Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/tUYOdiUxF4HxrSVOg847WMoBqws.roa
File:                     tUYOdiUxF4HxrSVOg847WMoBqws.roa (raw, json)
Hash identifier:          N6nWp89HDr0pIhLLPi1oB+mkzKMLsBnFNGgdLRBYN30=
Subject key identifier:   B5:46:0E:76:25:31:17:81:F1:AD:25:4E:83:CE:3B:58:CA:01:AB:0B
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019D8BB6B6889D7DB69285A9965FD7E8BADA
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/tUYOdiUxF4HxrSVOg847WMoBqws.roa
Signing time:             Tue 14 Apr 2026 11:18:20 +0000
ROA not before:           Tue 14 Apr 2026 11:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205548
IP address blocks:        85.149.218.0/24 maxlen: 24
                          85.149.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8b:b6:b6:88:9d:7d:b6:92:85:a9:96:5f:d7:e8:ba:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Apr 14 11:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5460e7625311781f1ad254e83ce3b58ca01ab0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:eb:b7:6a:24:ab:1e:4e:e6:fe:49:8c:35:67:
                    22:76:34:bc:c0:5d:03:b6:89:ce:47:6e:8c:17:4f:
                    cd:18:1f:50:bf:32:30:97:b2:c1:1b:60:d2:af:98:
                    34:c9:3f:5c:65:76:31:fe:fd:83:fa:cb:9b:6a:a2:
                    13:10:34:25:1b:07:a2:e0:b7:35:c9:d7:fd:24:3b:
                    b6:2f:24:d6:73:30:8a:b9:53:68:05:3b:63:cc:d7:
                    94:90:7a:2b:57:5e:fd:b2:e7:07:4d:66:dc:ee:38:
                    7a:74:6b:cb:3f:1d:aa:19:15:0b:00:a0:2a:b7:ad:
                    84:aa:48:98:6a:60:00:d2:9d:4a:ca:74:39:a3:a3:
                    97:8b:69:80:e9:36:52:13:b0:30:00:d7:33:4a:e0:
                    68:34:73:ba:38:3c:33:53:45:04:4d:27:2f:f3:45:
                    d3:18:74:df:f1:6c:70:cb:07:7e:7b:12:b7:ad:d9:
                    c9:7f:26:e6:ba:e8:33:38:06:97:02:c2:47:71:c2:
                    59:0a:56:d3:0b:44:99:f8:de:12:21:48:31:d9:bb:
                    79:95:ce:66:b2:a4:04:5c:1a:92:da:c2:4a:8d:34:
                    fb:b8:27:37:b6:22:c7:fc:14:65:6d:56:6e:c2:9b:
                    49:31:e6:33:8d:7a:46:65:de:99:f7:59:4b:2d:40:
                    b0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:46:0E:76:25:31:17:81:F1:AD:25:4E:83:CE:3B:58:CA:01:AB:0B
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/tUYOdiUxF4HxrSVOg847WMoBqws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.218.0/24
                  85.149.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:71:fc:b3:e9:64:2d:70:9a:b1:63:09:71:a7:f3:0e:64:10:
         ba:40:d1:c4:66:eb:a6:3d:51:50:61:eb:d3:9c:be:ec:f3:f1:
         53:65:7d:6a:d9:33:9e:6f:f7:94:df:c0:4c:bf:e7:b9:86:ca:
         92:6a:7a:39:e0:bc:33:cf:e2:40:dd:cc:e1:ef:e0:40:9e:43:
         d6:00:77:35:a0:a3:8a:dc:e6:44:b3:4f:5d:2d:59:b6:f5:93:
         a9:7f:ce:16:c2:01:cb:31:1b:18:03:eb:6b:b1:97:96:f4:7b:
         ee:86:b3:08:a3:a0:63:cb:aa:df:28:ef:56:42:3f:a5:77:ae:
         d5:d7:a2:f9:18:32:cd:b9:90:3d:0a:5a:ea:1f:49:bf:b5:68:
         10:f0:58:55:72:66:48:6f:3b:fb:2b:ed:56:7a:9d:64:b9:7f:
         c7:ce:d4:30:05:61:f8:47:2c:6b:ac:1b:56:0a:f3:cb:f1:38:
         9b:89:e8:de:65:6c:25:66:76:28:b3:7c:21:a1:b1:55:b9:10:
         03:d2:ab:39:19:ff:93:93:e0:3b:bb:f5:8d:91:80:51:d0:5b:
         13:6f:cf:6c:cc:cc:32:ba:27:1b:a3:90:7d:13:14:41:47:dc:
         9d:a1:a5:5f:76:74:e9:08:ca:78:6f:c2:68:c9:63:3f:1c:04:
         31:e7:e0:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2LtraInX22koWpll/X6LraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwNDE0MTExODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQ2MGU3NjI1MzExNzgxZjFhZDI1NGU4M2NlM2I1OGNhMDFhYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+u3aiSrHk7m/kmMNWcidjS8wF0D
tonOR26MF0/NGB9QvzIwl7LBG2DSr5g0yT9cZXYx/v2D+subaqITEDQlGwei4Lc1
ydf9JDu2LyTWczCKuVNoBTtjzNeUkHorV179sucHTWbc7jh6dGvLPx2qGRULAKAq
t62EqkiYamAA0p1KynQ5o6OXi2mA6TZSE7AwANczSuBoNHO6ODwzU0UETScv80XT
GHTf8Wxwywd+exK3rdnJfybmuugzOAaXAsJHccJZClbTC0SZ+N4SIUgx2bt5lc5m
sqQEXBqS2sJKjTT7uCc3tiLH/BRlbVZuwptJMeYzjXpGZd6Z91lLLUCwnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLVGDnYlMReB8a0lToPOO1jKAasLMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvdFVZT2RpVXhGNEh4clNWT2c4NDdXTW9CcXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVZXaAwQA
VZXcMA0GCSqGSIb3DQEBCwUAA4IBAQBycfyz6WQtcJqxYwlxp/MOZBC6QNHEZuum
PVFQYevTnL7s8/FTZX1q2TOeb/eU38BMv+e5hsqSano54Lwzz+JA3czh7+BAnkPW
AHc1oKOK3OZEs09dLVm29ZOpf84WwgHLMRsYA+trsZeW9HvuhrMIo6Bjy6rfKO9W
Qj+ld67V16L5GDLNuZA9ClrqH0m/tWgQ8FhVcmZIbzv7K+1Wep1kuX/HztQwBWH4
RyxrrBtWCvPL8TibiejeZWwlZnYos3whobFVuRAD0qs5Gf+Tk+A7u/WNkYBR0FsT
b89szMwyuicbo5B9ExRBR9ydoaVfdnTpCMp4b8JoyWM/HAQx5+Bo
-----END CERTIFICATE-----