Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/H4N6iHzqJPwBL4ZeeQhJkfgslhY.roa
File:                     H4N6iHzqJPwBL4ZeeQhJkfgslhY.roa (raw, json)
Hash identifier:          KYorPqkctUfreyDSNu/x2TOdKW4S2t1MdUfVGYYO4/g=
Subject key identifier:   1F:83:7A:88:7C:EA:24:FC:01:2F:86:5E:79:08:49:91:F8:2C:96:16
Certificate issuer:       /CN=607cea6e103a2325c48c1667a99c7b17eb3ce7b6
Certificate serial:       019B7BA338FFFEF3E2609446A2A36646AAF8
Authority key identifier: 60:7C:EA:6E:10:3A:23:25:C4:8C:16:67:A9:9C:7B:17:EB:3C:E7:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YHzqbhA6IyXEjBZnqZx7F-s857Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/H4N6iHzqJPwBL4ZeeQhJkfgslhY.roa
Signing time:             Thu 01 Jan 2026 22:17:33 +0000
ROA not before:           Thu 01 Jan 2026 22:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205894
IP address blocks:        185.232.176.0/22 maxlen: 22
                          185.232.176.0/24 maxlen: 24
                          185.232.177.0/24 maxlen: 24
                          185.232.178.0/24 maxlen: 24
                          185.232.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/YHzqbhA6IyXEjBZnqZx7F-s857Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/YHzqbhA6IyXEjBZnqZx7F-s857Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YHzqbhA6IyXEjBZnqZx7F-s857Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:38:ff:fe:f3:e2:60:94:46:a2:a3:66:46:aa:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607cea6e103a2325c48c1667a99c7b17eb3ce7b6
        Validity
            Not Before: Jan  1 22:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f837a887cea24fc012f865e79084991f82c9616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:93:ce:11:d8:ca:c1:7d:85:0f:e6:ae:9e:c3:
                    4a:22:ca:d9:1b:f3:ec:60:85:bb:d3:ce:70:50:99:
                    36:18:27:b2:5f:73:00:79:8e:29:e0:45:9a:b4:cb:
                    d4:de:f5:a9:2f:10:91:95:23:d7:8b:0a:0f:5f:b5:
                    b5:36:07:c7:1f:aa:22:1d:a2:f3:ad:10:6b:cd:a7:
                    3f:4c:1f:98:52:fb:1a:b3:56:ad:33:09:e8:14:d3:
                    0f:6a:5d:8a:85:75:68:3b:dd:1c:e0:04:9f:0b:c9:
                    e1:27:40:5b:04:1c:70:3d:a6:00:4f:a9:5c:a1:ab:
                    31:cd:f6:b6:44:7b:b6:59:c4:69:1e:95:59:05:2f:
                    8b:d3:08:6f:45:31:56:bc:29:7b:ce:ff:5e:2c:74:
                    9d:1b:24:00:62:b5:3b:e3:84:ce:b2:6f:f8:4f:e0:
                    a6:71:b3:d0:13:05:fd:c2:c2:d6:a6:59:f1:8f:72:
                    fb:be:a1:9e:fb:4d:08:fe:24:ae:e7:14:f3:f2:72:
                    8d:a0:2b:82:9c:5f:3e:45:65:e1:91:c3:3c:c9:fc:
                    87:6b:f5:3f:13:d7:a4:fd:ab:e5:5c:77:25:8e:20:
                    6f:05:df:0a:77:bc:5e:21:f7:3d:1c:41:38:3e:e0:
                    cc:e6:be:8f:01:b9:8b:d0:68:08:c3:4e:a0:b5:88:
                    96:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:83:7A:88:7C:EA:24:FC:01:2F:86:5E:79:08:49:91:F8:2C:96:16
