Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/P3GL0lEPXHxX6ReXD2EE-N5BOPY.roa
File:                     P3GL0lEPXHxX6ReXD2EE-N5BOPY.roa (raw, json)
Hash identifier:          K1gHtEMD2Pdz0kCStDLaFagZHw3HfNCxhWsobTthfNg=
Subject key identifier:   3F:71:8B:D2:51:0F:5C:7C:57:E9:17:97:0F:61:04:F8:DE:41:38:F6
Certificate issuer:       /CN=c8e2d1f3257cfae0ffe673c1f77534653312f06b
Certificate serial:       019B7EA659FCAB02E1D9FE51F4025A55D426
Authority key identifier: C8:E2:D1:F3:25:7C:FA:E0:FF:E6:73:C1:F7:75:34:65:33:12:F0:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/P3GL0lEPXHxX6ReXD2EE-N5BOPY.roa
Signing time:             Fri 02 Jan 2026 12:19:49 +0000
ROA not before:           Fri 02 Jan 2026 12:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207181
IP address blocks:        185.162.208.0/22 maxlen: 22
                          185.162.208.0/24 maxlen: 24
                          185.162.209.0/24 maxlen: 24
                          185.162.210.0/24 maxlen: 24
                          185.162.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:59:fc:ab:02:e1:d9:fe:51:f4:02:5a:55:d4:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8e2d1f3257cfae0ffe673c1f77534653312f06b
        Validity
            Not Before: Jan  2 12:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f718bd2510f5c7c57e917970f6104f8de4138f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:35:db:e5:90:ff:9e:ed:10:74:15:25:19:b2:
                    6d:dd:ba:43:b3:4e:6e:31:15:00:84:b7:37:fa:a7:
                    f4:db:b7:ec:85:3e:76:0c:22:41:4e:46:9e:f6:6a:
                    1f:c0:28:a5:cc:f3:08:1c:9b:fc:36:55:39:3f:36:
                    be:30:3b:7b:1a:c3:21:d0:5d:a4:8d:78:45:b5:d9:
                    1a:ab:3c:d1:39:bd:a4:a6:06:7b:3d:4b:58:2b:09:
                    e7:fd:c4:24:ec:8b:45:1d:88:d0:d0:e4:82:90:eb:
                    24:3a:22:b6:57:8d:cd:27:4f:ec:5f:4b:69:54:95:
                    04:c8:51:c2:71:b9:e2:7e:e2:29:fb:9c:fb:a7:a9:
                    af:e3:f3:d1:a1:63:35:43:9f:41:67:5a:03:ad:bc:
                    bc:15:89:38:e1:86:5e:1f:1b:4d:67:21:0d:df:70:
                    6d:53:ef:27:4c:cc:d1:3f:08:35:1b:ab:ce:ad:8b:
                    f7:8c:43:f7:dd:99:40:2c:24:36:14:53:bf:42:5b:
                    47:9c:9b:b5:5e:6b:b4:63:1b:a6:9b:06:8c:a0:94:
                    84:74:d7:99:52:a4:e8:2d:45:e2:6a:a7:32:8b:ee:
                    d4:db:f7:5d:25:c9:ed:c9:23:33:25:84:ad:e0:2b:
                    c9:28:08:4a:12:ff:4d:08:fd:12:9a:86:49:7c:3e:
                    7f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:71:8B:D2:51:0F:5C:7C:57:E9:17:97:0F:61:04:F8:DE:41:38:F6
            X509v3 Authority Key Identifier:
                keyid:C8:E2:D1:F3:25:7C:FA:E0:FF:E6:73:C1:F7:75:34:65:33:12:F0:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/P3GL0lEPXHxX6ReXD2EE-N5BOPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:d4:9a:9e:44:10:f8:16:b9:a6:ed:c4:74:db:a7:7b:de:0a:
         0c:54:c7:07:36:37:e4:96:65:da:04:08:1b:89:8a:58:8e:bb:
         15:cb:6f:d8:42:20:2b:ff:93:62:15:00:ad:9e:b7:67:46:db:
         03:df:47:aa:ab:0b:ed:c6:58:ed:43:76:93:4a:08:8c:3d:53:
         50:d6:55:3d:51:dc:38:09:25:a6:a1:85:65:b6:db:16:d5:8a:
         8a:89:9c:3c:6c:4d:43:68:6d:91:40:cf:13:bf:dc:c8:db:aa:
         74:05:b5:e7:e4:95:c1:8f:1c:00:58:b2:1e:b2:06:60:8b:7d:
         00:46:bd:d7:3d:e4:72:a0:08:e6:d4:08:ed:36:2c:e1:2d:f8:
         f9:50:b0:30:89:90:09:79:f3:fb:1b:b3:43:d4:d4:5a:89:dc:
         cf:85:84:40:5d:65:b5:70:47:a1:87:4b:64:33:54:ca:ad:b8:
         e2:52:a5:ab:d5:43:5b:23:38:45:dc:12:b4:1a:86:24:3a:2f:
         36:dd:50:13:c9:3e:72:a3:a1:ce:a7:72:25:d0:46:fc:47:7c:
         09:c1:a3:bc:17:e2:1c:9d:de:52:83:71:8d:0b:5f:62:60:e9:
         3b:4e:e6:d8:a3:f9:68:57:13:fc:53:d8:f4:fa:32:14:03:e4:
         ff:ff:c3:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pln8qwLh2f5R9AJaVdQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZTJkMWYzMjU3Y2ZhZTBmZmU2NzNjMWY3NzUzNDY1MzMx
MmYwNmIwHhcNMjYwMTAyMTIxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjcxOGJkMjUxMGY1YzdjNTdlOTE3OTcwZjYxMDRmOGRlNDEzOGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjXb5ZD/nu0QdBUlGbJt3bpDs05u
MRUAhLc3+qf027fshT52DCJBTkae9mofwCilzPMIHJv8NlU5Pza+MDt7GsMh0F2k
jXhFtdkaqzzROb2kpgZ7PUtYKwnn/cQk7ItFHYjQ0OSCkOskOiK2V43NJ0/sX0tp
VJUEyFHCcbnifuIp+5z7p6mv4/PRoWM1Q59BZ1oDrby8FYk44YZeHxtNZyEN33Bt
U+8nTMzRPwg1G6vOrYv3jEP33ZlALCQ2FFO/QltHnJu1Xmu0YxummwaMoJSEdNeZ
UqToLUXiaqcyi+7U2/ddJcntySMzJYSt4CvJKAhKEv9NCP0SmoZJfD5/pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9xi9JRD1x8V+kXlw9hBPjeQTj2MB8GA1UdIwQY
MBaAFMji0fMlfPrg/+Zzwfd1NGUzEvBrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU9MUjh5VjgtdURfNW5QQjkzVTBaVE1TOEdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9kMGU4MjQtZjdkMy00ZjBkLWJkZDQt
Yjk2MjhhMjRkOWQxLzEvUDNHTDBsRVBYSHhYNlJlWEQyRUUtTjVCT1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9kMGU4MjQtZjdkMy00ZjBkLWJkZDQtYjk2MjhhMjRkOWQx
LzEveU9MUjh5VjgtdURfNW5QQjkzVTBaVE1TOEdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaLQMA0G
CSqGSIb3DQEBCwUAA4IBAQB91JqeRBD4Frmm7cR026d73goMVMcHNjfklmXaBAgb
iYpYjrsVy2/YQiAr/5NiFQCtnrdnRtsD30eqqwvtxljtQ3aTSgiMPVNQ1lU9Udw4
CSWmoYVlttsW1YqKiZw8bE1DaG2RQM8Tv9zI26p0BbXn5JXBjxwAWLIesgZgi30A
Rr3XPeRyoAjm1AjtNizhLfj5ULAwiZAJefP7G7ND1NRaidzPhYRAXWW1cEehh0tk
M1TKrbjiUqWr1UNbIzhF3BK0GoYkOi823VATyT5yo6HOp3Il0Eb8R3wJwaO8F+Ic
nd5Sg3GNC19iYOk7TubYo/loVxP8U9j0+jIUA+T//8PP
-----END CERTIFICATE-----