Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/afbac0-e7a5-4c95-88b6-84a9efec0d1b/1/Tovu6XYvf5FhR28kdlA-7wKtBkE.roa
File:                     Tovu6XYvf5FhR28kdlA-7wKtBkE.roa (raw, json)
Hash identifier:          mC271DkpvmHL0CjopsqGxIT+uNy91sh6WEkjNwzeRxI=
Subject key identifier:   4E:8B:EE:E9:76:2F:7F:91:61:47:6F:24:76:50:3E:EF:02:AD:06:41
Certificate issuer:       /CN=01bae509df7ec524d4f750ff809274ab00649322
Certificate serial:       019B7CEE6FF7BB336420B32804F6D8DBC281
Authority key identifier: 01:BA:E5:09:DF:7E:C5:24:D4:F7:50:FF:80:92:74:AB:00:64:93:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AbrlCd9-xSTU91D_gJJ0qwBkkyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/afbac0-e7a5-4c95-88b6-84a9efec0d1b/1/Tovu6XYvf5FhR28kdlA-7wKtBkE.roa
Signing time:             Fri 02 Jan 2026 04:19:19 +0000
ROA not before:           Fri 02 Jan 2026 04:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203293
IP address blocks:        185.139.92.0/22 maxlen: 24
                          2a07:1440::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/afbac0-e7a5-4c95-88b6-84a9efec0d1b/1/AbrlCd9-xSTU91D_gJJ0qwBkkyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/afbac0-e7a5-4c95-88b6-84a9efec0d1b/1/AbrlCd9-xSTU91D_gJJ0qwBkkyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AbrlCd9-xSTU91D_gJJ0qwBkkyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:6f:f7:bb:33:64:20:b3:28:04:f6:d8:db:c2:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01bae509df7ec524d4f750ff809274ab00649322
        Validity
            Not Before: Jan  2 04:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e8beee9762f7f9161476f2476503eef02ad0641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:10:8b:c1:32:0f:ff:fa:87:a0:33:a3:af:46:
                    ed:38:28:cf:a7:52:13:2a:8a:b2:35:b3:78:c2:88:
                    c8:f6:0c:05:e1:b6:7c:33:e1:01:8b:0f:13:8d:1b:
                    9b:7e:ee:29:96:fe:e0:f6:75:b8:f2:18:b1:31:e2:
                    de:3d:bd:90:41:1e:75:ea:59:af:4c:ff:78:fc:15:
                    eb:ef:f7:90:d4:83:c2:d2:b2:76:b4:f3:a2:f6:23:
                    7a:cc:c1:5b:d1:f6:5c:14:5a:82:1f:e6:ba:6a:78:
                    61:b5:c3:fd:d4:2f:6c:ec:cc:a5:4c:7f:48:1a:b4:
                    37:91:77:71:aa:66:ea:e8:d5:d6:3e:a4:79:37:c2:
                    b9:a1:b7:52:5c:e8:c1:4d:2e:28:61:2d:ef:e0:fb:
                    3c:13:a0:72:2e:30:52:4a:0f:b6:4e:6c:54:a7:28:
                    f9:82:94:3e:0a:9b:0a:ca:45:e0:fc:ed:da:be:41:
                    7d:3a:01:04:17:02:e4:e6:29:db:25:7d:66:87:ea:
                    47:c9:9b:88:ed:a8:41:64:3b:42:c8:ac:51:7e:dd:
                    22:e8:ec:8c:46:8b:6f:c7:e8:37:11:10:ff:e9:14:
                    5f:0e:4b:ad:c9:38:0c:11:47:9c:4d:63:85:ea:02:
                    6d:56:22:cc:3e:51:51:99:80:eb:0d:86:fb:cf:c4:
                    33:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8B:EE:E9:76:2F:7F:91:61:47:6F:24:76:50:3E:EF:02:AD:06:41
            X509v3 Authority Key Identifier:
