Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/hK81XxwexeAS1Vg0WZOVuuxaXZ0.roa
File:                     hK81XxwexeAS1Vg0WZOVuuxaXZ0.roa (raw, json)
Hash identifier:          1mtzz3B7T8LCh8jy6BmMpwy7jaCIEVijH1m2+CPXt+Y=
Subject key identifier:   84:AF:35:5F:1C:1E:C5:E0:12:D5:58:34:59:93:95:BA:EC:5A:5D:9D
Certificate issuer:       /CN=4345d0773c7ade08d44819e3b611bd297a3989d3
Certificate serial:       019B77592A1550905F8C15DA8A8F1BE4AAD9
Authority key identifier: 43:45:D0:77:3C:7A:DE:08:D4:48:19:E3:B6:11:BD:29:7A:39:89:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/hK81XxwexeAS1Vg0WZOVuuxaXZ0.roa
Signing time:             Thu 01 Jan 2026 02:18:10 +0000
ROA not before:           Thu 01 Jan 2026 02:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204883
IP address blocks:        185.237.208.0/24 maxlen: 24
                          185.237.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:2a:15:50:90:5f:8c:15:da:8a:8f:1b:e4:aa:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4345d0773c7ade08d44819e3b611bd297a3989d3
        Validity
            Not Before: Jan  1 02:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84af355f1c1ec5e012d55834599395baec5a5d9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:24:a9:eb:b9:0a:9b:c4:12:05:67:ea:45:e1:
                    e9:47:0e:e3:f5:52:49:39:0e:61:9a:b6:91:8f:81:
                    0a:a3:7c:bd:cf:b5:8f:4f:9f:44:b1:13:cd:c7:25:
                    1c:d7:31:23:eb:40:2f:06:cc:88:4e:f9:8f:10:13:
                    cf:59:68:98:17:f5:a2:08:42:37:3a:f4:2d:b4:56:
                    c0:7c:ee:98:d5:d7:0a:cf:ee:c0:4a:cf:57:9d:52:
                    6c:b2:21:ae:9e:c1:e5:ae:72:b5:7e:60:a4:ed:8e:
                    82:42:3f:4a:c3:95:9d:68:1e:a2:c4:34:65:e8:09:
                    46:1c:40:79:ab:b2:ba:65:15:2e:88:1d:e3:20:38:
                    78:fc:54:30:08:c4:16:21:d3:4e:90:ab:6c:8e:d8:
                    e6:59:61:1d:f6:3e:f0:22:3d:04:8a:ff:20:5c:5c:
                    58:ae:24:76:b7:cc:91:7c:93:8f:4b:fb:b9:3f:ed:
                    16:a5:c1:dd:e7:34:bd:a4:ad:c5:51:59:cb:e7:68:
                    65:96:dd:fa:f9:62:af:9d:45:d8:f5:0c:10:da:83:
                    f2:6f:a7:c7:3f:5a:8d:06:fa:33:ef:78:b5:3d:1f:
                    77:6c:5e:74:5c:d9:27:dc:11:ad:fa:c1:a3:64:72:
                    0b:4e:5d:dd:51:8d:5d:0d:3e:2e:2e:4b:57:25:69:
                    46:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:AF:35:5F:1C:1E:C5:E0:12:D5:58:34:59:93:95:BA:EC:5A:5D:9D
            X509v3 Authority Key Identifier:
