Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f66d57-a075-4d87-9ab9-bcd12206ffaa/1/ccdFrTh3VHUoyOT1nnX0rj2puX8.roa
File:                     ccdFrTh3VHUoyOT1nnX0rj2puX8.roa (raw, json)
Hash identifier:          pTRpbV+9+EAGdM0aQTffw7AYRR2qz6vM+MiP328gvVI=
Subject key identifier:   71:C7:45:AD:38:77:54:75:28:C8:E4:F5:9E:75:F4:AE:3D:A9:B9:7F
Certificate issuer:       /CN=fb7b9ba2a7f4752d828b834abe51752b21906910
Certificate serial:       019C99ECEC6754846E3ADFEA26792789ED0A
Authority key identifier: FB:7B:9B:A2:A7:F4:75:2D:82:8B:83:4A:BE:51:75:2B:21:90:69:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3uboqf0dS2Ci4NKvlF1KyGQaRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f66d57-a075-4d87-9ab9-bcd12206ffaa/1/ccdFrTh3VHUoyOT1nnX0rj2puX8.roa
Signing time:             Thu 26 Feb 2026 12:29:26 +0000
ROA not before:           Thu 26 Feb 2026 12:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204810
IP address blocks:        185.239.59.0/24 maxlen: 24
                          2a0c:4b80:4000::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f66d57-a075-4d87-9ab9-bcd12206ffaa/1/1-3uboqf0dS2Ci4NKvlF1KyGQaRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f66d57-a075-4d87-9ab9-bcd12206ffaa/1/1-3uboqf0dS2Ci4NKvlF1KyGQaRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-3uboqf0dS2Ci4NKvlF1KyGQaRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:ec:ec:67:54:84:6e:3a:df:ea:26:79:27:89:ed:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb7b9ba2a7f4752d828b834abe51752b21906910
        Validity
            Not Before: Feb 26 12:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71c745ad3877547528c8e4f59e75f4ae3da9b97f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:43:c4:6f:58:de:9e:a2:60:3b:15:a4:0a:e0:
                    86:5d:33:27:c1:68:65:32:8e:a6:14:2e:2a:ab:7e:
                    3a:f9:f0:92:c5:36:c9:38:ce:76:e7:8c:51:2e:fc:
                    d2:f5:b6:d1:bd:dc:77:fe:8b:29:01:30:c6:0b:02:
                    ec:67:bb:c5:c1:90:4f:df:9c:cb:fe:e5:f6:48:b9:
                    63:ff:28:50:46:2e:20:90:9e:a7:f4:de:98:a5:c6:
                    78:66:b9:d0:cb:4d:12:3e:c1:cc:91:0a:a5:c2:c3:
                    c4:51:7a:9f:51:21:f7:ed:63:ef:85:42:07:e2:d1:
                    09:07:60:70:76:fa:3a:5d:51:61:76:29:e5:6e:1b:
                    c3:ce:64:91:47:f0:23:6d:13:f9:23:4c:5a:4b:90:
                    bf:b7:92:91:c5:0a:43:7a:6b:f7:be:38:e5:68:35:
                    e0:fe:bc:53:67:0e:b2:c7:e3:55:af:26:63:80:6c:
                    cd:06:2c:85:a1:12:f3:c3:41:dd:f0:c4:bb:41:97:
                    5c:32:8b:d6:05:98:9a:8b:76:d2:d2:5d:f5:8c:60:
                    cd:59:b8:97:43:df:bb:67:73:bb:8f:bd:4c:df:fa:
                    21:59:67:f7:e6:a5:bd:b6:95:49:ee:c5:50:7b:11:
                    11:74:91:29:cb:4e:03:d0:20:73:a5:29:ad:8a:26:
                    90:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:C7:45:AD:38:77:54:75:28:C8:E4:F5:9E:75:F4:AE:3D:A9:B9:7F
            X509v3 Authority Key Identifier:
                keyid:FB:7B:9B:A2:A7:F4:75:2D:82:8B:83:4A:BE:51:75:2B:21:90:69:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3uboqf0dS2Ci4NKvlF1KyGQaRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f66d57-a075-4d87-9ab9-bcd12206ffaa/1/ccdFrTh3VHUoyOT1nnX0rj2puX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f66d57-a075-4d87-9ab9-bcd12206ffaa/1/1-3uboqf0dS2Ci4NKvlF1KyGQaRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.59.0/24
                IPv6:
                  2a0c:4b80:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         d4:bd:3b:cd:f7:2c:f6:2c:07:6c:a1:b7:41:a6:d3:aa:6f:28:
         a7:f8:f1:91:fc:88:88:50:f4:0f:7d:2f:8e:a6:ae:7d:27:d6:
         04:b4:6f:1f:28:c7:fa:bf:33:1a:f6:5e:fd:1c:d6:0f:78:ed:
         2c:1f:db:fb:79:5e:44:85:b7:f2:b8:af:cb:ef:a3:79:2c:e8:
         89:5e:3a:e0:6b:83:12:39:75:6e:3c:d7:aa:f0:91:cf:ef:16:
         33:78:b1:be:1b:56:0f:02:f5:b8:b6:37:9f:4d:79:2b:64:63:
         23:52:da:72:da:c6:b3:81:a2:61:be:85:9d:5a:63:cd:2f:fd:
         70:1d:70:b6:e5:c8:44:75:37:6b:3f:25:e7:e1:13:b1:0d:07:
         13:2e:4c:5b:d1:2c:c9:a3:85:4e:83:52:31:46:b9:3f:12:1e:
         2c:fb:50:fe:01:4f:dc:e3:77:3e:ac:3a:a4:15:ab:a4:d6:b8:
         f7:01:ff:2a:9d:d8:68:ea:bb:95:33:53:9a:40:f5:22:2b:17:
         34:aa:24:23:38:69:64:7a:93:f2:b0:87:01:a9:3e:20:91:96:
         ac:16:c5:a4:92:e9:7c:91:b9:8e:97:d1:70:a7:b6:5b:d6:92:
         ce:6a:bd:f7:f4:6e:48:d5:f0:b6:3e:a2:f7:59:72:99:2d:71:
         25:6f:89:65
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZyZ7OxnVIRuOt/qJnknie0KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiN2I5YmEyYTdmNDc1MmQ4MjhiODM0YWJlNTE3NTJiMjE5
MDY5MTAwHhcNMjYwMjI2MTIyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWM3NDVhZDM4Nzc1NDc1MjhjOGU0ZjU5ZTc1ZjRhZTNkYTliOTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkPEb1jenqJgOxWkCuCGXTMnwWhl
Mo6mFC4qq346+fCSxTbJOM5254xRLvzS9bbRvdx3/ospATDGCwLsZ7vFwZBP35zL
/uX2SLlj/yhQRi4gkJ6n9N6YpcZ4ZrnQy00SPsHMkQqlwsPEUXqfUSH37WPvhUIH
4tEJB2Bwdvo6XVFhdinlbhvDzmSRR/AjbRP5I0xaS5C/t5KRxQpDemv3vjjlaDXg
/rxTZw6yx+NVryZjgGzNBiyFoRLzw0Hd8MS7QZdcMovWBZiai3bS0l31jGDNWbiX
Q9+7Z3O7j71M3/ohWWf35qW9tpVJ7sVQexERdJEpy04D0CBzpSmtiiaQ5wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHHHRa04d1R1KMjk9Z519K49qbl/MB8GA1UdIwQY
MBaAFPt7m6Kn9HUtgouDSr5RdSshkGkQMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zdWJvcWYwZFMyQ2k0Tkt2bEYxS3lHUWFSQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvZjY2ZDU3LWEwNzUtNGQ4Ny05YWI5
LWJjZDEyMjA2ZmZhYS8xL2NjZEZyVGgzVkhVb3lPVDFublgwcmoycHVYOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjEvZjY2ZDU3LWEwNzUtNGQ4Ny05YWI5LWJjZDEyMjA2ZmZh
YS8xLzEtM3Vib3FmMGRTMkNpNE5LdmxGMUt5R1FhUkEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLwYIKwYBBQUHAQcBAf8EIDAeMAwEAgABMAYDBAC57zsw
DgQCAAIwCAMGBioMS4BAMA0GCSqGSIb3DQEBCwUAA4IBAQDUvTvN9yz2LAdsobdB
ptOqbyin+PGR/IiIUPQPfS+Opq59J9YEtG8fKMf6vzMa9l79HNYPeO0sH9v7eV5E
hbfyuK/L76N5LOiJXjrga4MSOXVuPNeq8JHP7xYzeLG+G1YPAvW4tjefTXkrZGMj
Utpy2sazgaJhvoWdWmPNL/1wHXC25chEdTdrPyXn4ROxDQcTLkxb0SzJo4VOg1Ix
Rrk/Eh4s+1D+AU/c43c+rDqkFauk1rj3Af8qndho6ruVM1OaQPUiKxc0qiQjOGlk
epPysIcBqT4gkZasFsWkkul8kbmOl9Fwp7Zb1pLOar339G5I1fC2PqL3WXKZLXEl
b4ll
-----END CERTIFICATE-----