                keyid:01:BA:E5:09:DF:7E:C5:24:D4:F7:50:FF:80:92:74:AB:00:64:93:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AbrlCd9-xSTU91D_gJJ0qwBkkyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/afbac0-e7a5-4c95-88b6-84a9efec0d1b/1/Tovu6XYvf5FhR28kdlA-7wKtBkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/afbac0-e7a5-4c95-88b6-84a9efec0d1b/1/AbrlCd9-xSTU91D_gJJ0qwBkkyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.92.0/22
                IPv6:
                  2a07:1440::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:22:2a:61:e4:a9:a4:33:ef:1a:71:5f:05:4e:a1:e0:21:a3:
         0c:3b:e8:85:a1:8c:c0:f6:e4:5c:14:9b:73:55:25:93:46:7e:
         3d:52:14:43:89:80:2e:42:61:c9:3b:98:1a:36:ce:40:cb:ed:
         7c:5e:bc:01:3a:38:9a:81:a0:d4:ea:45:34:82:d7:b4:75:95:
         4d:17:91:6a:aa:17:f2:81:bf:b6:97:25:05:67:46:35:b9:50:
         d3:11:5e:2a:0e:ac:d7:9b:e9:25:4b:db:c9:b8:ba:c7:31:1f:
         03:2f:4c:e4:ba:38:c3:ac:3b:83:46:bb:b8:12:fa:f3:c6:10:
         81:18:f2:25:dd:56:70:35:78:98:d9:57:a9:ee:0b:0d:f2:ce:
         ca:84:a9:4f:a3:38:38:f4:25:ce:33:66:ea:e7:07:91:ae:8d:
         f8:4c:6d:af:98:9d:44:d6:50:24:d0:5e:5e:8a:6a:21:a2:1b:
         4a:8e:61:34:97:c1:7e:07:04:fe:1a:da:b9:f4:83:34:ca:b5:
         3c:3e:13:2b:f0:e0:3d:90:e2:dc:72:f5:6d:5e:2d:42:14:68:
         4f:9d:93:cf:61:a3:21:f0:84:d3:46:ba:4c:73:df:e4:29:91:
         a1:fe:5d:58:c1:2e:e8:8f:b9:40:fd:74:e5:1d:37:88:ed:2b:
         83:04:d6:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt87m/3uzNkILMoBPbY28KBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxYmFlNTA5ZGY3ZWM1MjRkNGY3NTBmZjgwOTI3NGFiMDA2
NDkzMjIwHhcNMjYwMTAyMDQxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThiZWVlOTc2MmY3ZjkxNjE0NzZmMjQ3NjUwM2VlZjAyYWQwNjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxCLwTIP//qHoDOjr0btOCjPp1IT
KoqyNbN4wojI9gwF4bZ8M+EBiw8TjRubfu4plv7g9nW48hixMeLePb2QQR516lmv
TP94/BXr7/eQ1IPC0rJ2tPOi9iN6zMFb0fZcFFqCH+a6anhhtcP91C9s7MylTH9I
GrQ3kXdxqmbq6NXWPqR5N8K5obdSXOjBTS4oYS3v4Ps8E6ByLjBSSg+2TmxUpyj5
gpQ+CpsKykXg/O3avkF9OgEEFwLk5inbJX1mh+pHyZuI7ahBZDtCyKxRft0i6OyM
Rotvx+g3ERD/6RRfDkutyTgMEUecTWOF6gJtViLMPlFRmYDrDYb7z8QzZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE6L7ul2L3+RYUdvJHZQPu8CrQZBMB8GA1UdIwQY
MBaAFAG65QnffsUk1PdQ/4CSdKsAZJMiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWJybENkOS14U1RVOTFEX2dKSjBxd0Jra3lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZmJhYzAtZTdhNS00Yzk1LTg4YjYt
ODRhOWVmZWMwZDFiLzEvVG92dTZYWXZmNUZoUjI4a2RsQS03d0t0QmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZmJhYzAtZTdhNS00Yzk1LTg4YjYtODRhOWVmZWMwZDFi
LzEvQWJybENkOS14U1RVOTFEX2dKSjBxd0Jra3lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYtcMA0E
AgACMAcDBQMqBxRAMA0GCSqGSIb3DQEBCwUAA4IBAQA6Iiph5KmkM+8acV8FTqHg
IaMMO+iFoYzA9uRcFJtzVSWTRn49UhRDiYAuQmHJO5gaNs5Ay+18XrwBOjiagaDU
6kU0gte0dZVNF5Fqqhfygb+2lyUFZ0Y1uVDTEV4qDqzXm+klS9vJuLrHMR8DL0zk
ujjDrDuDRru4EvrzxhCBGPIl3VZwNXiY2Vep7gsN8s7KhKlPozg49CXOM2bq5weR
ro34TG2vmJ1E1lAk0F5eimohohtKjmE0l8F+BwT+Gtq59IM0yrU8PhMr8OA9kOLc
cvVtXi1CFGhPnZPPYaMh8ITTRrpMc9/kKZGh/l1YwS7oj7lA/XTlHTeI7SuDBNYh
-----END CERTIFICATE-----