Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/tQM1b8GfsM4oaMAkjEVJDdjjfU4.roa
File:                     tQM1b8GfsM4oaMAkjEVJDdjjfU4.roa (raw, json)
Hash identifier:          jP5wrci2mHQY2sLGCxUGNLtJM8ANIGltDX/7h4YI+3s=
Subject key identifier:   B5:03:35:6F:C1:9F:B0:CE:28:68:C0:24:8C:45:49:0D:D8:E3:7D:4E
Certificate issuer:       /CN=676244de0190a6dd5a899a2b37b002b9ae632c86
Certificate serial:       019B797EB3B11ED8D3043755B3F56C238C1D
Authority key identifier: 67:62:44:DE:01:90:A6:DD:5A:89:9A:2B:37:B0:02:B9:AE:63:2C:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z2JE3gGQpt1aiZorN7ACua5jLIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/tQM1b8GfsM4oaMAkjEVJDdjjfU4.roa
Signing time:             Thu 01 Jan 2026 12:18:25 +0000
ROA not before:           Thu 01 Jan 2026 12:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205863
IP address blocks:        185.203.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/Z2JE3gGQpt1aiZorN7ACua5jLIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/Z2JE3gGQpt1aiZorN7ACua5jLIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z2JE3gGQpt1aiZorN7ACua5jLIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:b3:b1:1e:d8:d3:04:37:55:b3:f5:6c:23:8c:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=676244de0190a6dd5a899a2b37b002b9ae632c86
        Validity
            Not Before: Jan  1 12:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b503356fc19fb0ce2868c0248c45490dd8e37d4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f1:83:74:24:91:cf:a3:16:ae:50:b3:1e:31:
                    d3:b0:30:0e:5d:50:20:79:a6:da:a3:41:a3:42:65:
                    d1:fd:01:2c:28:e4:c9:05:ca:81:81:b1:70:6f:c9:
                    1a:0b:a4:15:b2:f6:9d:47:eb:66:30:5d:e2:55:db:
                    cf:bc:eb:8c:ff:f9:8a:59:89:d6:83:77:8f:4e:36:
                    6c:df:2e:1d:fd:23:9b:1b:02:05:18:9c:68:ca:96:
                    ed:8d:60:e6:08:d4:05:ba:e2:6e:90:ff:d8:bc:49:
                    f3:0e:3e:c9:7e:f9:b3:71:78:b1:e6:7e:ed:06:10:
                    26:00:dd:98:c3:ae:5a:3d:33:ca:3d:26:3d:26:f4:
                    de:af:8f:8c:66:64:59:7e:43:da:41:53:7f:45:60:
                    b8:0d:ca:b0:3f:18:48:99:91:03:4f:31:11:15:10:
                    bd:aa:1f:fd:92:e1:96:25:76:0f:b5:53:6a:e0:4d:
                    2e:b3:c0:b4:22:33:67:41:6c:8b:3e:7f:53:65:e8:
                    96:b6:89:67:24:e0:02:26:97:7d:64:e8:0b:0f:c4:
                    85:3f:63:b7:46:20:df:9a:e4:bf:5c:02:86:5a:55:
                    61:80:a7:60:48:d2:c4:e6:94:19:5d:c1:e8:6e:df:
                    58:b5:6b:5d:d0:2c:45:1e:8f:9c:93:7a:ff:19:63:
                    bc:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:03:35:6F:C1:9F:B0:CE:28:68:C0:24:8C:45:49:0D:D8:E3:7D:4E
            X509v3 Authority Key Identifier:
                keyid:67:62:44:DE:01:90:A6:DD:5A:89:9A:2B:37:B0:02:B9:AE:63:2C:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z2JE3gGQpt1aiZorN7ACua5jLIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/tQM1b8GfsM4oaMAkjEVJDdjjfU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/Z2JE3gGQpt1aiZorN7ACua5jLIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:83:1e:2d:3e:76:29:1c:ea:b8:00:c9:a9:0d:0c:fe:00:01:
         f4:cc:c9:0b:8d:0c:4f:4e:b6:b9:8b:09:ce:75:e4:0b:61:49:
         3e:e2:db:b4:83:a1:fd:fc:57:a9:37:f7:0c:53:72:d5:13:0b:
         8c:78:5e:37:b4:bc:62:1f:3d:0b:d3:7d:06:a2:32:35:2b:97:
         59:57:e4:cf:91:87:b2:94:4a:3c:d2:bc:d9:6a:36:f9:11:7e:
         f8:e0:53:03:26:c0:b3:4a:4e:7e:99:df:09:28:64:d6:3d:99:
         ac:ce:de:c1:3d:48:f0:eb:d4:9c:46:df:1c:d7:cc:67:5f:89:
         c6:6f:86:1d:2a:74:be:04:45:ab:ab:f8:85:8e:85:d4:1c:c4:
         df:c6:b7:1e:30:15:44:44:c2:7c:9b:4f:cf:07:ef:c1:e2:44:
         83:89:37:10:43:3b:5a:bb:c8:57:e7:15:e9:be:c1:6d:6b:7a:
         02:ad:6c:06:d8:fc:12:d8:02:b6:08:73:50:30:70:82:80:27:
         c9:57:0d:d7:28:c9:7a:f5:ef:97:0e:63:20:59:5a:5c:30:6d:
         72:3a:5f:4e:4f:6a:8d:ae:1f:5b:1c:2c:70:5b:31:0f:d3:c3:
         14:46:1e:59:b6:85:dd:c6:da:19:f6:f8:f3:c9:11:34:52:d1:
         75:c8:88:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5frOxHtjTBDdVs/VsI4wdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NjI0NGRlMDE5MGE2ZGQ1YTg5OWEyYjM3YjAwMmI5YWU2
MzJjODYwHhcNMjYwMTAxMTIxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTAzMzU2ZmMxOWZiMGNlMjg2OGMwMjQ4YzQ1NDkwZGQ4ZTM3ZDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPGDdCSRz6MWrlCzHjHTsDAOXVAg
eabao0GjQmXR/QEsKOTJBcqBgbFwb8kaC6QVsvadR+tmMF3iVdvPvOuM//mKWYnW
g3ePTjZs3y4d/SObGwIFGJxoypbtjWDmCNQFuuJukP/YvEnzDj7JfvmzcXix5n7t
BhAmAN2Yw65aPTPKPSY9JvTer4+MZmRZfkPaQVN/RWC4DcqwPxhImZEDTzERFRC9
qh/9kuGWJXYPtVNq4E0us8C0IjNnQWyLPn9TZeiWtolnJOACJpd9ZOgLD8SFP2O3
RiDfmuS/XAKGWlVhgKdgSNLE5pQZXcHobt9YtWtd0CxFHo+ck3r/GWO8PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUDNW/Bn7DOKGjAJIxFSQ3Y431OMB8GA1UdIwQY
MBaAFGdiRN4BkKbdWomaKzewArmuYyyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjJKRTNnR1FwdDFhaVpvck43QUN1YTVqTElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kY2Q4N2YtNGFhNy00NGZmLTk3YmYt
Y2UzMmQ2NmYzMGE4LzEvdFFNMWI4R2ZzTTRvYU1Ba2pFVkpEZGpqZlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kY2Q4N2YtNGFhNy00NGZmLTk3YmYtY2UzMmQ2NmYzMGE4
LzEvWjJKRTNnR1FwdDFhaVpvck43QUN1YTVqTElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucucMA0G
CSqGSIb3DQEBCwUAA4IBAQApgx4tPnYpHOq4AMmpDQz+AAH0zMkLjQxPTra5iwnO
deQLYUk+4tu0g6H9/FepN/cMU3LVEwuMeF43tLxiHz0L030GojI1K5dZV+TPkYey
lEo80rzZajb5EX744FMDJsCzSk5+md8JKGTWPZmszt7BPUjw69ScRt8c18xnX4nG
b4YdKnS+BEWrq/iFjoXUHMTfxrceMBVERMJ8m0/PB+/B4kSDiTcQQztau8hX5xXp
vsFta3oCrWwG2PwS2AK2CHNQMHCCgCfJVw3XKMl69e+XDmMgWVpcMG1yOl9OT2qN
rh9bHCxwWzEP08MURh5ZtoXdxtoZ9vjzyRE0UtF1yIjZ
-----END CERTIFICATE-----