Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/a24b4e-6c5c-42c3-9b8c-68727c6fc1d3/1/h4sliK0wW-wV_fLIV-hVMdt8j90.roa
File:                     h4sliK0wW-wV_fLIV-hVMdt8j90.roa (raw, json)
Hash identifier:          nC61aBs28ehRtgiS7EhPTBum3rJp7V4Sc7tA8g7RTn0=
Subject key identifier:   87:8B:25:88:AD:30:5B:EC:15:FD:F2:C8:57:E8:55:31:DB:7C:8F:DD
Certificate issuer:       /CN=b56f2fce9e62a6168e2b2e9482045bf2cb0ab6e8
Certificate serial:       019E980E92E1D9F3BEBEBEA6F6425D78D542
Authority key identifier: B5:6F:2F:CE:9E:62:A6:16:8E:2B:2E:94:82:04:5B:F2:CB:0A:B6:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tW8vzp5iphaOKy6UggRb8ssKtug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/a24b4e-6c5c-42c3-9b8c-68727c6fc1d3/1/h4sliK0wW-wV_fLIV-hVMdt8j90.roa
Signing time:             Fri 05 Jun 2026 13:52:31 +0000
ROA not before:           Fri 05 Jun 2026 13:52:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213476
IP address blocks:        185.222.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/a24b4e-6c5c-42c3-9b8c-68727c6fc1d3/1/tW8vzp5iphaOKy6UggRb8ssKtug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/a24b4e-6c5c-42c3-9b8c-68727c6fc1d3/1/tW8vzp5iphaOKy6UggRb8ssKtug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tW8vzp5iphaOKy6UggRb8ssKtug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:98:0e:92:e1:d9:f3:be:be:be:a6:f6:42:5d:78:d5:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b56f2fce9e62a6168e2b2e9482045bf2cb0ab6e8
        Validity
            Not Before: Jun  5 13:52:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=878b2588ad305bec15fdf2c857e85531db7c8fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:16:c4:1b:9c:50:f3:bb:3a:a8:0a:c5:aa:ca:
                    51:79:ac:2b:b9:d0:0a:1b:21:a1:34:b4:07:15:17:
                    05:7b:15:57:9e:17:39:47:79:c2:50:3b:4d:29:0c:
                    82:d7:b7:f7:40:c0:54:f8:bb:dc:aa:d6:b5:ba:01:
                    b0:db:8d:28:31:41:8f:aa:45:e5:35:da:75:9b:82:
                    14:9f:2f:19:0d:07:b3:05:a3:82:d0:9f:b7:b3:80:
                    5f:77:75:b2:4e:e1:81:24:32:32:3c:db:7b:6a:31:
                    65:47:0a:5a:20:42:5c:13:f3:fe:b2:7c:89:6f:2a:
                    81:69:e6:c2:56:45:3e:3e:17:c2:a5:de:17:4b:f2:
                    81:c3:87:96:4b:48:f9:39:4b:eb:ec:89:b4:5a:d9:
                    84:86:4f:cf:7b:d4:b2:df:8a:6c:db:12:de:9a:5a:
                    b3:96:4f:f5:ae:69:39:29:06:f0:6d:02:09:74:98:
                    eb:07:b5:9c:da:21:9c:cb:59:1f:d6:be:46:1f:27:
                    67:d2:f1:f7:91:57:dc:e1:72:18:09:28:3a:67:92:
                    11:f3:e2:02:66:af:62:75:6a:ab:a6:9c:05:36:ae:
                    ad:db:41:e0:7f:c0:88:8c:3c:f2:5c:d0:b4:f2:5f:
                    f7:4d:f5:3d:d5:f3:0b:75:cf:6c:f7:20:36:40:a3:
                    ab:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:8B:25:88:AD:30:5B:EC:15:FD:F2:C8:57:E8:55:31:DB:7C:8F:DD
            X509v3 Authority Key Identifier:
                keyid:B5:6F:2F:CE:9E:62:A6:16:8E:2B:2E:94:82:04:5B:F2:CB:0A:B6:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tW8vzp5iphaOKy6UggRb8ssKtug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a24b4e-6c5c-42c3-9b8c-68727c6fc1d3/1/h4sliK0wW-wV_fLIV-hVMdt8j90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a24b4e-6c5c-42c3-9b8c-68727c6fc1d3/1/tW8vzp5iphaOKy6UggRb8ssKtug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:33:cb:5f:9d:6e:04:b4:aa:61:43:35:f5:ab:28:6d:23:76:
         ba:39:c2:57:d9:b4:15:84:0f:57:44:92:d3:64:8a:b8:f4:95:
         ff:e6:c7:41:63:59:2a:29:21:43:1f:e5:4d:91:12:19:07:fe:
         55:44:fd:1a:3f:30:5f:89:e6:4a:56:d7:1b:2d:7f:06:ec:3a:
         e2:df:4b:80:18:e3:cf:5b:73:c0:c7:aa:b4:ea:9e:4a:94:49:
         db:03:4b:f0:2d:75:28:83:8d:6e:4e:61:e3:ac:8b:fe:26:1d:
         ba:d1:cc:17:97:22:18:4a:48:e6:28:64:c6:cf:9b:02:30:1d:
         4f:45:fc:82:58:fd:6b:95:6b:b1:33:00:2f:f8:77:74:1f:89:
         a8:09:6e:3a:d7:33:f4:33:16:fb:c6:70:cb:c3:1b:82:18:e2:
         cf:bc:ef:18:9b:ed:e1:8b:f6:f2:3b:b5:e2:e6:1d:58:1a:a9:
         13:c7:93:82:bf:37:dc:72:3a:55:ab:69:12:d6:dc:fc:96:b5:
         e7:10:1f:f9:8c:f2:bf:ad:7b:86:e8:2c:1d:55:2a:e6:a2:21:
         fb:11:2f:00:c8:da:83:b1:82:ad:72:60:79:44:db:3c:d0:36:
         8a:84:1c:68:65:1e:2d:62:9a:2d:6a:ba:45:d0:77:2c:3c:b1:
         7b:77:24:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6YDpLh2fO+vr6m9kJdeNVCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NmYyZmNlOWU2MmE2MTY4ZTJiMmU5NDgyMDQ1YmYyY2Iw
YWI2ZTgwHhcNMjYwNjA1MTM1MjMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzhiMjU4OGFkMzA1YmVjMTVmZGYyYzg1N2U4NTUzMWRiN2M4ZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRbEG5xQ87s6qArFqspReawrudAK
GyGhNLQHFRcFexVXnhc5R3nCUDtNKQyC17f3QMBU+Lvcqta1ugGw240oMUGPqkXl
Ndp1m4IUny8ZDQezBaOC0J+3s4Bfd3WyTuGBJDIyPNt7ajFlRwpaIEJcE/P+snyJ
byqBaebCVkU+PhfCpd4XS/KBw4eWS0j5OUvr7Im0WtmEhk/Pe9Sy34ps2xLemlqz
lk/1rmk5KQbwbQIJdJjrB7Wc2iGcy1kf1r5GHydn0vH3kVfc4XIYCSg6Z5IR8+IC
Zq9idWqrppwFNq6t20Hgf8CIjDzyXNC08l/3TfU91fMLdc9s9yA2QKOrxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeLJYitMFvsFf3yyFfoVTHbfI/dMB8GA1UdIwQY
MBaAFLVvL86eYqYWjisulIIEW/LLCrboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFc4dnpwNWlwaGFPS3k2VWdnUmI4c3NLdHVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9hMjRiNGUtNmM1Yy00MmMzLTliOGMt
Njg3MjdjNmZjMWQzLzEvaDRzbGlLMHdXLXdWX2ZMSVYtaFZNZHQ4ajkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9hMjRiNGUtNmM1Yy00MmMzLTliOGMtNjg3MjdjNmZjMWQz
LzEvdFc4dnpwNWlwaGFPS3k2VWdnUmI4c3NLdHVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud7JMA0G
CSqGSIb3DQEBCwUAA4IBAQBmM8tfnW4EtKphQzX1qyhtI3a6OcJX2bQVhA9XRJLT
ZIq49JX/5sdBY1kqKSFDH+VNkRIZB/5VRP0aPzBfieZKVtcbLX8G7Dri30uAGOPP
W3PAx6q06p5KlEnbA0vwLXUog41uTmHjrIv+Jh260cwXlyIYSkjmKGTGz5sCMB1P
RfyCWP1rlWuxMwAv+Hd0H4moCW461zP0Mxb7xnDLwxuCGOLPvO8Ym+3hi/byO7Xi
5h1YGqkTx5OCvzfccjpVq2kS1tz8lrXnEB/5jPK/rXuG6CwdVSrmoiH7ES8AyNqD
sYKtcmB5RNs80DaKhBxoZR4tYpotarpF0HcsPLF7dyRV
-----END CERTIFICATE-----