Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/4e7cf9-a9df-4ba3-af77-e2707e197541/1/sEb1S5OEssI5Geja7M8avEGQ7Yk.roa
File:                     sEb1S5OEssI5Geja7M8avEGQ7Yk.roa (raw, json)
Hash identifier:          HdelCjXlPsz9p5LSr6jXVUfKElztHFn7Opv8rvurgY8=
Subject key identifier:   B0:46:F5:4B:93:84:B2:C2:39:19:E8:DA:EC:CF:1A:BC:41:90:ED:89
Certificate issuer:       /CN=cf9f02dbd972595a31cabeab0cd95d706a8cdd31
Certificate serial:       019B7C12AB0EEEC5792D72DBF5C8C6C5F61A
Authority key identifier: CF:9F:02:DB:D9:72:59:5A:31:CA:BE:AB:0C:D9:5D:70:6A:8C:DD:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z58C29lyWVoxyr6rDNldcGqM3TE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/4e7cf9-a9df-4ba3-af77-e2707e197541/1/sEb1S5OEssI5Geja7M8avEGQ7Yk.roa
Signing time:             Fri 02 Jan 2026 00:19:16 +0000
ROA not before:           Fri 02 Jan 2026 00:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52165
IP address blocks:        185.185.184.0/24 maxlen: 24
                          185.185.185.0/24 maxlen: 24
                          185.185.186.0/24 maxlen: 24
                          185.185.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/4e7cf9-a9df-4ba3-af77-e2707e197541/1/z58C29lyWVoxyr6rDNldcGqM3TE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/4e7cf9-a9df-4ba3-af77-e2707e197541/1/z58C29lyWVoxyr6rDNldcGqM3TE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z58C29lyWVoxyr6rDNldcGqM3TE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:ab:0e:ee:c5:79:2d:72:db:f5:c8:c6:c5:f6:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9f02dbd972595a31cabeab0cd95d706a8cdd31
        Validity
            Not Before: Jan  2 00:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b046f54b9384b2c23919e8daeccf1abc4190ed89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:25:99:8b:ec:a7:fa:e0:68:7c:28:43:42:32:
                    4a:4c:7a:06:c5:09:71:57:de:cb:14:97:ad:ed:20:
                    91:eb:76:45:a2:30:8a:f5:d0:5b:b4:c1:d5:df:54:
                    f0:f6:66:95:7b:24:79:ff:57:01:12:b8:80:e7:26:
                    b9:f6:b1:ce:55:e6:58:2a:84:23:bd:e9:18:52:fd:
                    80:00:fb:17:c6:6f:28:9e:95:8d:f3:42:10:4c:c9:
                    42:5d:7d:d9:14:b5:03:a9:c0:d4:61:da:3b:16:4b:
                    6a:e0:ec:6f:31:d0:2b:c6:b6:a8:4e:d3:55:ad:37:
                    15:5b:9d:96:db:d7:a3:bd:d3:06:b5:e4:f2:7e:e3:
                    39:c8:ae:32:72:26:ff:3c:38:12:e2:48:6a:49:4a:
                    24:bf:8f:33:ff:d2:42:31:9f:ed:ae:97:a3:f4:25:
                    55:50:48:23:2f:11:53:10:28:21:a3:8a:e9:82:1c:
                    d2:6c:10:79:85:45:df:a6:1d:75:b0:d4:25:9c:b5:
                    1e:38:33:89:de:ce:f0:f7:33:87:f4:00:b4:12:7f:
                    6b:aa:0c:5b:9f:74:00:82:fd:09:d3:42:de:97:40:
                    b0:80:26:14:b6:f9:ba:ff:ab:79:2e:ab:61:d2:d8:
                    97:a7:ac:99:5f:77:68:6f:f1:f6:3e:03:c4:bb:d9:
                    de:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:46:F5:4B:93:84:B2:C2:39:19:E8:DA:EC:CF:1A:BC:41:90:ED:89
