Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/8f3b97-7bc4-4c8d-b5a5-296739745bdd/1/EXc86XlHMghABmd46_9YhwTFqyg.roa
File:                     EXc86XlHMghABmd46_9YhwTFqyg.roa (raw, json)
Hash identifier:          STPylVHN69IxUeHu9IEtRDj3HWN1YmaxpLQkEiE+qf4=
Subject key identifier:   11:77:3C:E9:79:47:32:08:40:06:67:78:EB:FF:58:87:04:C5:AB:28
Certificate issuer:       /CN=7c97b690b61b5a4f8670910ddab4c65aa87a8834
Certificate serial:       019D4462799624AC2FE7A266DCD41596319F
Authority key identifier: 7C:97:B6:90:B6:1B:5A:4F:86:70:91:0D:DA:B4:C6:5A:A8:7A:88:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fJe2kLYbWk-GcJEN2rTGWqh6iDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/8f3b97-7bc4-4c8d-b5a5-296739745bdd/1/EXc86XlHMghABmd46_9YhwTFqyg.roa
Signing time:             Tue 31 Mar 2026 14:53:17 +0000
ROA not before:           Tue 31 Mar 2026 14:53:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209529
IP address blocks:        185.228.220.0/22 maxlen: 24
                          185.228.221.0/24 maxlen: 24
                          185.228.222.0/23 maxlen: 24
                          185.228.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/8f3b97-7bc4-4c8d-b5a5-296739745bdd/1/fJe2kLYbWk-GcJEN2rTGWqh6iDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/8f3b97-7bc4-4c8d-b5a5-296739745bdd/1/fJe2kLYbWk-GcJEN2rTGWqh6iDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fJe2kLYbWk-GcJEN2rTGWqh6iDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:44:62:79:96:24:ac:2f:e7:a2:66:dc:d4:15:96:31:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c97b690b61b5a4f8670910ddab4c65aa87a8834
        Validity
            Not Before: Mar 31 14:53:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11773ce97947320840066778ebff588704c5ab28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d8:96:78:11:9e:51:e0:a8:a7:bc:f8:b9:5d:
                    6a:07:e7:90:1b:8e:b7:8c:2e:97:3c:18:12:0b:9c:
                    4c:27:09:0f:74:ac:ce:a4:89:68:6d:46:43:34:5b:
                    ce:47:86:d2:4c:55:e8:a0:e8:c6:d4:e4:16:98:64:
                    3b:57:f9:29:38:63:ba:0a:57:f4:a7:15:8c:95:4a:
                    f9:06:4d:7b:6f:3f:c9:20:db:f6:c6:6e:5f:b4:d7:
                    de:cf:f1:0b:df:17:a5:dd:09:83:c1:f5:90:69:35:
                    15:35:c0:6f:96:ea:06:52:29:ef:b4:cb:6b:66:0a:
                    0c:25:d4:87:da:bc:64:99:fd:cb:04:cb:33:af:1a:
                    ff:f8:1d:54:cc:f4:2d:c8:ba:4d:0c:ea:bc:5c:43:
                    58:fc:eb:6b:97:34:4f:13:35:e7:f0:9b:47:cb:29:
                    e6:d8:43:00:03:b8:a5:04:0b:c5:a1:94:78:d2:40:
                    f4:ad:94:97:80:1a:db:d3:36:02:a6:be:f3:03:95:
                    ef:20:b2:1a:83:06:2a:6e:96:05:06:56:ab:c0:df:
                    69:8e:d6:74:b0:c9:58:17:08:3f:d2:53:92:36:18:
                    39:9d:c6:c0:0b:63:9d:f3:76:52:ec:43:1a:ed:5d:
                    0a:90:2a:f8:a5:8e:aa:21:6c:71:e4:ef:1f:6e:02:
                    85:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:77:3C:E9:79:47:32:08:40:06:67:78:EB:FF:58:87:04:C5:AB:28
