Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a080fc-543e-4f61-8fc7-e337bfe0279b/1/Bz1Og78AkWRD8W7h-uJAwoeUjBQ.roa
File:                     Bz1Og78AkWRD8W7h-uJAwoeUjBQ.roa (raw, json)
Hash identifier:          27Uy8+xilUquWMqY0UtKLCdmMywx5OczzbzcoUIZYdk=
Subject key identifier:   07:3D:4E:83:BF:00:91:64:43:F1:6E:E1:FA:E2:40:C2:87:94:8C:14
Certificate issuer:       /CN=0915f9e3c2902475c24cd45c692991bc71ff6643
Certificate serial:       019C903D5F3E59B44F9968BDC50CE48FD960
Authority key identifier: 09:15:F9:E3:C2:90:24:75:C2:4C:D4:5C:69:29:91:BC:71:FF:66:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CRX548KQJHXCTNRcaSmRvHH_ZkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a080fc-543e-4f61-8fc7-e337bfe0279b/1/Bz1Og78AkWRD8W7h-uJAwoeUjBQ.roa
Signing time:             Tue 24 Feb 2026 15:21:07 +0000
ROA not before:           Tue 24 Feb 2026 15:21:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198333
IP address blocks:        185.184.100.0/22 maxlen: 22
                          185.184.100.0/24 maxlen: 24
                          185.184.101.0/24 maxlen: 24
                          185.184.102.0/24 maxlen: 24
                          185.184.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/a080fc-543e-4f61-8fc7-e337bfe0279b/1/CRX548KQJHXCTNRcaSmRvHH_ZkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/a080fc-543e-4f61-8fc7-e337bfe0279b/1/CRX548KQJHXCTNRcaSmRvHH_ZkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CRX548KQJHXCTNRcaSmRvHH_ZkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:3d:5f:3e:59:b4:4f:99:68:bd:c5:0c:e4:8f:d9:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0915f9e3c2902475c24cd45c692991bc71ff6643
        Validity
            Not Before: Feb 24 15:21:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=073d4e83bf00916443f16ee1fae240c287948c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3f:06:69:84:19:2b:d1:e8:8a:fe:60:eb:7d:
                    81:34:0a:e6:f5:7a:de:8e:56:fd:f2:ec:a2:44:00:
                    87:2a:2c:f7:9d:db:48:8d:84:59:f2:76:a3:35:62:
                    86:13:0c:f9:07:56:96:9a:be:68:49:61:e5:79:05:
                    73:45:e7:13:09:5a:64:0e:82:79:7f:5d:23:f3:93:
                    a7:a5:a6:91:66:4d:fe:e0:c0:39:5d:7c:fc:cc:eb:
                    bf:24:c0:3d:e3:3d:a4:6d:c3:b6:e4:88:4f:39:c7:
                    0b:bf:67:cf:f5:f7:36:83:ca:e8:bb:0e:cf:cf:6d:
                    6a:00:0e:e8:61:05:1b:e2:b3:5f:59:92:20:3b:7a:
                    21:ff:0d:76:b5:0c:c8:23:53:7b:0b:3b:23:4c:88:
                    90:39:e9:ca:9f:4f:fd:bf:68:ba:a1:f0:19:ea:c4:
                    4e:7d:38:bc:72:c8:b2:c7:26:bc:ba:ba:e4:54:bf:
                    8d:f5:d0:98:c5:a4:98:1c:b4:b2:e2:5b:c1:9f:f5:
                    f8:03:ac:28:71:1d:2e:b3:1c:d9:fe:d6:55:56:d1:
                    ea:61:68:ee:2c:97:3e:45:95:dc:7d:1e:2a:50:76:
                    33:b3:b8:13:de:3c:7c:df:3e:a2:87:a1:50:b1:73:
                    5c:9f:ea:01:2d:49:c4:c1:b8:83:08:90:77:9c:d7:
                    79:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:3D:4E:83:BF:00:91:64:43:F1:6E:E1:FA:E2:40:C2:87:94:8C:14
