Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/1-ygVXvpX3v0iELiClfnmQNYwGyE.roa
File:                     1-ygVXvpX3v0iELiClfnmQNYwGyE.roa (raw, json)
Hash identifier:          X5he1s+27okfT854bA2DHGCg/8azuLS5wg9wh4BAYOk=
Subject key identifier:   FB:28:15:5E:FA:57:DE:FD:22:10:B8:82:95:F9:E6:40:D6:30:1B:21
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019D8609C3D7FD57CC337A6FE156B4F70BA9
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/1-ygVXvpX3v0iELiClfnmQNYwGyE.roa
Signing time:             Mon 13 Apr 2026 08:51:20 +0000
ROA not before:           Mon 13 Apr 2026 08:51:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     10753
IP address blocks:        85.232.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:09:c3:d7:fd:57:cc:33:7a:6f:e1:56:b4:f7:0b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: Apr 13 08:51:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fb28155efa57defd2210b88295f9e640d6301b21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:fc:4b:fc:fd:99:22:6d:6b:49:35:43:75:64:
                    75:fc:c4:dc:8c:28:6f:de:98:e3:7f:fa:8e:f2:bf:
                    0a:5c:65:56:20:5f:b7:d3:03:a0:a4:d1:aa:96:fa:
                    ec:13:25:c1:7f:b0:0e:a7:0e:a7:40:3f:23:64:50:
                    79:ae:ca:09:09:10:e4:05:f6:96:8b:1a:02:ba:91:
                    ae:e1:23:98:ae:2e:b8:66:4d:d6:95:19:06:e7:72:
                    f5:d0:6d:47:7c:da:dd:3d:8e:b6:9f:c2:b4:06:55:
                    0d:9a:3f:38:bf:51:c6:77:ec:18:cc:df:3f:8f:f8:
                    f5:00:dd:02:56:61:44:61:61:42:6b:06:54:57:40:
                    ac:5f:36:72:33:73:bc:ab:23:29:95:d1:36:a0:f0:
                    f3:5c:11:d0:1d:2e:cd:ee:c1:bb:81:44:76:d6:83:
                    b8:5a:de:63:f6:25:3b:e0:f4:f3:a4:ab:00:3b:4f:
                    db:d6:b3:36:ec:4c:af:83:d4:7a:93:d5:a5:18:59:
                    f2:71:ec:c6:1b:ca:e3:7e:03:62:02:c8:5a:9c:05:
                    bc:8b:27:6d:4d:82:56:65:34:98:44:2c:c0:d2:69:
                    47:e2:2a:87:ea:1b:0a:0f:91:1b:e8:7a:42:f2:15:
                    a3:e7:47:69:03:6f:86:c6:cd:0e:d8:59:34:c9:1d:
                    3f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:28:15:5E:FA:57:DE:FD:22:10:B8:82:95:F9:E6:40:D6:30:1B:21
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/1-ygVXvpX3v0iELiClfnmQNYwGyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:48:2e:5a:cb:fa:ac:b2:18:ec:e2:2f:f1:36:0d:b5:dc:0e:
         fa:72:1b:28:2f:ce:70:b5:ff:1e:a7:2e:07:1f:c4:f8:9d:0a:
         b7:88:38:64:38:0c:36:a6:51:c2:e7:df:40:3f:62:03:b1:36:
         ab:f3:8d:c0:36:14:4c:e7:5a:3d:4d:55:50:c8:b1:fb:eb:85:
         6b:51:45:1c:8b:e4:52:3c:b2:9d:02:76:a1:88:b9:10:45:ac:
         6c:f9:33:7e:4d:18:6c:4f:63:bd:94:1f:b1:b7:25:06:c9:87:
         f7:53:18:79:79:7e:2f:3f:cd:45:b6:8d:21:cc:f2:45:26:a5:
         4f:5c:62:64:c3:9b:eb:e7:36:71:20:4d:8c:23:c3:8e:02:70:
         a8:7f:55:0f:2d:2f:11:82:c3:3d:33:22:17:34:bf:45:3c:3f:
         14:f4:2e:99:b9:0a:ea:fc:b9:96:bc:b0:20:96:44:b6:61:a0:
         ef:9a:d1:bf:e8:5d:70:ac:53:0d:08:5c:d3:32:08:1e:ce:0f:
         57:b7:ed:5f:67:5b:17:3d:b0:31:57:1d:d8:99:16:34:ae:78:
         14:36:d3:e9:45:2b:52:18:4d:64:3e:cc:4e:6b:1d:5e:cb:a0:
         5a:5e:b4:34:9a:6e:b8:77:3d:10:10:82:0d:2f:94:bf:4d:fc:
         be:49:6e:7c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2GCcPX/VfMM3pv4Va09wupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNDEzMDg1MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjI4MTU1ZWZhNTdkZWZkMjIxMGI4ODI5NWY5ZTY0MGQ2MzAxYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/xL/P2ZIm1rSTVDdWR1/MTcjChv
3pjjf/qO8r8KXGVWIF+30wOgpNGqlvrsEyXBf7AOpw6nQD8jZFB5rsoJCRDkBfaW
ixoCupGu4SOYri64Zk3WlRkG53L10G1HfNrdPY62n8K0BlUNmj84v1HGd+wYzN8/
j/j1AN0CVmFEYWFCawZUV0CsXzZyM3O8qyMpldE2oPDzXBHQHS7N7sG7gUR21oO4
Wt5j9iU74PTzpKsAO0/b1rM27Eyvg9R6k9WlGFnycezGG8rjfgNiAshanAW8iydt
TYJWZTSYRCzA0mlH4iqH6hsKD5Eb6HpC8hWj50dpA2+Gxs0O2Fk0yR0/PQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsoFV76V979IhC4gpX55kDWMBshMB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvMS15Z1ZYdnBYM3YwaUVMaUNsZm5tUU5Zd0d5RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjcvNzBjY2VmLTE3ZjMtNDkyOC05YzBiLWJhN2M3ZDgxOTBj
YS8xL2IxNENNTDU1bmtTQ25JY2d5amcwY0VWSlRpQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXouTAN
BgkqhkiG9w0BAQsFAAOCAQEAZUguWsv6rLIY7OIv8TYNtdwO+nIbKC/OcLX/Hqcu
Bx/E+J0Kt4g4ZDgMNqZRwuffQD9iA7E2q/ONwDYUTOdaPU1VUMix++uFa1FFHIvk
UjyynQJ2oYi5EEWsbPkzfk0YbE9jvZQfsbclBsmH91MYeXl+Lz/NRbaNIczyRSal
T1xiZMOb6+c2cSBNjCPDjgJwqH9VDy0vEYLDPTMiFzS/RTw/FPQumbkK6vy5lryw
IJZEtmGg75rRv+hdcKxTDQhc0zIIHs4PV7ftX2dbFz2wMVcd2JkWNK54FDbT6UUr
UhhNZD7MTmsdXsugWl60NJpuuHc9EBCCDS+Uv038vklufA==
-----END CERTIFICATE-----