Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/gR91LIxxnbU08v57AUEvFf010vs.roa
File:                     gR91LIxxnbU08v57AUEvFf010vs.roa (raw, json)
Hash identifier:          SbAN6voQ5c1qkWMDRn5E0Sl0vR5PwgTVIGlVOQ/CsHM=
Subject key identifier:   81:1F:75:2C:8C:71:9D:B5:34:F2:FE:7B:01:41:2F:15:FD:35:D2:FB
Certificate issuer:       /CN=fad1863cbdec1b596daceeb901a0853d6c87e756
Certificate serial:       019B7BA4FE0ACCC32A9C3F169479DB8D0E12
Authority key identifier: FA:D1:86:3C:BD:EC:1B:59:6D:AC:EE:B9:01:A0:85:3D:6C:87:E7:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tGGPL3sG1ltrO65AaCFPWyH51Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/gR91LIxxnbU08v57AUEvFf010vs.roa
Signing time:             Thu 01 Jan 2026 22:19:29 +0000
ROA not before:           Thu 01 Jan 2026 22:19:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202652
IP address blocks:        185.157.108.0/22 maxlen: 22
                          185.195.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/1-tGGPL3sG1ltrO65AaCFPWyH51Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/1-tGGPL3sG1ltrO65AaCFPWyH51Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tGGPL3sG1ltrO65AaCFPWyH51Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:fe:0a:cc:c3:2a:9c:3f:16:94:79:db:8d:0e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad1863cbdec1b596daceeb901a0853d6c87e756
        Validity
            Not Before: Jan  1 22:19:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=811f752c8c719db534f2fe7b01412f15fd35d2fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fe:05:8d:5c:4e:21:1c:97:06:cf:71:61:e9:
                    2e:e7:51:a7:32:7d:e3:01:1d:c8:35:05:bc:c9:9f:
                    64:fc:3c:29:4c:8e:cf:38:1d:48:01:b5:30:63:72:
                    ac:20:3a:13:be:84:3d:50:92:12:d5:07:c0:da:2e:
                    e1:af:34:f6:10:31:16:0b:52:a4:9a:b3:84:84:cb:
                    be:af:3d:94:1f:46:2b:20:57:03:0c:23:39:c0:57:
                    19:31:98:12:ef:d5:13:3a:5a:bd:d2:cb:00:da:66:
                    0d:99:94:e2:f0:0d:8d:f2:79:c2:3b:0e:45:48:13:
                    17:ce:08:e5:07:74:f9:3d:c4:18:62:2d:7a:b0:5b:
                    94:03:49:c3:96:ab:8c:0e:60:f2:38:34:b3:f1:96:
                    4d:65:fc:70:c9:94:ee:99:c8:a0:3d:42:e0:05:66:
                    a4:f4:0c:49:00:3e:46:ac:a0:96:88:df:53:ff:c4:
                    eb:d2:06:75:1d:e7:d3:41:cf:bc:71:cd:b2:c7:4a:
                    9f:fc:6e:bc:e0:84:56:96:f4:6d:0e:95:c0:bf:f9:
                    24:37:09:a5:07:ff:d1:bf:d3:83:60:e8:c5:43:60:
                    fe:e5:b0:76:c7:96:2b:93:81:2c:fd:dd:0b:ef:54:
                    5e:2e:0c:ae:cb:85:09:db:d1:c1:9a:a1:82:35:00:
                    fe:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:1F:75:2C:8C:71:9D:B5:34:F2:FE:7B:01:41:2F:15:FD:35:D2:FB
            X509v3 Authority Key Identifier:
                keyid:FA:D1:86:3C:BD:EC:1B:59:6D:AC:EE:B9:01:A0:85:3D:6C:87:E7:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tGGPL3sG1ltrO65AaCFPWyH51Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/gR91LIxxnbU08v57AUEvFf010vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/1-tGGPL3sG1ltrO65AaCFPWyH51Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.108.0/22
                  185.195.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:f5:58:4d:ee:5a:70:62:f0:a1:ac:e2:7b:3e:ad:c3:6b:bc:
         ea:07:08:50:44:b3:82:73:dc:b1:e3:df:d0:7d:ee:6a:06:8d:
         c0:56:a7:ae:ac:f2:2b:0b:35:3c:df:f3:72:fb:d1:22:a7:50:
         34:ef:02:00:37:13:3f:92:f0:6a:29:0b:ce:94:3c:a4:14:c1:
         8a:46:20:a8:18:ed:1f:46:9f:d7:9d:a6:b7:c1:f3:d4:af:7b:
         25:f8:ca:cc:de:0e:fb:86:d8:92:79:e6:ef:a7:df:d0:22:aa:
         fc:bb:b1:90:c2:57:47:5b:e1:c1:e6:7a:a3:fd:17:d4:1c:01:
         fe:69:80:75:a6:40:89:5b:f5:af:2c:4a:fb:86:94:d2:0d:fd:
         6f:ad:be:9c:c6:6e:67:91:d6:1a:6b:09:60:ed:07:9f:64:be:
         e1:55:c6:85:21:f1:b9:e2:42:7f:91:f0:27:fe:8b:61:77:52:
         9a:8f:c6:17:73:c4:0c:0c:1d:1c:19:d3:76:15:1a:4d:8e:00:
         72:0b:18:ac:c8:bb:8a:fd:05:e8:a7:1c:f1:13:f0:aa:33:34:
         cc:32:da:35:ce:e5:59:c8:04:4e:96:b5:e1:8e:14:ac:fb:39:
         57:db:50:19:55:2b:ee:d8:f7:01:ba:e9:27:e4:65:73:f8:0f:
         75:67:c3:70
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt7pP4KzMMqnD8WlHnbjQ4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDE4NjNjYmRlYzFiNTk2ZGFjZWViOTAxYTA4NTNkNmM4
N2U3NTYwHhcNMjYwMTAxMjIxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTFmNzUyYzhjNzE5ZGI1MzRmMmZlN2IwMTQxMmYxNWZkMzVkMmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/4FjVxOIRyXBs9xYeku51GnMn3j
AR3INQW8yZ9k/DwpTI7POB1IAbUwY3KsIDoTvoQ9UJIS1QfA2i7hrzT2EDEWC1Kk
mrOEhMu+rz2UH0YrIFcDDCM5wFcZMZgS79UTOlq90ssA2mYNmZTi8A2N8nnCOw5F
SBMXzgjlB3T5PcQYYi16sFuUA0nDlquMDmDyODSz8ZZNZfxwyZTumcigPULgBWak
9AxJAD5GrKCWiN9T/8Tr0gZ1HefTQc+8cc2yx0qf/G684IRWlvRtDpXAv/kkNwml
B//Rv9ODYOjFQ2D+5bB2x5Yrk4Es/d0L71ReLgyuy4UJ29HBmqGCNQD+ZwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIEfdSyMcZ21NPL+ewFBLxX9NdL7MB8GA1UdIwQY
MBaAFPrRhjy97BtZbazuuQGghT1sh+dWMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10R0dQTDNzRzFsdHJPNjVBYUNGUFd5SDUxWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYvZGRkYTdlLWEwMzctNGQzOC05NTU1
LTBhMTEwYzQ5NzQ5Yy8xL2dSOTFMSXh4bmJVMDh2NTdBVUV2RmYwMTB2cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGYvZGRkYTdlLWEwMzctNGQzOC05NTU1LTBhMTEwYzQ5NzQ5
Yy8xLzEtdEdHUEwzc0cxbHRyTzY1QWFDRlBXeUg1MVkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAK5nWwD
BAK5wxQwDQYJKoZIhvcNAQELBQADggEBAAr1WE3uWnBi8KGs4ns+rcNrvOoHCFBE
s4Jz3LHj39B97moGjcBWp66s8isLNTzf83L70SKnUDTvAgA3Ez+S8GopC86UPKQU
wYpGIKgY7R9Gn9edprfB89SveyX4yszeDvuG2JJ55u+n39Aiqvy7sZDCV0db4cHm
eqP9F9QcAf5pgHWmQIlb9a8sSvuGlNIN/W+tvpzGbmeR1hprCWDtB59kvuFVxoUh
8bniQn+R8Cf+i2F3UpqPxhdzxAwMHRwZ03YVGk2OAHILGKzIu4r9BeinHPET8Koz
NMwy2jXO5VnIBE6WteGOFKz7OVfbUBlVK+7Y9wG66SfkZXP4D3Vnw3A=
-----END CERTIFICATE-----