Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/o0tMA79YFIEEyFTw2xYa5Lv3piU.roa
File:                     o0tMA79YFIEEyFTw2xYa5Lv3piU.roa (raw, json)
Hash identifier:          8In4s4VKHhCyRo6MJFcuDqa2z/AG50EjAqON9SCd4uQ=
Subject key identifier:   A3:4B:4C:03:BF:58:14:81:04:C8:54:F0:DB:16:1A:E4:BB:F7:A6:25
Certificate issuer:       /CN=a43b5322b8ea38a7a044dcb0671a75dba1043d7e
Certificate serial:       019E5E8A36DF263172EB44CDEF100D0A0EF0
Authority key identifier: A4:3B:53:22:B8:EA:38:A7:A0:44:DC:B0:67:1A:75:DB:A1:04:3D:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDtTIrjqOKegRNywZxp126EEPX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/o0tMA79YFIEEyFTw2xYa5Lv3piU.roa
Signing time:             Mon 25 May 2026 09:49:36 +0000
ROA not before:           Mon 25 May 2026 09:49:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134094
IP address blocks:        185.190.17.0/24 maxlen: 24
                          185.190.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/pDtTIrjqOKegRNywZxp126EEPX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/pDtTIrjqOKegRNywZxp126EEPX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pDtTIrjqOKegRNywZxp126EEPX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 12:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:8a:36:df:26:31:72:eb:44:cd:ef:10:0d:0a:0e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a43b5322b8ea38a7a044dcb0671a75dba1043d7e
        Validity
            Not Before: May 25 09:49:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a34b4c03bf58148104c854f0db161ae4bbf7a625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:81:6f:da:2c:f2:22:7e:12:c3:a1:2e:d5:9f:
                    5a:de:1a:70:72:08:d6:4a:34:eb:04:48:e2:42:c9:
                    92:15:fd:7e:17:c0:d1:76:d9:29:b2:94:cc:01:1a:
                    d3:9e:20:06:11:e8:46:10:c5:2f:ec:65:b9:3e:51:
                    ef:fd:70:d0:a4:58:c7:8c:d2:22:bf:00:31:2a:99:
                    5e:d4:af:ad:dd:40:fa:cb:91:f6:c3:51:b8:0b:d3:
                    5c:6d:d3:e5:77:28:cd:4d:8a:bc:73:6e:d4:a4:f6:
                    6d:79:61:80:d1:61:a0:89:21:26:a6:61:c4:e9:b2:
                    b3:d6:66:66:a4:41:33:72:18:b8:2b:e0:7d:7f:25:
                    be:1a:4a:69:5f:a9:0b:4b:12:76:1d:27:41:99:a5:
                    75:34:eb:aa:94:51:8c:a8:a5:88:cd:46:5a:9b:bc:
                    ab:5a:50:36:49:13:2b:bc:0a:a6:db:9f:03:84:b7:
                    74:a4:f1:bb:16:81:09:66:92:2f:4c:96:6f:40:09:
                    9c:c4:aa:9f:e8:36:f4:af:54:8b:c4:69:61:e8:4f:
                    30:b3:c4:09:57:e5:10:01:9a:66:67:a6:8b:bd:d3:
                    3b:9f:fe:29:17:8c:96:93:99:08:55:f7:c6:6f:1f:
                    5b:84:24:fd:ce:60:68:ce:4b:c2:0a:d8:fb:b5:af:
                    80:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:4B:4C:03:BF:58:14:81:04:C8:54:F0:DB:16:1A:E4:BB:F7:A6:25
            X509v3 Authority Key Identifier:
                keyid:A4:3B:53:22:B8:EA:38:A7:A0:44:DC:B0:67:1A:75:DB:A1:04:3D:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDtTIrjqOKegRNywZxp126EEPX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/o0tMA79YFIEEyFTw2xYa5Lv3piU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/pDtTIrjqOKegRNywZxp126EEPX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.17.0-185.190.18.255

    Signature Algorithm: sha256WithRSAEncryption
         c6:a5:8c:9b:2d:f1:b7:8f:e1:79:2d:fb:e1:71:8c:00:96:81:
         e1:8b:01:c6:1b:54:d9:ba:dd:15:9d:b3:be:31:0c:4d:66:cb:
         ff:63:6f:07:b2:9a:e3:a1:77:3a:61:d5:d4:bf:ab:53:7a:3d:
         ea:b3:1b:dc:f3:ac:43:ea:e7:04:46:cc:87:14:6e:d0:f1:e0:
         ba:cf:93:36:00:cc:a9:4e:f3:68:b1:3c:80:e9:16:89:92:ca:
         e4:3b:16:70:f4:7e:ca:31:73:7b:8f:76:cd:b9:65:11:d7:55:
         76:20:c6:b4:8d:55:77:29:d6:ff:46:2b:1d:b1:0b:1e:53:24:
         ad:d4:53:8b:30:b5:c9:e5:33:5d:ff:2c:4f:e6:62:cb:5b:05:
         23:7a:f9:6c:25:d2:cf:75:0d:37:1e:df:8f:e4:52:c7:ae:b3:
         54:97:e5:12:5e:74:97:43:cd:fc:c4:4f:9e:eb:80:36:96:7f:
         be:82:a0:92:53:3b:4e:bb:1c:af:e9:1c:45:9b:bb:60:71:6a:
         4f:da:bc:0a:62:65:23:54:aa:ff:15:d2:53:98:c5:b6:67:3f:
         68:fe:13:9c:13:bf:04:8a:67:06:58:d6:39:d7:d6:9d:ea:58:
         b2:a9:cd:31:df:21:f3:eb:42:15:77:33:c6:7d:be:ad:18:98:
         d1:63:67:b5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5eijbfJjFy60TN7xANCg7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0M2I1MzIyYjhlYTM4YTdhMDQ0ZGNiMDY3MWE3NWRiYTEw
NDNkN2UwHhcNMjYwNTI1MDk0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzRiNGMwM2JmNTgxNDgxMDRjODU0ZjBkYjE2MWFlNGJiZjdhNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4Fv2izyIn4Sw6Eu1Z9a3hpwcgjW
SjTrBEjiQsmSFf1+F8DRdtkpspTMARrTniAGEehGEMUv7GW5PlHv/XDQpFjHjNIi
vwAxKple1K+t3UD6y5H2w1G4C9NcbdPldyjNTYq8c27UpPZteWGA0WGgiSEmpmHE
6bKz1mZmpEEzchi4K+B9fyW+GkppX6kLSxJ2HSdBmaV1NOuqlFGMqKWIzUZam7yr
WlA2SRMrvAqm258DhLd0pPG7FoEJZpIvTJZvQAmcxKqf6Db0r1SLxGlh6E8ws8QJ
V+UQAZpmZ6aLvdM7n/4pF4yWk5kIVffGbx9bhCT9zmBozkvCCtj7ta+ApQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKNLTAO/WBSBBMhU8NsWGuS796YlMB8GA1UdIwQY
MBaAFKQ7UyK46jinoETcsGcadduhBD1+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcER0VElyanFPS2VnUk55d1p4cDEyNkVFUFg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9hZTUyMDYtYzg0My00YmQ1LTg4NjAt
NzFlOTViMDRiM2VjLzEvbzB0TUE3OVlGSUVFeUZUdzJ4WWE1THYzcGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9hZTUyMDYtYzg0My00YmQ1LTg4NjAtNzFlOTViMDRiM2Vj
LzEvcER0VElyanFPS2VnUk55d1p4cDEyNkVFUFg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5vhED
BAC5vhIwDQYJKoZIhvcNAQELBQADggEBAMaljJst8beP4Xkt++FxjACWgeGLAcYb
VNm63RWds74xDE1my/9jbweymuOhdzph1dS/q1N6PeqzG9zzrEPq5wRGzIcUbtDx
4LrPkzYAzKlO82ixPIDpFomSyuQ7FnD0fsoxc3uPds25ZRHXVXYgxrSNVXcp1v9G
Kx2xCx5TJK3UU4swtcnlM13/LE/mYstbBSN6+Wwl0s91DTce34/kUseus1SX5RJe
dJdDzfzET57rgDaWf76CoJJTO067HK/pHEWbu2Bxak/avApiZSNUqv8V0lOYxbZn
P2j+E5wTvwSKZwZY1jnX1p3qWLKpzTHfIfPrQhV3M8Z9vq0YmNFjZ7U=
-----END CERTIFICATE-----