Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/deef22-2624-49b6-a23b-aa01dcd3dfa7/1/Syb092w3bd2oaQmW0hCkBeEn6RU.roa
File:                     Syb092w3bd2oaQmW0hCkBeEn6RU.roa (raw, json)
Hash identifier:          mb8QxEtZKShJ4BbZE89JSkmaplhcEQtWMF/0Fv1cDnU=
Subject key identifier:   4B:26:F4:F7:6C:37:6D:DD:A8:69:09:96:D2:10:A4:05:E1:27:E9:15
Certificate issuer:       /CN=07da03c9c82685ae6d6b3d21d684bbcf468bf75b
Certificate serial:       019B7DCAF2F457007A883564D4BD903ED139
Authority key identifier: 07:DA:03:C9:C8:26:85:AE:6D:6B:3D:21:D6:84:BB:CF:46:8B:F7:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9oDycgmha5taz0h1oS7z0aL91s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/deef22-2624-49b6-a23b-aa01dcd3dfa7/1/Syb092w3bd2oaQmW0hCkBeEn6RU.roa
Signing time:             Fri 02 Jan 2026 08:20:11 +0000
ROA not before:           Fri 02 Jan 2026 08:20:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51319
IP address blocks:        178.251.144.0/21 maxlen: 21
                          185.164.8.0/22 maxlen: 22
                          2a02:2340::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/deef22-2624-49b6-a23b-aa01dcd3dfa7/1/B9oDycgmha5taz0h1oS7z0aL91s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/deef22-2624-49b6-a23b-aa01dcd3dfa7/1/B9oDycgmha5taz0h1oS7z0aL91s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9oDycgmha5taz0h1oS7z0aL91s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:f2:f4:57:00:7a:88:35:64:d4:bd:90:3e:d1:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07da03c9c82685ae6d6b3d21d684bbcf468bf75b
        Validity
            Not Before: Jan  2 08:20:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b26f4f76c376ddda8690996d210a405e127e915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:80:04:8a:8e:d8:20:4f:f1:d3:9f:88:1a:bc:
                    28:0f:33:61:ef:bb:5a:dc:2b:80:d8:da:60:2a:74:
                    71:40:c5:4f:c5:d8:9f:1d:05:c7:3a:c4:fb:5d:32:
                    b0:fe:f0:e5:ee:fd:b0:16:ff:5f:0c:bd:2d:c5:99:
                    99:76:6a:e3:6e:91:18:43:3b:c4:87:d8:54:49:af:
                    fc:7f:27:9c:e5:50:4c:99:74:c3:a4:2e:67:4d:73:
                    cd:cb:7d:62:e4:08:a3:6c:51:55:8a:e2:93:85:06:
                    14:fc:7a:06:ac:9e:56:91:98:82:25:62:d3:df:2b:
                    76:fe:a8:83:19:75:a0:07:85:93:4f:3c:5d:73:7e:
                    bb:33:dd:61:a6:ee:6d:44:e0:72:75:2d:d1:34:fc:
                    8a:7d:75:49:56:98:36:13:d3:9e:c4:73:04:3d:72:
                    50:56:99:e5:1e:4f:c0:5b:4d:67:e9:54:c2:5e:83:
                    32:6d:89:3a:22:f4:d4:6d:d6:a8:27:6a:45:5b:9b:
                    fb:88:9d:f6:6a:71:e1:04:4d:f0:75:e6:cd:8b:fe:
                    32:6c:e9:7d:e8:b4:6b:cd:71:6e:53:4b:67:43:e7:
                    80:20:7e:76:01:c5:20:ad:73:a3:89:37:59:10:9f:
                    4c:ed:91:6e:6f:f5:70:36:56:90:3b:db:83:a3:70:
                    89:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:26:F4:F7:6C:37:6D:DD:A8:69:09:96:D2:10:A4:05:E1:27:E9:15
            X509v3 Authority Key Identifier:
                keyid:07:DA:03:C9:C8:26:85:AE:6D:6B:3D:21:D6:84:BB:CF:46:8B:F7:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9oDycgmha5taz0h1oS7z0aL91s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/deef22-2624-49b6-a23b-aa01dcd3dfa7/1/Syb092w3bd2oaQmW0hCkBeEn6RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/deef22-2624-49b6-a23b-aa01dcd3dfa7/1/B9oDycgmha5taz0h1oS7z0aL91s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.144.0/21
                  185.164.8.0/22
                IPv6:
                  2a02:2340::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:72:3a:ae:19:6c:71:70:52:21:68:ce:ed:0b:93:c6:39:01:
         60:47:48:f0:6f:23:46:f4:4f:a3:54:4d:75:47:48:6c:fd:15:
         52:cf:01:ca:40:b7:4c:40:5d:83:c8:a1:2a:92:5b:aa:85:c6:
         a6:fa:84:53:ca:a5:51:66:d8:24:c0:e2:8b:e3:47:1a:1b:b2:
         86:8c:59:1a:5c:dd:83:c2:24:36:d4:ea:98:11:30:cd:64:08:
         b4:05:29:54:a9:4b:c6:98:c2:db:2d:fb:f6:8a:e5:be:31:70:
         85:78:e5:dc:86:f7:f7:a6:aa:0a:8e:f7:07:76:7a:5f:a5:ba:
         5b:c6:d4:20:c8:09:11:b0:ab:c8:0d:4b:40:29:e8:6f:e7:5f:
         f0:68:59:fc:45:21:ec:00:2e:00:15:e3:26:65:6a:7b:6d:bc:
         05:01:35:58:14:4a:e7:35:26:a4:5d:2d:f3:a3:21:83:69:d1:
         ad:f4:ff:94:6c:f4:5f:7e:b8:ea:d0:12:31:16:0d:12:68:af:
         82:03:96:b0:22:19:ff:e0:53:8b:72:5d:55:80:2d:87:98:53:
         45:64:d2:fd:1a:fd:15:27:8d:c3:27:15:ce:fe:7f:64:58:eb:
         23:26:4d:27:59:e5:7b:f5:cf:5f:da:c7:5f:83:97:b2:6d:98:
         6e:40:d5:47
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt9yvL0VwB6iDVk1L2QPtE5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZGEwM2M5YzgyNjg1YWU2ZDZiM2QyMWQ2ODRiYmNmNDY4
YmY3NWIwHhcNMjYwMTAyMDgyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjI2ZjRmNzZjMzc2ZGRkYTg2OTA5OTZkMjEwYTQwNWUxMjdlOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8oAEio7YIE/x05+IGrwoDzNh77ta
3CuA2NpgKnRxQMVPxdifHQXHOsT7XTKw/vDl7v2wFv9fDL0txZmZdmrjbpEYQzvE
h9hUSa/8fyec5VBMmXTDpC5nTXPNy31i5AijbFFViuKThQYU/HoGrJ5WkZiCJWLT
3yt2/qiDGXWgB4WTTzxdc367M91hpu5tROBydS3RNPyKfXVJVpg2E9OexHMEPXJQ
VpnlHk/AW01n6VTCXoMybYk6IvTUbdaoJ2pFW5v7iJ32anHhBE3wdebNi/4ybOl9
6LRrzXFuU0tnQ+eAIH52AcUgrXOjiTdZEJ9M7ZFub/VwNlaQO9uDo3CJpQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEsm9PdsN23dqGkJltIQpAXhJ+kVMB8GA1UdIwQY
MBaAFAfaA8nIJoWubWs9IdaEu89Gi/dbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlvRHljZ21oYTV0YXowaDFvUzd6MGFMOTFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9kZWVmMjItMjYyNC00OWI2LWEyM2It
YWEwMWRjZDNkZmE3LzEvU3liMDkydzNiZDJvYVFtVzBoQ2tCZUVuNlJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9kZWVmMjItMjYyNC00OWI2LWEyM2ItYWEwMWRjZDNkZmE3
LzEvQjlvRHljZ21oYTV0YXowaDFvUzd6MGFMOTFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsvuQAwQC
uaQIMA0EAgACMAcDBQMqAiNAMA0GCSqGSIb3DQEBCwUAA4IBAQAIcjquGWxxcFIh
aM7tC5PGOQFgR0jwbyNG9E+jVE11R0hs/RVSzwHKQLdMQF2DyKEqkluqhcam+oRT
yqVRZtgkwOKL40caG7KGjFkaXN2DwiQ21OqYETDNZAi0BSlUqUvGmMLbLfv2iuW+
MXCFeOXchvf3pqoKjvcHdnpfpbpbxtQgyAkRsKvIDUtAKehv51/waFn8RSHsAC4A
FeMmZWp7bbwFATVYFErnNSakXS3zoyGDadGt9P+UbPRffrjq0BIxFg0SaK+CA5aw
Ihn/4FOLcl1VgC2HmFNFZNL9Gv0VJ43DJxXO/n9kWOsjJk0nWeV79c9f2sdfg5ey
bZhuQNVH
-----END CERTIFICATE-----