Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/80b8cf-576d-4044-a624-ae72bfd3f782/1/vDqQuNVASWfux49ii3xxJFfRld4.roa
File:                     vDqQuNVASWfux49ii3xxJFfRld4.roa (raw, json)
Hash identifier:          Ez2ZHwckh0VhggajM0dkx53jzrau9P9RypSE4OGXJCw=
Subject key identifier:   BC:3A:90:B8:D5:40:49:67:EE:C7:8F:62:8B:7C:71:24:57:D1:95:DE
Certificate issuer:       /CN=186590ee4a796301c422e033f944d263d6adeebc
Certificate serial:       019B7F1380D88A0B3255E16C86159A5A58A7
Authority key identifier: 18:65:90:EE:4A:79:63:01:C4:22:E0:33:F9:44:D2:63:D6:AD:EE:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GGWQ7kp5YwHEIuAz-UTSY9at7rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/80b8cf-576d-4044-a624-ae72bfd3f782/1/vDqQuNVASWfux49ii3xxJFfRld4.roa
Signing time:             Fri 02 Jan 2026 14:19:03 +0000
ROA not before:           Fri 02 Jan 2026 14:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212536
IP address blocks:        194.8.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/80b8cf-576d-4044-a624-ae72bfd3f782/1/GGWQ7kp5YwHEIuAz-UTSY9at7rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/80b8cf-576d-4044-a624-ae72bfd3f782/1/GGWQ7kp5YwHEIuAz-UTSY9at7rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GGWQ7kp5YwHEIuAz-UTSY9at7rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:80:d8:8a:0b:32:55:e1:6c:86:15:9a:5a:58:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=186590ee4a796301c422e033f944d263d6adeebc
        Validity
            Not Before: Jan  2 14:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc3a90b8d5404967eec78f628b7c712457d195de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:68:d8:95:6e:94:d1:dd:0b:8c:a7:0f:5d:86:
                    72:b5:e2:b2:97:7b:68:ef:7b:4d:35:77:f3:d7:a5:
                    b1:89:87:6b:ef:6e:c9:b0:cd:e6:08:98:fc:d7:e3:
                    e3:27:24:ba:25:72:0a:bd:24:e5:61:b4:24:e6:50:
                    43:18:d1:66:ca:be:60:d9:e0:87:f3:68:a1:b2:56:
                    6f:b6:a0:96:2e:6e:6d:15:72:40:cc:5e:89:4d:89:
                    3d:68:cf:f4:51:9c:26:1e:b2:01:05:05:85:66:e2:
                    f2:0d:a4:22:40:f5:bb:37:88:32:7b:3b:0b:2c:84:
                    e4:9a:61:0c:e0:d0:af:fc:a3:b8:4c:13:ff:06:18:
                    6f:5f:b7:05:dd:06:35:1f:9b:86:f3:c2:f3:87:74:
                    31:5f:eb:eb:ba:3c:bd:41:fa:77:4e:57:60:3a:0e:
                    dd:a0:c2:1b:dd:74:69:8b:38:19:38:15:24:71:5c:
                    0e:6f:48:83:d9:ed:3b:ad:21:1e:25:bf:ef:ac:cd:
                    df:d3:1f:fe:5d:b8:ce:65:3c:fa:a8:f1:4e:47:6c:
                    3e:fc:ca:56:69:ea:a3:cf:34:dc:e5:f8:74:77:1d:
                    ae:26:35:71:ac:5b:9e:a2:63:ac:ba:b3:e3:26:ff:
                    f6:d4:b7:ca:57:4c:c9:a8:25:4d:5f:37:ce:7f:20:
                    22:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:3A:90:B8:D5:40:49:67:EE:C7:8F:62:8B:7C:71:24:57:D1:95:DE
            X509v3 Authority Key Identifier:
                keyid:18:65:90:EE:4A:79:63:01:C4:22:E0:33:F9:44:D2:63:D6:AD:EE:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GGWQ7kp5YwHEIuAz-UTSY9at7rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/80b8cf-576d-4044-a624-ae72bfd3f782/1/vDqQuNVASWfux49ii3xxJFfRld4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/80b8cf-576d-4044-a624-ae72bfd3f782/1/GGWQ7kp5YwHEIuAz-UTSY9at7rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:b6:6d:bc:e3:b4:49:73:3f:ce:57:76:d3:7b:d5:3d:5d:cb:
         76:81:62:08:58:90:ee:8a:92:ee:64:e5:7a:8e:a7:80:e6:fa:
         f4:d1:f8:7e:22:71:c6:25:6e:75:2a:7f:68:9a:dc:98:5d:96:
         d3:80:7f:92:55:91:6c:da:f2:81:00:ba:7a:ed:f9:d3:f7:af:
         b5:c6:72:10:09:13:5b:cd:4b:f6:31:59:72:f6:a6:05:26:cc:
         94:97:46:5b:d7:42:e8:1c:32:54:23:13:ae:13:1c:96:23:12:
         64:68:13:f3:49:d2:cc:74:f1:79:df:da:c2:3d:47:c9:fb:29:
         eb:9d:13:76:0f:ba:d4:53:34:cb:ac:8c:ae:49:d3:fe:ae:50:
         e0:4a:0b:4b:6e:ed:09:7a:cd:80:2a:de:94:6d:be:7d:5d:f7:
         42:ab:b6:3e:79:a2:91:c5:4b:12:cb:60:ff:11:89:28:1c:2b:
         39:d7:b4:da:68:69:66:63:de:00:1f:e6:21:b5:77:85:71:6a:
         19:8d:d5:73:5f:a0:f3:67:63:ff:81:4c:61:dd:50:c9:f2:81:
         00:df:58:07:88:10:83:ab:b4:ac:40:76:67:63:33:99:17:43:
         2a:79:b4:17:b2:ab:3a:45:40:42:9d:48:c7:24:21:b6:af:54:
         f3:b3:70:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E4DYigsyVeFshhWaWlinMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NjU5MGVlNGE3OTYzMDFjNDIyZTAzM2Y5NDRkMjYzZDZh
ZGVlYmMwHhcNMjYwMTAyMTQxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzNhOTBiOGQ1NDA0OTY3ZWVjNzhmNjI4YjdjNzEyNDU3ZDE5NWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2jYlW6U0d0LjKcPXYZyteKyl3to
73tNNXfz16WxiYdr727JsM3mCJj81+PjJyS6JXIKvSTlYbQk5lBDGNFmyr5g2eCH
82ihslZvtqCWLm5tFXJAzF6JTYk9aM/0UZwmHrIBBQWFZuLyDaQiQPW7N4gyezsL
LITkmmEM4NCv/KO4TBP/BhhvX7cF3QY1H5uG88Lzh3QxX+vrujy9Qfp3TldgOg7d
oMIb3XRpizgZOBUkcVwOb0iD2e07rSEeJb/vrM3f0x/+XbjOZTz6qPFOR2w+/MpW
aeqjzzTc5fh0dx2uJjVxrFueomOsurPjJv/21LfKV0zJqCVNXzfOfyAiOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLw6kLjVQEln7sePYot8cSRX0ZXeMB8GA1UdIwQY
MBaAFBhlkO5KeWMBxCLgM/lE0mPWre68MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0dXUTdrcDVZd0hFSXVBei1VVFNZOWF0N3J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS84MGI4Y2YtNTc2ZC00MDQ0LWE2MjQt
YWU3MmJmZDNmNzgyLzEvdkRxUXVOVkFTV2Z1eDQ5aWkzeHhKRmZSbGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS84MGI4Y2YtNTc2ZC00MDQ0LWE2MjQtYWU3MmJmZDNmNzgy
LzEvR0dXUTdrcDVZd0hFSXVBei1VVFNZOWF0N3J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwghKMA0G
CSqGSIb3DQEBCwUAA4IBAQCGtm2847RJcz/OV3bTe9U9Xct2gWIIWJDuipLuZOV6
jqeA5vr00fh+InHGJW51Kn9omtyYXZbTgH+SVZFs2vKBALp67fnT96+1xnIQCRNb
zUv2MVly9qYFJsyUl0Zb10LoHDJUIxOuExyWIxJkaBPzSdLMdPF539rCPUfJ+ynr
nRN2D7rUUzTLrIyuSdP+rlDgSgtLbu0Jes2AKt6Ubb59XfdCq7Y+eaKRxUsSy2D/
EYkoHCs517TaaGlmY94AH+YhtXeFcWoZjdVzX6DzZ2P/gUxh3VDJ8oEA31gHiBCD
q7SsQHZnYzOZF0MqebQXsqs6RUBCnUjHJCG2r1Tzs3C9
-----END CERTIFICATE-----