Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/XVjNtKOnJpcmis7Nf1eAthdQZB0.roa
File:                     XVjNtKOnJpcmis7Nf1eAthdQZB0.roa (raw, json)
Hash identifier:          P0IN+5mFqrGT5cbJJWFNGnDNpinkIhBbzTCg+cVZWjI=
Subject key identifier:   5D:58:CD:B4:A3:A7:26:97:26:8A:CE:CD:7F:57:80:B6:17:50:64:1D
Certificate issuer:       /CN=89edfa414944d010ac69ee5bfb22773b24b27efb
Certificate serial:       019C93E1B04F1D7247DD23EBFB9BE3F18F66
Authority key identifier: 89:ED:FA:41:49:44:D0:10:AC:69:EE:5B:FB:22:77:3B:24:B2:7E:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ie36QUlE0BCsae5b-yJ3OySyfvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/XVjNtKOnJpcmis7Nf1eAthdQZB0.roa
Signing time:             Wed 25 Feb 2026 08:19:27 +0000
ROA not before:           Wed 25 Feb 2026 08:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207083
IP address blocks:        185.36.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/ie36QUlE0BCsae5b-yJ3OySyfvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/ie36QUlE0BCsae5b-yJ3OySyfvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ie36QUlE0BCsae5b-yJ3OySyfvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:93:e1:b0:4f:1d:72:47:dd:23:eb:fb:9b:e3:f1:8f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89edfa414944d010ac69ee5bfb22773b24b27efb
        Validity
            Not Before: Feb 25 08:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d58cdb4a3a72697268acecd7f5780b61750641d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:95:cd:93:01:ee:36:6d:29:5c:8d:3c:3b:6f:
                    76:32:65:6c:04:9a:2c:cc:f5:0f:d6:25:36:2b:e4:
                    74:85:94:b7:fb:db:79:ab:88:46:1a:ec:d2:81:ac:
                    44:d5:b7:96:76:5c:22:54:90:5c:01:9f:d4:d4:e7:
                    e8:7e:3d:11:65:93:57:4b:fe:34:9c:cd:61:0d:d3:
                    53:a0:fa:05:c3:27:68:b9:ef:f8:2f:ce:75:37:9f:
                    d7:cb:b1:42:52:3f:70:4c:7b:ef:1e:21:58:ed:f1:
                    8d:21:2e:72:c7:27:c3:08:cb:88:a3:88:68:c6:9c:
                    32:de:08:2f:15:f6:db:39:c1:64:99:53:a1:6c:1d:
                    c7:ae:c5:e2:c4:bc:42:66:bc:d8:43:45:d1:0a:6b:
                    86:73:04:90:05:ba:50:cc:bd:08:65:cd:7f:07:8b:
                    fa:7c:35:a6:ff:18:84:27:d8:55:68:f7:67:9e:3a:
                    fe:a5:a3:d2:17:98:77:a5:9a:f8:37:62:b1:fc:bf:
                    36:14:b7:72:9c:57:f4:3b:34:2c:da:35:6c:f7:88:
                    50:be:c0:ac:ad:dd:e5:c2:a7:0b:bc:68:b1:97:a2:
                    22:1b:5a:8b:76:ac:66:a1:59:24:96:04:c3:d5:da:
                    f0:90:06:b9:ca:e7:46:eb:34:22:83:d9:75:89:07:
                    98:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:58:CD:B4:A3:A7:26:97:26:8A:CE:CD:7F:57:80:B6:17:50:64:1D
            X509v3 Authority Key Identifier:
                keyid:89:ED:FA:41:49:44:D0:10:AC:69:EE:5B:FB:22:77:3B:24:B2:7E:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ie36QUlE0BCsae5b-yJ3OySyfvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/XVjNtKOnJpcmis7Nf1eAthdQZB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/936cbb-bac4-4fde-8def-febc1ed3ceba/1/ie36QUlE0BCsae5b-yJ3OySyfvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:10:00:2b:01:13:c5:d1:dd:b8:95:53:1f:f3:e5:c7:3c:b2:
         14:7a:5c:d2:07:c7:98:97:8e:dc:ab:67:03:da:a8:6d:e8:4e:
         64:1d:12:d0:1f:e3:ee:d1:38:07:6c:1f:58:53:b3:c5:71:5f:
         25:cd:8e:b3:c2:c0:f4:6e:16:21:23:7e:9a:b0:94:ff:28:b9:
         5e:31:ad:1a:17:75:16:ce:7f:89:6c:27:d5:52:ee:cb:ed:5b:
         57:32:05:ac:c4:42:48:e9:66:e3:94:c6:8f:fe:b7:2d:78:42:
         0e:fe:c4:02:12:55:e5:5a:43:04:d7:6f:3a:a2:e3:12:be:b0:
         dc:64:57:e5:05:8d:c8:84:2f:21:73:87:45:aa:11:fc:0a:f8:
         2c:c9:a7:0b:be:79:33:c8:7d:46:35:fa:2b:a7:37:04:6c:9f:
         91:4d:3d:ea:0a:8b:ce:05:3d:e4:8c:17:8a:09:da:e7:7d:98:
         f5:97:af:cc:13:01:68:34:f2:ef:0b:e1:d1:52:b5:ed:e8:4d:
         2d:2a:94:1d:63:52:7a:58:77:1e:52:70:f5:7a:2f:e1:6e:18:
         bc:c6:cf:5a:b5:01:05:1c:ba:68:c7:b3:76:ec:71:df:b7:46:
         48:04:b5:76:6e:11:20:a3:eb:b5:39:c6:af:28:26:bc:b9:a9:
         9f:a1:f9:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyT4bBPHXJH3SPr+5vj8Y9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZWRmYTQxNDk0NGQwMTBhYzY5ZWU1YmZiMjI3NzNiMjRi
MjdlZmIwHhcNMjYwMjI1MDgxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDU4Y2RiNGEzYTcyNjk3MjY4YWNlY2Q3ZjU3ODBiNjE3NTA2NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZXNkwHuNm0pXI08O292MmVsBJos
zPUP1iU2K+R0hZS3+9t5q4hGGuzSgaxE1beWdlwiVJBcAZ/U1Ofofj0RZZNXS/40
nM1hDdNToPoFwydoue/4L851N5/Xy7FCUj9wTHvvHiFY7fGNIS5yxyfDCMuIo4ho
xpwy3ggvFfbbOcFkmVOhbB3HrsXixLxCZrzYQ0XRCmuGcwSQBbpQzL0IZc1/B4v6
fDWm/xiEJ9hVaPdnnjr+paPSF5h3pZr4N2Kx/L82FLdynFf0OzQs2jVs94hQvsCs
rd3lwqcLvGixl6IiG1qLdqxmoVkklgTD1drwkAa5yudG6zQig9l1iQeY3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1YzbSjpyaXJorOzX9XgLYXUGQdMB8GA1UdIwQY
MBaAFInt+kFJRNAQrGnuW/sidzsksn77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWUzNlFVbEUwQkNzYWU1Yi15SjNPeVN5ZnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC85MzZjYmItYmFjNC00ZmRlLThkZWYt
ZmViYzFlZDNjZWJhLzEvWFZqTnRLT25KcGNtaXM3TmYxZUF0aGRRWkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC85MzZjYmItYmFjNC00ZmRlLThkZWYtZmViYzFlZDNjZWJh
LzEvaWUzNlFVbEUwQkNzYWU1Yi15SjNPeVN5ZnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSSRMA0G
CSqGSIb3DQEBCwUAA4IBAQADEAArARPF0d24lVMf8+XHPLIUelzSB8eYl47cq2cD
2qht6E5kHRLQH+Pu0TgHbB9YU7PFcV8lzY6zwsD0bhYhI36asJT/KLleMa0aF3UW
zn+JbCfVUu7L7VtXMgWsxEJI6WbjlMaP/rcteEIO/sQCElXlWkME1286ouMSvrDc
ZFflBY3IhC8hc4dFqhH8CvgsyacLvnkzyH1GNforpzcEbJ+RTT3qCovOBT3kjBeK
CdrnfZj1l6/MEwFoNPLvC+HRUrXt6E0tKpQdY1J6WHceUnD1ei/hbhi8xs9atQEF
HLpox7N27HHft0ZIBLV2bhEgo+u1OcavKCa8uamfofnC
-----END CERTIFICATE-----