Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/Ac0XLXqXpgEddEsrkoSKMhuUpso.roa
File:                     Ac0XLXqXpgEddEsrkoSKMhuUpso.roa (raw, json)
Hash identifier:          hcS1j8BFCLepnUl+cjjqdatRIMd1L8yN3jT6//BI1Lw=
Subject key identifier:   01:CD:17:2D:7A:97:A6:01:1D:74:4B:2B:92:84:8A:32:1B:94:A6:CA
Certificate issuer:       /CN=b87fb0a6b8ff1c272bd092ca7006fd95a520f501
Certificate serial:       019E497547D775863A8A04D1AFCEC090A962
Authority key identifier: B8:7F:B0:A6:B8:FF:1C:27:2B:D0:92:CA:70:06:FD:95:A5:20:F5:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uH-wprj_HCcr0JLKcAb9laUg9QE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/Ac0XLXqXpgEddEsrkoSKMhuUpso.roa
Signing time:             Thu 21 May 2026 07:34:43 +0000
ROA not before:           Thu 21 May 2026 07:34:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21013
IP address blocks:        185.136.80.0/22 maxlen: 22
                          195.190.26.0/24 maxlen: 24
                          2a06:fb80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/uH-wprj_HCcr0JLKcAb9laUg9QE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/uH-wprj_HCcr0JLKcAb9laUg9QE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uH-wprj_HCcr0JLKcAb9laUg9QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:75:47:d7:75:86:3a:8a:04:d1:af:ce:c0:90:a9:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b87fb0a6b8ff1c272bd092ca7006fd95a520f501
        Validity
            Not Before: May 21 07:34:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01cd172d7a97a6011d744b2b92848a321b94a6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8b:d1:f0:8a:ee:09:a5:b1:a3:b7:f0:10:bf:
                    86:c2:ca:f2:0c:c0:11:96:79:93:53:3d:44:4b:bc:
                    71:e8:fa:b1:3d:cb:98:3a:a8:ff:90:23:2d:e7:23:
                    12:c9:36:fe:67:58:ef:9a:c6:38:dc:27:75:92:fa:
                    41:43:1d:16:ca:74:59:ea:2b:68:16:00:dc:06:20:
                    bd:ce:c2:6b:e9:ee:55:6c:42:1e:69:91:39:9b:81:
                    47:c6:37:76:20:e8:84:d1:2b:b2:f3:a9:bb:59:c0:
                    d8:dc:5d:b3:a1:68:f4:a1:1b:5f:ad:6a:c8:f7:7a:
                    c9:00:2c:48:69:95:58:c2:c1:6b:b5:8a:ff:b3:1c:
                    e7:8e:c0:ee:5b:41:d3:af:71:55:8e:5e:5e:34:40:
                    b8:1f:d7:79:23:39:b3:4e:55:7d:ca:13:82:97:12:
                    3d:09:da:f7:ca:66:82:66:00:a1:a9:bf:ae:f6:93:
                    d9:45:a5:14:04:a3:01:e7:81:4f:19:84:5a:fb:18:
                    5b:1a:ec:79:99:2d:77:f2:49:9e:9c:7a:0a:57:b8:
                    b5:f5:ac:43:36:6f:03:84:45:f0:f5:d9:3e:b2:8d:
                    2a:58:ef:fd:3f:32:fd:42:6c:0e:f2:ca:12:82:10:
                    95:1e:f5:fd:60:6f:83:3b:b4:fe:54:a7:2e:11:a5:
                    64:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:CD:17:2D:7A:97:A6:01:1D:74:4B:2B:92:84:8A:32:1B:94:A6:CA
            X509v3 Authority Key Identifier:
