Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/I046pgaea8_r2iLhOnesthR7bkg.roa
File:                     I046pgaea8_r2iLhOnesthR7bkg.roa (raw, json)
Hash identifier:          iebhEzWUa7YFnPFB2Lfdh61nET2vxCQ1mscDyFpKnFs=
Subject key identifier:   23:4E:3A:A6:06:9E:6B:CF:EB:DA:22:E1:3A:77:AC:B6:14:7B:6E:48
Certificate issuer:       /CN=97aaa555a329edd86606cc0e3e296bd478ac73de
Certificate serial:       019B76EB1F7E813F67E488435CA1A3B32591
Authority key identifier: 97:AA:A5:55:A3:29:ED:D8:66:06:CC:0E:3E:29:6B:D4:78:AC:73:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l6qlVaMp7dhmBswOPilr1Hisc94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/I046pgaea8_r2iLhOnesthR7bkg.roa
Signing time:             Thu 01 Jan 2026 00:17:59 +0000
ROA not before:           Thu 01 Jan 2026 00:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204431
IP address blocks:        185.249.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/l6qlVaMp7dhmBswOPilr1Hisc94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/l6qlVaMp7dhmBswOPilr1Hisc94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l6qlVaMp7dhmBswOPilr1Hisc94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:1f:7e:81:3f:67:e4:88:43:5c:a1:a3:b3:25:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97aaa555a329edd86606cc0e3e296bd478ac73de
        Validity
            Not Before: Jan  1 00:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=234e3aa6069e6bcfebda22e13a77acb6147b6e48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6c:ab:58:c8:e8:ed:fe:6d:a7:d7:5f:0c:ae:
                    86:5a:2f:c4:e3:92:9f:35:8d:73:75:b0:cd:6a:68:
                    a1:85:64:bb:94:ac:08:2f:bc:e6:d4:ed:f5:57:5e:
                    aa:bb:4c:65:07:de:2a:5d:f3:02:5e:30:b2:da:67:
                    51:f3:8b:c4:d0:28:d3:ba:50:80:69:dd:01:12:f8:
                    21:0a:5f:56:4d:13:e3:90:b4:95:e6:00:ce:fc:52:
                    95:a2:65:fd:b6:a6:9c:31:00:8e:11:ed:6a:fa:b1:
                    ad:11:0c:5d:8f:ef:79:22:58:bc:42:6d:3e:bf:b6:
                    cb:6f:2b:45:43:ca:f6:11:2e:55:b4:f1:3d:ab:75:
                    49:0c:ea:da:0c:63:d9:df:8c:9c:78:be:53:18:64:
                    09:21:6d:d4:46:05:c9:e1:15:7b:ce:cd:a2:fc:cf:
                    eb:37:78:cf:bf:31:65:18:6c:25:be:99:89:22:fa:
                    bd:f0:48:17:5d:19:bc:49:83:59:ba:f9:27:ef:6a:
                    65:70:54:81:c1:a3:6d:09:3f:ad:2e:48:aa:bf:8a:
                    15:b3:3c:83:c4:a8:9b:be:54:06:3a:c9:1f:a1:27:
                    01:2e:80:3c:e8:9f:16:fe:bd:ee:2c:bc:ee:1e:c9:
                    e0:70:bb:01:9c:0e:6d:b0:35:96:8e:82:2a:da:75:
                    48:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:4E:3A:A6:06:9E:6B:CF:EB:DA:22:E1:3A:77:AC:B6:14:7B:6E:48
            X509v3 Authority Key Identifier:
