Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/uO0hPRixKdpQ7dRmQ2or2PuLKb0.roa
File:                     uO0hPRixKdpQ7dRmQ2or2PuLKb0.roa (raw, json)
Hash identifier:          oMcY71q6qwU4awB+i8utxGyZwUW4XEtlGqfFSQ3WTP4=
Subject key identifier:   B8:ED:21:3D:18:B1:29:DA:50:ED:D4:66:43:6A:2B:D8:FB:8B:29:BD
Certificate issuer:       /CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
Certificate serial:       019C8E88F787C1C0CEC02A84989122633E69
Authority key identifier: 76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/uO0hPRixKdpQ7dRmQ2or2PuLKb0.roa
Signing time:             Tue 24 Feb 2026 07:24:26 +0000
ROA not before:           Tue 24 Feb 2026 07:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49110
IP address blocks:        185.143.40.0/24 maxlen: 24
                          185.143.41.0/24 maxlen: 24
                          185.143.42.0/24 maxlen: 24
                          185.143.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:88:f7:87:c1:c0:ce:c0:2a:84:98:91:22:63:3e:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
        Validity
            Not Before: Feb 24 07:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8ed213d18b129da50edd466436a2bd8fb8b29bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:72:8f:1b:6c:4a:a9:27:57:4a:54:ce:e9:6d:
                    39:a8:a3:a8:09:d0:73:a5:ad:82:c0:b4:f8:77:02:
                    92:20:77:12:0e:77:7f:42:80:38:27:f5:b3:08:a2:
                    70:6b:45:a3:33:cd:b4:03:1b:74:c6:be:80:2c:d1:
                    79:b8:48:6a:ab:94:55:92:8a:d1:88:a5:b0:f8:21:
                    78:12:d9:58:26:34:45:39:11:58:b6:d5:01:b2:e7:
                    93:b8:a0:4b:6b:13:20:b2:44:e2:10:c7:33:7d:9a:
                    e1:85:38:c2:41:b7:b1:58:73:75:ce:43:66:74:ba:
                    b0:60:53:e6:0b:b3:75:ec:72:ba:80:33:87:1b:5a:
                    be:81:dd:6d:11:85:a0:83:9f:92:f8:d1:cf:94:ed:
                    ca:33:b9:4d:dd:b7:07:e6:9f:ec:d3:4e:31:cf:eb:
                    2b:08:59:aa:63:de:e8:86:ca:60:83:4d:00:aa:54:
                    2a:6f:52:9f:ee:b4:4d:64:14:39:de:8f:6a:2f:a7:
                    f0:2e:78:07:97:d4:2c:79:de:8b:c7:ff:6c:1b:91:
                    e8:95:7c:75:46:4b:f6:ef:39:ea:4e:72:64:a3:fe:
                    6f:9e:8e:db:73:07:5f:52:b6:5e:bd:84:c7:f9:53:
                    f8:d4:d9:2a:ee:8b:bb:7a:7c:b6:d9:07:a1:d4:cb:
                    60:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:ED:21:3D:18:B1:29:DA:50:ED:D4:66:43:6A:2B:D8:FB:8B:29:BD
            X509v3 Authority Key Identifier:
                keyid:76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/uO0hPRixKdpQ7dRmQ2or2PuLKb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:e1:75:93:a0:09:17:62:66:d6:5a:4c:b9:c4:a5:d3:d6:04:
         c6:10:2e:c8:d9:33:6a:4b:c6:b4:e6:5d:78:ad:e9:bd:cc:3e:
         02:e0:8c:42:31:68:9b:86:e8:51:b3:8c:45:64:3d:0b:c2:e6:
         86:10:a7:e5:98:d5:38:9c:96:ba:79:90:05:cd:6e:0a:e6:5f:
         f9:98:e7:b4:6a:98:6d:5e:e8:d8:dd:46:c5:41:37:ce:bf:71:
         91:78:20:1c:0d:fd:88:32:4f:26:25:b7:0e:31:b6:ac:42:0e:
         5c:d3:46:9e:ad:61:7b:ea:9a:74:ae:e3:6a:f4:95:c8:7d:8d:
         5c:73:aa:03:b3:c9:96:0c:9b:e1:ad:e6:55:04:21:8f:4f:28:
         29:d5:ef:0a:92:cd:e1:21:39:d4:cc:b5:be:84:c2:59:36:9c:
         63:8e:ad:99:5c:0a:d9:d7:e7:fb:0c:bd:59:1d:96:18:d5:42:
         e7:b9:cb:ce:5d:2f:a4:74:71:b8:cb:2b:67:3c:c2:81:4b:b4:
         51:da:ae:d4:e8:41:09:ff:4c:e3:6b:a0:8f:5b:75:1c:b6:4e:
         1b:92:ec:99:f3:ba:6a:93:7d:9f:a7:73:c9:59:32:95:fd:c9:
         29:92:e8:3a:e0:38:c4:15:68:5e:df:fa:ed:6f:2a:ec:4a:ec:
         8b:47:9a:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyOiPeHwcDOwCqEmJEiYz5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2MxNzY2ZmJiZGNmZjY4YmJjMzRhM2M2YmU2OWEwYzhh
MDNhYjkwHhcNMjYwMjI0MDcyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGVkMjEzZDE4YjEyOWRhNTBlZGQ0NjY0MzZhMmJkOGZiOGIyOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHKPG2xKqSdXSlTO6W05qKOoCdBz
pa2CwLT4dwKSIHcSDnd/QoA4J/WzCKJwa0WjM820Axt0xr6ALNF5uEhqq5RVkorR
iKWw+CF4EtlYJjRFORFYttUBsueTuKBLaxMgskTiEMczfZrhhTjCQbexWHN1zkNm
dLqwYFPmC7N17HK6gDOHG1q+gd1tEYWgg5+S+NHPlO3KM7lN3bcH5p/s004xz+sr
CFmqY97ohspgg00AqlQqb1Kf7rRNZBQ53o9qL6fwLngHl9Qsed6Lx/9sG5HolXx1
Rkv27znqTnJko/5vno7bcwdfUrZevYTH+VP41Nkq7ou7eny22Qeh1MtgSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjtIT0YsSnaUO3UZkNqK9j7iym9MB8GA1UdIwQY
MBaAFHZ8F2b7vc/2i7w0o8a+aaDIoDq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQt
MzU2OGUxZDI5ZDRhLzEvdU8waFBSaXhLZHBRN2RSbVEyb3IyUHVMS2IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQtMzU2OGUxZDI5ZDRh
LzEvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY8oMA0G
CSqGSIb3DQEBCwUAA4IBAQCF4XWToAkXYmbWWky5xKXT1gTGEC7I2TNqS8a05l14
rem9zD4C4IxCMWibhuhRs4xFZD0LwuaGEKflmNU4nJa6eZAFzW4K5l/5mOe0apht
XujY3UbFQTfOv3GReCAcDf2IMk8mJbcOMbasQg5c00aerWF76pp0ruNq9JXIfY1c
c6oDs8mWDJvhreZVBCGPTygp1e8Kks3hITnUzLW+hMJZNpxjjq2ZXArZ1+f7DL1Z
HZYY1ULnucvOXS+kdHG4yytnPMKBS7RR2q7U6EEJ/0zja6CPW3Uctk4bkuyZ87pq
k32fp3PJWTKV/ckpkug64DjEFWhe3/rtbyrsSuyLR5qe
-----END CERTIFICATE-----