Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/b27baf-e681-4ab6-b903-6a10c6e3222d/1/kUCFqt07I3jOUhsa9vnLRiDNVxk.roa
File:                     kUCFqt07I3jOUhsa9vnLRiDNVxk.roa (raw, json)
Hash identifier:          5MGQy531WnFyAMvE7uD+I/swY7k4A1YC68qxb4dhi1w=
Subject key identifier:   91:40:85:AA:DD:3B:23:78:CE:52:1B:1A:F6:F9:CB:46:20:CD:57:19
Certificate issuer:       /CN=535a0905ad5684f414182c99e1ed998163093001
Certificate serial:       019C8F6109DCBBF0A9F59B979283249DD4E7
Authority key identifier: 53:5A:09:05:AD:56:84:F4:14:18:2C:99:E1:ED:99:81:63:09:30:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U1oJBa1WhPQUGCyZ4e2ZgWMJMAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/b27baf-e681-4ab6-b903-6a10c6e3222d/1/kUCFqt07I3jOUhsa9vnLRiDNVxk.roa
Signing time:             Tue 24 Feb 2026 11:20:27 +0000
ROA not before:           Tue 24 Feb 2026 11:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209082
IP address blocks:        185.222.16.0/22 maxlen: 24
                          2a0c:f000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/b27baf-e681-4ab6-b903-6a10c6e3222d/1/U1oJBa1WhPQUGCyZ4e2ZgWMJMAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/b27baf-e681-4ab6-b903-6a10c6e3222d/1/U1oJBa1WhPQUGCyZ4e2ZgWMJMAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U1oJBa1WhPQUGCyZ4e2ZgWMJMAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:61:09:dc:bb:f0:a9:f5:9b:97:92:83:24:9d:d4:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=535a0905ad5684f414182c99e1ed998163093001
        Validity
            Not Before: Feb 24 11:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=914085aadd3b2378ce521b1af6f9cb4620cd5719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0b:04:cc:7f:ef:31:df:40:80:ca:97:d4:ff:
                    6a:aa:66:19:25:b4:1a:36:19:b7:20:6a:f8:95:32:
                    24:6f:9b:c3:d4:a2:ca:90:ac:48:16:b3:de:bc:84:
                    fb:b8:4e:26:8a:80:b2:4b:32:b9:f2:c4:6e:1d:84:
                    22:75:9b:71:95:75:56:61:8b:4c:31:f4:2a:15:08:
                    d4:db:02:bb:c1:2f:96:68:97:b1:b8:f2:fe:c7:ac:
                    21:96:af:c5:e0:c8:fc:8f:be:6f:42:0c:f8:81:2d:
                    af:f7:21:08:e4:22:4b:d2:59:0f:af:c0:8f:1d:da:
                    8c:19:a5:cb:7c:97:04:7e:e3:d1:40:1b:08:9e:96:
                    2b:3d:1d:d1:7f:27:bc:02:f5:3c:61:22:e1:f9:dd:
                    fd:32:38:a2:8c:82:43:67:27:17:64:a0:86:da:4f:
                    25:18:92:d2:86:34:d4:0b:54:9d:8d:20:e1:ce:ab:
                    a6:6f:57:74:59:f9:fb:20:2e:a0:5c:99:e7:e1:5f:
                    72:84:6a:0c:29:66:d6:5a:9f:d5:1e:0e:c9:ee:8f:
                    b0:e9:71:bd:b1:dd:75:b6:f1:d4:0a:a3:0a:aa:4f:
                    1d:78:a9:65:c2:b5:f8:c0:36:f4:aa:df:0d:6b:7d:
                    f8:a2:45:2e:10:b8:49:11:b2:4e:97:c2:ba:54:76:
                    af:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:40:85:AA:DD:3B:23:78:CE:52:1B:1A:F6:F9:CB:46:20:CD:57:19
            X509v3 Authority Key Identifier:
                keyid:53:5A:09:05:AD:56:84:F4:14:18:2C:99:E1:ED:99:81:63:09:30:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1oJBa1WhPQUGCyZ4e2ZgWMJMAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b27baf-e681-4ab6-b903-6a10c6e3222d/1/kUCFqt07I3jOUhsa9vnLRiDNVxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b27baf-e681-4ab6-b903-6a10c6e3222d/1/U1oJBa1WhPQUGCyZ4e2ZgWMJMAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.16.0/22
                IPv6:
                  2a0c:f000::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:2b:fb:12:ca:45:17:1a:7c:58:6d:d9:c5:73:9a:8e:be:e2:
         29:c8:71:d7:ca:4c:18:2b:dd:5d:44:7a:ee:5e:33:f2:cc:0f:
         b4:90:3c:23:bb:49:ae:04:96:40:7f:86:2f:e2:66:f6:ee:67:
         73:30:53:28:51:70:78:7b:8e:9f:de:55:bc:85:8b:e6:b9:93:
         95:8a:8a:6c:9a:71:be:33:90:6f:08:2f:4e:aa:41:65:c3:5c:
         61:5a:65:0b:35:82:5d:96:cf:61:7e:85:fc:40:00:1e:e2:90:
         87:8f:49:eb:58:81:52:d5:3d:2c:51:d9:0d:4e:23:f8:44:0f:
         b3:fa:f8:f8:e3:d2:f4:be:f7:d5:d0:be:39:09:47:4b:65:c5:
         86:1d:29:67:54:e6:ef:f0:00:b6:b3:95:f7:63:d6:4d:94:f0:
         81:e7:25:76:82:39:d3:cb:73:d8:83:7b:55:77:48:09:5d:4a:
         69:46:9c:29:57:ec:c9:e1:4d:a7:63:a9:b6:d6:7e:b7:17:01:
         7d:4a:30:51:2d:12:5f:29:fa:8d:c7:9a:63:14:59:a1:66:78:
         73:23:59:3e:3e:39:7d:e7:03:bd:b9:1c:13:f7:80:00:e6:7e:
         8e:bf:04:aa:5e:ea:3b:b7:3d:33:60:ab:0c:ca:bb:dd:ae:1c:
         c2:c5:31:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZyPYQncu/Cp9ZuXkoMkndTnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNWEwOTA1YWQ1Njg0ZjQxNDE4MmM5OWUxZWQ5OTgxNjMw
OTMwMDEwHhcNMjYwMjI0MTEyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTQwODVhYWRkM2IyMzc4Y2U1MjFiMWFmNmY5Y2I0NjIwY2Q1NzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQsEzH/vMd9AgMqX1P9qqmYZJbQa
Nhm3IGr4lTIkb5vD1KLKkKxIFrPevIT7uE4mioCySzK58sRuHYQidZtxlXVWYYtM
MfQqFQjU2wK7wS+WaJexuPL+x6whlq/F4Mj8j75vQgz4gS2v9yEI5CJL0lkPr8CP
HdqMGaXLfJcEfuPRQBsInpYrPR3Rfye8AvU8YSLh+d39MjiijIJDZycXZKCG2k8l
GJLShjTUC1SdjSDhzqumb1d0Wfn7IC6gXJnn4V9yhGoMKWbWWp/VHg7J7o+w6XG9
sd11tvHUCqMKqk8deKllwrX4wDb0qt8Na334okUuELhJEbJOl8K6VHavwQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJFAhardOyN4zlIbGvb5y0YgzVcZMB8GA1UdIwQY
MBaAFFNaCQWtVoT0FBgsmeHtmYFjCTABMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFvSkJhMVdoUFFVR0N5WjRlMlpnV01KTUFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9iMjdiYWYtZTY4MS00YWI2LWI5MDMt
NmExMGM2ZTMyMjJkLzEva1VDRnF0MDdJM2pPVWhzYTl2bkxSaUROVnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9iMjdiYWYtZTY4MS00YWI2LWI5MDMtNmExMGM2ZTMyMjJk
LzEvVTFvSkJhMVdoUFFVR0N5WjRlMlpnV01KTUFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCud4QMA8E
AgACMAkDBwAqDPAAAAAwDQYJKoZIhvcNAQELBQADggEBAE4r+xLKRRcafFht2cVz
mo6+4inIcdfKTBgr3V1Eeu5eM/LMD7SQPCO7Sa4ElkB/hi/iZvbuZ3MwUyhRcHh7
jp/eVbyFi+a5k5WKimyacb4zkG8IL06qQWXDXGFaZQs1gl2Wz2F+hfxAAB7ikIeP
SetYgVLVPSxR2Q1OI/hED7P6+Pjj0vS+99XQvjkJR0tlxYYdKWdU5u/wALazlfdj
1k2U8IHnJXaCOdPLc9iDe1V3SAldSmlGnClX7MnhTadjqbbWfrcXAX1KMFEtEl8p
+o3HmmMUWaFmeHMjWT4+OX3nA725HBP3gADmfo6/BKpe6ju3PTNgqwzKu92uHMLF
MTg=
-----END CERTIFICATE-----