Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/AAN_C8py2EA1n7GC7uysYX9C8eI.roa
File:                     AAN_C8py2EA1n7GC7uysYX9C8eI.roa (raw, json)
Hash identifier:          YTXGhX9lVZicuBLsjZQtboD3S2P+2J1oVo6LxafsTbY=
Subject key identifier:   00:03:7F:0B:CA:72:D8:40:35:9F:B1:82:EE:EC:AC:61:7F:42:F1:E2
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       019C27310726F01E7E4CE2F220F9E6509EF5
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/AAN_C8py2EA1n7GC7uysYX9C8eI.roa
Signing time:             Wed 04 Feb 2026 05:47:30 +0000
ROA not before:           Wed 04 Feb 2026 05:47:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201865
IP address blocks:        194.44.28.0/24 maxlen: 24
                          194.44.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:27:31:07:26:f0:1e:7e:4c:e2:f2:20:f9:e6:50:9e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Feb  4 05:47:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00037f0bca72d840359fb182eeecac617f42f1e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f8:4f:48:85:e7:70:71:04:ce:eb:ff:ce:ed:
                    5c:59:cd:c7:ef:9b:d9:ce:98:87:29:eb:77:5b:23:
                    be:58:62:4e:f7:2d:95:4b:27:f3:57:9d:1e:ce:d7:
                    26:0c:40:21:37:c2:6c:68:9b:a6:13:5f:16:0e:f2:
                    bd:b7:ac:af:19:6f:02:0f:b8:4a:43:15:5d:ef:2a:
                    4d:8d:f0:e2:13:eb:1f:12:6b:e1:b1:fd:95:94:2d:
                    00:6f:7c:cd:f0:06:86:96:c5:97:40:e2:62:19:1b:
                    58:dc:a7:78:74:a3:45:d6:b5:18:fa:73:ae:3a:82:
                    89:32:0b:ed:e7:f3:21:6a:6a:9f:c3:73:6c:c6:cb:
                    12:3b:e5:ef:5b:3a:43:0a:1a:68:ef:83:a1:63:54:
                    29:8e:22:4a:f1:83:e7:9a:2d:b4:36:31:b0:4b:14:
                    cf:cb:70:a0:4b:0a:98:2e:8c:c0:5c:a2:b5:42:29:
                    8d:00:73:5b:c5:f5:2d:5c:3c:0b:6f:5d:06:8c:3b:
                    b8:e2:03:66:66:2c:89:30:0c:24:df:79:86:6a:b5:
                    7b:ed:33:b5:50:37:9c:a2:3d:0d:68:5c:80:d9:14:
                    2f:30:2f:f6:51:f9:af:58:f2:e3:d9:1e:85:1f:f7:
                    c3:dc:9a:a1:48:bc:86:18:02:fd:14:cf:50:6c:9a:
                    64:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:03:7F:0B:CA:72:D8:40:35:9F:B1:82:EE:EC:AC:61:7F:42:F1:E2
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/AAN_C8py2EA1n7GC7uysYX9C8eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.28.0/24
                  194.44.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:6d:b9:14:e9:0d:91:bb:cf:8f:ec:c8:45:0b:1c:10:d2:de:
         1a:7a:ad:b5:72:a0:32:c8:d2:97:78:21:e6:4d:5e:1e:39:48:
         d3:d2:00:a2:66:a3:f8:de:b4:d2:4a:63:b6:51:54:8c:cb:c2:
         1b:6e:6f:a4:00:b7:f6:b6:57:2c:8f:ca:68:be:7b:8d:b0:46:
         68:c7:02:16:c2:24:ec:aa:b4:28:08:c6:75:56:f9:f7:92:3d:
         fb:9e:56:7d:28:90:e8:5b:2a:e0:55:62:84:82:29:92:a1:49:
         ed:95:c0:93:03:98:b6:7d:46:fd:79:7e:1a:b8:81:ed:b3:c1:
         c9:d6:a3:27:4d:e9:03:27:24:57:8d:94:d1:af:f8:88:b2:f0:
         bf:d5:43:3c:a2:51:40:92:eb:03:86:c6:11:8e:45:97:29:b3:
         3b:72:6d:d7:a7:b7:83:22:5a:81:8c:13:08:56:fb:a0:a8:12:
         78:e7:e1:0d:cc:c1:8c:5f:f7:32:a1:44:fb:a8:cd:4f:8c:fb:
         07:a4:af:56:cd:fe:9f:83:e9:4f:a6:cf:6f:99:d3:3a:55:8d:
         bb:33:e6:d7:1f:95:75:f6:b4:17:27:4b:0e:ad:ed:41:d2:4f:
         1b:ad:32:16:bc:03:cb:32:35:0a:d6:3d:4a:14:a9:87:70:42:
         2f:b6:d5:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwnMQcm8B5+TOLyIPnmUJ71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjYwMjA0MDU0NzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDAzN2YwYmNhNzJkODQwMzU5ZmIxODJlZWVjYWM2MTdmNDJmMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPhPSIXncHEEzuv/zu1cWc3H75vZ
zpiHKet3WyO+WGJO9y2VSyfzV50eztcmDEAhN8JsaJumE18WDvK9t6yvGW8CD7hK
QxVd7ypNjfDiE+sfEmvhsf2VlC0Ab3zN8AaGlsWXQOJiGRtY3Kd4dKNF1rUY+nOu
OoKJMgvt5/Mhamqfw3NsxssSO+XvWzpDChpo74OhY1QpjiJK8YPnmi20NjGwSxTP
y3CgSwqYLozAXKK1QimNAHNbxfUtXDwLb10GjDu44gNmZiyJMAwk33mGarV77TO1
UDecoj0NaFyA2RQvMC/2UfmvWPLj2R6FH/fD3JqhSLyGGAL9FM9QbJpkVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAADfwvKcthANZ+xgu7srGF/QvHiMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvQUFOX0M4cHkyRUExbjdHQzd1eXNZWDlDOGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiwcAwQA
wizZMA0GCSqGSIb3DQEBCwUAA4IBAQBrbbkU6Q2Ru8+P7MhFCxwQ0t4aeq21cqAy
yNKXeCHmTV4eOUjT0gCiZqP43rTSSmO2UVSMy8Ibbm+kALf2tlcsj8povnuNsEZo
xwIWwiTsqrQoCMZ1Vvn3kj37nlZ9KJDoWyrgVWKEgimSoUntlcCTA5i2fUb9eX4a
uIHts8HJ1qMnTekDJyRXjZTRr/iIsvC/1UM8olFAkusDhsYRjkWXKbM7cm3Xp7eD
IlqBjBMIVvugqBJ45+ENzMGMX/cyoUT7qM1PjPsHpK9Wzf6fg+lPps9vmdM6VY27
M+bXH5V19rQXJ0sOre1B0k8brTIWvAPLMjUK1j1KFKmHcEIvttUV
-----END CERTIFICATE-----