Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/mNbPgKFXcUtgAJjE5SL4MROXfYA.roa
File:                     mNbPgKFXcUtgAJjE5SL4MROXfYA.roa (raw, json)
Hash identifier:          a4hJIheKbu/FGPUQdVESELKh3R1aqx9DspXSa4TjObI=
Subject key identifier:   98:D6:CF:80:A1:57:71:4B:60:00:98:C4:E5:22:F8:31:13:97:7D:80
Certificate issuer:       /CN=ee182424b484197dc304524092dcdd992fcbe4be
Certificate serial:       019ECCB270A52E18AE652D4F60F75139DF5E
Authority key identifier: EE:18:24:24:B4:84:19:7D:C3:04:52:40:92:DC:DD:99:2F:CB:E4:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hgkJLSEGX3DBFJAktzdmS_L5L4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/mNbPgKFXcUtgAJjE5SL4MROXfYA.roa
Signing time:             Mon 15 Jun 2026 19:11:46 +0000
ROA not before:           Mon 15 Jun 2026 19:11:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208321
IP address blocks:        185.235.88.0/22 maxlen: 32
                          2a0b:e200::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/7hgkJLSEGX3DBFJAktzdmS_L5L4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/7hgkJLSEGX3DBFJAktzdmS_L5L4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hgkJLSEGX3DBFJAktzdmS_L5L4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cc:b2:70:a5:2e:18:ae:65:2d:4f:60:f7:51:39:df:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee182424b484197dc304524092dcdd992fcbe4be
        Validity
            Not Before: Jun 15 19:11:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98d6cf80a157714b600098c4e522f83113977d80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c0:d2:13:7e:c2:75:1e:ab:d7:db:9f:11:85:
                    eb:cf:d1:23:01:90:fd:df:40:92:6b:4f:2b:f0:5b:
                    f0:26:a5:ce:5a:8c:5e:87:01:bc:b7:01:73:33:e0:
                    70:b9:71:74:f9:49:5a:95:86:7b:09:07:93:af:28:
                    47:04:1e:de:11:d1:6d:11:f9:bb:aa:9d:bf:77:e7:
                    5c:34:96:be:e3:c8:38:ed:29:39:9a:6c:2e:5e:a6:
                    ed:f1:32:14:cd:ff:a7:38:51:dc:09:30:c9:cd:69:
                    36:b6:26:75:88:00:6b:df:b1:e7:07:a4:18:22:51:
                    43:77:69:a5:b7:ca:44:a6:d4:1e:1d:20:24:b6:6d:
                    87:bd:45:6f:ff:d7:c5:48:50:eb:8b:fb:cf:c4:88:
                    de:e9:ed:4c:0d:a9:3d:9b:d1:6b:49:98:2b:e4:5b:
                    a7:51:68:e0:d2:72:d6:1e:f8:b5:04:f1:d0:58:3b:
                    c0:f8:74:26:f7:82:82:c1:ed:f3:cf:de:4f:30:73:
                    72:78:8f:4a:81:48:b6:81:99:92:96:4e:d0:ad:07:
                    7e:34:37:22:fa:a8:c0:dc:a3:10:df:22:b8:6d:9b:
                    72:53:f7:69:94:70:41:81:7a:8d:a5:86:ea:d7:00:
                    f5:24:aa:d1:7f:88:40:89:4a:2b:16:45:62:1e:47:
                    64:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:D6:CF:80:A1:57:71:4B:60:00:98:C4:E5:22:F8:31:13:97:7D:80
            X509v3 Authority Key Identifier:
                keyid:EE:18:24:24:B4:84:19:7D:C3:04:52:40:92:DC:DD:99:2F:CB:E4:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hgkJLSEGX3DBFJAktzdmS_L5L4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/mNbPgKFXcUtgAJjE5SL4MROXfYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/7hgkJLSEGX3DBFJAktzdmS_L5L4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.88.0/22
                IPv6:
                  2a0b:e200::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:37:4e:77:c6:fc:c4:3d:6c:1d:66:91:a9:d5:77:7e:e9:7f:
         4f:c4:d7:b9:38:6d:12:3e:1d:c7:37:ae:d6:7e:0c:01:f3:d4:
         56:a0:af:c5:9b:7a:07:ac:75:d3:12:c6:8d:1b:7b:81:60:99:
         5a:33:a2:17:4b:f9:9e:3c:1f:59:f7:31:46:6e:5d:b0:f5:3a:
         10:e3:81:b7:9f:43:4f:77:bf:bb:0f:a6:50:04:3e:4a:07:c1:
         d3:f6:dd:9b:2c:31:e7:4d:5a:92:5f:01:07:43:e8:87:e0:7b:
         ef:b1:f7:9e:12:20:ae:7a:47:d9:94:52:ca:4a:0f:fe:74:ab:
         de:b6:9c:ea:e5:11:72:72:a9:39:b8:47:df:ee:82:7e:1e:8a:
         f0:5b:ea:4b:33:0e:b3:88:85:23:8c:6f:c6:48:ac:be:c6:86:
         f2:c9:37:1a:c0:5e:82:72:ba:a5:b9:7c:05:5b:74:46:28:9a:
         73:e3:5c:f8:ed:94:d6:34:d3:06:28:a5:d2:1f:4a:19:c8:87:
         8f:fa:6b:7b:57:f5:b0:0d:e1:92:a1:81:cd:27:aa:ee:73:8d:
         03:11:b5:05:19:0b:30:71:14:78:b3:7e:df:ff:9e:f6:ae:f4:
         cb:f8:a6:33:0d:54:13:5d:00:f9:7a:90:73:a8:f6:25:3c:42:
         9f:09:b5:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ7MsnClLhiuZS1PYPdROd9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMTgyNDI0YjQ4NDE5N2RjMzA0NTI0MDkyZGNkZDk5MmZj
YmU0YmUwHhcNMjYwNjE1MTkxMTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGQ2Y2Y4MGExNTc3MTRiNjAwMDk4YzRlNTIyZjgzMTEzOTc3ZDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58DSE37CdR6r19ufEYXrz9EjAZD9
30CSa08r8FvwJqXOWoxehwG8twFzM+BwuXF0+UlalYZ7CQeTryhHBB7eEdFtEfm7
qp2/d+dcNJa+48g47Sk5mmwuXqbt8TIUzf+nOFHcCTDJzWk2tiZ1iABr37HnB6QY
IlFDd2mlt8pEptQeHSAktm2HvUVv/9fFSFDri/vPxIje6e1MDak9m9FrSZgr5Fun
UWjg0nLWHvi1BPHQWDvA+HQm94KCwe3zz95PMHNyeI9KgUi2gZmSlk7QrQd+NDci
+qjA3KMQ3yK4bZtyU/dplHBBgXqNpYbq1wD1JKrRf4hAiUorFkViHkdkcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJjWz4ChV3FLYACYxOUi+DETl32AMB8GA1UdIwQY
MBaAFO4YJCS0hBl9wwRSQJLc3Zkvy+S+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2hna0pMU0VHWDNEQkZKQWt0emRtU19MNUw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi80YzQwNTgtOGVlMy00ZTNlLWEzMGMt
YmFjNDc2Yjk3ZWVlLzEvbU5iUGdLRlhjVXRnQUpqRTVTTDRNUk9YZllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi80YzQwNTgtOGVlMy00ZTNlLWEzMGMtYmFjNDc2Yjk3ZWVl
LzEvN2hna0pMU0VHWDNEQkZKQWt0emRtU19MNUw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuetYMA0E
AgACMAcDBQMqC+IAMA0GCSqGSIb3DQEBCwUAA4IBAQBkN053xvzEPWwdZpGp1Xd+
6X9PxNe5OG0SPh3HN67WfgwB89RWoK/Fm3oHrHXTEsaNG3uBYJlaM6IXS/mePB9Z
9zFGbl2w9ToQ44G3n0NPd7+7D6ZQBD5KB8HT9t2bLDHnTVqSXwEHQ+iH4Hvvsfee
EiCuekfZlFLKSg/+dKvetpzq5RFycqk5uEff7oJ+HorwW+pLMw6ziIUjjG/GSKy+
xobyyTcawF6CcrqluXwFW3RGKJpz41z47ZTWNNMGKKXSH0oZyIeP+mt7V/WwDeGS
oYHNJ6ruc40DEbUFGQswcRR4s37f/572rvTL+KYzDVQTXQD5epBzqPYlPEKfCbW1
-----END CERTIFICATE-----