Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/cIcqaLXZmekavhCmoIAJhBRw3JE.roa
File:                     cIcqaLXZmekavhCmoIAJhBRw3JE.roa (raw, json)
Hash identifier:          8QflktthB1MZE1m+SbfCOvT58wwBH/AnF87SL9k5yss=
Subject key identifier:   70:87:2A:68:B5:D9:99:E9:1A:BE:10:A6:A0:80:09:84:14:70:DC:91
Certificate issuer:       /CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
Certificate serial:       019EB073115E6B6061B1026B9A4E4F1FFB60
Authority key identifier: FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/cIcqaLXZmekavhCmoIAJhBRw3JE.roa
Signing time:             Wed 10 Jun 2026 07:33:11 +0000
ROA not before:           Wed 10 Jun 2026 07:33:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b0:73:11:5e:6b:60:61:b1:02:6b:9a:4e:4f:1f:fb:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
        Validity
            Not Before: Jun 10 07:33:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70872a68b5d999e91abe10a6a08009841470dc91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c0:50:21:f9:7e:c0:7e:75:75:5d:5a:dc:9a:
                    6a:1a:0f:6e:a4:35:ee:f0:c3:f5:96:46:fb:bd:88:
                    2b:c2:3f:c8:48:34:06:59:12:a1:83:27:af:b7:4e:
                    2c:86:54:9c:6b:68:97:67:37:b3:d1:df:3a:cf:70:
                    51:4f:92:a9:64:d6:ad:1d:d5:fe:7b:01:2f:0f:87:
                    ab:5d:af:65:ed:e0:40:28:ac:36:9f:2a:6d:07:8d:
                    0a:37:68:fb:91:73:84:98:8d:a6:f2:b5:56:d6:df:
                    7d:d9:69:b9:4e:13:34:3b:70:47:0d:83:23:32:88:
                    90:60:7c:b3:76:4f:cd:55:31:51:e9:d8:79:07:8b:
                    cd:42:99:dd:9e:b5:ee:af:f6:6f:59:3b:d7:c6:81:
                    59:7d:20:e2:79:b8:42:52:81:0d:ac:51:6f:7c:1a:
                    86:87:58:2a:11:fd:16:e7:d7:37:e9:44:5f:fa:8e:
                    d3:b8:26:45:5e:a2:ed:52:cb:25:da:72:2a:07:52:
                    99:64:32:c2:de:8f:fa:83:e7:cc:bd:09:83:c7:fc:
                    20:de:7b:52:cb:a6:34:ad:3d:56:8a:97:43:e2:e5:
                    7b:c3:1c:5a:ea:39:a5:5a:3b:5a:1d:b8:35:9d:38:
                    db:b6:02:47:93:e8:44:72:cc:6a:d8:fb:f9:fd:c6:
                    7f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:87:2A:68:B5:D9:99:E9:1A:BE:10:A6:A0:80:09:84:14:70:DC:91
            X509v3 Authority Key Identifier:
                keyid:FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/cIcqaLXZmekavhCmoIAJhBRw3JE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:ef:8f:3e:ee:bb:4f:91:66:f2:97:e9:21:b5:5b:01:c6:25:
         8f:ed:93:8d:36:7e:af:bb:e7:87:22:62:af:39:6f:cf:ac:48:
         f0:d9:6d:c2:33:a1:67:1a:92:26:80:47:72:93:00:91:3c:7d:
         d6:f3:0d:81:d8:62:ce:55:f8:c3:e9:68:36:34:77:13:78:20:
         77:71:a3:01:75:08:ac:09:e3:4c:e5:b9:6e:e1:a1:ff:3b:fb:
         cb:58:70:50:d1:f7:43:78:05:2e:d2:40:82:5a:16:fe:4d:ae:
         6c:7c:f4:7b:00:a6:f3:f4:09:d2:a2:01:44:57:44:97:31:2c:
         2c:7b:38:e8:9c:ac:97:57:5c:45:d2:5d:5c:3c:3d:23:ab:9d:
         da:ce:0f:ac:d3:64:aa:75:cc:43:74:cc:d2:41:79:81:64:cb:
         66:45:ff:b9:81:d8:ef:32:4a:3d:9b:c0:00:cd:28:19:cc:df:
         6a:7c:ba:86:62:ad:a2:e8:2b:b1:6d:70:8c:4b:9a:5d:a1:8e:
         62:ea:2e:a6:53:6b:31:03:93:9e:62:6a:41:9b:6f:28:36:1c:
         0c:cd:48:32:d3:72:92:f2:f4:67:bc:38:9e:5b:17:d4:78:13:
         26:44:6a:f7:9b:35:63:be:b3:a6:76:80:2a:ac:a3:51:2b:d1:
         23:73:93:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6wcxFea2BhsQJrmk5PH/tgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjk4ZWViMmU0OWZjYjVmOWM2NWE5OTg1N2FmMjljZTA2
NjQxZDkwHhcNMjYwNjEwMDczMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg3MmE2OGI1ZDk5OWU5MWFiZTEwYTZhMDgwMDk4NDE0NzBkYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsBQIfl+wH51dV1a3JpqGg9upDXu
8MP1lkb7vYgrwj/ISDQGWRKhgyevt04shlSca2iXZzez0d86z3BRT5KpZNatHdX+
ewEvD4erXa9l7eBAKKw2nyptB40KN2j7kXOEmI2m8rVW1t992Wm5ThM0O3BHDYMj
MoiQYHyzdk/NVTFR6dh5B4vNQpndnrXur/ZvWTvXxoFZfSDiebhCUoENrFFvfBqG
h1gqEf0W59c36URf+o7TuCZFXqLtUssl2nIqB1KZZDLC3o/6g+fMvQmDx/wg3ntS
y6Y0rT1WipdD4uV7wxxa6jmlWjtaHbg1nTjbtgJHk+hEcsxq2Pv5/cZ/nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCHKmi12ZnpGr4QpqCACYQUcNyRMB8GA1UdIwQY
MBaAFP9pjusuSfy1+cZamYV68pzgZkHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4Mzkt
NTdjZDY4ZDljYjRlLzEvY0ljcWFMWFptZWthdmhDbW9JQUpoQlJ3M0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4MzktNTdjZDY4ZDljYjRl
LzEvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQHsMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ748+7rtPkWbyl+khtVsBxiWP7ZONNn6vu+eHImKv
OW/PrEjw2W3CM6FnGpImgEdykwCRPH3W8w2B2GLOVfjD6Wg2NHcTeCB3caMBdQis
CeNM5blu4aH/O/vLWHBQ0fdDeAUu0kCCWhb+Ta5sfPR7AKbz9AnSogFEV0SXMSws
ezjonKyXV1xF0l1cPD0jq53azg+s02SqdcxDdMzSQXmBZMtmRf+5gdjvMko9m8AA
zSgZzN9qfLqGYq2i6CuxbXCMS5pdoY5i6i6mU2sxA5OeYmpBm28oNhwMzUgy03KS
8vRnvDieWxfUeBMmRGr3mzVjvrOmdoAqrKNRK9Ejc5Nc
-----END CERTIFICATE-----