Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/86d512-499b-418e-a420-c161246c825a/1/R8GC6AMTH-Hxqzb_tHLOqN1Dy-4.roa
File:                     R8GC6AMTH-Hxqzb_tHLOqN1Dy-4.roa (raw, json)
Hash identifier:          sjpipeUhURBvNL7hQYR9otIU9f5zXHfGn1dPphfh+uo=
Subject key identifier:   47:C1:82:E8:03:13:1F:E1:F1:AB:36:FF:B4:72:CE:A8:DD:43:CB:EE
Certificate issuer:       /CN=1406b4f9fd5168eb7781e824b1453e99f5e6553c
Certificate serial:       019B76EBA1B0F8C5B911C971DAEF9CFF5CCE
Authority key identifier: 14:06:B4:F9:FD:51:68:EB:77:81:E8:24:B1:45:3E:99:F5:E6:55:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FAa0-f1RaOt3gegksUU-mfXmVTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/86d512-499b-418e-a420-c161246c825a/1/R8GC6AMTH-Hxqzb_tHLOqN1Dy-4.roa
Signing time:             Thu 01 Jan 2026 00:18:32 +0000
ROA not before:           Thu 01 Jan 2026 00:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208035
IP address blocks:        185.35.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/86d512-499b-418e-a420-c161246c825a/1/FAa0-f1RaOt3gegksUU-mfXmVTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/86d512-499b-418e-a420-c161246c825a/1/FAa0-f1RaOt3gegksUU-mfXmVTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FAa0-f1RaOt3gegksUU-mfXmVTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:a1:b0:f8:c5:b9:11:c9:71:da:ef:9c:ff:5c:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1406b4f9fd5168eb7781e824b1453e99f5e6553c
        Validity
            Not Before: Jan  1 00:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47c182e803131fe1f1ab36ffb472cea8dd43cbee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ef:48:f2:e2:cd:85:97:7b:dd:5e:f2:ab:5f:
                    f1:77:2f:6e:27:5b:9e:da:d9:56:4a:a7:84:65:47:
                    f6:b2:a2:32:0c:dd:e2:bc:6c:db:0c:c1:87:83:cb:
                    31:f9:96:9d:ff:c5:03:61:d5:64:6c:41:18:cc:52:
                    c9:64:47:ef:09:4e:37:d2:e6:83:6a:07:92:ae:1c:
                    f4:88:60:46:69:d8:88:1a:40:32:f5:62:9c:93:07:
                    5c:75:11:74:64:ea:65:6d:3e:fb:ac:32:00:5f:4c:
                    26:3f:2c:b7:43:9a:51:0b:1a:b8:79:40:bf:7f:7d:
                    8e:08:9b:07:20:90:09:1b:bf:e1:30:ad:c0:3f:9c:
                    bb:12:31:24:1b:fc:b6:59:58:01:75:79:27:53:36:
                    b0:22:9f:a8:c4:e2:75:19:61:ef:61:6f:27:93:aa:
                    aa:d5:02:5d:dd:27:9a:5b:a6:8d:d5:58:af:2b:54:
                    49:cf:9e:7d:84:e4:7f:3f:2d:2c:9e:42:ef:ae:89:
                    1d:d1:48:5f:25:ea:18:95:56:f3:ab:6c:e9:95:8d:
                    0e:1d:49:d3:a5:1f:f0:1f:a1:b6:c1:d2:ac:b0:55:
                    74:f7:8b:c8:2d:7b:fe:3f:5f:2d:64:92:05:1a:09:
                    ac:25:b2:a5:de:09:78:34:8e:17:64:66:59:5a:e3:
                    14:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C1:82:E8:03:13:1F:E1:F1:AB:36:FF:B4:72:CE:A8:DD:43:CB:EE
            X509v3 Authority Key Identifier:
                keyid:14:06:B4:F9:FD:51:68:EB:77:81:E8:24:B1:45:3E:99:F5:E6:55:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FAa0-f1RaOt3gegksUU-mfXmVTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/86d512-499b-418e-a420-c161246c825a/1/R8GC6AMTH-Hxqzb_tHLOqN1Dy-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/86d512-499b-418e-a420-c161246c825a/1/FAa0-f1RaOt3gegksUU-mfXmVTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:22:3b:31:2b:c5:fa:4d:8f:93:d0:f8:41:ac:1a:e1:30:df:
         d8:e2:96:cb:f6:06:ea:5c:e2:b7:28:a6:52:62:8b:67:aa:7f:
         1c:b2:79:dc:e4:45:6a:cd:de:8d:4a:c1:c5:45:2d:a1:80:18:
         5c:2f:f9:12:75:0c:bf:df:77:6c:96:19:70:ca:36:85:90:f5:
         d5:c7:59:3a:6e:a4:4f:b9:c2:ab:63:17:db:3b:bc:6f:58:c2:
         46:5e:98:1b:5c:0a:c4:7b:2c:0d:18:35:ee:66:d4:78:85:34:
         3e:19:03:05:37:fe:2c:d3:bd:d0:78:73:94:21:7d:18:7a:41:
         64:3d:78:33:07:f3:41:26:73:64:7b:0b:76:8a:ff:83:6e:68:
         54:69:cb:e0:cc:4e:44:a3:7d:4b:84:db:6d:bf:2f:9a:0c:8f:
         99:77:72:75:35:9d:3d:80:ba:ac:bc:44:bc:b0:91:a4:3d:c1:
         75:70:f1:68:a1:c0:21:52:a5:f9:5b:e6:fe:05:85:fb:ae:9c:
         1c:46:43:7e:c4:d9:a0:bb:ef:ea:e4:8e:24:62:c7:dc:2e:ef:
         6f:82:f7:b2:0d:75:6a:ff:15:7b:82:48:00:a9:d8:36:89:87:
         10:19:c5:73:fd:4f:53:3a:78:b4:56:bf:ee:53:40:64:48:20:
         b7:1a:9d:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt266Gw+MW5Eclx2u+c/1zOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0MDZiNGY5ZmQ1MTY4ZWI3NzgxZTgyNGIxNDUzZTk5ZjVl
NjU1M2MwHhcNMjYwMTAxMDAxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2MxODJlODAzMTMxZmUxZjFhYjM2ZmZiNDcyY2VhOGRkNDNjYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO9I8uLNhZd73V7yq1/xdy9uJ1ue
2tlWSqeEZUf2sqIyDN3ivGzbDMGHg8sx+Zad/8UDYdVkbEEYzFLJZEfvCU430uaD
ageSrhz0iGBGadiIGkAy9WKckwdcdRF0ZOplbT77rDIAX0wmPyy3Q5pRCxq4eUC/
f32OCJsHIJAJG7/hMK3AP5y7EjEkG/y2WVgBdXknUzawIp+oxOJ1GWHvYW8nk6qq
1QJd3SeaW6aN1VivK1RJz559hOR/Py0snkLvrokd0UhfJeoYlVbzq2zplY0OHUnT
pR/wH6G2wdKssFV094vILXv+P18tZJIFGgmsJbKl3gl4NI4XZGZZWuMUGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfBgugDEx/h8as2/7RyzqjdQ8vuMB8GA1UdIwQY
MBaAFBQGtPn9UWjrd4HoJLFFPpn15lU8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkFhMC1mMVJhT3QzZ2Vna3NVVS1tZlhtVlR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84NmQ1MTItNDk5Yi00MThlLWE0MjAt
YzE2MTI0NmM4MjVhLzEvUjhHQzZBTVRILUh4cXpiX3RITE9xTjFEeS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84NmQ1MTItNDk5Yi00MThlLWE0MjAtYzE2MTI0NmM4MjVh
LzEvRkFhMC1mMVJhT3QzZ2Vna3NVVS1tZlhtVlR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSM4MA0G
CSqGSIb3DQEBCwUAA4IBAQBhIjsxK8X6TY+T0PhBrBrhMN/Y4pbL9gbqXOK3KKZS
Yotnqn8csnnc5EVqzd6NSsHFRS2hgBhcL/kSdQy/33dslhlwyjaFkPXVx1k6bqRP
ucKrYxfbO7xvWMJGXpgbXArEeywNGDXuZtR4hTQ+GQMFN/4s073QeHOUIX0YekFk
PXgzB/NBJnNkewt2iv+DbmhUacvgzE5Eo31LhNttvy+aDI+Zd3J1NZ09gLqsvES8
sJGkPcF1cPFoocAhUqX5W+b+BYX7rpwcRkN+xNmgu+/q5I4kYsfcLu9vgveyDXVq
/xV7gkgAqdg2iYcQGcVz/U9TOni0Vr/uU0BkSCC3Gp23
-----END CERTIFICATE-----