Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/aeBUt7IDPZFtCHCeh_1TFRyUYt0.roa
File:                     aeBUt7IDPZFtCHCeh_1TFRyUYt0.roa (raw, json)
Hash identifier:          VQrTwZaJ6Y1ce96ZjoBajejiZoxDYWssI1+tZb2f6jc=
Subject key identifier:   69:E0:54:B7:B2:03:3D:91:6D:08:70:9E:87:FD:53:15:1C:94:62:DD
Certificate issuer:       /CN=4721bf48e401660ee9611b35c04b5d1d1f3fabfa
Certificate serial:       019B7AC89338794BE07BD0D7265ABEB141CF
Authority key identifier: 47:21:BF:48:E4:01:66:0E:E9:61:1B:35:C0:4B:5D:1D:1F:3F:AB:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/aeBUt7IDPZFtCHCeh_1TFRyUYt0.roa
Signing time:             Thu 01 Jan 2026 18:18:43 +0000
ROA not before:           Thu 01 Jan 2026 18:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203350
IP address blocks:        185.18.223.0/24 maxlen: 24
                          2a05:4240::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:93:38:79:4b:e0:7b:d0:d7:26:5a:be:b1:41:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4721bf48e401660ee9611b35c04b5d1d1f3fabfa
        Validity
            Not Before: Jan  1 18:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69e054b7b2033d916d08709e87fd53151c9462dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:41:0d:10:df:67:1f:89:26:85:16:4c:f3:62:
                    b4:47:86:b8:94:db:b9:58:cf:0a:27:34:bf:7e:17:
                    d8:5a:f9:d6:48:ae:77:e4:c2:4e:c2:b5:06:b9:f6:
                    07:8d:1b:e1:84:23:e7:5f:92:62:0e:af:17:df:fe:
                    81:ed:7e:06:2c:42:e0:85:23:92:76:7d:18:54:bb:
                    65:0c:a2:b1:e3:88:61:2d:f1:8a:ca:4f:f1:e7:54:
                    e5:5e:7a:e3:cb:77:32:73:c2:83:f9:fa:1b:db:84:
                    c7:0c:46:1a:14:8f:49:3d:8f:ab:0f:8e:d3:f9:96:
                    b3:c6:8f:82:f2:ab:eb:e5:d9:bd:f3:f4:f7:b2:17:
                    82:ca:5b:03:70:a9:a5:2b:54:34:bb:7c:9e:fd:9b:
                    6a:be:37:87:df:bd:f2:79:3d:e1:78:71:e9:c8:36:
                    c8:b0:75:c2:94:7a:6a:ed:51:4e:45:28:62:60:65:
                    0d:8d:37:91:2d:70:f7:e8:6b:e7:ab:38:b5:b8:60:
                    74:a3:15:0e:a5:93:16:49:8a:33:fc:6d:22:e0:9d:
                    9e:7a:3d:ed:35:40:e9:ce:f9:3e:33:9d:76:2c:a6:
                    69:2a:9a:b7:6c:e3:b1:17:b0:b5:3a:6b:53:c3:d5:
                    17:11:75:0a:65:0d:73:16:41:a2:67:a5:43:20:ee:
                    31:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:E0:54:B7:B2:03:3D:91:6D:08:70:9E:87:FD:53:15:1C:94:62:DD
            X509v3 Authority Key Identifier:
                keyid:47:21:BF:48:E4:01:66:0E:E9:61:1B:35:C0:4B:5D:1D:1F:3F:AB:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/aeBUt7IDPZFtCHCeh_1TFRyUYt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.223.0/24
