Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/aAEGzSQAFN3XfOJTKzynLK0MJWQ.roa
File:                     aAEGzSQAFN3XfOJTKzynLK0MJWQ.roa (raw, json)
Hash identifier:          HGx+oxdetMBYVjpIjo60Q4M2urPI2bwYBUq579gQfFA=
Subject key identifier:   68:01:06:CD:24:00:14:DD:D7:7C:E2:53:2B:3C:A7:2C:AD:0C:25:64
Certificate issuer:       /CN=dd4dcb56f79f4a1ded8d95482333961d0264faa5
Certificate serial:       019EB5E47F9150446588B0EA163EBAA299DA
Authority key identifier: DD:4D:CB:56:F7:9F:4A:1D:ED:8D:95:48:23:33:96:1D:02:64:FA:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/aAEGzSQAFN3XfOJTKzynLK0MJWQ.roa
Signing time:             Thu 11 Jun 2026 08:55:11 +0000
ROA not before:           Thu 11 Jun 2026 08:55:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197170
IP address blocks:        185.245.62.0/24 maxlen: 24
                          185.245.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 03:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:e4:7f:91:50:44:65:88:b0:ea:16:3e:ba:a2:99:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd4dcb56f79f4a1ded8d95482333961d0264faa5
        Validity
            Not Before: Jun 11 08:55:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=680106cd240014ddd77ce2532b3ca72cad0c2564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:33:22:c3:63:d1:6e:b4:2d:ad:10:51:ff:f9:
                    96:de:66:9b:6a:36:d3:23:1e:eb:90:3f:cf:87:57:
                    ff:78:fc:de:84:1a:1d:54:ed:c3:33:a9:85:9b:95:
                    88:8a:59:5b:7e:a0:72:7c:5e:5e:b6:ca:8a:ee:15:
                    27:9a:f6:c0:5b:1b:26:d6:53:8b:be:7b:4f:59:da:
                    a3:4c:31:b8:bf:9e:b6:f9:25:f8:cf:aa:ae:97:85:
                    94:c0:f6:be:0b:fd:04:d3:73:b2:22:0e:f2:15:46:
                    d4:44:bc:25:b0:53:5b:fe:e7:c9:9b:4a:68:ab:5d:
                    1c:0d:8d:c9:f7:e8:5d:87:af:24:66:79:47:04:ac:
                    63:63:4c:c5:6d:e3:fe:1e:55:cf:de:31:65:51:07:
                    e7:6a:77:66:32:19:1a:e6:af:fb:42:0d:0d:ef:64:
                    20:f8:33:59:ff:f4:64:ed:89:e3:b8:fd:1c:1e:52:
                    43:05:39:c8:1c:85:90:f5:e4:28:14:2f:f4:1f:04:
                    d6:9c:7a:0d:d8:00:d5:18:65:89:0e:73:90:0f:41:
                    24:7d:07:6a:59:ad:9d:f5:50:3f:7d:a0:f6:97:e3:
                    a1:2d:c7:71:11:4b:d9:00:be:d3:07:b9:be:c7:e4:
                    45:c3:c5:8d:d8:73:b1:29:b1:7f:b8:6c:7c:fe:14:
                    50:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:01:06:CD:24:00:14:DD:D7:7C:E2:53:2B:3C:A7:2C:AD:0C:25:64
            X509v3 Authority Key Identifier:
