Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/awEaR3mu_nadZa6gupzUMmxDjJc.roa
File:                     awEaR3mu_nadZa6gupzUMmxDjJc.roa (raw, json)
Hash identifier:          /ZCqGj+NSGdaXR4Sc3N2f3ysSnVFG7540bZGMgnvEn4=
Subject key identifier:   6B:01:1A:47:79:AE:FE:76:9D:65:AE:A0:BA:9C:D4:32:6C:43:8C:97
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019C99B33F39700751BA4E54C64791C5AC56
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/awEaR3mu_nadZa6gupzUMmxDjJc.roa
Signing time:             Thu 26 Feb 2026 11:26:27 +0000
ROA not before:           Thu 26 Feb 2026 11:26:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12741
IP address blocks:        205.188.220.0/23 maxlen: 23
                          205.188.222.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:b3:3f:39:70:07:51:ba:4e:54:c6:47:91:c5:ac:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Feb 26 11:26:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b011a4779aefe769d65aea0ba9cd4326c438c97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:70:71:a2:2d:d4:db:40:95:e6:d8:da:fd:4a:
                    8d:05:96:0a:51:4a:3b:34:05:ef:d4:51:39:63:a7:
                    35:42:0b:0b:f4:ab:67:39:34:e3:7d:ff:5f:48:06:
                    9b:47:33:73:69:26:28:41:88:32:e8:94:f2:0a:18:
                    62:04:0a:78:d1:80:74:ee:38:9a:c1:7a:9a:a2:c7:
                    78:9d:b4:51:37:ce:0d:5d:9d:c3:a3:90:18:3a:16:
                    ad:48:44:58:6b:f2:3a:60:15:38:3e:bf:27:6c:0b:
                    f4:89:2c:33:cc:37:1f:b6:f2:50:5f:03:37:5d:c4:
                    8e:f4:63:fa:44:7b:29:6b:75:b1:eb:01:6e:c2:19:
                    38:7d:ee:6f:6b:ea:0b:8a:06:26:af:c5:1d:6a:1c:
                    39:ee:19:4f:7e:f9:c4:f4:4c:b9:ea:55:b2:a3:34:
                    a3:18:f8:b7:31:ea:24:d3:4b:e7:ba:97:a2:97:dd:
                    c5:25:3d:b6:32:85:ca:7b:28:b2:c3:ca:ba:c7:ae:
                    07:43:24:63:82:1f:2f:b8:0a:02:df:ad:c5:1f:93:
                    29:86:d7:4a:e6:7f:1d:72:76:c7:d2:5f:29:9a:35:
                    a7:31:b2:2f:17:36:45:58:82:9e:7f:61:2d:ef:67:
                    b8:f4:36:3b:c1:bb:24:0a:d7:13:ca:27:01:ff:3c:
                    db:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:01:1A:47:79:AE:FE:76:9D:65:AE:A0:BA:9C:D4:32:6C:43:8C:97
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/awEaR3mu_nadZa6gupzUMmxDjJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.188.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:4a:04:89:16:99:cb:57:0e:2f:9a:e3:85:b0:06:73:72:54:
         6f:cb:b5:01:e2:27:17:12:d8:02:0d:a9:4a:ed:10:53:97:bf:
         e3:b4:4c:5d:80:73:46:11:44:d7:f7:47:56:ec:73:4d:66:22:
         68:d6:ca:cd:bb:06:64:d9:59:6c:79:f2:49:d8:16:8c:f6:1a:
         6c:7e:1f:09:5e:de:c6:d2:99:b0:e1:27:3a:89:53:7e:e6:46:
         36:d4:89:f2:c5:48:fc:a3:46:1d:23:52:d1:18:1f:18:56:ec:
         bc:fb:21:22:44:24:0c:f0:a1:3c:49:8c:30:9f:16:19:bb:27:
         64:03:df:ca:d3:63:49:34:b0:ef:24:20:9e:ad:a9:ac:94:89:
         c9:9e:1e:e4:26:70:58:e9:d3:52:67:e9:92:5f:13:0c:e9:16:
         22:a7:39:84:c8:b5:d4:2c:bd:b7:60:bc:78:17:5f:e6:79:8e:
         c3:84:31:1a:c5:ca:13:13:c7:5d:34:ed:08:a5:79:f6:a0:c6:
         64:10:b1:8d:21:55:e1:f8:99:aa:f3:b5:88:5d:50:dd:5a:61:
         0b:89:13:1d:ff:ff:a2:51:94:fd:68:96:a2:30:f9:2a:79:ae:
         cf:70:0d:17:ad:91:03:41:d2:fc:1b:4c:e3:a5:e5:28:3e:58:
         4d:bd:bd:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyZsz85cAdRuk5UxkeRxaxWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjYwMjI2MTEyNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjAxMWE0Nzc5YWVmZTc2OWQ2NWFlYTBiYTljZDQzMjZjNDM4Yzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHBxoi3U20CV5tja/UqNBZYKUUo7
NAXv1FE5Y6c1QgsL9KtnOTTjff9fSAabRzNzaSYoQYgy6JTyChhiBAp40YB07jia
wXqaosd4nbRRN84NXZ3Do5AYOhatSERYa/I6YBU4Pr8nbAv0iSwzzDcftvJQXwM3
XcSO9GP6RHspa3Wx6wFuwhk4fe5va+oLigYmr8Udahw57hlPfvnE9Ey56lWyozSj
GPi3Meok00vnupeil93FJT22MoXKeyiyw8q6x64HQyRjgh8vuAoC363FH5MphtdK
5n8dcnbH0l8pmjWnMbIvFzZFWIKef2Et72e49DY7wbskCtcTyicB/zzbTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsBGkd5rv52nWWuoLqc1DJsQ4yXMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvYXdFYVIzbXVfbmFkWmE2Z3VwelVNbXhEakpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCzbzcMA0G
CSqGSIb3DQEBCwUAA4IBAQA4SgSJFpnLVw4vmuOFsAZzclRvy7UB4icXEtgCDalK
7RBTl7/jtExdgHNGEUTX90dW7HNNZiJo1srNuwZk2VlsefJJ2BaM9hpsfh8JXt7G
0pmw4Sc6iVN+5kY21InyxUj8o0YdI1LRGB8YVuy8+yEiRCQM8KE8SYwwnxYZuydk
A9/K02NJNLDvJCCeramslInJnh7kJnBY6dNSZ+mSXxMM6RYipzmEyLXULL23YLx4
F1/meY7DhDEaxcoTE8ddNO0IpXn2oMZkELGNIVXh+Jmq87WIXVDdWmELiRMd//+i
UZT9aJaiMPkqea7PcA0XrZEDQdL8G0zjpeUoPlhNvb0o
-----END CERTIFICATE-----