            X509v3 Authority Key Identifier:
                keyid:09:15:F9:E3:C2:90:24:75:C2:4C:D4:5C:69:29:91:BC:71:FF:66:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CRX548KQJHXCTNRcaSmRvHH_ZkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a080fc-543e-4f61-8fc7-e337bfe0279b/1/Bz1Og78AkWRD8W7h-uJAwoeUjBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a080fc-543e-4f61-8fc7-e337bfe0279b/1/CRX548KQJHXCTNRcaSmRvHH_ZkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:3d:af:51:68:d7:0b:0a:36:42:90:5a:fe:9c:23:1c:60:d7:
         91:52:29:9a:0a:92:ca:6e:85:fb:a5:73:b9:a2:72:e1:ec:19:
         01:63:c7:de:e6:74:b2:a6:b4:c6:9f:d5:65:08:8b:07:87:2b:
         cc:3f:7b:27:50:c1:a4:1b:e8:3d:3c:c4:b4:d6:51:92:cb:40:
         5b:23:f3:24:e1:4a:14:69:83:51:7d:02:75:15:dd:2f:eb:3c:
         bb:3f:0c:f6:58:a4:d1:28:ef:22:81:46:07:ef:28:c6:40:e0:
         d9:f8:1e:e8:ea:38:e6:cb:3c:35:d3:0e:5d:9d:70:df:ad:b1:
         67:25:7b:d8:c8:d5:f6:79:3a:bb:5d:97:2b:7b:36:e2:e7:3d:
         6f:29:f7:40:51:eb:b4:b0:41:5f:4f:01:16:9f:77:5c:57:ba:
         3d:24:56:6b:e7:db:8e:54:76:84:16:a5:f0:28:ba:ec:65:e4:
         6b:b7:be:ce:f2:fe:fb:a8:ae:cc:32:ec:42:73:da:06:9b:ab:
         b6:7b:af:e4:a0:4e:49:cd:3c:ae:5a:df:e2:4f:d9:48:fb:b8:
         48:9d:38:2d:e2:c7:91:7b:7a:93:88:d6:7c:87:0a:df:c2:cf:
         22:45:aa:1f:5d:55:22:2e:5d:52:2b:56:9e:3f:83:3b:b9:cc:
         bf:6b:a0:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyQPV8+WbRPmWi9xQzkj9lgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MTVmOWUzYzI5MDI0NzVjMjRjZDQ1YzY5Mjk5MWJjNzFm
ZjY2NDMwHhcNMjYwMjI0MTUyMTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzNkNGU4M2JmMDA5MTY0NDNmMTZlZTFmYWUyNDBjMjg3OTQ4YzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz8GaYQZK9Hoiv5g632BNArm9Xre
jlb98uyiRACHKiz3ndtIjYRZ8najNWKGEwz5B1aWmr5oSWHleQVzRecTCVpkDoJ5
f10j85OnpaaRZk3+4MA5XXz8zOu/JMA94z2kbcO25IhPOccLv2fP9fc2g8rouw7P
z21qAA7oYQUb4rNfWZIgO3oh/w12tQzII1N7CzsjTIiQOenKn0/9v2i6ofAZ6sRO
fTi8csiyxya8urrkVL+N9dCYxaSYHLSy4lvBn/X4A6wocR0usxzZ/tZVVtHqYWju
LJc+RZXcfR4qUHYzs7gT3jx83z6ih6FQsXNcn+oBLUnEwbiDCJB3nNd51wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAc9ToO/AJFkQ/Fu4friQMKHlIwUMB8GA1UdIwQY
MBaAFAkV+ePCkCR1wkzUXGkpkbxx/2ZDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1JYNTQ4S1FKSFhDVE5SY2FTbVJ2SEhfWmtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hMDgwZmMtNTQzZS00ZjYxLThmYzct
ZTMzN2JmZTAyNzliLzEvQnoxT2c3OEFrV1JEOFc3aC11SkF3b2VVakJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hMDgwZmMtNTQzZS00ZjYxLThmYzctZTMzN2JmZTAyNzli
LzEvQ1JYNTQ4S1FKSFhDVE5SY2FTbVJ2SEhfWmtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubhkMA0G
CSqGSIb3DQEBCwUAA4IBAQAaPa9RaNcLCjZCkFr+nCMcYNeRUimaCpLKboX7pXO5
onLh7BkBY8fe5nSyprTGn9VlCIsHhyvMP3snUMGkG+g9PMS01lGSy0BbI/Mk4UoU
aYNRfQJ1Fd0v6zy7Pwz2WKTRKO8igUYH7yjGQODZ+B7o6jjmyzw10w5dnXDfrbFn
JXvYyNX2eTq7XZcrezbi5z1vKfdAUeu0sEFfTwEWn3dcV7o9JFZr59uOVHaEFqXw
KLrsZeRrt77O8v77qK7MMuxCc9oGm6u2e6/koE5JzTyuWt/iT9lI+7hInTgt4seR
e3qTiNZ8hwrfws8iRaofXVUiLl1SK1aeP4M7ucy/a6C8
-----END CERTIFICATE-----