Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/oPkA19ZJNd0yyLJCr3CeoqKdL9k.roa
File:                     oPkA19ZJNd0yyLJCr3CeoqKdL9k.roa (raw, json)
Hash identifier:          +llqkRKNCnReFAJVuMNWFGoumJ45f+tlhYub+1L/278=
Subject key identifier:   A0:F9:00:D7:D6:49:35:DD:32:C8:B2:42:AF:70:9E:A2:A2:9D:2F:D9
Certificate issuer:       /CN=07bca0482d605587eb0e0c851c38e807755f9017
Certificate serial:       019C15BA81CF801CDB8DC40CB1F5CF824E31
Authority key identifier: 07:BC:A0:48:2D:60:55:87:EB:0E:0C:85:1C:38:E8:07:75:5F:90:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/oPkA19ZJNd0yyLJCr3CeoqKdL9k.roa
Signing time:             Sat 31 Jan 2026 20:24:30 +0000
ROA not before:           Sat 31 Jan 2026 20:24:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210705
IP address blocks:        185.84.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:15:ba:81:cf:80:1c:db:8d:c4:0c:b1:f5:cf:82:4e:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07bca0482d605587eb0e0c851c38e807755f9017
        Validity
            Not Before: Jan 31 20:24:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0f900d7d64935dd32c8b242af709ea2a29d2fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:69:18:b9:d3:3c:1a:79:7e:ed:87:d2:86:ad:
                    07:57:63:4e:c7:6c:7f:a1:79:b9:6b:df:9c:54:f7:
                    e8:67:cc:d3:1c:94:93:c9:79:48:4c:a2:bc:51:b3:
                    af:7b:a8:94:e8:db:9a:73:52:8a:d2:8c:bb:30:c9:
                    ae:df:65:fb:b2:57:c9:46:2e:a0:b3:2f:6d:fe:a7:
                    b8:eb:2e:50:5c:c9:35:5b:4e:33:d7:0c:9c:f6:cd:
                    89:ba:ff:43:3b:be:7c:3c:04:fc:10:74:28:99:87:
                    d2:4e:f1:8e:2f:9e:f9:a6:20:c3:df:5d:0e:7f:2f:
                    ca:13:3b:62:97:7d:70:b3:51:ba:5b:39:e3:a9:41:
                    c9:78:a7:c2:13:1d:0f:1f:2e:60:44:d6:a6:5e:37:
                    78:02:4c:02:a6:03:0c:34:57:92:30:d7:5e:d0:33:
                    7f:bf:80:d0:fe:b8:b4:31:5d:19:99:26:cb:10:73:
                    ef:d1:ef:46:50:4d:80:2d:07:0b:cb:3b:25:1c:46:
                    30:c0:cf:9f:99:71:0b:31:3c:2b:8f:5d:36:a9:86:
                    f8:be:5a:c2:3b:1b:e5:6f:a5:cf:21:26:b7:37:37:
                    36:a5:8f:40:7e:5a:c1:4d:69:e5:82:52:52:bb:8c:
                    91:7d:0e:9d:8f:11:19:12:a4:a5:37:49:3c:9b:aa:
                    80:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:F9:00:D7:D6:49:35:DD:32:C8:B2:42:AF:70:9E:A2:A2:9D:2F:D9
            X509v3 Authority Key Identifier:
                keyid:07:BC:A0:48:2D:60:55:87:EB:0E:0C:85:1C:38:E8:07:75:5F:90:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/oPkA19ZJNd0yyLJCr3CeoqKdL9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:36:44:ba:7d:d4:6e:c2:2d:95:49:90:19:e4:e1:fe:04:cf:
         6e:28:d5:56:d4:53:68:82:8d:1d:40:c6:c8:9d:c6:ab:67:fd:
         ec:72:28:56:d2:94:79:b3:ac:80:17:c2:37:43:1e:03:fd:67:
         37:c8:84:6c:c2:39:bc:e3:19:b3:7b:da:85:db:60:8c:9c:ae:
         f6:18:a0:65:35:ab:d6:69:67:dd:a1:9e:64:7d:17:7e:92:9e:
         7e:37:e5:26:83:2a:8b:49:be:ae:f9:33:73:75:1d:aa:4b:e8:
         ad:0a:8d:e6:c3:7f:51:9c:11:55:d0:3a:8e:7f:35:47:85:ec:
         96:f3:ad:50:40:f0:ab:6d:43:ef:ad:d8:f3:92:63:5b:38:d4:
         d1:db:8f:25:f8:a5:f8:40:46:27:0a:89:86:ea:8c:bf:8a:e1:
         a8:7c:b7:0e:ef:b8:50:53:45:92:47:c9:8a:f1:78:e8:68:eb:
         a8:c5:fa:66:3f:af:ef:aa:30:03:2c:be:84:90:30:39:b3:33:
         18:bd:14:0e:4d:90:c6:80:19:17:b6:d5:c5:64:1b:13:b0:6e:
         8d:c8:4b:19:2c:92:74:8a:de:60:4f:7a:5f:39:bf:d6:ea:1b:
         a1:72:06:52:4f:c3:8b:26:72:93:5e:01:78:62:b7:8d:92:5a:
         07:b3:78:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwVuoHPgBzbjcQMsfXPgk4xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YmNhMDQ4MmQ2MDU1ODdlYjBlMGM4NTFjMzhlODA3NzU1
ZjkwMTcwHhcNMjYwMTMxMjAyNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGY5MDBkN2Q2NDkzNWRkMzJjOGIyNDJhZjcwOWVhMmEyOWQyZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mkYudM8Gnl+7YfShq0HV2NOx2x/
oXm5a9+cVPfoZ8zTHJSTyXlITKK8UbOve6iU6Nuac1KK0oy7MMmu32X7slfJRi6g
sy9t/qe46y5QXMk1W04z1wyc9s2Juv9DO758PAT8EHQomYfSTvGOL575piDD310O
fy/KEztil31ws1G6WznjqUHJeKfCEx0PHy5gRNamXjd4AkwCpgMMNFeSMNde0DN/
v4DQ/ri0MV0ZmSbLEHPv0e9GUE2ALQcLyzslHEYwwM+fmXELMTwrj102qYb4vlrC
Oxvlb6XPISa3Nzc2pY9AflrBTWnlglJSu4yRfQ6djxEZEqSlN0k8m6qA7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKD5ANfWSTXdMsiyQq9wnqKinS/ZMB8GA1UdIwQY
MBaAFAe8oEgtYFWH6w4MhRw46Ad1X5AXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjd5Z1NDMWdWWWZyRGd5RkhEam9CM1Zma0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC83NjYzMTEtY2FhNC00Mzk5LThiMzUt
ZmM3OWFmMWY2ZmIzLzEvb1BrQTE5WkpOZDB5eUxKQ3IzQ2VvcUtkTDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC83NjYzMTEtY2FhNC00Mzk5LThiMzUtZmM3OWFmMWY2ZmIz
LzEvQjd5Z1NDMWdWWWZyRGd5RkhEam9CM1Zma0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVSdMA0G
CSqGSIb3DQEBCwUAA4IBAQASNkS6fdRuwi2VSZAZ5OH+BM9uKNVW1FNogo0dQMbI
ncarZ/3scihW0pR5s6yAF8I3Qx4D/Wc3yIRswjm84xmze9qF22CMnK72GKBlNavW
aWfdoZ5kfRd+kp5+N+UmgyqLSb6u+TNzdR2qS+itCo3mw39RnBFV0DqOfzVHheyW
861QQPCrbUPvrdjzkmNbONTR248l+KX4QEYnComG6oy/iuGofLcO77hQU0WSR8mK
8XjoaOuoxfpmP6/vqjADLL6EkDA5szMYvRQOTZDGgBkXttXFZBsTsG6NyEsZLJJ0
it5gT3pfOb/W6huhcgZST8OLJnKTXgF4YreNkloHs3hK
-----END CERTIFICATE-----