Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/cQs3AdIYxtQkf-UCcR9A6gUyGHU.roa
File:                     cQs3AdIYxtQkf-UCcR9A6gUyGHU.roa (raw, json)
Hash identifier:          XWBTr8jol7euXpdEvtLfDqK/TeI11GkVcT1lv4t3JuE=
Subject key identifier:   71:0B:37:01:D2:18:C6:D4:24:7F:E5:02:71:1F:40:EA:05:32:18:75
Certificate issuer:       /CN=6ba3186597742a926cd26504e1ed76f8543fdb26
Certificate serial:       019B7F82F2D03BFB41C931EFDE13ACBB192C
Authority key identifier: 6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/cQs3AdIYxtQkf-UCcR9A6gUyGHU.roa
Signing time:             Fri 02 Jan 2026 16:20:46 +0000
ROA not before:           Fri 02 Jan 2026 16:20:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212988
IP address blocks:        185.194.26.0/24 maxlen: 24
                          185.219.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:f2:d0:3b:fb:41:c9:31:ef:de:13:ac:bb:19:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ba3186597742a926cd26504e1ed76f8543fdb26
        Validity
            Not Before: Jan  2 16:20:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=710b3701d218c6d4247fe502711f40ea05321875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7c:86:5a:68:cf:35:c3:a6:b3:d5:30:6e:b8:
                    53:31:a0:f1:80:f5:a5:2d:7b:41:86:76:c0:40:f2:
                    e4:ec:28:4a:72:ce:2a:30:79:bc:ae:67:b7:70:60:
                    d0:e0:61:63:32:60:5b:82:70:6d:40:06:e0:f3:91:
                    de:63:12:40:1b:b3:49:4e:18:71:68:13:ff:0c:54:
                    31:db:b6:b7:be:1c:c7:99:e3:cb:cd:b5:e8:ad:a1:
                    40:a2:ac:30:bc:5b:fb:0d:4a:5b:df:06:fb:6b:cb:
                    81:2a:7f:29:5a:ca:b0:4a:e4:b9:14:b4:e7:bc:f4:
                    a2:a8:56:a5:b3:a9:3a:01:aa:19:1e:0a:da:0a:07:
                    87:19:12:48:5a:f6:a8:0a:36:34:c3:fa:3b:2c:07:
                    77:fa:84:9c:57:57:ad:f5:6a:e3:9e:8e:5c:a4:ce:
                    e5:3f:d5:7a:51:d2:66:6c:91:0c:4f:29:65:d4:66:
                    b8:ae:10:86:3d:db:b6:a7:94:59:ec:98:9a:dd:9b:
                    66:3c:72:d8:81:97:b8:9c:e7:13:91:7d:29:96:5e:
                    1c:5b:95:ae:67:7a:14:07:b7:a0:a1:e2:1f:2b:9b:
                    de:6e:09:4b:89:20:ed:3b:9e:fc:b0:9c:d5:07:0e:
                    6a:2a:19:d7:8f:20:60:a2:df:6c:d3:54:5c:6f:45:
                    3c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:0B:37:01:D2:18:C6:D4:24:7F:E5:02:71:1F:40:EA:05:32:18:75
            X509v3 Authority Key Identifier:
                keyid:6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/cQs3AdIYxtQkf-UCcR9A6gUyGHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.26.0/24
                  185.219.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:9c:c2:fb:b4:9e:1b:5b:1c:fa:18:34:bc:e3:cd:ea:9d:95:
         0a:19:ee:cc:f4:1a:a5:7f:bc:11:28:97:e3:3f:28:ad:ba:38:
         3d:94:d9:ca:d7:56:c0:85:bd:29:9f:04:f1:95:88:c7:89:55:
         ad:91:3b:da:c5:f5:ac:36:7a:25:7a:8e:af:2d:b6:8f:9a:3b:
         da:80:a4:7f:08:3a:9d:af:a5:d0:f6:44:3b:1f:a1:4a:cf:b3:
         2e:3d:87:15:5b:ec:9b:fb:9f:8f:54:6c:85:63:cd:f1:44:6d:
         5d:51:f2:4a:b7:7d:02:be:a3:f3:df:2e:ab:d0:20:b7:38:90:
         36:39:8b:79:38:73:da:61:52:49:76:4c:8e:ae:58:bd:3f:5f:
         02:c3:68:8c:50:4c:df:20:17:69:00:fd:4a:94:37:fa:af:ff:
         6d:c2:75:4d:4a:a3:76:21:89:39:d7:1a:82:0a:80:c2:6d:9d:
         46:a7:a7:ec:e3:7d:dd:49:4f:c2:09:7b:9e:be:67:63:e6:c6:
         3e:d2:ca:fc:c5:5e:2c:cd:93:6e:78:48:f9:a1:f4:91:f8:d9:
         ae:0d:46:5d:70:c0:cd:bb:fa:8d:6d:10:bf:e0:5c:0b:f7:2f:
         f0:0d:4b:8f:00:7a:5f:5e:bc:10:33:98:c4:0e:b2:c1:dd:de:
         59:20:a9:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt/gvLQO/tByTHv3hOsuxksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYTMxODY1OTc3NDJhOTI2Y2QyNjUwNGUxZWQ3NmY4NTQz
ZmRiMjYwHhcNMjYwMTAyMTYyMDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTBiMzcwMWQyMThjNmQ0MjQ3ZmU1MDI3MTFmNDBlYTA1MzIxODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3yGWmjPNcOms9UwbrhTMaDxgPWl
LXtBhnbAQPLk7ChKcs4qMHm8rme3cGDQ4GFjMmBbgnBtQAbg85HeYxJAG7NJThhx
aBP/DFQx27a3vhzHmePLzbXoraFAoqwwvFv7DUpb3wb7a8uBKn8pWsqwSuS5FLTn
vPSiqFals6k6AaoZHgraCgeHGRJIWvaoCjY0w/o7LAd3+oScV1et9Wrjno5cpM7l
P9V6UdJmbJEMTyll1Ga4rhCGPdu2p5RZ7Jia3ZtmPHLYgZe4nOcTkX0pll4cW5Wu
Z3oUB7egoeIfK5vebglLiSDtO578sJzVBw5qKhnXjyBgot9s01Rcb0U8rQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHELNwHSGMbUJH/lAnEfQOoFMhh1MB8GA1UdIwQY
MBaAFGujGGWXdCqSbNJlBOHtdvhUP9smMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2Mt
YmMwMDdmMmRhYzI0LzEvY1FzM0FkSVl4dFFrZi1VQ2NSOUE2Z1V5R0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2MtYmMwMDdmMmRhYzI0
LzEvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucIaAwQA
udvaMA0GCSqGSIb3DQEBCwUAA4IBAQApnML7tJ4bWxz6GDS8483qnZUKGe7M9Bql
f7wRKJfjPyitujg9lNnK11bAhb0pnwTxlYjHiVWtkTvaxfWsNnoleo6vLbaPmjva
gKR/CDqdr6XQ9kQ7H6FKz7MuPYcVW+yb+5+PVGyFY83xRG1dUfJKt30CvqPz3y6r
0CC3OJA2OYt5OHPaYVJJdkyOrli9P18Cw2iMUEzfIBdpAP1KlDf6r/9twnVNSqN2
IYk51xqCCoDCbZ1Gp6fs433dSU/CCXuevmdj5sY+0sr8xV4szZNueEj5ofSR+Nmu
DUZdcMDNu/qNbRC/4FwL9y/wDUuPAHpfXrwQM5jEDrLB3d5ZIKnz
-----END CERTIFICATE-----