            X509v3 Authority Key Identifier:
                keyid:60:7C:EA:6E:10:3A:23:25:C4:8C:16:67:A9:9C:7B:17:EB:3C:E7:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YHzqbhA6IyXEjBZnqZx7F-s857Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/H4N6iHzqJPwBL4ZeeQhJkfgslhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/YHzqbhA6IyXEjBZnqZx7F-s857Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:6f:29:76:5b:83:74:76:4d:e9:dc:f3:37:45:24:8c:f3:65:
         09:7f:bc:9f:1f:5a:7a:18:38:86:a3:7b:97:55:44:ba:85:47:
         e1:d2:24:97:33:ea:d9:ff:97:d2:fd:c3:7f:39:67:8a:cb:15:
         a4:f1:a0:de:d4:cb:8a:7f:f5:5b:ea:83:24:8c:e7:87:4b:b9:
         ce:6d:fb:fd:71:9e:63:83:8e:88:b0:57:12:24:aa:a4:74:1f:
         e6:da:23:7f:45:e1:d8:d6:80:80:2e:2f:9d:16:cb:db:c2:ce:
         87:21:92:c9:c3:14:b6:9e:4e:e2:81:be:fb:bc:8e:41:bb:0d:
         47:ff:ed:0f:ca:4d:43:da:5d:25:fa:ac:ff:66:08:9f:af:44:
         cd:09:be:76:b4:58:98:bd:39:a9:9e:3d:d8:82:14:6f:fd:ac:
         28:00:74:32:da:c9:b5:e7:c7:86:55:04:84:ff:fc:a7:6a:4d:
         64:5b:32:21:24:7b:6b:52:ba:77:20:bc:e1:4f:a0:58:42:d3:
         74:3b:06:f2:b1:49:6e:05:30:3e:ae:e7:5a:9d:52:9c:78:b5:
         eb:5a:84:a8:90:d6:32:92:a2:dc:0d:f3:df:e0:38:d1:3e:34:
         b2:a4:91:db:bd:8b:37:31:97:ea:44:89:3b:46:cc:08:ff:79:
         1d:42:ca:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7ozj//vPiYJRGoqNmRqr4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwN2NlYTZlMTAzYTIzMjVjNDhjMTY2N2E5OWM3YjE3ZWIz
Y2U3YjYwHhcNMjYwMTAxMjIxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjgzN2E4ODdjZWEyNGZjMDEyZjg2NWU3OTA4NDk5MWY4MmM5NjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpPOEdjKwX2FD+aunsNKIsrZG/Ps
YIW7085wUJk2GCeyX3MAeY4p4EWatMvU3vWpLxCRlSPXiwoPX7W1NgfHH6oiHaLz
rRBrzac/TB+YUvsas1atMwnoFNMPal2KhXVoO90c4ASfC8nhJ0BbBBxwPaYAT6lc
oasxzfa2RHu2WcRpHpVZBS+L0whvRTFWvCl7zv9eLHSdGyQAYrU744TOsm/4T+Cm
cbPQEwX9wsLWplnxj3L7vqGe+00I/iSu5xTz8nKNoCuCnF8+RWXhkcM8yfyHa/U/
E9ek/avlXHcljiBvBd8Kd7xeIfc9HEE4PuDM5r6PAbmL0GgIw06gtYiWUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+Deoh86iT8AS+GXnkISZH4LJYWMB8GA1UdIwQY
MBaAFGB86m4QOiMlxIwWZ6mcexfrPOe2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUh6cWJoQTZJeVhFakJabnFaeDdGLXM4NTdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9lNjE5ODUtZjg4MS00MDM1LWFiNWIt
YzlhOWJhYTQzZjk0LzEvSDRONmlIenFKUHdCTDRaZWVRaEprZmdzbGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9lNjE5ODUtZjg4MS00MDM1LWFiNWItYzlhOWJhYTQzZjk0
LzEvWUh6cWJoQTZJeVhFakJabnFaeDdGLXM4NTdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueiwMA0G
CSqGSIb3DQEBCwUAA4IBAQBubyl2W4N0dk3p3PM3RSSM82UJf7yfH1p6GDiGo3uX
VUS6hUfh0iSXM+rZ/5fS/cN/OWeKyxWk8aDe1MuKf/Vb6oMkjOeHS7nObfv9cZ5j
g46IsFcSJKqkdB/m2iN/ReHY1oCALi+dFsvbws6HIZLJwxS2nk7igb77vI5Buw1H
/+0Pyk1D2l0l+qz/Zgifr0TNCb52tFiYvTmpnj3YghRv/awoAHQy2sm158eGVQSE
//ynak1kWzIhJHtrUrp3ILzhT6BYQtN0OwbysUluBTA+rudanVKceLXrWoSokNYy
kqLcDfPf4DjRPjSypJHbvYs3MZfqRIk7RswI/3kdQsoj
-----END CERTIFICATE-----