Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/okyJ_dyqGcdnFwHJe7BtYHyXka8.roa
File:                     okyJ_dyqGcdnFwHJe7BtYHyXka8.roa (raw, json)
Hash identifier:          4dVv/6YLlqIKpJZjxm1+2Z9rbJ0osG+l17eURfhyO4s=
Subject key identifier:   A2:4C:89:FD:DC:AA:19:C7:67:17:01:C9:7B:B0:6D:60:7C:97:91:AF
Certificate issuer:       /CN=037f532fa262f5c6bd9615bcd79d6edd43f2e075
Certificate serial:       019C2DD88F1256D7DBDB43C57B655EFDF85E
Authority key identifier: 03:7F:53:2F:A2:62:F5:C6:BD:96:15:BC:D7:9D:6E:DD:43:F2:E0:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A39TL6Ji9ca9lhW8151u3UPy4HU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/okyJ_dyqGcdnFwHJe7BtYHyXka8.roa
Signing time:             Thu 05 Feb 2026 12:48:12 +0000
ROA not before:           Thu 05 Feb 2026 12:48:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206449
IP address blocks:        185.186.108.0/24 maxlen: 24
                          185.186.109.0/24 maxlen: 24
                          185.186.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/A39TL6Ji9ca9lhW8151u3UPy4HU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/A39TL6Ji9ca9lhW8151u3UPy4HU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A39TL6Ji9ca9lhW8151u3UPy4HU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2d:d8:8f:12:56:d7:db:db:43:c5:7b:65:5e:fd:f8:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=037f532fa262f5c6bd9615bcd79d6edd43f2e075
        Validity
            Not Before: Feb  5 12:48:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a24c89fddcaa19c7671701c97bb06d607c9791af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3f:be:3b:d3:17:14:cb:8c:a0:d0:26:0a:a4:
                    23:d7:bb:f0:e7:62:9d:86:c3:71:3a:fe:72:cd:ec:
                    91:b3:d1:5d:fd:e7:43:5a:f2:91:f9:73:0e:43:1a:
                    f3:6e:85:31:89:fe:5e:36:c9:43:3e:25:b8:e7:c6:
                    e8:d1:d3:2c:05:a1:88:97:79:ff:5c:1a:6e:08:6c:
                    15:77:b4:ce:94:26:b4:a5:d3:76:b1:6b:7a:4e:fe:
                    c0:a1:2e:53:ed:9c:53:bb:4d:a9:ec:f8:c4:ed:5a:
                    47:dc:b0:91:e3:f1:09:86:06:da:99:1e:8f:25:f9:
                    a3:44:3f:9f:81:5e:e0:b7:fd:cf:8b:b2:76:ae:b4:
                    c1:b2:04:52:0a:8d:55:19:51:d7:39:1e:19:77:63:
                    05:eb:3b:3a:cb:34:a7:78:cc:6a:1b:f3:93:61:1c:
                    cc:57:2f:31:80:ee:cd:77:8e:28:df:65:3c:3d:a5:
                    a7:7a:59:7f:db:70:25:be:0b:c3:13:dc:1a:0b:fb:
                    bc:1f:11:11:dc:38:b2:c8:0b:e5:d5:17:b2:18:b5:
                    76:67:05:8e:b5:d4:ff:73:56:a3:49:a7:ee:e6:04:
                    89:d2:3f:bc:f8:e0:2e:d1:85:35:97:c7:3a:c2:c3:
                    21:5b:14:84:fd:5b:57:bf:06:5f:15:1a:c1:8c:86:
                    25:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:4C:89:FD:DC:AA:19:C7:67:17:01:C9:7B:B0:6D:60:7C:97:91:AF
            X509v3 Authority Key Identifier:
                keyid:03:7F:53:2F:A2:62:F5:C6:BD:96:15:BC:D7:9D:6E:DD:43:F2:E0:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A39TL6Ji9ca9lhW8151u3UPy4HU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/okyJ_dyqGcdnFwHJe7BtYHyXka8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/A39TL6Ji9ca9lhW8151u3UPy4HU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.108.0-185.186.110.255

    Signature Algorithm: sha256WithRSAEncryption
         27:3a:f5:63:01:7a:c1:ad:0c:c8:e6:6d:9c:e5:43:cc:6c:e6:
         1f:d1:d7:3f:fd:62:2f:01:e5:cc:09:b7:dd:32:4d:01:5a:7e:
         37:b3:1b:68:5b:9a:b7:2c:ed:93:ab:f7:28:49:14:c8:f7:2f:
         9e:96:98:bd:9b:50:12:8e:8a:20:4f:88:1d:4b:bd:10:c6:09:
         09:52:1f:6a:dc:a5:f4:5f:c8:97:6c:e6:b6:6e:0a:9d:76:6a:
         9f:aa:af:4a:93:5a:88:9e:6a:ad:16:b1:72:9d:37:4c:60:d8:
         bb:1f:2f:92:18:66:4e:67:8d:db:53:0d:c2:9e:b1:53:23:87:
         75:b4:d0:31:da:cb:a2:49:17:ab:07:3f:21:31:46:ed:1d:74:
         4e:d7:a0:0a:64:10:b8:79:d8:be:fb:56:42:2e:67:91:71:7f:
         28:7a:58:68:20:c6:61:a9:f0:33:aa:91:c7:ee:33:d7:12:9e:
         f9:2b:99:b8:88:d4:47:fd:0c:43:15:11:8b:d7:72:b5:2d:76:
         26:26:72:ff:24:e9:0d:0e:58:d0:3b:03:f2:2f:30:d1:ab:35:
         b7:4f:d1:24:a5:9b:bf:c3:af:5d:65:54:da:36:3f:29:cf:2a:
         16:13:1f:19:97:9c:dc:a6:1e:7e:80:bf:e5:26:da:a1:5e:25:
         c1:f1:fb:65
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZwt2I8SVtfb20PFe2Ve/fheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzN2Y1MzJmYTI2MmY1YzZiZDk2MTViY2Q3OWQ2ZWRkNDNm
MmUwNzUwHhcNMjYwMjA1MTI0ODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjRjODlmZGRjYWExOWM3NjcxNzAxYzk3YmIwNmQ2MDdjOTc5MWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1z++O9MXFMuMoNAmCqQj17vw52Kd
hsNxOv5yzeyRs9Fd/edDWvKR+XMOQxrzboUxif5eNslDPiW458bo0dMsBaGIl3n/
XBpuCGwVd7TOlCa0pdN2sWt6Tv7AoS5T7ZxTu02p7PjE7VpH3LCR4/EJhgbamR6P
JfmjRD+fgV7gt/3Pi7J2rrTBsgRSCo1VGVHXOR4Zd2MF6zs6yzSneMxqG/OTYRzM
Vy8xgO7Nd44o32U8PaWnell/23AlvgvDE9waC/u8HxER3DiyyAvl1ReyGLV2ZwWO
tdT/c1ajSafu5gSJ0j+8+OAu0YU1l8c6wsMhWxSE/VtXvwZfFRrBjIYlAwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKJMif3cqhnHZxcByXuwbWB8l5GvMB8GA1UdIwQY
MBaAFAN/Uy+iYvXGvZYVvNedbt1D8uB1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTM5VEw2Smk5Y2E5bGhXODE1MXUzVVB5NEhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8wOGU1N2MtZDcxNi00NzA1LTk1NjEt
MDNhZGZiYzY4YzkxLzEvb2t5Sl9keXFHY2RuRndISmU3QnRZSHlYa2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8wOGU1N2MtZDcxNi00NzA1LTk1NjEtMDNhZGZiYzY4Yzkx
LzEvQTM5VEw2Smk5Y2E5bGhXODE1MXUzVVB5NEhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5umwD
BAC5um4wDQYJKoZIhvcNAQELBQADggEBACc69WMBesGtDMjmbZzlQ8xs5h/R1z/9
Yi8B5cwJt90yTQFafjezG2hbmrcs7ZOr9yhJFMj3L56WmL2bUBKOiiBPiB1LvRDG
CQlSH2rcpfRfyJds5rZuCp12ap+qr0qTWoieaq0WsXKdN0xg2LsfL5IYZk5njdtT
DcKesVMjh3W00DHay6JJF6sHPyExRu0ddE7XoApkELh52L77VkIuZ5Fxfyh6WGgg
xmGp8DOqkcfuM9cSnvkrmbiI1Ef9DEMVEYvXcrUtdiYmcv8k6Q0OWNA7A/IvMNGr
NbdP0SSlm7/Dr11lVNo2PynPKhYTHxmXnNymHn6Av+Um2qFeJcHx+2U=
-----END CERTIFICATE-----