Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/ipCoEXo6uW0pr_TclF-YMNfjy1o.roa
File:                     ipCoEXo6uW0pr_TclF-YMNfjy1o.roa (raw, json)
Hash identifier:          Vq4dXFhds74U9HS3KjpxidXdPv7ObFMg2YYb+3p543I=
Subject key identifier:   8A:90:A8:11:7A:3A:B9:6D:29:AF:F4:DC:94:5F:98:30:D7:E3:CB:5A
Certificate issuer:       /CN=6682890b7ed23347478d4d65db0948c3db23ebe7
Certificate serial:       019C2DBE01BE9296C51DFB936547E154D3AF
Authority key identifier: 66:82:89:0B:7E:D2:33:47:47:8D:4D:65:DB:09:48:C3:DB:23:EB:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZoKJC37SM0dHjU1l2wlIw9sj6-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/ipCoEXo6uW0pr_TclF-YMNfjy1o.roa
Signing time:             Thu 05 Feb 2026 12:19:12 +0000
ROA not before:           Thu 05 Feb 2026 12:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35470
IP address blocks:        185.115.216.0/23 maxlen: 24
                          185.115.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/ZoKJC37SM0dHjU1l2wlIw9sj6-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/ZoKJC37SM0dHjU1l2wlIw9sj6-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZoKJC37SM0dHjU1l2wlIw9sj6-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2d:be:01:be:92:96:c5:1d:fb:93:65:47:e1:54:d3:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6682890b7ed23347478d4d65db0948c3db23ebe7
        Validity
            Not Before: Feb  5 12:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a90a8117a3ab96d29aff4dc945f9830d7e3cb5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5a:64:77:63:9c:03:54:d9:2f:c4:c7:2d:93:
                    a2:d3:c4:14:4e:27:f1:f5:43:36:ff:5f:86:90:4e:
                    d8:47:a9:81:39:96:aa:c7:ff:e3:1f:d3:a6:be:be:
                    24:4f:49:a9:2b:79:88:2a:ee:25:cb:f7:67:a9:25:
                    34:30:9e:2c:d7:23:f9:54:32:1c:c4:9c:4a:f0:18:
                    57:f1:1a:0b:18:0f:e8:b5:29:a9:2d:73:bc:d1:86:
                    b5:ae:48:b5:ae:6c:f5:85:20:a9:c7:44:19:4f:fe:
                    7f:9e:e7:e8:98:a5:20:a7:9f:ea:cb:30:53:74:9a:
                    86:5c:98:e5:43:95:34:1f:26:6a:01:29:23:da:c1:
                    90:55:d0:62:b2:cd:4b:89:d9:c4:1c:3c:7e:b8:ec:
                    2e:01:6f:e9:81:d2:b2:73:f3:91:b0:d9:e5:c4:3a:
                    f6:d5:67:9d:77:7d:48:65:bd:33:4f:7c:9b:6d:9f:
                    97:24:16:ef:63:21:c8:90:81:28:62:53:ea:9d:e8:
                    b3:d4:b0:17:c5:ca:b3:37:98:2c:ec:bb:05:91:ae:
                    2c:98:81:ef:b7:48:2d:2e:1a:4f:10:2e:1e:fe:09:
                    ea:ed:5e:4d:78:f2:b1:1f:17:0b:1e:74:1b:8b:5c:
                    61:5f:b1:65:cf:f0:a8:41:12:90:41:75:86:a5:9e:
                    9a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:90:A8:11:7A:3A:B9:6D:29:AF:F4:DC:94:5F:98:30:D7:E3:CB:5A
            X509v3 Authority Key Identifier:
                keyid:66:82:89:0B:7E:D2:33:47:47:8D:4D:65:DB:09:48:C3:DB:23:EB:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZoKJC37SM0dHjU1l2wlIw9sj6-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/ipCoEXo6uW0pr_TclF-YMNfjy1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/ZoKJC37SM0dHjU1l2wlIw9sj6-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.216.0-185.115.218.255

    Signature Algorithm: sha256WithRSAEncryption
         91:ba:fd:ad:55:b6:d9:db:b8:9e:55:35:d6:e2:70:3f:e1:ee:
         78:25:ec:83:78:80:5b:55:06:c6:a0:b8:98:d3:4c:57:93:30:
         bd:0e:81:5a:f1:1e:d9:67:28:5f:1f:1c:93:51:c9:cc:83:f3:
         d1:0d:a9:93:15:26:df:62:be:d9:73:58:da:c8:50:10:84:73:
         8d:fb:bf:a6:47:79:23:f3:d3:60:7a:c5:f0:53:4d:bd:01:9e:
         3f:d2:7d:29:8e:b8:b7:e6:0f:2c:8a:34:68:87:9e:2b:fa:35:
         ad:da:78:0f:9a:1c:41:f0:4b:d3:a8:79:5e:b4:96:3e:b2:cb:
         0e:c4:1f:bb:18:99:01:5f:43:9c:d3:25:9d:a8:1e:78:e9:86:
         70:0a:17:56:07:21:50:94:f7:d2:07:ff:0d:d5:2e:bf:b6:28:
         04:a4:c1:f3:96:55:02:36:6a:3f:1a:60:45:3c:cb:b1:34:33:
         0b:e5:5a:06:1d:f7:10:f7:e7:ad:b7:cb:e7:bd:e8:fc:fb:07:
         11:47:39:de:fa:4d:07:73:d8:e0:9a:9d:68:2c:59:4f:76:49:
         3e:43:b0:b9:da:c1:c4:8e:9d:8b:33:a5:65:7a:35:31:0f:e7:
         71:4e:f7:f8:41:16:b5:bf:a2:e1:30:c6:c5:ea:61:5c:53:dc:
         e3:b7:bf:ee
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZwtvgG+kpbFHfuTZUfhVNOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ODI4OTBiN2VkMjMzNDc0NzhkNGQ2NWRiMDk0OGMzZGIy
M2ViZTcwHhcNMjYwMjA1MTIxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTkwYTgxMTdhM2FiOTZkMjlhZmY0ZGM5NDVmOTgzMGQ3ZTNjYjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVpkd2OcA1TZL8THLZOi08QUTifx
9UM2/1+GkE7YR6mBOZaqx//jH9Omvr4kT0mpK3mIKu4ly/dnqSU0MJ4s1yP5VDIc
xJxK8BhX8RoLGA/otSmpLXO80Ya1rki1rmz1hSCpx0QZT/5/nufomKUgp5/qyzBT
dJqGXJjlQ5U0HyZqASkj2sGQVdBiss1LidnEHDx+uOwuAW/pgdKyc/ORsNnlxDr2
1Wedd31IZb0zT3ybbZ+XJBbvYyHIkIEoYlPqneiz1LAXxcqzN5gs7LsFka4smIHv
t0gtLhpPEC4e/gnq7V5NePKxHxcLHnQbi1xhX7Flz/CoQRKQQXWGpZ6anwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIqQqBF6OrltKa/03JRfmDDX48taMB8GA1UdIwQY
MBaAFGaCiQt+0jNHR41NZdsJSMPbI+vnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm9LSkMzN1NNMGRIalUxbDJ3bEl3OXNqNi1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yYTk4MWQtNjdmNS00ODRlLWJlMWIt
ZmY2NGE5YmE1OTdjLzEvaXBDb0VYbzZ1VzBwcl9UY2xGLVlNTmZqeTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yYTk4MWQtNjdmNS00ODRlLWJlMWItZmY2NGE5YmE1OTdj
LzEvWm9LSkMzN1NNMGRIalUxbDJ3bEl3OXNqNi1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5c9gD
BAC5c9owDQYJKoZIhvcNAQELBQADggEBAJG6/a1VttnbuJ5VNdbicD/h7ngl7IN4
gFtVBsaguJjTTFeTML0OgVrxHtlnKF8fHJNRycyD89ENqZMVJt9ivtlzWNrIUBCE
c437v6ZHeSPz02B6xfBTTb0Bnj/SfSmOuLfmDyyKNGiHniv6Na3aeA+aHEHwS9Oo
eV60lj6yyw7EH7sYmQFfQ5zTJZ2oHnjphnAKF1YHIVCU99IH/w3VLr+2KASkwfOW
VQI2aj8aYEU8y7E0MwvlWgYd9xD35623y+e96Pz7BxFHOd76TQdz2OCanWgsWU92
ST5DsLnawcSOnYszpWV6NTEP53FO9/hBFrW/ouEwxsXqYVxT3OO3v+4=
-----END CERTIFICATE-----