Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/XmK83eJDzPMsOo6NG4b7hC8Q6ik.roa
File:                     XmK83eJDzPMsOo6NG4b7hC8Q6ik.roa (raw, json)
Hash identifier:          LiOPt6WyR9nnxeKYrKkKUN50OOD6CsvfUFylT6hefd4=
Subject key identifier:   5E:62:BC:DD:E2:43:CC:F3:2C:3A:8E:8D:1B:86:FB:84:2F:10:EA:29
Certificate issuer:       /CN=217b491dccb5632216d80b48f8d6286b1effd8d7
Certificate serial:       019B797EBC7CBD47A97B1A190E49E29F8336
Authority key identifier: 21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/XmK83eJDzPMsOo6NG4b7hC8Q6ik.roa
Signing time:             Thu 01 Jan 2026 12:18:27 +0000
ROA not before:           Thu 01 Jan 2026 12:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211145
IP address blocks:        185.244.176.0/24 maxlen: 24
                          185.244.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:bc:7c:bd:47:a9:7b:1a:19:0e:49:e2:9f:83:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b491dccb5632216d80b48f8d6286b1effd8d7
        Validity
            Not Before: Jan  1 12:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e62bcdde243ccf32c3a8e8d1b86fb842f10ea29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d2:dd:93:44:4f:c5:a8:ad:28:44:7b:8d:bd:
                    18:57:24:ea:e7:11:a4:7a:ac:3a:96:cb:1e:d1:ce:
                    a1:6e:44:c7:30:04:f7:7e:ee:61:b7:4d:0b:f1:e2:
                    6e:a7:90:b2:e7:7a:06:7e:ef:cb:60:b7:91:d0:3c:
                    20:23:06:d9:ce:43:f1:70:e3:90:7f:43:92:e3:23:
                    ad:c5:54:20:18:d2:5c:83:a4:4e:d1:9e:a3:df:92:
                    54:a3:71:6b:e4:08:65:68:0e:12:28:b3:e9:c0:49:
                    37:30:40:61:ee:85:1f:a9:49:e5:64:3e:10:97:d1:
                    41:c3:2b:84:03:ab:d2:f9:f4:20:ee:65:f1:4c:a3:
                    39:98:d3:38:ea:15:cc:b9:d6:7e:f6:26:9e:60:eb:
                    8e:a1:0d:19:a2:26:83:0d:4a:9e:d4:b4:05:40:ec:
                    16:3d:d3:c8:7d:05:9c:97:bc:b1:61:f7:f7:04:03:
                    13:e8:b1:56:23:c1:11:f3:24:be:9d:73:88:b4:83:
                    01:0c:da:94:31:71:64:f8:00:2b:d4:b5:df:1f:4c:
                    f8:64:e5:db:bb:e5:df:d5:61:a9:4d:6f:5d:5c:93:
                    3c:32:f0:9e:07:3a:c0:5f:8f:78:4c:41:5a:95:e7:
                    20:80:a5:10:d9:c9:12:f4:fe:f1:19:b7:41:06:72:
                    a6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:62:BC:DD:E2:43:CC:F3:2C:3A:8E:8D:1B:86:FB:84:2F:10:EA:29
            X509v3 Authority Key Identifier:
                keyid:21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/XmK83eJDzPMsOo6NG4b7hC8Q6ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:ff:90:8c:13:b2:91:cb:67:bd:6f:61:d1:92:00:d8:03:f5:
         5c:5f:e3:14:54:a4:4e:c4:6b:6b:e7:2a:b9:99:7b:8d:e7:26:
         b8:09:45:ae:a1:a9:e8:bb:72:e2:59:12:e3:c0:34:04:d7:c8:
         9f:d1:4c:a9:76:14:cc:07:67:b3:f3:00:48:cc:66:45:a1:ec:
         9d:72:5b:6e:ec:23:98:75:c6:5a:bb:c9:e0:68:dd:0c:47:f5:
         b6:3e:c9:e8:70:67:e3:1a:75:7a:70:bd:70:c8:36:32:21:07:
         c6:b1:9d:db:4c:7f:3d:28:67:36:cd:e2:38:a1:fc:35:27:c7:
         51:ae:8d:a1:7f:5e:b0:3e:81:08:ce:72:9b:b6:69:bb:1f:ec:
         b3:0b:aa:16:fb:a1:cc:3c:90:f8:17:85:0e:f2:4f:dd:35:0a:
         c0:15:bf:3d:bb:0a:ad:e4:a0:65:29:63:fe:24:08:b7:61:02:
         82:cf:1c:2c:5c:cd:e8:21:fd:15:68:7a:bb:a2:60:94:89:34:
         82:6b:76:1e:18:52:77:50:66:4b:83:67:df:65:55:9b:c7:5e:
         c5:f3:a0:0a:a3:9c:fa:52:da:6f:17:69:4d:4c:ea:9a:6c:e2:
         b9:e6:18:88:36:7d:09:06:8c:ed:f4:75:70:74:03:68:dd:9d:
         f7:f8:b0:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5frx8vUepexoZDknin4M2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I0OTFkY2NiNTYzMjIxNmQ4MGI0OGY4ZDYyODZiMWVm
ZmQ4ZDcwHhcNMjYwMTAxMTIxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTYyYmNkZGUyNDNjY2YzMmMzYThlOGQxYjg2ZmI4NDJmMTBlYTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNLdk0RPxaitKER7jb0YVyTq5xGk
eqw6lsse0c6hbkTHMAT3fu5ht00L8eJup5Cy53oGfu/LYLeR0DwgIwbZzkPxcOOQ
f0OS4yOtxVQgGNJcg6RO0Z6j35JUo3Fr5AhlaA4SKLPpwEk3MEBh7oUfqUnlZD4Q
l9FBwyuEA6vS+fQg7mXxTKM5mNM46hXMudZ+9iaeYOuOoQ0ZoiaDDUqe1LQFQOwW
PdPIfQWcl7yxYff3BAMT6LFWI8ER8yS+nXOItIMBDNqUMXFk+AAr1LXfH0z4ZOXb
u+Xf1WGpTW9dXJM8MvCeBzrAX494TEFalecggKUQ2ckS9P7xGbdBBnKm3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5ivN3iQ8zzLDqOjRuG+4QvEOopMB8GA1UdIwQY
MBaAFCF7SR3MtWMiFtgLSPjWKGse/9jXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0SkhjeTFZeUlXMkF0SS1OWW9heDdfMk5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9lOWYyOWMtOTIzMS00NTBkLWFkYjAt
NmRlMDVhMzE2MjM5LzEvWG1LODNlSkR6UE1zT282Tkc0YjdoQzhRNmlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9lOWYyOWMtOTIzMS00NTBkLWFkYjAtNmRlMDVhMzE2MjM5
LzEvSVh0SkhjeTFZeUlXMkF0SS1OWW9heDdfMk5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufSwMA0G
CSqGSIb3DQEBCwUAA4IBAQCV/5CME7KRy2e9b2HRkgDYA/VcX+MUVKROxGtr5yq5
mXuN5ya4CUWuoanou3LiWRLjwDQE18if0UypdhTMB2ez8wBIzGZFoeydcltu7COY
dcZau8ngaN0MR/W2PsnocGfjGnV6cL1wyDYyIQfGsZ3bTH89KGc2zeI4ofw1J8dR
ro2hf16wPoEIznKbtmm7H+yzC6oW+6HMPJD4F4UO8k/dNQrAFb89uwqt5KBlKWP+
JAi3YQKCzxwsXM3oIf0VaHq7omCUiTSCa3YeGFJ3UGZLg2ffZVWbx17F86AKo5z6
UtpvF2lNTOqabOK55hiINn0JBozt9HVwdANo3Z33+LBA
-----END CERTIFICATE-----