Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/x0-6NtH4vUkjT1y3qIl47BzSOGw.roa
File:                     x0-6NtH4vUkjT1y3qIl47BzSOGw.roa (raw, json)
Hash identifier:          PnA5gMRP8NULFbWunx+4LpVvQH7waVlGce2Q/pkpzYQ=
Subject key identifier:   C7:4F:BA:36:D1:F8:BD:49:23:4F:5C:B7:A8:89:78:EC:1C:D2:38:6C
Certificate issuer:       /CN=dd4dcb56f79f4a1ded8d95482333961d0264faa5
Certificate serial:       019C9920C28E03C081C16A1B85A5507EB247
Authority key identifier: DD:4D:CB:56:F7:9F:4A:1D:ED:8D:95:48:23:33:96:1D:02:64:FA:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/x0-6NtH4vUkjT1y3qIl47BzSOGw.roa
Signing time:             Thu 26 Feb 2026 08:46:26 +0000
ROA not before:           Thu 26 Feb 2026 08:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402212
IP address blocks:        185.245.62.0/24 maxlen: 24
                          185.245.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:20:c2:8e:03:c0:81:c1:6a:1b:85:a5:50:7e:b2:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd4dcb56f79f4a1ded8d95482333961d0264faa5
        Validity
            Not Before: Feb 26 08:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c74fba36d1f8bd49234f5cb7a88978ec1cd2386c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d4:e1:82:66:56:1d:3c:12:19:8b:a1:4e:11:
                    66:8b:76:c8:22:d8:0a:c5:11:06:e9:57:29:dd:91:
                    8c:40:ac:f9:c6:45:dc:70:25:c5:0f:94:04:6c:c0:
                    5d:da:bc:b7:dd:15:0e:26:cd:01:cc:ac:13:af:2b:
                    21:5c:73:cd:e4:ce:9b:84:77:4c:3e:69:e0:4a:c3:
                    78:0e:7c:2d:0b:bb:41:24:c1:71:d9:53:3a:dd:1b:
                    ed:23:15:e7:95:e6:ef:97:71:e7:a1:ea:24:d8:4c:
                    dd:da:50:f1:78:04:3a:de:41:d7:5a:e2:ae:c8:45:
                    3e:45:3a:18:53:91:2f:df:a6:3f:16:c4:6c:6b:86:
                    65:ab:e7:22:d7:e8:d4:95:d1:c0:21:ce:32:0f:c3:
                    7e:16:05:a6:66:ee:e1:9e:83:d6:2e:19:60:0c:6e:
                    97:96:85:06:fc:b6:c2:64:65:05:c8:9d:0d:a6:33:
                    99:90:b3:9c:f1:f0:21:d7:c8:45:80:95:d9:e3:c9:
                    cc:97:8f:0f:90:e4:a6:51:fd:af:17:28:1c:df:21:
                    00:c4:f7:1c:56:b8:4c:e3:a7:28:5f:fd:30:58:c7:
                    05:66:7f:e4:aa:7e:87:ac:c2:98:57:c0:c3:72:40:
                    61:0d:9b:67:9c:c1:9e:58:be:82:ca:4b:e0:de:08:
                    bc:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:4F:BA:36:D1:F8:BD:49:23:4F:5C:B7:A8:89:78:EC:1C:D2:38:6C
            X509v3 Authority Key Identifier:
                keyid:DD:4D:CB:56:F7:9F:4A:1D:ED:8D:95:48:23:33:96:1D:02:64:FA:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/x0-6NtH4vUkjT1y3qIl47BzSOGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:e6:b8:b3:f7:b0:c8:b8:8b:d8:89:16:eb:c8:94:db:96:13:
         ff:ce:af:2f:03:83:97:ef:7f:44:fd:ac:3e:44:88:a5:c8:8e:
         c8:85:64:38:d3:8d:58:04:77:f4:17:ec:0b:44:be:1e:cb:d3:
         74:a9:c4:76:62:59:76:97:ed:ab:73:02:59:20:e6:62:cd:f5:
         64:14:67:9e:ab:22:da:64:58:9e:38:c1:63:8b:34:64:d0:ba:
         96:51:c9:c3:15:06:22:eb:f3:01:48:f4:de:6c:9e:9b:6d:2a:
         c3:74:8b:34:9b:94:92:e0:ec:ac:0a:cd:69:7b:c3:82:b9:24:
         91:ab:87:59:5d:ff:10:9c:52:a0:86:74:fd:3f:90:95:b2:61:
         1c:57:9f:30:c0:32:27:1e:c2:bf:5c:78:d6:28:31:92:e0:35:
         b2:25:0e:b0:88:09:01:63:52:d7:65:e6:e7:93:ab:a8:2d:dc:
         80:09:e8:d7:81:46:a1:e4:8d:74:ad:cb:4c:88:8d:9b:6f:b6:
         69:1c:3f:f8:5d:bb:82:f2:e6:f3:2d:ab:75:49:8d:9e:34:0b:
         8d:ac:bf:0b:7e:ad:42:d3:2b:b0:ea:13:01:fb:24:4b:e7:6f:
         72:65:49:d1:a7:bd:26:66:a8:80:fc:8f:22:b3:f9:11:fc:36:
         f0:91:61:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyZIMKOA8CBwWobhaVQfrJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNGRjYjU2Zjc5ZjRhMWRlZDhkOTU0ODIzMzM5NjFkMDI2
NGZhYTUwHhcNMjYwMjI2MDg0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzRmYmEzNmQxZjhiZDQ5MjM0ZjVjYjdhODg5NzhlYzFjZDIzODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNThgmZWHTwSGYuhThFmi3bIItgK
xREG6Vcp3ZGMQKz5xkXccCXFD5QEbMBd2ry33RUOJs0BzKwTryshXHPN5M6bhHdM
PmngSsN4DnwtC7tBJMFx2VM63RvtIxXnlebvl3Hnoeok2Ezd2lDxeAQ63kHXWuKu
yEU+RToYU5Ev36Y/FsRsa4Zlq+ci1+jUldHAIc4yD8N+FgWmZu7hnoPWLhlgDG6X
loUG/LbCZGUFyJ0NpjOZkLOc8fAh18hFgJXZ48nMl48PkOSmUf2vFygc3yEAxPcc
VrhM46coX/0wWMcFZn/kqn6HrMKYV8DDckBhDZtnnMGeWL6Cykvg3gi8LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdPujbR+L1JI09ct6iJeOwc0jhsMB8GA1UdIwQY
MBaAFN1Ny1b3n0od7Y2VSCMzlh0CZPqlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1UzTFZ2ZWZTaDN0alpWSUl6T1dIUUprLXFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hYjNlNzMtZDEzZC00ZWMyLWJmM2Yt
MTc3YjViYTMyMzI3LzEveDAtNk50SDR2VWtqVDF5M3FJbDQ3QnpTT0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hYjNlNzMtZDEzZC00ZWMyLWJmM2YtMTc3YjViYTMyMzI3
LzEvM1UzTFZ2ZWZTaDN0alpWSUl6T1dIUUprLXFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufU+MA0G
CSqGSIb3DQEBCwUAA4IBAQCw5riz97DIuIvYiRbryJTblhP/zq8vA4OX739E/aw+
RIilyI7IhWQ4041YBHf0F+wLRL4ey9N0qcR2Yll2l+2rcwJZIOZizfVkFGeeqyLa
ZFieOMFjizRk0LqWUcnDFQYi6/MBSPTebJ6bbSrDdIs0m5SS4OysCs1pe8OCuSSR
q4dZXf8QnFKghnT9P5CVsmEcV58wwDInHsK/XHjWKDGS4DWyJQ6wiAkBY1LXZebn
k6uoLdyACejXgUah5I10rctMiI2bb7ZpHD/4XbuC8ubzLat1SY2eNAuNrL8Lfq1C
0yuw6hMB+yRL529yZUnRp70mZqiA/I8is/kR/DbwkWEt
-----END CERTIFICATE-----