Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/sWQ5MFr-3Y0UZG4yuW0yjqbQ7Eg.roa
File:                     sWQ5MFr-3Y0UZG4yuW0yjqbQ7Eg.roa (raw, json)
Hash identifier:          I4OaI58SiKbwgQhwOAwtZE0NHDRmM5MSDXp++yDS4Xg=
Subject key identifier:   B1:64:39:30:5A:FE:DD:8D:14:64:6E:32:B9:6D:32:8E:A6:D0:EC:48
Certificate issuer:       /CN=6001b953c6be1f91831d68a5c0115c20e0cd7f9a
Certificate serial:       019B7A5AF0D7D78613AD5F10A1F69FB08923
Authority key identifier: 60:01:B9:53:C6:BE:1F:91:83:1D:68:A5:C0:11:5C:20:E0:CD:7F:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YAG5U8a-H5GDHWilwBFcIODNf5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/sWQ5MFr-3Y0UZG4yuW0yjqbQ7Eg.roa
Signing time:             Thu 01 Jan 2026 16:18:58 +0000
ROA not before:           Thu 01 Jan 2026 16:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42220
IP address blocks:        185.214.176.0/22 maxlen: 24
                          217.18.160.0/20 maxlen: 24
                          2a03:9520::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/YAG5U8a-H5GDHWilwBFcIODNf5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/YAG5U8a-H5GDHWilwBFcIODNf5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YAG5U8a-H5GDHWilwBFcIODNf5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:f0:d7:d7:86:13:ad:5f:10:a1:f6:9f:b0:89:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6001b953c6be1f91831d68a5c0115c20e0cd7f9a
        Validity
            Not Before: Jan  1 16:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b16439305afedd8d14646e32b96d328ea6d0ec48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c6:80:91:fb:49:9b:7b:6e:e6:0d:6d:1b:49:
                    65:cc:aa:ac:72:57:22:cf:b5:da:b1:74:f6:d4:ae:
                    44:e3:59:fb:e1:99:3a:66:8f:0d:0d:1b:7f:3f:53:
                    83:66:c8:57:80:e4:f0:27:54:db:d3:68:55:71:35:
                    6b:2f:16:6d:2c:d3:09:d8:c3:1f:d9:ee:58:7a:46:
                    cc:06:8d:4d:e5:59:cc:b5:0a:55:d9:71:36:24:b0:
                    ae:95:d6:95:07:b1:da:10:89:54:6e:40:84:20:e2:
                    c1:45:5c:9e:1f:f8:6d:ee:fa:65:a9:15:13:ba:7b:
                    01:b0:46:eb:e6:bb:0b:bc:97:89:4f:75:85:a3:ff:
                    83:35:cc:26:6d:f3:87:3b:f3:93:6f:40:56:3e:b4:
                    56:27:c5:cf:b3:4e:7f:9f:3e:14:e1:e9:0a:30:b0:
                    2b:76:30:3e:10:f8:a7:d4:15:1d:ed:d6:60:7a:fc:
                    4c:62:43:91:c8:af:b7:55:d4:23:f0:12:34:ce:fb:
                    7d:eb:10:d3:3d:dd:5f:7a:77:53:a5:f3:ea:dd:9f:
                    e5:de:45:f5:20:b0:3e:54:74:65:a6:c0:34:cd:c0:
                    68:f0:09:c3:c3:6c:4a:e5:e5:49:bc:56:d5:a9:dd:
                    9b:48:c8:6c:7f:3e:1d:7b:b5:6a:8d:03:6a:3c:79:
                    2f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:64:39:30:5A:FE:DD:8D:14:64:6E:32:B9:6D:32:8E:A6:D0:EC:48
            X509v3 Authority Key Identifier:
                keyid:60:01:B9:53:C6:BE:1F:91:83:1D:68:A5:C0:11:5C:20:E0:CD:7F:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YAG5U8a-H5GDHWilwBFcIODNf5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/sWQ5MFr-3Y0UZG4yuW0yjqbQ7Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/YAG5U8a-H5GDHWilwBFcIODNf5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.176.0/22
                  217.18.160.0/20
                IPv6:
                  2a03:9520::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:b0:93:c0:71:e0:1b:c7:d0:44:f2:92:97:dd:a1:34:b6:12:
         8d:41:e9:33:72:49:0b:9e:16:ed:c8:09:9d:80:95:58:3f:9c:
         2d:aa:f3:17:e7:73:70:31:1b:34:ad:85:3a:95:c8:b5:d1:88:
         cd:6c:a2:b6:35:89:d6:08:82:2a:4f:6e:d0:32:40:89:44:1e:
         d4:e7:56:90:2f:96:9b:36:e3:c9:36:b2:43:b8:b1:cc:44:df:
         a0:da:b4:3b:32:21:7e:db:30:7b:77:76:03:b5:22:73:51:bf:
         c8:9f:47:4c:56:a0:0b:e1:c0:c0:53:c2:17:91:50:34:ea:45:
         50:54:ff:af:98:f1:78:2d:28:1d:8f:53:75:f9:73:b9:12:6f:
         46:d5:8c:92:4b:69:85:69:73:41:5d:27:08:55:04:13:e6:79:
         db:fb:cd:08:6f:63:68:98:3f:36:a7:39:2b:30:22:07:8d:b9:
         aa:15:e8:ea:da:60:dd:dc:ad:0c:c8:86:b4:0a:cf:22:cf:17:
         34:eb:13:41:38:e9:03:f9:7d:57:6c:81:92:ac:84:e0:12:54:
         9d:d9:3a:8f:e8:07:73:6b:0d:6a:cb:25:a8:e7:58:a3:e8:39:
         9a:d6:0e:e7:d4:4b:75:2d:c2:94:04:55:21:b1:61:29:03:22:
         78:85:cf:50
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt6WvDX14YTrV8QofafsIkjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMDFiOTUzYzZiZTFmOTE4MzFkNjhhNWMwMTE1YzIwZTBj
ZDdmOWEwHhcNMjYwMTAxMTYxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTY0MzkzMDVhZmVkZDhkMTQ2NDZlMzJiOTZkMzI4ZWE2ZDBlYzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMaAkftJm3tu5g1tG0llzKqsclci
z7XasXT21K5E41n74Zk6Zo8NDRt/P1ODZshXgOTwJ1Tb02hVcTVrLxZtLNMJ2MMf
2e5YekbMBo1N5VnMtQpV2XE2JLCuldaVB7HaEIlUbkCEIOLBRVyeH/ht7vplqRUT
unsBsEbr5rsLvJeJT3WFo/+DNcwmbfOHO/OTb0BWPrRWJ8XPs05/nz4U4ekKMLAr
djA+EPin1BUd7dZgevxMYkORyK+3VdQj8BI0zvt96xDTPd1fendTpfPq3Z/l3kX1
ILA+VHRlpsA0zcBo8AnDw2xK5eVJvFbVqd2bSMhsfz4de7VqjQNqPHkvewIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLFkOTBa/t2NFGRuMrltMo6m0OxIMB8GA1UdIwQY
MBaAFGABuVPGvh+Rgx1opcARXCDgzX+aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUFHNVU4YS1INUdESFdpbHdCRmNJT0ROZjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8yMTNiZTYtZWNiOS00MzAwLTgzNDYt
YTY0NzY3NWY0NmI2LzEvc1dRNU1Gci0zWTBVWkc0eXVXMHlqcWJRN0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8yMTNiZTYtZWNiOS00MzAwLTgzNDYtYTY0NzY3NWY0NmI2
LzEvWUFHNVU4YS1INUdESFdpbHdCRmNJT0ROZjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCudawAwQE
2RKgMA0EAgACMAcDBQAqA5UgMA0GCSqGSIb3DQEBCwUAA4IBAQBSsJPAceAbx9BE
8pKX3aE0thKNQekzckkLnhbtyAmdgJVYP5wtqvMX53NwMRs0rYU6lci10YjNbKK2
NYnWCIIqT27QMkCJRB7U51aQL5abNuPJNrJDuLHMRN+g2rQ7MiF+2zB7d3YDtSJz
Ub/In0dMVqAL4cDAU8IXkVA06kVQVP+vmPF4LSgdj1N1+XO5Em9G1YySS2mFaXNB
XScIVQQT5nnb+80Ib2NomD82pzkrMCIHjbmqFejq2mDd3K0MyIa0Cs8izxc06xNB
OOkD+X1XbIGSrITgElSd2TqP6Adzaw1qyyWo51ij6Dma1g7n1Et1LcKUBFUhsWEp
AyJ4hc9Q
-----END CERTIFICATE-----