Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/tlD44Wx1jNalDCHqe8b7_I-CeqY.roa
File:                     tlD44Wx1jNalDCHqe8b7_I-CeqY.roa (raw, json)
Hash identifier:          CC0WAHVS98jNAUQJOBCkbiv7wZ63BOatDHNReSwvX5Q=
Subject key identifier:   B6:50:F8:E1:6C:75:8C:D6:A5:0C:21:EA:7B:C6:FB:FC:8F:82:7A:A6
Certificate issuer:       /CN=8478b76c69c9915294fdc39135e20dac73762225
Certificate serial:       019B7910A078563C90FC45A01991464320F8
Authority key identifier: 84:78:B7:6C:69:C9:91:52:94:FD:C3:91:35:E2:0D:AC:73:76:22:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hHi3bGnJkVKU_cORNeINrHN2IiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/tlD44Wx1jNalDCHqe8b7_I-CeqY.roa
Signing time:             Thu 01 Jan 2026 10:18:11 +0000
ROA not before:           Thu 01 Jan 2026 10:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204425
IP address blocks:        185.245.224.0/22 maxlen: 22
                          185.245.224.0/24 maxlen: 24
                          2a0d:7c80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/hHi3bGnJkVKU_cORNeINrHN2IiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/hHi3bGnJkVKU_cORNeINrHN2IiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hHi3bGnJkVKU_cORNeINrHN2IiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 19:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:a0:78:56:3c:90:fc:45:a0:19:91:46:43:20:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8478b76c69c9915294fdc39135e20dac73762225
        Validity
            Not Before: Jan  1 10:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b650f8e16c758cd6a50c21ea7bc6fbfc8f827aa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:70:5c:0e:cc:18:8f:98:84:fd:91:2d:e0:70:
                    41:60:b3:cf:4f:7b:d4:73:b0:ed:a7:ca:50:d5:15:
                    b1:e9:67:d2:2a:09:0d:4f:11:9e:41:18:e6:9e:1c:
                    f7:68:77:38:2b:96:e4:b4:47:14:af:e3:e2:ab:8c:
                    e3:98:a3:e4:f4:3f:38:aa:5b:99:c1:11:e7:dd:06:
                    23:65:62:9e:af:18:3e:f4:69:f0:68:93:43:36:c3:
                    42:58:24:94:5f:45:b3:b9:ae:68:f7:9e:82:7b:b2:
                    42:31:44:90:ce:cf:b7:78:67:3c:bd:36:62:ff:08:
                    fb:c9:d9:a1:54:a5:26:6f:6d:d8:84:23:76:63:d8:
                    eb:8f:81:37:93:24:7c:88:24:52:ee:36:e9:cc:5c:
                    63:4b:e1:d8:6a:43:f2:4c:89:6b:2c:fb:8e:39:bf:
                    91:6a:e4:15:f1:ac:2f:84:bd:5d:6f:53:05:00:78:
                    be:27:9b:07:d1:72:75:29:1e:8e:de:fd:73:6b:49:
                    a2:10:0c:e2:d5:6b:34:d3:a2:08:4a:4a:7f:c9:1a:
                    e0:4b:6f:37:3a:fb:f1:2d:49:39:e7:fc:aa:fb:02:
                    2e:c0:12:d1:d6:b2:2c:be:f0:1b:23:fa:0e:f2:6b:
                    d1:91:d5:0e:f8:20:66:53:4e:e3:8c:e5:29:e4:a7:
                    3a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:50:F8:E1:6C:75:8C:D6:A5:0C:21:EA:7B:C6:FB:FC:8F:82:7A:A6
            X509v3 Authority Key Identifier:
                keyid:84:78:B7:6C:69:C9:91:52:94:FD:C3:91:35:E2:0D:AC:73:76:22:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hHi3bGnJkVKU_cORNeINrHN2IiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/tlD44Wx1jNalDCHqe8b7_I-CeqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/hHi3bGnJkVKU_cORNeINrHN2IiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.224.0/22
                IPv6:
                  2a0d:7c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:88:b3:f5:5b:44:e1:2d:50:25:71:a6:ee:ac:a8:47:b0:4b:
         47:10:82:53:e7:f6:05:46:3d:28:b9:91:e2:7c:73:07:62:c8:
         90:b9:03:9f:d8:58:13:45:cf:db:b3:e6:3b:3f:f4:e0:c0:93:
         90:5c:b3:6a:b0:44:ba:34:d9:a5:4c:0d:3f:54:36:83:97:f1:
         f9:a5:41:e6:b1:0d:87:cb:8c:af:36:34:c1:af:10:63:7a:bd:
         7a:98:ce:e6:16:f3:ac:5e:65:0c:db:24:70:fc:27:57:70:30:
         a0:68:a6:47:e0:dc:93:74:40:06:20:42:18:13:8b:00:e8:ee:
         74:5e:e1:ee:e6:cc:89:9c:1c:f7:4b:a4:a6:68:3f:20:19:eb:
         a9:07:9a:d7:c7:e3:47:f1:f9:50:22:0d:f5:10:92:f3:4b:a7:
         73:da:c8:ff:f5:ed:fb:8f:e6:45:92:94:43:9e:ba:07:a5:72:
         73:c8:d3:d9:14:7c:25:d7:63:5c:47:6e:29:99:cd:e0:58:af:
         c1:f8:89:7f:78:91:fa:63:32:de:fa:43:3f:e9:7b:d6:1c:a8:
         49:2b:ee:ae:ac:a6:d3:31:d7:7a:f8:f5:97:55:97:44:aa:f9:
         68:69:c3:e6:d7:55:73:37:75:ce:dd:b7:0d:80:42:cf:9a:5a:
         39:f4:f8:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5EKB4VjyQ/EWgGZFGQyD4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NzhiNzZjNjljOTkxNTI5NGZkYzM5MTM1ZTIwZGFjNzM3
NjIyMjUwHhcNMjYwMTAxMTAxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjUwZjhlMTZjNzU4Y2Q2YTUwYzIxZWE3YmM2ZmJmYzhmODI3YWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3BcDswYj5iE/ZEt4HBBYLPPT3vU
c7Dtp8pQ1RWx6WfSKgkNTxGeQRjmnhz3aHc4K5bktEcUr+Piq4zjmKPk9D84qluZ
wRHn3QYjZWKerxg+9GnwaJNDNsNCWCSUX0Wzua5o956Ce7JCMUSQzs+3eGc8vTZi
/wj7ydmhVKUmb23YhCN2Y9jrj4E3kyR8iCRS7jbpzFxjS+HYakPyTIlrLPuOOb+R
auQV8awvhL1db1MFAHi+J5sH0XJ1KR6O3v1za0miEAzi1Ws006IISkp/yRrgS283
OvvxLUk55/yq+wIuwBLR1rIsvvAbI/oO8mvRkdUO+CBmU07jjOUp5Kc6IwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLZQ+OFsdYzWpQwh6nvG+/yPgnqmMB8GA1UdIwQY
MBaAFIR4t2xpyZFSlP3DkTXiDaxzdiIlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEhpM2JHbkprVktVX2NPUk5lSU5ySE4ySWlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8yODk2MDYtOWY1Yi00ZDM0LWFhY2Yt
MmZkNjUwY2VmZDIxLzEvdGxENDRXeDFqTmFsRENIcWU4YjdfSS1DZXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8yODk2MDYtOWY1Yi00ZDM0LWFhY2YtMmZkNjUwY2VmZDIx
LzEvaEhpM2JHbkprVktVX2NPUk5lSU5ySE4ySWlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufXgMA0E
AgACMAcDBQAqDXyAMA0GCSqGSIb3DQEBCwUAA4IBAQAkiLP1W0ThLVAlcaburKhH
sEtHEIJT5/YFRj0ouZHifHMHYsiQuQOf2FgTRc/bs+Y7P/TgwJOQXLNqsES6NNml
TA0/VDaDl/H5pUHmsQ2Hy4yvNjTBrxBjer16mM7mFvOsXmUM2yRw/CdXcDCgaKZH
4NyTdEAGIEIYE4sA6O50XuHu5syJnBz3S6SmaD8gGeupB5rXx+NH8flQIg31EJLz
S6dz2sj/9e37j+ZFkpRDnroHpXJzyNPZFHwl12NcR24pmc3gWK/B+Il/eJH6YzLe
+kM/6XvWHKhJK+6urKbTMdd6+PWXVZdEqvloacPm11VzN3XO3bcNgELPmlo59PgW
-----END CERTIFICATE-----