Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/r4vw3CV_1lGW-7JvXgWzIRjbm3U.roa
File:                     r4vw3CV_1lGW-7JvXgWzIRjbm3U.roa (raw, json)
Hash identifier:          0TvJ5qpmjC4SexSyQHzjCW5fHWTpVt06kKMKKnnsoV0=
Subject key identifier:   AF:8B:F0:DC:25:7F:D6:51:96:FB:B2:6F:5E:05:B3:21:18:DB:9B:75
Certificate issuer:       /CN=61f5fb83da455846ea641aa72111c5fc2c7c4683
Certificate serial:       019E8D90FD8B9807C523CF0F9B028B26E5C6
Authority key identifier: 61:F5:FB:83:DA:45:58:46:EA:64:1A:A7:21:11:C5:FC:2C:7C:46:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/r4vw3CV_1lGW-7JvXgWzIRjbm3U.roa
Signing time:             Wed 03 Jun 2026 12:59:10 +0000
ROA not before:           Wed 03 Jun 2026 12:59:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44283
IP address blocks:        185.158.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:90:fd:8b:98:07:c5:23:cf:0f:9b:02:8b:26:e5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61f5fb83da455846ea641aa72111c5fc2c7c4683
        Validity
            Not Before: Jun  3 12:59:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af8bf0dc257fd65196fbb26f5e05b32118db9b75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fd:53:2e:ff:f4:29:49:4e:dd:83:ca:c2:0b:
                    dd:af:45:a2:f4:85:91:f6:b4:f2:f4:f8:60:1e:cd:
                    23:ac:e8:87:35:f9:49:0d:eb:1a:8a:61:22:e1:60:
                    82:31:27:ec:d5:c8:6a:d7:bd:79:56:63:4b:e5:7d:
                    f8:ed:55:23:24:36:59:8b:55:7a:cc:2b:df:20:c5:
                    62:df:bc:a9:e4:3e:25:f2:b8:d2:15:15:6d:3c:dd:
                    8e:8b:3c:09:fc:ed:c4:44:30:32:a0:b3:8d:53:3a:
                    e9:3d:2e:74:1a:ef:db:34:40:17:d9:9d:22:e2:b4:
                    c3:0a:27:0f:84:45:2f:3c:6e:89:0b:b8:40:3d:b2:
                    7c:9e:bc:db:8d:4c:07:55:e3:34:1c:84:64:73:0d:
                    1c:bf:01:76:25:ca:39:12:13:fa:d2:7d:e0:08:65:
                    0a:2e:03:b3:9b:9e:0f:1f:21:2f:c9:7f:6a:36:4d:
                    a5:10:91:a4:39:15:92:cd:c4:71:7c:48:64:0c:4a:
                    ff:20:15:65:2b:ee:9d:53:6e:73:74:87:d9:dd:37:
                    49:2d:9c:cf:a8:f1:bc:ab:2a:5d:65:00:9d:9e:77:
                    ae:55:7a:3f:5a:4e:db:66:55:7a:17:bc:d4:32:31:
                    56:27:cd:90:da:b8:b1:0d:e3:72:eb:b6:e5:81:c1:
                    d6:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:8B:F0:DC:25:7F:D6:51:96:FB:B2:6F:5E:05:B3:21:18:DB:9B:75
            X509v3 Authority Key Identifier:
                keyid:61:F5:FB:83:DA:45:58:46:EA:64:1A:A7:21:11:C5:FC:2C:7C:46:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/r4vw3CV_1lGW-7JvXgWzIRjbm3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:7e:0f:56:a1:49:c0:2e:d4:d9:50:c7:a8:2d:14:7d:7a:69:
         87:3a:7c:e0:1d:91:69:eb:7b:0d:e1:4f:81:ba:6f:b6:cb:48:
         36:a8:f3:ec:a8:5b:e2:3a:05:74:c6:ce:19:83:82:94:60:3e:
         75:d2:f3:e4:42:53:8e:c3:97:38:1f:6a:9b:9e:fc:c7:b4:27:
         64:7f:a7:b7:ac:b4:c2:2c:59:42:6a:0d:5d:de:84:74:b9:6c:
         b2:72:74:69:07:99:2c:e5:2c:d5:10:a9:0f:1a:bd:75:9a:2f:
         9e:8e:b6:56:4a:e5:42:fd:b0:f1:eb:f3:c5:3d:b1:ce:fd:47:
         aa:65:12:a7:7b:57:fd:08:3c:dc:55:21:74:67:6a:b2:a1:2e:
         5c:28:56:d7:38:f2:36:fe:77:bf:e4:48:4d:bf:d8:6a:bd:b3:
         f8:d7:60:ab:d8:ac:78:8e:cf:57:5b:47:4c:5d:df:6d:e2:c0:
         92:7a:a5:c2:7e:23:56:f3:4f:0e:6f:c1:5b:aa:7e:71:c0:32:
         7f:57:e3:d7:b3:04:db:fe:93:13:f7:ff:8f:48:15:c0:05:a6:
         eb:42:97:17:f8:6d:55:bd:27:4d:ca:ad:2c:74:4d:6f:33:22:
         0f:e1:1c:6a:c4:61:f7:c0:3c:b2:09:6e:69:48:d3:7f:6b:19:
         c5:b0:e7:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6NkP2LmAfFI88PmwKLJuXGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZjVmYjgzZGE0NTU4NDZlYTY0MWFhNzIxMTFjNWZjMmM3
YzQ2ODMwHhcNMjYwNjAzMTI1OTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjhiZjBkYzI1N2ZkNjUxOTZmYmIyNmY1ZTA1YjMyMTE4ZGI5Yjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2P1TLv/0KUlO3YPKwgvdr0Wi9IWR
9rTy9PhgHs0jrOiHNflJDesaimEi4WCCMSfs1chq1715VmNL5X347VUjJDZZi1V6
zCvfIMVi37yp5D4l8rjSFRVtPN2OizwJ/O3ERDAyoLONUzrpPS50Gu/bNEAX2Z0i
4rTDCicPhEUvPG6JC7hAPbJ8nrzbjUwHVeM0HIRkcw0cvwF2Jco5EhP60n3gCGUK
LgOzm54PHyEvyX9qNk2lEJGkORWSzcRxfEhkDEr/IBVlK+6dU25zdIfZ3TdJLZzP
qPG8qypdZQCdnneuVXo/Wk7bZlV6F7zUMjFWJ82Q2rixDeNy67blgcHWdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+L8Nwlf9ZRlvuyb14FsyEY25t1MB8GA1UdIwQY
MBaAFGH1+4PaRVhG6mQapyERxfwsfEaDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWZYN2c5cEZXRWJxWkJxbklSSEZfQ3g4Um9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi84ZTU4ZGItMzk4OS00N2U3LWJlMDQt
N2FhNmFkZTFhZjA3LzEvcjR2dzNDVl8xbEdXLTdKdlhnV3pJUmpibTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi84ZTU4ZGItMzk4OS00N2U3LWJlMDQtN2FhNmFkZTFhZjA3
LzEvWWZYN2c5cEZXRWJxWkJxbklSSEZfQ3g4Um9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ66MA0G
CSqGSIb3DQEBCwUAA4IBAQC2fg9WoUnALtTZUMeoLRR9emmHOnzgHZFp63sN4U+B
um+2y0g2qPPsqFviOgV0xs4Zg4KUYD510vPkQlOOw5c4H2qbnvzHtCdkf6e3rLTC
LFlCag1d3oR0uWyycnRpB5ks5SzVEKkPGr11mi+ejrZWSuVC/bDx6/PFPbHO/Ueq
ZRKne1f9CDzcVSF0Z2qyoS5cKFbXOPI2/ne/5EhNv9hqvbP412Cr2Kx4js9XW0dM
Xd9t4sCSeqXCfiNW808Ob8Fbqn5xwDJ/V+PXswTb/pMT9/+PSBXABabrQpcX+G1V
vSdNyq0sdE1vMyIP4RxqxGH3wDyyCW5pSNN/axnFsOfX
-----END CERTIFICATE-----