Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/9hD2ERgxFZRceTwyPk94l0SmsBw.roa
File:                     9hD2ERgxFZRceTwyPk94l0SmsBw.roa (raw, json)
Hash identifier:          7W+094dJdVnFZLMoB+fr0KNBxnfuASm7T/kRouyIeBo=
Subject key identifier:   F6:10:F6:11:18:31:15:94:5C:79:3C:32:3E:4F:78:97:44:A6:B0:1C
Certificate issuer:       /CN=f28e0b758be73a1ddbfb517ee8b5e4f863a21f9e
Certificate serial:       019B79ECEA3508AB2C3298F0E263E5CD4DE4
Authority key identifier: F2:8E:0B:75:8B:E7:3A:1D:DB:FB:51:7E:E8:B5:E4:F8:63:A2:1F:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8o4LdYvnOh3b-1F-6LXk-GOiH54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/9hD2ERgxFZRceTwyPk94l0SmsBw.roa
Signing time:             Thu 01 Jan 2026 14:18:48 +0000
ROA not before:           Thu 01 Jan 2026 14:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203393
IP address blocks:        185.136.84.0/24 maxlen: 24
                          185.136.85.0/24 maxlen: 24
                          185.136.86.0/24 maxlen: 24
                          185.238.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/8o4LdYvnOh3b-1F-6LXk-GOiH54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/8o4LdYvnOh3b-1F-6LXk-GOiH54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8o4LdYvnOh3b-1F-6LXk-GOiH54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:50:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:ea:35:08:ab:2c:32:98:f0:e2:63:e5:cd:4d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f28e0b758be73a1ddbfb517ee8b5e4f863a21f9e
        Validity
            Not Before: Jan  1 14:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f610f611183115945c793c323e4f789744a6b01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a4:66:d5:e4:27:32:63:ef:8f:33:11:95:2d:
                    f3:0d:5d:4f:0f:94:9a:6b:4b:be:7c:42:6d:58:c3:
                    5d:83:34:34:81:fc:01:b9:c7:e1:05:b5:01:3d:6c:
                    6c:b5:54:08:e2:96:1d:1d:a0:07:07:5f:9d:01:6f:
                    dc:0d:14:3c:17:85:41:c2:9f:84:f4:22:89:82:3e:
                    5f:98:8c:b9:18:0e:15:e9:ea:0c:a2:16:01:f8:b7:
                    df:34:76:0b:06:2d:f6:fa:33:2e:f1:98:c0:e5:c4:
                    26:6b:32:6b:3e:12:c8:60:35:24:c5:a5:bd:3a:ca:
                    04:66:b6:d5:3e:4f:53:ae:2c:ee:d5:14:99:da:de:
                    91:b6:0b:8b:92:9d:71:2a:25:31:95:fa:0c:1d:c0:
                    8e:23:a0:64:83:bb:8e:ab:88:62:9a:57:37:38:2d:
                    0d:08:07:af:c5:b7:c5:39:a7:4e:0e:31:46:64:22:
                    3d:3d:9a:f6:aa:cb:93:a4:ef:14:aa:0c:31:3e:85:
                    e9:e7:8c:47:d6:a2:67:8a:6f:48:9d:ef:0c:06:44:
                    cc:f1:70:7c:25:7f:64:41:36:2f:32:89:42:6f:09:
                    09:25:e2:8a:f4:91:eb:a1:76:5f:a3:b9:1d:c4:b8:
                    c7:8d:80:e0:a8:38:1b:58:45:5f:cc:95:5e:69:02:
                    7a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:10:F6:11:18:31:15:94:5C:79:3C:32:3E:4F:78:97:44:A6:B0:1C
            X509v3 Authority Key Identifier:
                keyid:F2:8E:0B:75:8B:E7:3A:1D:DB:FB:51:7E:E8:B5:E4:F8:63:A2:1F:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8o4LdYvnOh3b-1F-6LXk-GOiH54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/9hD2ERgxFZRceTwyPk94l0SmsBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/8o4LdYvnOh3b-1F-6LXk-GOiH54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.84.0-185.136.86.255
                  185.238.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:9c:0c:0c:20:76:b2:f8:61:95:31:47:0a:30:85:c3:a5:9e:
         3e:dd:77:78:58:53:fc:83:d1:c0:e1:07:d5:73:2f:9b:62:36:
         bf:c1:c1:13:8e:ed:03:72:e4:4c:20:34:d7:75:e3:e6:88:b0:
         c6:3d:c9:0a:48:a2:31:45:27:30:13:3d:be:44:16:ec:e3:39:
         10:12:17:8f:79:d1:35:57:0e:61:05:cf:14:96:c8:b0:23:ae:
         16:40:57:a8:5a:40:e6:87:9b:e5:d6:45:69:92:46:ce:f7:cc:
         27:b2:bf:4c:d7:a1:b2:8e:3a:8a:e4:15:d1:08:58:76:b6:3c:
         68:7c:76:52:93:df:9a:27:1d:3c:2b:58:4d:1b:5d:7d:0e:95:
         4d:b1:f3:63:16:01:16:7a:21:be:52:c9:a3:a3:0a:58:08:4a:
         35:a9:aa:61:d3:ed:cc:ae:16:5d:eb:ad:63:73:cb:76:25:60:
         ff:f7:45:b1:cf:d7:10:20:9c:55:59:8d:62:54:21:e9:37:4b:
         cc:c8:d6:58:d6:15:6e:3a:a0:6e:74:bc:34:71:ee:72:36:60:
         a0:41:43:ca:0f:3c:41:4d:ff:26:24:8e:1d:00:ed:28:12:3d:
         69:d2:9c:12:47:fe:36:42:d6:ff:0d:d9:6a:68:d4:cf:c0:46:
         09:5b:05:80
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZt57Oo1CKssMpjw4mPlzU3kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyOGUwYjc1OGJlNzNhMWRkYmZiNTE3ZWU4YjVlNGY4NjNh
MjFmOWUwHhcNMjYwMTAxMTQxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjEwZjYxMTE4MzExNTk0NWM3OTNjMzIzZTRmNzg5NzQ0YTZiMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaRm1eQnMmPvjzMRlS3zDV1PD5Sa
a0u+fEJtWMNdgzQ0gfwBucfhBbUBPWxstVQI4pYdHaAHB1+dAW/cDRQ8F4VBwp+E
9CKJgj5fmIy5GA4V6eoMohYB+LffNHYLBi32+jMu8ZjA5cQmazJrPhLIYDUkxaW9
OsoEZrbVPk9Trizu1RSZ2t6RtguLkp1xKiUxlfoMHcCOI6Bkg7uOq4himlc3OC0N
CAevxbfFOadODjFGZCI9PZr2qsuTpO8UqgwxPoXp54xH1qJnim9Ine8MBkTM8XB8
JX9kQTYvMolCbwkJJeKK9JHroXZfo7kdxLjHjYDgqDgbWEVfzJVeaQJ6iQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPYQ9hEYMRWUXHk8Mj5PeJdEprAcMB8GA1UdIwQY
MBaAFPKOC3WL5zod2/tRfui15Phjoh+eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG80TGRZdm5PaDNiLTFGLTZMWGstR09pSDU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wODEyOGEtNjkwYS00ZjA4LTg4NjUt
NjllM2QwODY2ZWY2LzEvOWhEMkVSZ3hGWlJjZVR3eVBrOTRsMFNtc0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wODEyOGEtNjkwYS00ZjA4LTg4NjUtNjllM2QwODY2ZWY2
LzEvOG80TGRZdm5PaDNiLTFGLTZMWGstR09pSDU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAK5iFQD
BAC5iFYDBAC57h0wDQYJKoZIhvcNAQELBQADggEBAHecDAwgdrL4YZUxRwowhcOl
nj7dd3hYU/yD0cDhB9VzL5tiNr/BwROO7QNy5EwgNNd14+aIsMY9yQpIojFFJzAT
Pb5EFuzjORASF4950TVXDmEFzxSWyLAjrhZAV6haQOaHm+XWRWmSRs73zCeyv0zX
obKOOorkFdEIWHa2PGh8dlKT35onHTwrWE0bXX0OlU2x82MWARZ6Ib5SyaOjClgI
SjWpqmHT7cyuFl3rrWNzy3YlYP/3RbHP1xAgnFVZjWJUIek3S8zI1ljWFW46oG50
vDRx7nI2YKBBQ8oPPEFN/yYkjh0A7SgSPWnSnBJH/jZC1v8N2Wpo1M/ARglbBYA=
-----END CERTIFICATE-----