4F:1C:BE:56:2E:21:70:B3:DF:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RbvSGTZCUwoBf08cvlYuIXCz370.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/e2mICNZ-ktWR8rRC8DNSqAlzYS0.roa
Signing time:             Fri 27 Feb 2026 10:43:26 +0000
ROA not before:           Fri 27 Feb 2026 10:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     852
IP address blocks:        185.225.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/RbvSGTZCUwoBf08cvlYuIXCz370.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/RbvSGTZCUwoBf08cvlYuIXCz370.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RbvSGTZCUwoBf08cvlYuIXCz370.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9e:b2:3c:14:a5:2e:55:40:c9:b5:02:41:51:74:94:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45bbd2193642530a017f4f1cbe562e2170b3dfbd
        Validity
            Not Before: Feb 27 10:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b698808d67e92d591f2b442f03352a80973612d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3d:57:d6:26:f4:5c:94:0c:4d:36:2c:2c:aa:
                    0c:16:26:d9:49:ef:53:2d:e0:f0:ea:d0:8f:3f:32:
                    b5:a5:fc:e7:d7:cd:c7:29:29:3d:cc:f1:a6:df:99:
                    c2:45:0b:59:f5:49:e4:f5:bf:1d:a1:a7:ac:c1:65:
                    8d:9e:b0:09:0e:6c:e0:d3:72:c0:54:83:74:9c:ec:
                    84:18:17:39:28:61:13:49:ea:89:e9:b2:5d:4e:c0:
                    71:25:55:f5:d8:54:67:9a:21:a5:3b:39:bc:cd:e3:
                    52:3c:42:c5:e3:f6:0c:3c:08:fe:7e:ad:22:c5:e9:
                    c9:3b:42:b6:f6:08:ff:a2:e4:a1:31:ba:96:fc:55:
                    65:57:48:08:72:28:00:20:53:4b:1a:c9:f6:a2:4d:
                    ec:c6:d8:b5:f3:9c:fc:05:e3:62:2d:7c:dd:02:d3:
                    39:b9:5d:45:05:5c:cc:be:df:4a:28:bd:b0:a1:02:
                    96:df:6e:eb:e1:45:f7:4e:b7:fb:88:e7:08:a7:3a:
                    2e:d9:42:78:58:89:57:62:de:f1:d5:61:44:df:3f:
                    65:78:86:34:bf:84:95:62:bf:96:9e:9d:cc:5f:21:
                    6a:8f:9d:c7:91:39:27:5d:21:04:2b:98:52:69:66:
                    ce:30:19:6d:86:4a:59:70:e7:a6:72:bf:d1:62:8f:
                    48:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:69:88:08:D6:7E:92:D5:91:F2:B4:42:F0:33:52:A8:09:73:61:2D
            X509v3 Authority Key Identifier:
                keyid:45:BB:D2:19:36:42:53:0A:01:7F:4F:1C:BE:56:2E:21:70:B3:DF:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RbvSGTZCUwoBf08cvlYuIXCz370.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/e2mICNZ-ktWR8rRC8DNSqAlzYS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/RbvSGTZCUwoBf08cvlYuIXCz370.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:02:86:53:e0:18:e8:ac:62:14:4e:e5:09:a8:c1:0c:03:00:
         77:44:fe:64:b0:6a:4f:bd:de:e9:76:0a:98:2d:22:5d:85:8c:
         60:1c:80:c6:fa:ac:e3:e4:d3:ae:05:65:7d:5c:eb:a4:87:de:
         c0:30:67:24:c0:4a:48:9a:a7:bc:09:f4:be:f4:53:be:c4:1e:
         75:23:c4:31:88:36:90:34:7e:e5:b2:24:2b:a0:d8:cb:51:07:
         7c:aa:cd:c8:5f:8d:22:5e:00:9b:de:a7:ab:c8:d0:16:05:d3:
         bb:8a:2b:2b:ad:87:53:04:7b:37:2b:44:5a:5e:c5:2e:97:ad:
         0b:af:b0:6a:22:f0:7c:17:78:40:17:60:99:b5:49:0e:78:d3:
         64:f7:50:c9:92:1c:4d:48:f2:ae:de:35:4d:25:2a:1f:45:dc:
         67:30:62:34:50:d5:85:bc:18:6d:20:ee:21:07:60:01:48:40:
         6a:13:1e:ab:9d:51:60:3d:c9:a8:96:52:4e:f2:b1:ee:30:d0:
         5f:15:7a:82:77:a5:c9:3b:cd:bd:4a:4c:3b:b7:99:3c:39:03:
         f6:7d:c1:5b:28:7d:4d:7c:d8:7f:83:dd:1a:24:72:b6:43:38:
         7b:9f:da:15:c8:08:23:eb:7e:25:c4:fe:9d:88:c5:ea:7a:27:
         f1:e7:51:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyesjwUpS5VQMm1AkFRdJQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YmJkMjE5MzY0MjUzMGEwMTdmNGYxY2JlNTYyZTIxNzBi
M2RmYmQwHhcNMjYwMjI3MTA0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjY5ODgwOGQ2N2U5MmQ1OTFmMmI0NDJmMDMzNTJhODA5NzM2MTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjT1X1ib0XJQMTTYsLKoMFibZSe9T
LeDw6tCPPzK1pfzn183HKSk9zPGm35nCRQtZ9Unk9b8doaeswWWNnrAJDmzg03LA
VIN0nOyEGBc5KGETSeqJ6bJdTsBxJVX12FRnmiGlOzm8zeNSPELF4/YMPAj+fq0i
xenJO0K29gj/ouShMbqW/FVlV0gIcigAIFNLGsn2ok3sxti185z8BeNiLXzdAtM5
uV1FBVzMvt9KKL2woQKW327r4UX3Trf7iOcIpzou2UJ4WIlXYt7x1WFE3z9leIY0
v4SVYr+Wnp3MXyFqj53HkTknXSEEK5hSaWbOMBlthkpZcOemcr/RYo9IUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtpiAjWfpLVkfK0QvAzUqgJc2EtMB8GA1UdIwQY
MBaAFEW70hk2QlMKAX9PHL5WLiFws9+9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmJ2U0dUWkNVd29CZjA4Y3ZsWXVJWEN6MzcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9jZmZmZjgtMzUzMC00ZTViLWE1ZTIt
Yzc3OTA1ZmJiYTdiLzEvZTJtSUNOWi1rdFdSOHJSQzhETlNxQWx6WVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9jZmZmZjgtMzUzMC00ZTViLWE1ZTItYzc3OTA1ZmJiYTdi
LzEvUmJ2U0dUWkNVd29CZjA4Y3ZsWXVJWEN6MzcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueG8MA0G
CSqGSIb3DQEBCwUAA4IBAQBSAoZT4BjorGIUTuUJqMEMAwB3RP5ksGpPvd7pdgqY
LSJdhYxgHIDG+qzj5NOuBWV9XOukh97AMGckwEpImqe8CfS+9FO+xB51I8QxiDaQ
NH7lsiQroNjLUQd8qs3IX40iXgCb3qeryNAWBdO7iisrrYdTBHs3K0RaXsUul60L
r7BqIvB8F3hAF2CZtUkOeNNk91DJkhxNSPKu3jVNJSofRdxnMGI0UNWFvBhtIO4h
B2ABSEBqEx6rnVFgPcmollJO8rHuMNBfFXqCd6XJO829Skw7t5k8OQP2fcFbKH1N
fNh/g90aJHK2Qzh7n9oVyAgj634lxP6diMXqeifx51Eg
-----END CERTIFICATE-----