Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dfbce8-5437-49d7-a7f9-c6ddeb494735/1/AOBKl1z9iGQ7udCEUVrOWOKRRJM.roa
File:                     AOBKl1z9iGQ7udCEUVrOWOKRRJM.roa (raw, json)
Hash identifier:          szJEeXPbG7L6V12RPqYR0G9jxj6sIKpxCqCIcFUY2rQ=
Subject key identifier:   00:E0:4A:97:5C:FD:88:64:3B:B9:D0:84:51:5A:CE:58:E2:91:44:93
Certificate issuer:       /CN=7735b70dca270fcb8e4b9092b7200364138f5df1
Certificate serial:       019B7EA68AEDA4C072717F176C2D194F9269
Authority key identifier: 77:35:B7:0D:CA:27:0F:CB:8E:4B:90:92:B7:20:03:64:13:8F:5D:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dzW3DconD8uOS5CStyADZBOPXfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/dfbce8-5437-49d7-a7f9-c6ddeb494735/1/AOBKl1z9iGQ7udCEUVrOWOKRRJM.roa
Signing time:             Fri 02 Jan 2026 12:20:02 +0000
ROA not before:           Fri 02 Jan 2026 12:20:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205357
IP address blocks:        185.219.248.0/24 maxlen: 24
                          185.219.249.0/24 maxlen: 24
                          185.219.250.0/24 maxlen: 24
                          185.219.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/dfbce8-5437-49d7-a7f9-c6ddeb494735/1/dzW3DconD8uOS5CStyADZBOPXfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/dfbce8-5437-49d7-a7f9-c6ddeb494735/1/dzW3DconD8uOS5CStyADZBOPXfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dzW3DconD8uOS5CStyADZBOPXfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:8a:ed:a4:c0:72:71:7f:17:6c:2d:19:4f:92:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7735b70dca270fcb8e4b9092b7200364138f5df1
        Validity
            Not Before: Jan  2 12:20:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00e04a975cfd88643bb9d084515ace58e2914493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9c:be:e5:3a:98:75:80:d0:2a:3b:16:2e:80:
                    9e:65:b0:85:63:3f:f4:3e:c8:9a:62:80:08:11:47:
                    ef:ff:ba:28:81:8f:33:47:40:05:0d:0f:1e:8e:d0:
                    ce:5c:f5:25:df:4b:8f:6a:28:64:6e:b7:d2:30:a1:
                    18:d0:68:63:f2:fc:dc:33:6c:1a:de:e1:0b:d9:e0:
                    6c:0d:39:07:09:45:8e:65:40:68:f2:c9:94:b4:49:
                    ab:54:b7:79:66:d9:af:36:76:06:ec:a1:c7:c2:00:
                    f7:1b:d8:fb:b7:8d:f2:5b:76:bc:4a:99:52:3e:92:
                    52:91:c9:e2:6d:68:83:60:62:c8:7d:d2:dd:24:11:
                    94:ea:41:b7:6e:cf:5c:1c:88:37:a3:c2:f0:40:61:
                    14:b1:da:24:57:ad:18:7f:33:9a:b1:56:18:0d:d0:
                    43:20:11:3b:e4:60:4b:d1:70:67:ce:3c:9b:b3:05:
                    24:2d:d3:6a:b0:8d:61:cb:fa:38:37:d0:37:63:19:
                    7c:7c:e7:ec:2d:a7:4e:98:0e:6f:55:06:df:08:ac:
                    49:a1:73:a0:e2:91:9b:00:15:73:7e:a9:a3:23:d1:
                    9c:10:76:17:98:84:17:7c:3a:63:67:70:d6:5d:74:
                    60:01:c4:9d:a3:e9:f1:13:55:f3:55:07:c5:8f:ee:
                    d0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E0:4A:97:5C:FD:88:64:3B:B9:D0:84:51:5A:CE:58:E2:91:44:93