            X509v3 Authority Key Identifier:
                keyid:CF:9F:02:DB:D9:72:59:5A:31:CA:BE:AB:0C:D9:5D:70:6A:8C:DD:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z58C29lyWVoxyr6rDNldcGqM3TE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4e7cf9-a9df-4ba3-af77-e2707e197541/1/sEb1S5OEssI5Geja7M8avEGQ7Yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4e7cf9-a9df-4ba3-af77-e2707e197541/1/z58C29lyWVoxyr6rDNldcGqM3TE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:43:b6:2e:bc:77:c0:79:92:ec:36:4c:d0:94:27:ce:75:66:
         16:1b:3a:b9:d7:5b:81:96:c6:14:11:5f:4d:6b:25:54:03:0b:
         22:ae:6a:13:9e:2c:00:db:f3:2a:21:47:0a:a7:95:23:bb:6c:
         32:31:40:f3:ab:b9:d7:32:b9:a2:72:86:54:c9:4c:53:7e:01:
         c2:39:8e:24:7d:da:7e:c7:6c:20:ca:a5:05:3e:5d:15:4a:66:
         8f:24:9c:96:6a:a7:92:18:9b:16:f4:f1:a4:73:b6:ab:cc:6c:
         6c:48:27:d1:6c:c8:c4:41:da:ef:1f:e9:5d:04:4a:4b:c2:b0:
         15:80:3b:44:28:39:5e:fe:21:c1:3d:a6:95:e6:51:1a:25:e1:
         c8:0a:89:8f:da:da:90:15:ac:bb:e0:98:64:ee:24:d9:ed:af:
         23:e6:2a:e0:67:82:8b:70:d3:16:7b:70:dc:3e:fc:33:dd:62:
         8d:38:e9:7b:cd:1c:49:86:83:e0:c7:f2:bb:d7:bc:30:9f:57:
         35:ef:75:c2:ab:0e:f6:89:52:10:e2:b5:b4:70:0b:e2:bb:cc:
         e9:d6:5d:eb:98:f3:cb:1f:f6:ba:a1:a7:6c:bd:ac:13:55:0a:
         2a:f2:84:ce:92:d2:03:a3:70:0b:5b:1d:e9:f7:2e:c2:1b:43:
         ca:8f:b6:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EqsO7sV5LXLb9cjGxfYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOWYwMmRiZDk3MjU5NWEzMWNhYmVhYjBjZDk1ZDcwNmE4
Y2RkMzEwHhcNMjYwMTAyMDAxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQ2ZjU0YjkzODRiMmMyMzkxOWU4ZGFlY2NmMWFiYzQxOTBlZDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiWZi+yn+uBofChDQjJKTHoGxQlx
V97LFJet7SCR63ZFojCK9dBbtMHV31Tw9maVeyR5/1cBEriA5ya59rHOVeZYKoQj
vekYUv2AAPsXxm8onpWN80IQTMlCXX3ZFLUDqcDUYdo7Fktq4OxvMdArxraoTtNV
rTcVW52W29ejvdMGteTyfuM5yK4ycib/PDgS4khqSUokv48z/9JCMZ/trpej9CVV
UEgjLxFTECgho4rpghzSbBB5hUXfph11sNQlnLUeODOJ3s7w9zOH9AC0En9rqgxb
n3QAgv0J00Lel0CwgCYUtvm6/6t5Lqth0tiXp6yZX3dob/H2PgPEu9nedQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBG9UuThLLCORno2uzPGrxBkO2JMB8GA1UdIwQY
MBaAFM+fAtvZcllaMcq+qwzZXXBqjN0xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejU4QzI5bHlXVm94eXI2ckRObGRjR3FNM1RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi80ZTdjZjktYTlkZi00YmEzLWFmNzct
ZTI3MDdlMTk3NTQxLzEvc0ViMVM1T0Vzc0k1R2VqYTdNOGF2RUdRN1lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi80ZTdjZjktYTlkZi00YmEzLWFmNzctZTI3MDdlMTk3NTQx
LzEvejU4QzI5bHlXVm94eXI2ckRObGRjR3FNM1RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubm4MA0G
CSqGSIb3DQEBCwUAA4IBAQBnQ7YuvHfAeZLsNkzQlCfOdWYWGzq511uBlsYUEV9N
ayVUAwsirmoTniwA2/MqIUcKp5Uju2wyMUDzq7nXMrmicoZUyUxTfgHCOY4kfdp+
x2wgyqUFPl0VSmaPJJyWaqeSGJsW9PGkc7arzGxsSCfRbMjEQdrvH+ldBEpLwrAV
gDtEKDle/iHBPaaV5lEaJeHIComP2tqQFay74Jhk7iTZ7a8j5irgZ4KLcNMWe3Dc
Pvwz3WKNOOl7zRxJhoPgx/K717wwn1c173XCqw72iVIQ4rW0cAviu8zp1l3rmPPL
H/a6oadsvawTVQoq8oTOktIDo3ALWx3p9y7CG0PKj7ZC
-----END CERTIFICATE-----