Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/0cee23-064b-4566-b863-b496437cc5dc/1/TkW7QsEHj7p4co1qQ-4GY3yy26s.roa
File:                     TkW7QsEHj7p4co1qQ-4GY3yy26s.roa (raw, json)
Hash identifier:          iaZGknezVQgDJrbwMB8HGoEB5UI8hMfa/n4ACZ8oQkM=
Subject key identifier:   4E:45:BB:42:C1:07:8F:BA:78:72:8D:6A:43:EE:06:63:7C:B2:DB:AB
Certificate issuer:       /CN=bae2aa5e2603f7cf95d7b09a78b588adcefe3228
Certificate serial:       019D85F0211000F21EFD9ACBC07D09F29AD6
Authority key identifier: BA:E2:AA:5E:26:03:F7:CF:95:D7:B0:9A:78:B5:88:AD:CE:FE:32:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uuKqXiYD98-V17CaeLWIrc7-Mig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/0cee23-064b-4566-b863-b496437cc5dc/1/TkW7QsEHj7p4co1qQ-4GY3yy26s.roa
Signing time:             Mon 13 Apr 2026 08:23:20 +0000
ROA not before:           Mon 13 Apr 2026 08:23:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214225
IP address blocks:        185.65.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/0cee23-064b-4566-b863-b496437cc5dc/1/uuKqXiYD98-V17CaeLWIrc7-Mig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/0cee23-064b-4566-b863-b496437cc5dc/1/uuKqXiYD98-V17CaeLWIrc7-Mig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uuKqXiYD98-V17CaeLWIrc7-Mig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:85:f0:21:10:00:f2:1e:fd:9a:cb:c0:7d:09:f2:9a:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bae2aa5e2603f7cf95d7b09a78b588adcefe3228
        Validity
            Not Before: Apr 13 08:23:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e45bb42c1078fba78728d6a43ee06637cb2dbab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d3:c4:39:96:e2:0c:64:5e:2f:7e:05:46:38:
                    a7:20:3b:e5:5a:15:10:78:11:82:9c:be:31:ac:77:
                    02:a1:f1:20:83:c9:15:27:5c:e6:9c:83:81:55:bb:
                    56:f9:51:6c:e2:93:56:9a:38:e5:f9:d7:fd:5f:3c:
                    a6:8a:11:35:b0:74:fa:6c:6e:c8:ea:f9:3e:68:a4:
                    79:dc:49:0f:63:31:2a:6d:a7:9b:9d:b4:e9:34:fe:
                    00:43:61:d4:29:07:2f:b4:7a:6a:a3:af:92:6c:9b:
                    dd:55:4d:fd:24:1e:06:71:1c:34:01:d4:da:43:7c:
                    c3:e9:ad:3e:04:a8:d9:28:86:3c:61:34:e4:1f:da:
                    61:dd:7e:02:aa:9c:35:98:09:a3:b0:0f:3d:52:a1:
                    ab:ad:5e:6e:38:5f:c6:15:4c:bc:a3:8f:ba:70:9f:
                    01:7f:0f:9c:a0:37:55:47:7c:34:32:f3:f7:71:6a:
                    3b:40:4b:e9:e5:7f:b4:3c:43:e0:04:2c:95:ec:c1:
                    67:d0:25:1a:4d:11:10:e9:ce:09:2c:ba:c8:4f:59:
                    77:b5:93:b7:9b:8d:ae:cd:64:4f:21:1b:bc:70:4a:
                    ae:f3:bc:ff:61:5a:08:2a:90:fd:b1:40:b5:bb:e2:
                    6e:ff:57:24:7f:79:10:57:67:35:53:4a:6c:77:a6:
                    86:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:45:BB:42:C1:07:8F:BA:78:72:8D:6A:43:EE:06:63:7C:B2:DB:AB
            X509v3 Authority Key Identifier:
                keyid:BA:E2:AA:5E:26:03:F7:CF:95:D7:B0:9A:78:B5:88:AD:CE:FE:32:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uuKqXiYD98-V17CaeLWIrc7-Mig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0cee23-064b-4566-b863-b496437cc5dc/1/TkW7QsEHj7p4co1qQ-4GY3yy26s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0cee23-064b-4566-b863-b496437cc5dc/1/uuKqXiYD98-V17CaeLWIrc7-Mig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:91:72:64:ce:02:fb:0d:d5:f3:91:b6:45:e8:99:0f:18:70:
         0d:04:58:be:20:15:23:d6:ae:6f:5a:8b:79:d3:bc:f2:09:db:
         8c:71:bd:14:01:ee:9a:e9:6f:1a:52:30:d5:99:0e:0e:0f:95:
         d5:8c:59:74:f7:0c:26:60:10:82:c5:da:e9:a3:b9:1e:70:e5:
         65:dc:4e:87:2d:1b:66:89:95:39:d5:c9:e2:89:8c:ff:fb:f2:
         0b:df:b4:85:16:62:04:91:e0:09:ce:26:fc:b1:70:2d:30:21:
         5e:87:86:dd:70:61:4d:e5:f0:51:e3:a9:d6:bd:e8:32:10:a5:
         f1:21:94:4f:8f:a7:f8:06:da:f4:b9:56:98:2a:11:a9:e1:d3:
         cc:20:93:b6:3f:35:56:cf:c2:96:1f:07:35:b3:f6:76:37:a0:
         22:7c:6b:a8:c5:ef:a5:af:b1:44:19:b7:20:f1:31:d9:86:16:
         3f:f0:d1:1d:c6:c5:f3:53:8d:9f:65:b2:38:d9:44:32:9b:17:
         c3:c9:36:d3:18:5d:87:80:5c:5f:28:9c:76:6d:81:84:1b:6b:
         52:e3:8f:e6:f6:3c:78:17:1d:6f:28:de:95:f0:b7:7f:5d:bb:
         54:08:e8:68:96:77:8b:8c:1d:d7:51:ae:65:6d:6b:58:17:41:
         aa:ff:d2:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2F8CEQAPIe/ZrLwH0J8prWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhZTJhYTVlMjYwM2Y3Y2Y5NWQ3YjA5YTc4YjU4OGFkY2Vm
ZTMyMjgwHhcNMjYwNDEzMDgyMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQ1YmI0MmMxMDc4ZmJhNzg3MjhkNmE0M2VlMDY2MzdjYjJkYmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9PEOZbiDGReL34FRjinIDvlWhUQ
eBGCnL4xrHcCofEgg8kVJ1zmnIOBVbtW+VFs4pNWmjjl+df9XzymihE1sHT6bG7I
6vk+aKR53EkPYzEqbaebnbTpNP4AQ2HUKQcvtHpqo6+SbJvdVU39JB4GcRw0AdTa
Q3zD6a0+BKjZKIY8YTTkH9ph3X4Cqpw1mAmjsA89UqGrrV5uOF/GFUy8o4+6cJ8B
fw+coDdVR3w0MvP3cWo7QEvp5X+0PEPgBCyV7MFn0CUaTREQ6c4JLLrIT1l3tZO3
m42uzWRPIRu8cEqu87z/YVoIKpD9sUC1u+Ju/1ckf3kQV2c1U0psd6aG5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5Fu0LBB4+6eHKNakPuBmN8sturMB8GA1UdIwQY
MBaAFLriql4mA/fPldewmni1iK3O/jIoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXVLcVhpWUQ5OC1WMTdDYWVMV0lyYzctTWlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8wY2VlMjMtMDY0Yi00NTY2LWI4NjMt
YjQ5NjQzN2NjNWRjLzEvVGtXN1FzRUhqN3A0Y28xcVEtNEdZM3l5MjZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8wY2VlMjMtMDY0Yi00NTY2LWI4NjMtYjQ5NjQzN2NjNWRj
LzEvdXVLcVhpWUQ5OC1WMTdDYWVMV0lyYzctTWlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUF2MA0G
CSqGSIb3DQEBCwUAA4IBAQC2kXJkzgL7DdXzkbZF6JkPGHANBFi+IBUj1q5vWot5
07zyCduMcb0UAe6a6W8aUjDVmQ4OD5XVjFl09wwmYBCCxdrpo7kecOVl3E6HLRtm
iZU51cniiYz/+/IL37SFFmIEkeAJzib8sXAtMCFeh4bdcGFN5fBR46nWvegyEKXx
IZRPj6f4Btr0uVaYKhGp4dPMIJO2PzVWz8KWHwc1s/Z2N6AifGuoxe+lr7FEGbcg
8THZhhY/8NEdxsXzU42fZbI42UQymxfDyTbTGF2HgFxfKJx2bYGEG2tS44/m9jx4
Fx1vKN6V8Ld/XbtUCOholneLjB3XUa5lbWtYF0Gq/9Kv
-----END CERTIFICATE-----