                keyid:43:45:D0:77:3C:7A:DE:08:D4:48:19:E3:B6:11:BD:29:7A:39:89:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/hK81XxwexeAS1Vg0WZOVuuxaXZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:bb:97:a3:96:eb:89:79:f0:0b:38:6c:19:8c:10:9b:95:72:
         ed:4e:34:99:9b:a3:96:79:5d:c8:a5:2f:7c:6e:e7:1a:30:b2:
         fa:f9:02:61:9b:2b:cb:a9:69:af:3f:ec:1c:91:15:f1:a8:8d:
         ca:70:f5:09:4b:ed:44:c0:a7:79:42:8a:d3:40:52:98:3c:f2:
         d1:65:04:2b:89:e3:18:98:c4:f2:c4:3d:50:85:60:a1:be:2c:
         8c:96:90:32:72:d9:eb:e7:c4:fd:4e:38:d2:ad:83:3a:7c:e3:
         4e:49:c3:58:79:1f:c8:4a:7b:3b:56:ed:b0:a7:93:ff:90:63:
         6b:c9:a2:d3:cc:6b:ed:5a:80:88:56:6d:6d:e0:b9:1d:fa:0c:
         d6:de:89:5e:a2:c5:79:88:bc:0b:4e:af:33:b0:20:05:1b:c0:
         77:30:54:6b:9f:72:99:14:f4:66:06:a7:48:6f:e9:24:f2:7f:
         cb:0f:28:0c:43:ae:00:67:52:28:ec:9d:76:68:24:b9:bf:d0:
         1c:fd:c1:b1:9d:a6:91:93:b5:d6:64:99:a9:1e:0d:ff:44:34:
         01:62:ee:50:04:32:a4:d3:26:25:93:24:e0:92:50:5f:ef:87:
         79:3a:08:30:a6:1c:49:ac:ea:b9:61:3e:1d:75:fe:45:99:ac:
         1a:96:87:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WSoVUJBfjBXaio8b5KrZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNDVkMDc3M2M3YWRlMDhkNDQ4MTllM2I2MTFiZDI5N2Ez
OTg5ZDMwHhcNMjYwMTAxMDIxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGFmMzU1ZjFjMWVjNWUwMTJkNTU4MzQ1OTkzOTViYWVjNWE1ZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziSp67kKm8QSBWfqReHpRw7j9VJJ
OQ5hmraRj4EKo3y9z7WPT59EsRPNxyUc1zEj60AvBsyITvmPEBPPWWiYF/WiCEI3
OvQttFbAfO6Y1dcKz+7ASs9XnVJssiGunsHlrnK1fmCk7Y6CQj9Kw5WdaB6ixDRl
6AlGHEB5q7K6ZRUuiB3jIDh4/FQwCMQWIdNOkKtsjtjmWWEd9j7wIj0Eiv8gXFxY
riR2t8yRfJOPS/u5P+0WpcHd5zS9pK3FUVnL52hllt36+WKvnUXY9QwQ2oPyb6fH
P1qNBvoz73i1PR93bF50XNkn3BGt+sGjZHILTl3dUY1dDT4uLktXJWlGCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISvNV8cHsXgEtVYNFmTlbrsWl2dMB8GA1UdIwQY
MBaAFENF0Hc8et4I1EgZ47YRvSl6OYnTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTBYUWR6eDYzZ2pVU0JuanRoRzlLWG81aWRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9iYjk5NDctMTcyYy00OGIxLWJlOGUt
NGM5MDVhZGJmMDc2LzEvaEs4MVh4d2V4ZUFTMVZnMFdaT1Z1dXhhWFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9iYjk5NDctMTcyYy00OGIxLWJlOGUtNGM5MDVhZGJmMDc2
LzEvUTBYUWR6eDYzZ2pVU0JuanRoRzlLWG81aWRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue3QMA0G
CSqGSIb3DQEBCwUAA4IBAQCFu5ejluuJefALOGwZjBCblXLtTjSZm6OWeV3IpS98
bucaMLL6+QJhmyvLqWmvP+wckRXxqI3KcPUJS+1EwKd5QorTQFKYPPLRZQQrieMY
mMTyxD1QhWChviyMlpAyctnr58T9TjjSrYM6fONOScNYeR/ISns7Vu2wp5P/kGNr
yaLTzGvtWoCIVm1t4Lkd+gzW3oleosV5iLwLTq8zsCAFG8B3MFRrn3KZFPRmBqdI
b+kk8n/LDygMQ64AZ1Io7J12aCS5v9Ac/cGxnaaRk7XWZJmpHg3/RDQBYu5QBDKk
0yYlkyTgklBf74d5OggwphxJrOq5YT4ddf5FmawalocV
-----END CERTIFICATE-----