            X509v3 Authority Key Identifier:
                keyid:7C:97:B6:90:B6:1B:5A:4F:86:70:91:0D:DA:B4:C6:5A:A8:7A:88:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fJe2kLYbWk-GcJEN2rTGWqh6iDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/8f3b97-7bc4-4c8d-b5a5-296739745bdd/1/EXc86XlHMghABmd46_9YhwTFqyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/8f3b97-7bc4-4c8d-b5a5-296739745bdd/1/fJe2kLYbWk-GcJEN2rTGWqh6iDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e4:73:45:35:58:ca:18:b1:f2:12:f2:ba:87:b6:af:89:4c:82:
         df:26:fe:c6:75:9a:08:78:47:d6:bd:2c:7b:1e:c7:e1:fb:13:
         c6:86:d8:bc:0f:29:94:45:b0:54:ab:b8:06:44:77:25:27:6a:
         2d:ab:fd:ad:1b:51:77:43:f7:61:0a:42:61:d9:c5:c0:71:26:
         67:7a:9f:38:6c:4f:fd:89:40:5e:9e:c8:bf:16:6c:9d:2b:0c:
         c8:68:53:52:5a:f1:ad:1a:89:17:a3:11:b8:b5:48:f7:76:61:
         15:8d:e1:26:b5:e5:f8:2f:86:b6:33:c6:fc:c9:39:a5:a5:35:
         6f:0a:3c:e8:11:b6:fc:ce:e8:a5:12:ed:86:20:85:70:90:8f:
         ac:89:6f:a8:90:29:cf:19:b0:db:5a:4f:db:2e:2f:75:0b:d6:
         94:84:11:ea:78:5c:6f:06:4b:2f:09:f8:a5:0f:46:9c:bd:49:
         8e:f8:0c:db:e7:a9:60:b1:27:fc:7f:4d:15:8e:f9:05:e3:a2:
         98:94:cf:98:0d:12:17:7f:86:e0:2e:87:16:b2:9c:54:ca:e7:
         86:8d:3a:38:95:ab:c5:51:44:52:19:ff:41:39:7d:38:24:63:
         fd:ff:ab:04:6e:44:50:a8:81:70:7f:3c:78:29:b4:2b:39:f6:
         82:70:42:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1EYnmWJKwv56Jm3NQVljGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjOTdiNjkwYjYxYjVhNGY4NjcwOTEwZGRhYjRjNjVhYTg3
YTg4MzQwHhcNMjYwMzMxMTQ1MzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTc3M2NlOTc5NDczMjA4NDAwNjY3NzhlYmZmNTg4NzA0YzVhYjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NiWeBGeUeCop7z4uV1qB+eQG463
jC6XPBgSC5xMJwkPdKzOpIlobUZDNFvOR4bSTFXooOjG1OQWmGQ7V/kpOGO6Clf0
pxWMlUr5Bk17bz/JINv2xm5ftNfez/EL3xel3QmDwfWQaTUVNcBvluoGUinvtMtr
ZgoMJdSH2rxkmf3LBMszrxr/+B1UzPQtyLpNDOq8XENY/OtrlzRPEzXn8JtHyynm
2EMAA7ilBAvFoZR40kD0rZSXgBrb0zYCpr7zA5XvILIagwYqbpYFBlarwN9pjtZ0
sMlYFwg/0lOSNhg5ncbAC2Od83ZS7EMa7V0KkCr4pY6qIWxx5O8fbgKFsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBF3POl5RzIIQAZneOv/WIcExasoMB8GA1UdIwQY
MBaAFHyXtpC2G1pPhnCRDdq0xlqoeog0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkplMmtMWWJXay1HY0pFTjJyVEdXcWg2aURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy84ZjNiOTctN2JjNC00YzhkLWI1YTUt
Mjk2NzM5NzQ1YmRkLzEvRVhjODZYbEhNZ2hBQm1kNDZfOVlod1RGcXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy84ZjNiOTctN2JjNC00YzhkLWI1YTUtMjk2NzM5NzQ1YmRk
LzEvZkplMmtMWWJXay1HY0pFTjJyVEdXcWg2aURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueTcMA0G
CSqGSIb3DQEBCwUAA4IBAQDkc0U1WMoYsfIS8rqHtq+JTILfJv7GdZoIeEfWvSx7
Hsfh+xPGhti8DymURbBUq7gGRHclJ2otq/2tG1F3Q/dhCkJh2cXAcSZnep84bE/9
iUBensi/FmydKwzIaFNSWvGtGokXoxG4tUj3dmEVjeEmteX4L4a2M8b8yTmlpTVv
CjzoEbb8zuilEu2GIIVwkI+siW+okCnPGbDbWk/bLi91C9aUhBHqeFxvBksvCfil
D0acvUmO+Azb56lgsSf8f00VjvkF46KYlM+YDRIXf4bgLocWspxUyueGjTo4lavF
UURSGf9BOX04JGP9/6sEbkRQqIFwfzx4KbQrOfaCcEIR
-----END CERTIFICATE-----