                keyid:DD:4D:CB:56:F7:9F:4A:1D:ED:8D:95:48:23:33:96:1D:02:64:FA:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/aAEGzSQAFN3XfOJTKzynLK0MJWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:0c:d4:90:83:0c:02:cc:9e:a6:6d:2d:bc:db:86:c2:0e:c1:
         3f:64:e3:49:b4:cb:0e:63:75:3e:b1:39:3a:1f:16:2b:27:83:
         32:9f:27:b9:b9:7c:d7:ff:5d:b8:86:7c:c2:5a:3a:fa:8d:fd:
         d0:33:be:7d:72:fe:5e:45:4c:ae:0a:aa:ef:96:1c:14:07:82:
         16:fd:02:c4:fa:fd:81:b7:72:c4:e2:7b:38:97:7f:e4:2c:c1:
         23:9b:d7:43:2c:57:a8:c7:66:5a:f5:1f:48:51:25:52:72:95:
         df:2d:9b:6e:79:dc:c8:08:a2:41:a9:37:65:c9:f1:1b:6c:92:
         f7:c3:78:87:9f:5c:95:64:f8:7b:84:82:9c:f4:79:1e:d5:23:
         41:34:01:94:45:92:8b:c2:a7:4f:5a:49:ae:cd:40:ef:de:fa:
         14:95:d5:e4:47:83:e8:1c:c8:18:65:ca:35:10:66:bd:a4:0d:
         76:2a:fd:50:1e:28:f3:63:0d:ef:68:5a:58:c8:4b:29:4d:4e:
         eb:ba:c6:60:d5:df:ea:4f:35:22:fb:bf:f5:ee:d3:48:ea:22:
         0d:33:87:cd:b6:cb:17:3d:6d:bc:2f:b0:b5:a6:8b:45:50:75:
         31:f9:21:ca:c1:4f:f3:7e:e2:c0:b8:94:6b:69:0c:49:4a:db:
         bf:58:d8:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ615H+RUERliLDqFj66opnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNGRjYjU2Zjc5ZjRhMWRlZDhkOTU0ODIzMzM5NjFkMDI2
NGZhYTUwHhcNMjYwNjExMDg1NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODAxMDZjZDI0MDAxNGRkZDc3Y2UyNTMyYjNjYTcyY2FkMGMyNTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTMiw2PRbrQtrRBR//mW3mabajbT
Ix7rkD/Ph1f/ePzehBodVO3DM6mFm5WIillbfqByfF5etsqK7hUnmvbAWxsm1lOL
vntPWdqjTDG4v562+SX4z6qul4WUwPa+C/0E03OyIg7yFUbURLwlsFNb/ufJm0po
q10cDY3J9+hdh68kZnlHBKxjY0zFbeP+HlXP3jFlUQfnandmMhka5q/7Qg0N72Qg
+DNZ//Rk7YnjuP0cHlJDBTnIHIWQ9eQoFC/0HwTWnHoN2ADVGGWJDnOQD0EkfQdq
Wa2d9VA/faD2l+OhLcdxEUvZAL7TB7m+x+RFw8WN2HOxKbF/uGx8/hRQ5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgBBs0kABTd13ziUys8pyytDCVkMB8GA1UdIwQY
MBaAFN1Ny1b3n0od7Y2VSCMzlh0CZPqlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1UzTFZ2ZWZTaDN0alpWSUl6T1dIUUprLXFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hYjNlNzMtZDEzZC00ZWMyLWJmM2Yt
MTc3YjViYTMyMzI3LzEvYUFFR3pTUUFGTjNYZk9KVEt6eW5MSzBNSldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hYjNlNzMtZDEzZC00ZWMyLWJmM2YtMTc3YjViYTMyMzI3
LzEvM1UzTFZ2ZWZTaDN0alpWSUl6T1dIUUprLXFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufU+MA0G
CSqGSIb3DQEBCwUAA4IBAQCbDNSQgwwCzJ6mbS2824bCDsE/ZONJtMsOY3U+sTk6
HxYrJ4Mynye5uXzX/124hnzCWjr6jf3QM759cv5eRUyuCqrvlhwUB4IW/QLE+v2B
t3LE4ns4l3/kLMEjm9dDLFeox2Za9R9IUSVScpXfLZtuedzICKJBqTdlyfEbbJL3
w3iHn1yVZPh7hIKc9Hke1SNBNAGURZKLwqdPWkmuzUDv3voUldXkR4PoHMgYZco1
EGa9pA12Kv1QHijzYw3vaFpYyEspTU7rusZg1d/qTzUi+7/17tNI6iINM4fNtssX
PW28L7C1potFUHUx+SHKwU/zfuLAuJRraQxJStu/WNgC
-----END CERTIFICATE-----