Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/zO6UKEO2UsX-uJJtYaV0kqdh2lk.roa
File:                     zO6UKEO2UsX-uJJtYaV0kqdh2lk.roa (raw, json)
Hash identifier:          BNJ+i4qsWrDUg9fXwYJtm2jlZYe3Zjo1dqX8YeGBA8s=
Subject key identifier:   CC:EE:94:28:43:B6:52:C5:FE:B8:92:6D:61:A5:74:92:A7:61:DA:59
Certificate issuer:       /CN=015f2ef6db502994d7b0c8e49cd4a777bdb93572
Certificate serial:       019B7EA5AEF477A687D60367491455BEC3F5
Authority key identifier: 01:5F:2E:F6:DB:50:29:94:D7:B0:C8:E4:9C:D4:A7:77:BD:B9:35:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AV8u9ttQKZTXsMjknNSnd725NXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/zO6UKEO2UsX-uJJtYaV0kqdh2lk.roa
Signing time:             Fri 02 Jan 2026 12:19:06 +0000
ROA not before:           Fri 02 Jan 2026 12:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203123
IP address blocks:        185.144.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/AV8u9ttQKZTXsMjknNSnd725NXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/AV8u9ttQKZTXsMjknNSnd725NXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AV8u9ttQKZTXsMjknNSnd725NXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:ae:f4:77:a6:87:d6:03:67:49:14:55:be:c3:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015f2ef6db502994d7b0c8e49cd4a777bdb93572
        Validity
            Not Before: Jan  2 12:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccee942843b652c5feb8926d61a57492a761da59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:55:b8:e9:9b:89:f6:16:88:01:3e:b0:1f:2c:
                    5a:64:03:0c:b6:7a:b7:20:57:3a:7a:32:40:9e:d0:
                    d4:3d:6c:5d:8b:8f:db:98:e8:83:19:dd:01:f9:c7:
                    f4:55:5c:e3:ea:b9:23:04:10:8a:a7:c4:a8:63:ac:
                    11:c7:df:d5:cf:d7:4a:22:1e:50:06:6f:fb:fd:42:
                    ee:ae:d8:95:a9:0d:4b:75:78:c5:b5:92:cb:12:cd:
                    7b:db:b5:a5:69:f3:eb:eb:11:09:27:f4:3e:09:9e:
                    60:3a:8a:dc:2d:12:b2:2b:f6:26:b3:fe:09:c4:b5:
                    7c:9b:e8:c2:31:3a:4b:c9:22:8f:b4:6e:dd:2f:af:
                    f4:a5:bb:a7:5f:6c:0d:7c:3e:40:45:84:e1:e9:48:
                    48:1a:08:88:57:8c:08:99:f0:57:9c:2d:5e:e4:b1:
                    83:01:5d:ea:ee:b8:85:e2:81:0e:36:0b:0f:63:98:
                    bb:17:62:35:b2:ab:a1:d0:a0:6c:83:ef:6d:0f:cf:
                    1e:d6:b5:ec:97:64:9e:da:c8:5f:01:aa:3c:8e:92:
                    ff:b0:cc:42:f2:91:a6:47:d7:ef:c3:29:47:b0:49:
                    1d:45:cf:22:c8:bb:72:1d:c2:86:79:0e:f3:1c:28:
                    1f:cd:3c:81:f3:33:e4:2c:be:56:eb:75:89:fb:c4:
                    6e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EE:94:28:43:B6:52:C5:FE:B8:92:6D:61:A5:74:92:A7:61:DA:59
            X509v3 Authority Key Identifier:
                keyid:01:5F:2E:F6:DB:50:29:94:D7:B0:C8:E4:9C:D4:A7:77:BD:B9:35:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AV8u9ttQKZTXsMjknNSnd725NXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/zO6UKEO2UsX-uJJtYaV0kqdh2lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/AV8u9ttQKZTXsMjknNSnd725NXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:73:64:c3:31:ff:f0:ff:7a:3a:85:2e:96:ae:a2:b9:04:99:
         1b:c3:36:3f:58:0e:96:d9:c9:2a:af:72:7a:d7:78:dd:2e:95:
         b2:a3:42:2b:a0:96:ee:f3:04:f8:51:ae:f5:8a:35:33:99:b6:
         9c:6b:c6:1e:43:e9:8f:58:00:07:64:a2:e6:a8:0b:ad:15:06:
         de:50:c6:f7:94:d0:17:c2:b6:be:63:9f:41:0c:3b:9a:e3:79:
         fe:db:3c:fe:c1:11:9d:69:10:4c:a5:31:ee:ed:29:9f:ab:ff:
         f2:09:c0:85:80:02:9d:99:21:ca:eb:78:7b:29:4a:32:07:9a:
         45:cd:65:88:7a:71:42:7d:be:a3:26:d2:35:cf:50:ff:08:03:
         c9:3c:24:e7:80:3d:46:72:5f:8e:0a:82:e3:7e:19:ea:65:80:
         0b:0d:d0:43:e8:f6:07:9b:e3:60:ad:fc:53:ae:ad:dd:9f:5e:
         4e:f1:ed:f4:ff:21:bf:5e:74:e4:af:3a:71:11:18:03:07:74:
         22:dc:a5:dd:a5:de:30:59:82:2b:4d:24:28:90:48:6a:2b:0a:
         71:3f:d3:e7:e0:db:64:e0:ff:07:df:9b:b8:12:1b:2b:a5:5a:
         ed:48:47:fd:0e:83:b1:ed:71:88:6f:5c:dd:a5:e6:cd:0c:6b:
         b6:b3:7c:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pa70d6aH1gNnSRRVvsP1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWYyZWY2ZGI1MDI5OTRkN2IwYzhlNDljZDRhNzc3YmRi
OTM1NzIwHhcNMjYwMTAyMTIxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2VlOTQyODQzYjY1MmM1ZmViODkyNmQ2MWE1NzQ5MmE3NjFkYTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFW46ZuJ9haIAT6wHyxaZAMMtnq3
IFc6ejJAntDUPWxdi4/bmOiDGd0B+cf0VVzj6rkjBBCKp8SoY6wRx9/Vz9dKIh5Q
Bm/7/ULurtiVqQ1LdXjFtZLLEs1727WlafPr6xEJJ/Q+CZ5gOorcLRKyK/Yms/4J
xLV8m+jCMTpLySKPtG7dL6/0pbunX2wNfD5ARYTh6UhIGgiIV4wImfBXnC1e5LGD
AV3q7riF4oEONgsPY5i7F2I1squh0KBsg+9tD88e1rXsl2Se2shfAao8jpL/sMxC
8pGmR9fvwylHsEkdRc8iyLtyHcKGeQ7zHCgfzTyB8zPkLL5W63WJ+8RuhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzulChDtlLF/riSbWGldJKnYdpZMB8GA1UdIwQY
MBaAFAFfLvbbUCmU17DI5JzUp3e9uTVyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVY4dTl0dFFLWlRYc01qa25OU25kNzI1TlhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zNjcyMGUtZWJmMi00YjQxLThjYzIt
ZmFmZjIxMWVhNGM2LzEvek82VUtFTzJVc1gtdUpKdFlhVjBrcWRoMmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zNjcyMGUtZWJmMi00YjQxLThjYzItZmFmZjIxMWVhNGM2
LzEvQVY4dTl0dFFLWlRYc01qa25OU25kNzI1TlhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZAIMA0G
CSqGSIb3DQEBCwUAA4IBAQAQc2TDMf/w/3o6hS6WrqK5BJkbwzY/WA6W2ckqr3J6
13jdLpWyo0IroJbu8wT4Ua71ijUzmbaca8YeQ+mPWAAHZKLmqAutFQbeUMb3lNAX
wra+Y59BDDua43n+2zz+wRGdaRBMpTHu7Smfq//yCcCFgAKdmSHK63h7KUoyB5pF
zWWIenFCfb6jJtI1z1D/CAPJPCTngD1Gcl+OCoLjfhnqZYALDdBD6PYHm+NgrfxT
rq3dn15O8e30/yG/XnTkrzpxERgDB3Qi3KXdpd4wWYIrTSQokEhqKwpxP9Pn4Ntk
4P8H35u4EhsrpVrtSEf9DoOx7XGIb1zdpebNDGu2s3ww
-----END CERTIFICATE-----