                keyid:97:AA:A5:55:A3:29:ED:D8:66:06:CC:0E:3E:29:6B:D4:78:AC:73:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l6qlVaMp7dhmBswOPilr1Hisc94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/I046pgaea8_r2iLhOnesthR7bkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/l6qlVaMp7dhmBswOPilr1Hisc94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:7c:13:ff:b6:2c:84:72:9b:3b:17:4c:d0:1d:c3:b2:a7:8a:
         9b:d2:31:36:67:66:65:84:e0:8f:30:b0:33:a0:79:99:3a:bf:
         97:2c:8d:b2:b3:e2:6a:f9:a0:db:5f:04:1d:82:7a:77:d4:bb:
         8c:4f:75:39:cf:3b:bd:91:0e:b3:3e:86:f5:31:ba:fa:da:ed:
         b0:89:cc:ff:24:66:6c:57:b7:b6:06:70:3b:ef:be:41:7d:ce:
         b7:00:90:7f:ce:68:10:46:b7:7e:12:5f:a7:c9:3d:d9:5e:74:
         6a:78:db:91:74:85:1a:55:63:c1:55:13:43:37:ae:bd:54:22:
         a6:a3:89:91:f3:27:d0:71:44:5c:d1:72:53:31:bd:6a:4f:e5:
         c6:8f:37:ba:3a:53:88:5d:ff:45:35:de:4e:ed:e7:d4:95:ed:
         6a:63:70:d8:64:25:30:c3:48:29:5b:59:1b:47:4f:8e:f8:69:
         6a:ac:92:1a:7f:8d:f6:61:58:ce:e2:15:19:f9:b0:2d:60:d6:
         4f:89:d6:f9:71:18:78:ad:ef:a5:d0:0e:61:a5:e2:75:05:c3:
         a1:a3:96:b4:73:6d:d2:a2:cf:50:bd:02:45:14:53:f8:26:18:
         62:0b:fe:2e:d7:8f:bc:79:6e:e3:b3:31:97:0d:ec:ca:3d:a3:
         c8:74:d5:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26x9+gT9n5IhDXKGjsyWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YWFhNTU1YTMyOWVkZDg2NjA2Y2MwZTNlMjk2YmQ0Nzhh
YzczZGUwHhcNMjYwMTAxMDAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRlM2FhNjA2OWU2YmNmZWJkYTIyZTEzYTc3YWNiNjE0N2I2ZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02yrWMjo7f5tp9dfDK6GWi/E45Kf
NY1zdbDNamihhWS7lKwIL7zm1O31V16qu0xlB94qXfMCXjCy2mdR84vE0CjTulCA
ad0BEvghCl9WTRPjkLSV5gDO/FKVomX9tqacMQCOEe1q+rGtEQxdj+95Ili8Qm0+
v7bLbytFQ8r2ES5VtPE9q3VJDOraDGPZ34yceL5TGGQJIW3URgXJ4RV7zs2i/M/r
N3jPvzFlGGwlvpmJIvq98EgXXRm8SYNZuvkn72plcFSBwaNtCT+tLkiqv4oVszyD
xKibvlQGOskfoScBLoA86J8W/r3uLLzuHsngcLsBnA5tsDWWjoIq2nVIQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNOOqYGnmvP69oi4Tp3rLYUe25IMB8GA1UdIwQY
MBaAFJeqpVWjKe3YZgbMDj4pa9R4rHPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDZxbFZhTXA3ZGhtQnN3T1BpbHIxSGlzYzk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xMTk1YWItZWQ0MS00NTJmLWJjMjIt
N2ZkMGRlYWUzMmM1LzEvSTA0NnBnYWVhOF9yMmlMaE9uZXN0aFI3YmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xMTk1YWItZWQ0MS00NTJmLWJjMjItN2ZkMGRlYWUzMmM1
LzEvbDZxbFZhTXA3ZGhtQnN3T1BpbHIxSGlzYzk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufkQMA0G
CSqGSIb3DQEBCwUAA4IBAQBHfBP/tiyEcps7F0zQHcOyp4qb0jE2Z2ZlhOCPMLAz
oHmZOr+XLI2ys+Jq+aDbXwQdgnp31LuMT3U5zzu9kQ6zPob1Mbr62u2wicz/JGZs
V7e2BnA7775Bfc63AJB/zmgQRrd+El+nyT3ZXnRqeNuRdIUaVWPBVRNDN669VCKm
o4mR8yfQcURc0XJTMb1qT+XGjze6OlOIXf9FNd5O7efUle1qY3DYZCUww0gpW1kb
R0+O+GlqrJIaf432YVjO4hUZ+bAtYNZPidb5cRh4re+l0A5hpeJ1BcOho5a0c23S
os9QvQJFFFP4JhhiC/4u14+8eW7jszGXDezKPaPIdNVO
-----END CERTIFICATE-----