Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/RK9fI8sbNK0VBXbpS84QJpl5Ewk.roa
File:                     RK9fI8sbNK0VBXbpS84QJpl5Ewk.roa (raw, json)
Hash identifier:          SAy40hVCAiu95Hv3FYg6XICYGvKciFg+hS5CZCW2VkA=
Subject key identifier:   44:AF:5F:23:CB:1B:34:AD:15:05:76:E9:4B:CE:10:26:99:79:13:09
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       019D635A273071E37688A7D96C88151A543F
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/RK9fI8sbNK0VBXbpS84QJpl5Ewk.roa
Signing time:             Mon 06 Apr 2026 15:12:25 +0000
ROA not before:           Mon 06 Apr 2026 15:12:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206977
IP address blocks:        185.138.12.0/22 maxlen: 22
                          185.138.12.0/24 maxlen: 24
                          185.138.13.0/24 maxlen: 24
                          185.138.14.0/24 maxlen: 24
                          185.138.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:5a:27:30:71:e3:76:88:a7:d9:6c:88:15:1a:54:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Apr  6 15:12:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44af5f23cb1b34ad150576e94bce102699791309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2f:01:16:bc:b5:3b:aa:e2:13:43:86:ff:65:
                    b2:26:39:9a:58:0f:db:8d:6e:c2:1c:46:4f:44:66:
                    ad:c8:8d:29:be:11:b7:04:ea:58:3f:7f:72:ab:7e:
                    05:cd:0d:03:53:4f:38:77:a8:21:94:e4:cb:99:86:
                    2f:19:5f:54:7a:b7:1f:fe:eb:c4:44:05:34:ff:0e:
                    a3:2d:ee:37:d9:2e:a8:08:dc:54:a9:d9:20:a6:12:
                    65:89:f5:ac:ee:c7:aa:57:ed:50:2a:99:6d:60:23:
                    1a:a8:84:76:4a:37:9e:37:c0:22:e2:a1:b4:4c:68:
                    2e:5a:e6:27:da:e3:fa:db:31:76:45:50:72:81:d8:
                    b4:7e:38:93:7f:1f:2e:58:6c:ba:d5:82:46:70:cf:
                    00:8d:44:a6:7e:44:ab:18:ac:5a:51:7d:27:b4:92:
                    7f:55:76:ee:cc:86:4b:0c:01:da:80:60:18:d4:1b:
                    5c:47:ae:97:7e:67:c9:f3:30:a5:fb:5a:23:de:40:
                    00:c0:dc:94:fb:df:e5:ce:b9:0b:99:f9:21:f8:40:
                    a4:f6:75:af:ed:a2:ae:08:46:00:9c:32:62:0d:b8:
                    95:6f:24:28:70:bd:5c:4a:8e:0b:f0:4f:76:bb:fb:
                    09:50:eb:69:de:fb:4e:e3:02:88:31:2a:59:46:3e:
                    c9:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AF:5F:23:CB:1B:34:AD:15:05:76:E9:4B:CE:10:26:99:79:13:09
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/RK9fI8sbNK0VBXbpS84QJpl5Ewk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:44:86:a1:26:60:cd:98:df:02:2a:84:cf:e5:10:61:cd:33:
         e7:eb:08:5a:7e:0c:f1:f5:29:c5:40:6d:9c:8f:e8:4e:54:65:
         89:a5:ef:c1:73:95:68:56:1b:ee:cc:cd:40:9b:d0:3b:31:77:
         6e:b9:69:07:41:58:89:78:f6:5a:20:74:0f:2c:30:22:de:ab:
         62:4a:0a:a8:ec:d8:19:1e:22:ef:04:1d:54:61:71:05:b1:2e:
         70:be:a1:28:a5:ac:21:7f:84:d2:b1:b3:f6:27:76:47:b1:f2:
         09:ec:2a:59:c9:53:18:cf:be:e4:a7:70:1b:ed:e0:ab:6d:3a:
         bd:c3:20:c7:bb:a3:72:c9:69:03:22:8e:43:8c:39:8f:ca:97:
         06:1b:5a:98:cc:5b:ae:5b:c0:da:e3:01:ff:3d:b3:c0:b3:ef:
         a5:36:5d:24:e1:a6:f5:4d:9a:6d:0f:b1:3c:85:c8:56:d1:96:
         6a:f1:14:3b:5f:9a:b1:f2:df:0c:f7:88:a5:aa:b3:77:b6:62:
         1e:e1:ef:29:06:ee:69:a4:c7:b2:75:4b:30:e1:70:18:06:75:
         bc:8f:c7:12:1d:2d:e5:c8:16:76:88:17:65:12:42:f8:38:68:
         e6:9b:24:a3:3f:96:ea:6d:61:1d:26:d6:9b:0e:7e:3e:8c:f0:
         3a:d7:9c:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1jWicwceN2iKfZbIgVGlQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjYwNDA2MTUxMjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGFmNWYyM2NiMWIzNGFkMTUwNTc2ZTk0YmNlMTAyNjk5NzkxMzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi8BFry1O6riE0OG/2WyJjmaWA/b
jW7CHEZPRGatyI0pvhG3BOpYP39yq34FzQ0DU084d6ghlOTLmYYvGV9Uercf/uvE
RAU0/w6jLe432S6oCNxUqdkgphJlifWs7seqV+1QKpltYCMaqIR2SjeeN8Ai4qG0
TGguWuYn2uP62zF2RVBygdi0fjiTfx8uWGy61YJGcM8AjUSmfkSrGKxaUX0ntJJ/
VXbuzIZLDAHagGAY1BtcR66XfmfJ8zCl+1oj3kAAwNyU+9/lzrkLmfkh+ECk9nWv
7aKuCEYAnDJiDbiVbyQocL1cSo4L8E92u/sJUOtp3vtO4wKIMSpZRj7JewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESvXyPLGzStFQV26UvOECaZeRMJMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvUks5Zkk4c2JOSzBWQlhicFM4NFFKcGw1RXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYoMMA0G
CSqGSIb3DQEBCwUAA4IBAQAuRIahJmDNmN8CKoTP5RBhzTPn6whafgzx9SnFQG2c
j+hOVGWJpe/Bc5VoVhvuzM1Am9A7MXduuWkHQViJePZaIHQPLDAi3qtiSgqo7NgZ
HiLvBB1UYXEFsS5wvqEopawhf4TSsbP2J3ZHsfIJ7CpZyVMYz77kp3Ab7eCrbTq9
wyDHu6NyyWkDIo5DjDmPypcGG1qYzFuuW8Da4wH/PbPAs++lNl0k4ab1TZptD7E8
hchW0ZZq8RQ7X5qx8t8M94ilqrN3tmIe4e8pBu5ppMeydUsw4XAYBnW8j8cSHS3l
yBZ2iBdlEkL4OGjmmySjP5bqbWEdJtabDn4+jPA615z6
-----END CERTIFICATE-----