Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/12c66d-ac63-43fc-8894-ab087f43b595/1/R4Xor_QOm8kkue50w13Q01GksLs.roa
File:                     R4Xor_QOm8kkue50w13Q01GksLs.roa (raw, json)
Hash identifier:          hz+RaanVrQajJNEjuOfF15dTh+z02W3jfEQAUxrmmAk=
Subject key identifier:   47:85:E8:AF:F4:0E:9B:C9:24:B9:EE:74:C3:5D:D0:D3:51:A4:B0:BB
Certificate issuer:       /CN=bb8ae63b757da1af790f20f59c634811eeeb1bcc
Certificate serial:       019B7835569DA812E33D9D00E189627B26A9
Authority key identifier: BB:8A:E6:3B:75:7D:A1:AF:79:0F:20:F5:9C:63:48:11:EE:EB:1B:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4rmO3V9oa95DyD1nGNIEe7rG8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/12c66d-ac63-43fc-8894-ab087f43b595/1/R4Xor_QOm8kkue50w13Q01GksLs.roa
Signing time:             Thu 01 Jan 2026 06:18:40 +0000
ROA not before:           Thu 01 Jan 2026 06:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35224
IP address blocks:        185.192.188.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/12c66d-ac63-43fc-8894-ab087f43b595/1/u4rmO3V9oa95DyD1nGNIEe7rG8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/12c66d-ac63-43fc-8894-ab087f43b595/1/u4rmO3V9oa95DyD1nGNIEe7rG8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u4rmO3V9oa95DyD1nGNIEe7rG8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:56:9d:a8:12:e3:3d:9d:00:e1:89:62:7b:26:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8ae63b757da1af790f20f59c634811eeeb1bcc
        Validity
            Not Before: Jan  1 06:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4785e8aff40e9bc924b9ee74c35dd0d351a4b0bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c6:2c:80:c0:e6:08:ae:b4:4f:6b:b2:ad:2f:
                    03:b4:b5:b5:e7:70:ef:fd:95:dc:fb:c1:ff:cf:bd:
                    f9:d1:1d:a9:9d:bb:90:59:01:e3:c4:53:08:e8:3f:
                    b6:01:2a:57:a8:24:4a:67:be:7f:c2:00:e3:2e:63:
                    59:ff:e4:02:a9:21:bb:0d:45:50:05:55:3f:92:d2:
                    37:cd:cb:c7:d7:a9:0d:14:6f:54:b3:cf:97:96:32:
                    33:b3:43:70:83:d2:5e:99:fd:ea:9b:bb:44:87:04:
                    61:24:4a:c4:2c:e3:6a:4f:34:46:f8:37:54:d6:f1:
                    21:33:d7:ee:53:78:50:9c:cf:2f:37:2d:e4:24:0c:
                    1d:b5:2f:59:ee:2c:30:8e:0f:25:09:d5:7b:a5:47:
                    5e:c1:d9:37:f1:61:41:00:33:b7:6a:7b:1e:a5:c4:
                    a6:df:91:25:62:c1:5c:d9:3f:56:0f:fa:c0:34:a7:
                    ee:23:e8:82:25:b0:73:28:89:f0:fb:20:8f:be:e7:
                    4c:cd:87:28:d3:66:c9:9b:82:82:ca:7b:49:3c:e8:
                    35:cf:e3:67:26:8e:ad:d5:fc:89:84:b0:3c:12:95:
                    3d:2b:94:e5:41:67:d5:9d:53:3b:5b:21:7c:9e:93:
                    69:31:94:3b:7f:eb:6c:dc:c0:7c:25:db:cd:ef:05:
                    5d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:85:E8:AF:F4:0E:9B:C9:24:B9:EE:74:C3:5D:D0:D3:51:A4:B0:BB
            X509v3 Authority Key Identifier:
                keyid:BB:8A:E6:3B:75:7D:A1:AF:79:0F:20:F5:9C:63:48:11:EE:EB:1B:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4rmO3V9oa95DyD1nGNIEe7rG8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/12c66d-ac63-43fc-8894-ab087f43b595/1/R4Xor_QOm8kkue50w13Q01GksLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/12c66d-ac63-43fc-8894-ab087f43b595/1/u4rmO3V9oa95DyD1nGNIEe7rG8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e4:66:49:66:dc:c7:70:da:33:c5:67:47:06:ed:1a:49:23:65:
         bc:c3:f2:97:29:d2:aa:82:02:10:b2:85:30:75:91:17:dc:cb:
         42:26:ec:9b:89:17:e9:52:82:10:38:32:41:98:14:4a:64:5d:
         0f:b3:fc:98:9b:22:cb:1f:18:d0:fa:7b:03:a9:b5:d3:e7:55:
         c5:73:d2:c8:e6:71:04:86:30:1f:86:c7:ff:f8:c3:17:b2:03:
         7f:f6:08:9c:c4:e9:18:2c:c7:a1:02:a9:4f:2a:65:a1:fa:01:
         26:95:7e:2a:9c:64:e0:1e:13:47:72:df:2c:32:04:1b:7a:91:
         81:71:c6:b4:06:14:7c:88:ad:a7:fd:65:af:c9:dc:60:89:dd:
         01:90:ab:0a:ec:0d:55:3a:b1:15:67:fa:85:64:b3:51:51:6d:
         68:df:75:51:ba:2e:2e:41:f3:94:6f:5c:ab:79:2b:a0:f7:8c:
         2c:fb:1e:ff:63:3a:2d:5e:47:d8:59:d1:1b:f5:ba:24:0d:02:
         74:71:81:bc:39:40:24:48:00:a6:9d:6e:d4:3d:6c:85:28:e7:
         4e:85:7c:61:ad:6f:6c:e7:9f:ae:d4:1f:6b:aa:2b:69:84:6a:
         53:13:d2:e9:45:3e:e5:85:83:b7:c4:fd:cf:ae:66:bc:a4:b1:
         98:9d:1f:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NVadqBLjPZ0A4YlieyapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOGFlNjNiNzU3ZGExYWY3OTBmMjBmNTljNjM0ODExZWVl
YjFiY2MwHhcNMjYwMTAxMDYxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzg1ZThhZmY0MGU5YmM5MjRiOWVlNzRjMzVkZDBkMzUxYTRiMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8YsgMDmCK60T2uyrS8DtLW153Dv
/ZXc+8H/z7350R2pnbuQWQHjxFMI6D+2ASpXqCRKZ75/wgDjLmNZ/+QCqSG7DUVQ
BVU/ktI3zcvH16kNFG9Us8+XljIzs0Nwg9Jemf3qm7tEhwRhJErELONqTzRG+DdU
1vEhM9fuU3hQnM8vNy3kJAwdtS9Z7iwwjg8lCdV7pUdewdk38WFBADO3ansepcSm
35ElYsFc2T9WD/rANKfuI+iCJbBzKInw+yCPvudMzYco02bJm4KCyntJPOg1z+Nn
Jo6t1fyJhLA8EpU9K5TlQWfVnVM7WyF8npNpMZQ7f+ts3MB8JdvN7wVdrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEeF6K/0DpvJJLnudMNd0NNRpLC7MB8GA1UdIwQY
MBaAFLuK5jt1faGveQ8g9ZxjSBHu6xvMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRybU8zVjlvYTk1RHlEMW5HTklFZTdyRzh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8xMmM2NmQtYWM2My00M2ZjLTg4OTQt
YWIwODdmNDNiNTk1LzEvUjRYb3JfUU9tOGtrdWU1MHcxM1EwMUdrc0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8xMmM2NmQtYWM2My00M2ZjLTg4OTQtYWIwODdmNDNiNTk1
LzEvdTRybU8zVjlvYTk1RHlEMW5HTklFZTdyRzh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucC8MA0G
CSqGSIb3DQEBCwUAA4IBAQDkZklm3Mdw2jPFZ0cG7RpJI2W8w/KXKdKqggIQsoUw
dZEX3MtCJuybiRfpUoIQODJBmBRKZF0Ps/yYmyLLHxjQ+nsDqbXT51XFc9LI5nEE
hjAfhsf/+MMXsgN/9gicxOkYLMehAqlPKmWh+gEmlX4qnGTgHhNHct8sMgQbepGB
cca0BhR8iK2n/WWvydxgid0BkKsK7A1VOrEVZ/qFZLNRUW1o33VRui4uQfOUb1yr
eSug94ws+x7/YzotXkfYWdEb9bokDQJ0cYG8OUAkSACmnW7UPWyFKOdOhXxhrW9s
55+u1B9rqitphGpTE9LpRT7lhYO3xP3Prma8pLGYnR8k
-----END CERTIFICATE-----