Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/1-yw1t0kY85xsjAVQhYzgow7rABo.roa
File:                     1-yw1t0kY85xsjAVQhYzgow7rABo.roa (raw, json)
Hash identifier:          ORfh3FtzuWNiPQFo+ySnKPD1ydxiVO9XWGWLQxyIANw=
Subject key identifier:   FB:2C:35:B7:49:18:F3:9C:6C:8C:05:50:85:8C:E0:A3:0E:EB:00:1A
Certificate issuer:       /CN=e4f2a866202f4b8cbc33382d6e82d81d8964c80e
Certificate serial:       019D9A583D92B18EAD22B028A980E966560C
Authority key identifier: E4:F2:A8:66:20:2F:4B:8C:BC:33:38:2D:6E:82:D8:1D:89:64:C8:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5PKoZiAvS4y8MzgtboLYHYlkyA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/1-yw1t0kY85xsjAVQhYzgow7rABo.roa
Signing time:             Fri 17 Apr 2026 07:29:27 +0000
ROA not before:           Fri 17 Apr 2026 07:29:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200725
IP address blocks:        185.1.67.0/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/5PKoZiAvS4y8MzgtboLYHYlkyA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/5PKoZiAvS4y8MzgtboLYHYlkyA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5PKoZiAvS4y8MzgtboLYHYlkyA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:58:3d:92:b1:8e:ad:22:b0:28:a9:80:e9:66:56:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4f2a866202f4b8cbc33382d6e82d81d8964c80e
        Validity
            Not Before: Apr 17 07:29:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fb2c35b74918f39c6c8c0550858ce0a30eeb001a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3b:58:19:5a:9e:35:bd:95:71:37:f8:07:b5:
                    0b:f0:7f:1c:09:10:28:4e:c4:2a:4b:25:be:d4:16:
                    8e:b9:65:65:62:65:df:9a:49:17:4e:e3:2e:a4:51:
                    d5:33:f6:ea:87:ea:f8:eb:38:c2:cb:c0:d8:8f:54:
                    e5:a3:5c:4d:db:1d:30:59:7f:f4:43:5a:41:ee:c0:
                    8b:74:df:4b:1d:c1:24:79:20:ab:4f:2d:d4:6d:bb:
                    6e:46:d2:ac:89:0e:d8:c4:79:7e:b7:88:a7:6f:62:
                    10:c9:5c:db:9b:6d:21:74:9d:00:ca:7f:ff:6c:75:
                    a3:e8:0f:c2:6c:ae:9b:dd:1d:8e:31:fb:2e:5a:53:
                    aa:8b:21:ee:d3:10:a6:7b:5f:32:07:ca:27:c1:2b:
                    18:d4:16:ad:b5:b5:6b:4e:02:48:70:db:d6:c8:94:
                    39:56:0f:ce:a9:f4:9c:e1:b5:34:dc:12:5c:24:cb:
                    dc:57:00:6e:2b:1f:42:c8:7f:58:b4:ed:80:72:c5:
                    53:ad:75:79:eb:fd:36:ee:05:95:d1:46:ab:ab:e0:
                    df:24:e4:82:47:cd:18:25:de:45:8e:87:3e:36:19:
                    f0:62:7f:3f:39:9e:58:90:86:a5:f9:0e:58:c3:a5:
                    c5:29:e6:9f:94:d0:8a:64:7a:de:ee:f2:05:e0:33:
                    91:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2C:35:B7:49:18:F3:9C:6C:8C:05:50:85:8C:E0:A3:0E:EB:00:1A
            X509v3 Authority Key Identifier:
                keyid:E4:F2:A8:66:20:2F:4B:8C:BC:33:38:2D:6E:82:D8:1D:89:64:C8:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5PKoZiAvS4y8MzgtboLYHYlkyA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/1-yw1t0kY85xsjAVQhYzgow7rABo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/5PKoZiAvS4y8MzgtboLYHYlkyA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.67.0/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:77:8f:b6:4e:c1:bc:36:06:3d:50:98:96:2e:e2:9c:52:fd:
         a2:79:2f:11:30:55:a8:87:f2:61:71:4f:5b:a8:6b:b1:34:70:
         55:34:ed:4c:e0:26:ea:25:d5:7f:d0:85:e1:a2:93:aa:1c:99:
         c5:0b:e8:33:c6:52:f3:52:22:cf:a9:72:ca:94:c5:b5:e1:ca:
         54:be:20:f3:16:66:0d:a0:b8:16:9d:b0:52:c2:e8:5c:a1:7d:
         2e:79:6a:17:18:7a:82:79:91:c5:50:6d:03:7d:3e:4e:dd:c8:
         56:29:7a:3f:54:23:c2:d0:b3:5e:f1:a0:6d:2f:a4:5b:bd:83:
         c9:56:33:1e:c8:c2:bc:68:db:ef:0e:18:c4:dc:82:bd:a9:76:
         94:a4:f3:aa:29:b8:39:bf:3f:13:bc:79:59:07:24:26:78:e6:
         b7:41:de:ea:d1:b3:c6:88:c2:4b:73:04:3f:c6:cd:32:54:a7:
         c4:17:79:d7:51:fd:e5:1d:21:34:30:c2:2a:28:cf:38:6c:23:
         8f:a6:9e:94:80:1e:56:39:a0:ef:6b:04:6d:a1:bf:1c:36:d5:
         bd:b7:5e:59:7e:ab:d1:31:52:be:89:54:8a:92:53:a1:08:2a:
         6b:d8:22:44:6d:80:ce:41:a0:a8:fa:26:2a:66:72:9a:fa:36:
         03:6a:88:b3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ2aWD2SsY6tIrAoqYDpZlYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZjJhODY2MjAyZjRiOGNiYzMzMzgyZDZlODJkODFkODk2
NGM4MGUwHhcNMjYwNDE3MDcyOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJjMzViNzQ5MThmMzljNmM4YzA1NTA4NThjZTBhMzBlZWIwMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxztYGVqeNb2VcTf4B7UL8H8cCRAo
TsQqSyW+1BaOuWVlYmXfmkkXTuMupFHVM/bqh+r46zjCy8DYj1Tlo1xN2x0wWX/0
Q1pB7sCLdN9LHcEkeSCrTy3UbbtuRtKsiQ7YxHl+t4inb2IQyVzbm20hdJ0Ayn//
bHWj6A/CbK6b3R2OMfsuWlOqiyHu0xCme18yB8onwSsY1BattbVrTgJIcNvWyJQ5
Vg/OqfSc4bU03BJcJMvcVwBuKx9CyH9YtO2AcsVTrXV56/027gWV0Uarq+DfJOSC
R80YJd5Fjoc+NhnwYn8/OZ5YkIal+Q5Yw6XFKeaflNCKZHre7vIF4DORpQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPssNbdJGPOcbIwFUIWM4KMO6wAaMB8GA1UdIwQY
MBaAFOTyqGYgL0uMvDM4LW6C2B2JZMgOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVBLb1ppQXZTNHk4TXpndGJvTFlIWWxreUE0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84NzkxYTEtZTY3OS00NjYzLWEyZGEt
MWE1MTNkZjA2OWZjLzEvMS15dzF0MGtZODV4c2pBVlFoWXpnb3c3ckFCby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzcvODc5MWExLWU2NzktNDY2My1hMmRhLTFhNTEzZGYwNjlm
Yy8xLzVQS29aaUF2UzR5OE16Z3Rib0xZSFlsa3lBNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAEwBwMFA7kBQwAw
DQYJKoZIhvcNAQELBQADggEBAH93j7ZOwbw2Bj1QmJYu4pxS/aJ5LxEwVaiH8mFx
T1uoa7E0cFU07UzgJuol1X/QheGik6ocmcUL6DPGUvNSIs+pcsqUxbXhylS+IPMW
Zg2guBadsFLC6FyhfS55ahcYeoJ5kcVQbQN9Pk7dyFYpej9UI8LQs17xoG0vpFu9
g8lWMx7Iwrxo2+8OGMTcgr2pdpSk86opuDm/PxO8eVkHJCZ45rdB3urRs8aIwktz
BD/GzTJUp8QXeddR/eUdITQwwioozzhsI4+mnpSAHlY5oO9rBG2hvxw21b23Xll+
q9ExUr6JVIqSU6EIKmvYIkRtgM5BoKj6Jipmcpr6NgNqiLM=
-----END CERTIFICATE-----