                keyid:B8:7F:B0:A6:B8:FF:1C:27:2B:D0:92:CA:70:06:FD:95:A5:20:F5:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uH-wprj_HCcr0JLKcAb9laUg9QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/Ac0XLXqXpgEddEsrkoSKMhuUpso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/b4f4bd-4cc8-4132-a9aa-1de2d57881cc/1/uH-wprj_HCcr0JLKcAb9laUg9QE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.80.0/22
                  195.190.26.0/24
                IPv6:
                  2a06:fb80::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:d7:aa:ff:a8:dc:32:b6:5f:1a:07:93:7a:85:19:b9:c1:e3:
         68:de:d1:fd:0a:db:c0:66:de:aa:91:ce:22:57:88:4a:71:8c:
         13:11:2f:74:5b:3a:33:3e:23:bb:53:9d:17:1f:69:7f:52:fc:
         90:48:a6:d7:57:39:aa:b5:e7:3a:1b:78:2f:33:7a:e3:ea:5c:
         67:bc:cb:6f:9a:5d:c6:80:3a:75:2d:75:e3:10:4b:76:85:61:
         e3:9c:ad:bb:66:18:7c:29:13:d1:0a:88:c4:7e:81:76:12:52:
         a4:5f:54:61:74:69:11:6c:56:05:9c:d9:a4:ab:74:ce:72:f2:
         e5:5d:c2:f1:c1:8f:8e:31:79:b4:ac:d2:60:71:18:7d:91:03:
         c1:c5:58:6e:eb:06:f2:7f:44:d6:42:13:82:a1:9c:af:71:8b:
         2a:33:ed:84:39:4a:0c:cd:26:49:1b:79:e8:6f:eb:fe:36:4a:
         77:0a:13:ca:d3:e8:01:f5:15:3d:ee:86:3c:17:2a:38:fa:76:
         f4:9a:99:6e:0a:52:59:39:b1:e4:d8:18:a8:95:34:83:a4:ad:
         cf:65:af:14:27:e2:55:be:cd:f5:26:45:1f:37:ed:91:0c:73:
         74:1e:76:3d:d5:87:33:30:70:41:42:03:d8:27:5e:08:bf:38:
         a1:89:b9:5f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ5JdUfXdYY6igTRr87AkKliMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4N2ZiMGE2YjhmZjFjMjcyYmQwOTJjYTcwMDZmZDk1YTUy
MGY1MDEwHhcNMjYwNTIxMDczNDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWNkMTcyZDdhOTdhNjAxMWQ3NDRiMmI5Mjg0OGEzMjFiOTRhNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIvR8IruCaWxo7fwEL+GwsryDMAR
lnmTUz1ES7xx6PqxPcuYOqj/kCMt5yMSyTb+Z1jvmsY43Cd1kvpBQx0WynRZ6ito
FgDcBiC9zsJr6e5VbEIeaZE5m4FHxjd2IOiE0Suy86m7WcDY3F2zoWj0oRtfrWrI
93rJACxIaZVYwsFrtYr/sxznjsDuW0HTr3FVjl5eNEC4H9d5IzmzTlV9yhOClxI9
Cdr3ymaCZgChqb+u9pPZRaUUBKMB54FPGYRa+xhbGux5mS138kmenHoKV7i19axD
Nm8DhEXw9dk+so0qWO/9PzL9QmwO8soSghCVHvX9YG+DO7T+VKcuEaVkdQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAHNFy16l6YBHXRLK5KEijIblKbKMB8GA1UdIwQY
MBaAFLh/sKa4/xwnK9CSynAG/ZWlIPUBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUgtd3Byal9IQ2NyMEpMS2NBYjlsYVVnOVFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9iNGY0YmQtNGNjOC00MTMyLWE5YWEt
MWRlMmQ1Nzg4MWNjLzEvQWMwWExYcVhwZ0VkZEVzcmtvU0tNaHVVcHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9iNGY0YmQtNGNjOC00MTMyLWE5YWEtMWRlMmQ1Nzg4MWNj
LzEvdUgtd3Byal9IQ2NyMEpMS2NBYjlsYVVnOVFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuYhQAwQA
w74aMA0EAgACMAcDBQMqBvuAMA0GCSqGSIb3DQEBCwUAA4IBAQA116r/qNwytl8a
B5N6hRm5weNo3tH9CtvAZt6qkc4iV4hKcYwTES90WzozPiO7U50XH2l/UvyQSKbX
Vzmqtec6G3gvM3rj6lxnvMtvml3GgDp1LXXjEEt2hWHjnK27Zhh8KRPRCojEfoF2
ElKkX1RhdGkRbFYFnNmkq3TOcvLlXcLxwY+OMXm0rNJgcRh9kQPBxVhu6wbyf0TW
QhOCoZyvcYsqM+2EOUoMzSZJG3nob+v+Nkp3ChPK0+gB9RU97oY8Fyo4+nb0mplu
ClJZObHk2BiolTSDpK3PZa8UJ+JVvs31JkUfN+2RDHN0HnY91YczMHBBQgPYJ14I
vzihiblf
-----END CERTIFICATE-----