                IPv6:
                  2a05:4240::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:2a:3a:49:3e:d0:ad:1e:98:fc:48:12:db:40:f3:cf:55:7a:
         e6:44:a0:53:0d:f2:31:87:c8:c9:fb:36:78:64:bc:7b:b8:63:
         bd:b5:64:ff:6f:13:6d:64:1e:ca:68:97:bc:af:a6:10:5f:4e:
         fd:ee:36:9b:59:de:bf:75:ec:6b:82:86:38:81:ed:87:d7:44:
         7f:df:0e:46:66:41:5a:8e:c5:37:b6:20:4e:fa:3a:dd:4f:18:
         c7:d9:a7:3d:be:4c:47:f5:ea:f1:87:55:72:df:fe:c6:fb:2c:
         18:95:a6:5f:bf:ae:06:cb:e8:52:87:60:63:8b:24:e0:73:e3:
         68:61:82:2b:fa:ce:1d:01:65:46:f6:f8:f8:d8:da:fb:ec:8c:
         97:51:e8:bc:f6:15:e3:11:4e:0f:f5:da:cf:5b:98:b4:06:75:
         58:f9:20:f6:9b:8c:64:2a:ae:c6:93:7f:5f:55:ae:55:51:e8:
         9c:30:9d:2d:92:01:a4:c9:ff:cf:78:5a:e9:29:b9:30:c4:40:
         33:f1:b7:d6:15:46:20:51:e6:19:5e:3d:3b:09:a4:70:4b:1b:
         a3:c0:21:4e:aa:82:76:f2:83:c1:67:e0:8c:b5:55:4c:65:0f:
         67:1a:81:82:36:aa:79:c1:a2:73:eb:0c:ce:32:88:86:d0:1f:
         02:00:e7:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt6yJM4eUvge9DXJlq+sUHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjFiZjQ4ZTQwMTY2MGVlOTYxMWIzNWMwNGI1ZDFkMWYz
ZmFiZmEwHhcNMjYwMTAxMTgxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWUwNTRiN2IyMDMzZDkxNmQwODcwOWU4N2ZkNTMxNTFjOTQ2MmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUENEN9nH4kmhRZM82K0R4a4lNu5
WM8KJzS/fhfYWvnWSK535MJOwrUGufYHjRvhhCPnX5JiDq8X3/6B7X4GLELghSOS
dn0YVLtlDKKx44hhLfGKyk/x51TlXnrjy3cyc8KD+fob24THDEYaFI9JPY+rD47T
+Zazxo+C8qvr5dm98/T3sheCylsDcKmlK1Q0u3ye/ZtqvjeH373yeT3heHHpyDbI
sHXClHpq7VFORShiYGUNjTeRLXD36Gvnqzi1uGB0oxUOpZMWSYoz/G0i4J2eej3t
NUDpzvk+M512LKZpKpq3bOOxF7C1OmtTw9UXEXUKZQ1zFkGiZ6VDIO4xGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGngVLeyAz2RbQhwnof9UxUclGLdMB8GA1UdIwQY
MBaAFEchv0jkAWYO6WEbNcBLXR0fP6v6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlHX1NPUUJaZzdwWVJzMXdFdGRIUjhfcV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9lNmJhODEtYjM4ZS00YmIzLWIwMDUt
NTZmZGU1ZTcxNWIxLzEvYWVCVXQ3SURQWkZ0Q0hDZWhfMVRGUnlVWXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9lNmJhODEtYjM4ZS00YmIzLWIwMDUtNTZmZGU1ZTcxNWIx
LzEvUnlHX1NPUUJaZzdwWVJzMXdFdGRIUjhfcV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRLfMA0E
AgACMAcDBQAqBUJAMA0GCSqGSIb3DQEBCwUAA4IBAQB9KjpJPtCtHpj8SBLbQPPP
VXrmRKBTDfIxh8jJ+zZ4ZLx7uGO9tWT/bxNtZB7KaJe8r6YQX0797jabWd6/dexr
goY4ge2H10R/3w5GZkFajsU3tiBO+jrdTxjH2ac9vkxH9erxh1Vy3/7G+ywYlaZf
v64Gy+hSh2BjiyTgc+NoYYIr+s4dAWVG9vj42Nr77IyXUei89hXjEU4P9drPW5i0
BnVY+SD2m4xkKq7Gk39fVa5VUeicMJ0tkgGkyf/PeFrpKbkwxEAz8bfWFUYgUeYZ
Xj07CaRwSxujwCFOqoJ28oPBZ+CMtVVMZQ9nGoGCNqp5waJz6wzOMoiG0B8CAOdS
-----END CERTIFICATE-----