            X509v3 Authority Key Identifier:
                keyid:77:35:B7:0D:CA:27:0F:CB:8E:4B:90:92:B7:20:03:64:13:8F:5D:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dzW3DconD8uOS5CStyADZBOPXfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dfbce8-5437-49d7-a7f9-c6ddeb494735/1/AOBKl1z9iGQ7udCEUVrOWOKRRJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dfbce8-5437-49d7-a7f9-c6ddeb494735/1/dzW3DconD8uOS5CStyADZBOPXfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:02:57:5a:4d:e5:c6:d8:83:01:cb:24:79:32:99:06:bd:96:
         00:c5:56:be:f5:63:f0:52:d4:83:4a:ca:e5:5d:67:56:82:82:
         94:b6:eb:f6:ff:3e:ec:f0:67:b4:97:6f:ce:88:b8:17:fa:f0:
         9d:ad:4d:c6:c6:b3:53:3d:f0:6c:5f:15:94:43:f3:a2:ed:05:
         a7:bc:e5:f8:c5:56:c4:ec:32:eb:28:04:a2:c5:08:d3:67:01:
         44:cb:da:da:b6:34:73:aa:f6:1b:91:8f:d2:38:35:cf:41:6b:
         9b:b7:cd:f1:e2:a0:e3:08:22:eb:41:eb:7c:c1:db:09:0f:1e:
         39:b9:eb:69:50:9d:83:10:8a:12:b0:b8:ef:a6:f8:d0:29:59:
         46:b9:50:ce:ff:7c:db:a2:e6:ea:1e:e8:36:8c:7d:c3:59:48:
         4d:08:d5:03:67:0c:38:69:3b:1a:70:bc:cb:c1:72:9b:c4:7f:
         47:47:b9:5a:a0:78:0c:0e:17:3f:2d:6a:7e:af:47:54:01:48:
         61:4a:1b:eb:7c:d6:9b:35:ab:67:e4:6d:9c:ec:61:df:ac:94:
         f7:37:12:d7:c1:e4:9f:85:fa:5e:1f:1e:57:45:6c:6b:23:52:
         1c:ec:81:59:ac:27:b5:2a:c2:6b:c2:2c:dd:99:ce:10:ab:c6:
         af:74:2c:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+portpMBycX8XbC0ZT5JpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MzViNzBkY2EyNzBmY2I4ZTRiOTA5MmI3MjAwMzY0MTM4
ZjVkZjEwHhcNMjYwMTAyMTIyMDAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGUwNGE5NzVjZmQ4ODY0M2JiOWQwODQ1MTVhY2U1OGUyOTE0NDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJy+5TqYdYDQKjsWLoCeZbCFYz/0
PsiaYoAIEUfv/7oogY8zR0AFDQ8ejtDOXPUl30uPaihkbrfSMKEY0Ghj8vzcM2wa
3uEL2eBsDTkHCUWOZUBo8smUtEmrVLd5ZtmvNnYG7KHHwgD3G9j7t43yW3a8SplS
PpJSkcnibWiDYGLIfdLdJBGU6kG3bs9cHIg3o8LwQGEUsdokV60YfzOasVYYDdBD
IBE75GBL0XBnzjybswUkLdNqsI1hy/o4N9A3Yxl8fOfsLadOmA5vVQbfCKxJoXOg
4pGbABVzfqmjI9GcEHYXmIQXfDpjZ3DWXXRgAcSdo+nxE1XzVQfFj+7QrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADgSpdc/YhkO7nQhFFazljikUSTMB8GA1UdIwQY
MBaAFHc1tw3KJw/LjkuQkrcgA2QTj13xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHpXM0Rjb25EOHVPUzVDU3R5QURaQk9QWGZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZmJjZTgtNTQzNy00OWQ3LWE3Zjkt
YzZkZGViNDk0NzM1LzEvQU9CS2wxejlpR1E3dWRDRVVWck9XT0tSUkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9kZmJjZTgtNTQzNy00OWQ3LWE3ZjktYzZkZGViNDk0NzM1
LzEvZHpXM0Rjb25EOHVPUzVDU3R5QURaQk9QWGZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudv4MA0G
CSqGSIb3DQEBCwUAA4IBAQBUAldaTeXG2IMByyR5MpkGvZYAxVa+9WPwUtSDSsrl
XWdWgoKUtuv2/z7s8Ge0l2/OiLgX+vCdrU3GxrNTPfBsXxWUQ/Oi7QWnvOX4xVbE
7DLrKASixQjTZwFEy9ratjRzqvYbkY/SODXPQWubt83x4qDjCCLrQet8wdsJDx45
uetpUJ2DEIoSsLjvpvjQKVlGuVDO/3zboubqHug2jH3DWUhNCNUDZww4aTsacLzL
wXKbxH9HR7laoHgMDhc/LWp+r0dUAUhhShvrfNabNatn5G2c7GHfrJT3NxLXweSf
hfpeHx5XRWxrI1Ic7IFZrCe1KsJrwizdmc4Qq8avdCyZ
-----END CERTIFICATE-----