Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/8yYMhh0gMT6CiQOLVp2cTc5vVZ0.roa
File:                     8yYMhh0gMT6CiQOLVp2cTc5vVZ0.roa (raw, json)
Hash identifier:          7gaVBUF1/eBBpHyrZMX3iYaRP7VQvzONGdsKY6mhoPg=
Subject key identifier:   F3:26:0C:86:1D:20:31:3E:82:89:03:8B:56:9D:9C:4D:CE:6F:55:9D
Certificate issuer:       /CN=267d9ecb9964825d44dd266bbd32aa0804bc10f7
Certificate serial:       019B7B36904603F0B017A1192E8446956B44
Authority key identifier: 26:7D:9E:CB:99:64:82:5D:44:DD:26:6B:BD:32:AA:08:04:BC:10:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/8yYMhh0gMT6CiQOLVp2cTc5vVZ0.roa
Signing time:             Thu 01 Jan 2026 20:18:51 +0000
ROA not before:           Thu 01 Jan 2026 20:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205996
IP address blocks:        185.199.164.0/22 maxlen: 24
                          2a0d:4900::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:90:46:03:f0:b0:17:a1:19:2e:84:46:95:6b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=267d9ecb9964825d44dd266bbd32aa0804bc10f7
        Validity
            Not Before: Jan  1 20:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3260c861d20313e8289038b569d9c4dce6f559d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:26:f4:b3:8b:63:0a:c8:11:49:76:fe:d1:53:
                    72:c9:dd:31:58:64:dc:2a:8c:6e:cf:3a:1a:32:85:
                    47:eb:84:5d:84:6b:7e:5c:8b:a4:f8:0d:aa:d6:58:
                    74:53:8f:63:88:b2:40:cb:6e:93:78:d5:65:78:7d:
                    f3:4b:05:58:8e:51:a1:fe:d7:bd:54:41:c9:b5:7d:
                    f4:78:2b:cf:6d:a2:ab:6d:0e:f5:c0:b6:96:a0:1d:
                    ef:76:5d:6c:17:d8:78:5a:c5:70:9c:b2:dc:b0:a8:
                    1a:bf:01:0d:fd:b5:a8:49:b3:95:e0:84:01:a7:93:
                    c6:e9:9e:ae:5d:39:06:40:33:ec:38:42:d7:f2:b4:
                    d8:a3:bc:89:94:bc:a3:c2:38:49:9a:c5:f9:a4:04:
                    87:f1:f4:5a:ee:e2:e3:b6:01:04:59:dc:27:4e:79:
                    c4:86:8b:86:53:8c:d8:73:f0:b8:a3:96:71:6f:3d:
                    fb:29:ee:c2:f5:f9:9f:21:61:eb:71:6d:44:27:7e:
                    d7:b9:1a:5c:80:09:a6:52:2d:5b:62:63:d1:a1:5f:
                    ad:5e:f2:a5:1a:06:d5:3b:5b:1a:9b:49:4d:f9:94:
                    20:de:b3:9b:3f:27:73:ba:17:26:e4:43:c0:06:0c:
                    fc:36:5a:14:a8:29:89:78:b7:47:bd:59:d5:39:5d:
                    4d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:26:0C:86:1D:20:31:3E:82:89:03:8B:56:9D:9C:4D:CE:6F:55:9D
            X509v3 Authority Key Identifier:
                keyid:26:7D:9E:CB:99:64:82:5D:44:DD:26:6B:BD:32:AA:08:04:BC:10:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/8yYMhh0gMT6CiQOLVp2cTc5vVZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.164.0/22
                IPv6:
                  2a0d:4900::/32

    Signature Algorithm: sha256WithRSAEncryption
         d6:66:77:f2:93:ff:ee:70:e4:9a:bd:2a:71:fb:1d:93:e9:37:
         e5:bf:71:85:53:23:15:40:1b:f5:ad:53:01:c1:1f:a3:e7:ae:
         02:00:49:b9:d6:ee:71:c3:97:f3:05:7f:30:c6:28:a9:29:fc:
         2a:11:e1:cc:9b:bf:45:c4:b1:02:fe:f7:35:7e:9e:63:1e:8b:
         66:18:59:a8:0e:34:be:f8:2d:aa:50:12:dd:9f:81:65:3d:8d:
         62:b6:98:68:bd:44:dc:ca:bf:85:18:43:07:04:8c:07:64:13:
         60:31:85:b8:6b:5f:72:3b:b5:83:bb:30:77:63:a1:92:8a:2f:
         ac:4b:a7:88:eb:0c:69:d7:df:e7:ad:45:dd:95:ad:23:89:3e:
         a3:73:a4:f7:45:b5:33:ad:24:28:6e:8d:c9:5a:2a:2d:b4:04:
         88:0d:66:87:24:1c:20:9e:44:1a:e8:f2:23:67:9f:65:09:e8:
         84:f6:82:21:0e:fb:f9:f7:60:8e:90:a3:62:97:b2:9d:7d:8d:
         0b:24:e5:e5:d5:e2:78:87:47:08:20:59:e3:58:53:ab:99:d3:
         30:35:a0:f5:24:b9:dc:6f:71:25:a8:52:c1:5d:58:66:6a:5a:
         5d:ee:83:cd:11:f7:93:ab:e8:e6:44:11:d8:dd:6a:03:fb:e6:
         89:4f:4e:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt7NpBGA/CwF6EZLoRGlWtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2N2Q5ZWNiOTk2NDgyNWQ0NGRkMjY2YmJkMzJhYTA4MDRi
YzEwZjcwHhcNMjYwMTAxMjAxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzI2MGM4NjFkMjAzMTNlODI4OTAzOGI1NjlkOWM0ZGNlNmY1NTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Cb0s4tjCsgRSXb+0VNyyd0xWGTc
KoxuzzoaMoVH64RdhGt+XIuk+A2q1lh0U49jiLJAy26TeNVleH3zSwVYjlGh/te9
VEHJtX30eCvPbaKrbQ71wLaWoB3vdl1sF9h4WsVwnLLcsKgavwEN/bWoSbOV4IQB
p5PG6Z6uXTkGQDPsOELX8rTYo7yJlLyjwjhJmsX5pASH8fRa7uLjtgEEWdwnTnnE
houGU4zYc/C4o5Zxbz37Ke7C9fmfIWHrcW1EJ37XuRpcgAmmUi1bYmPRoV+tXvKl
GgbVO1sam0lN+ZQg3rObPydzuhcm5EPABgz8NloUqCmJeLdHvVnVOV1NKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPMmDIYdIDE+gokDi1adnE3Ob1WdMB8GA1UdIwQY
MBaAFCZ9nsuZZIJdRN0ma70yqggEvBD3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm4yZXk1bGtnbDFFM1NacnZUS3FDQVM4RVBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8yOWFjODQtNDM2NS00ZWJhLTk4NzMt
MzkxYmNlNzFmZWExLzEvOHlZTWhoMGdNVDZDaVFPTFZwMmNUYzV2VlowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8yOWFjODQtNDM2NS00ZWJhLTk4NzMtMzkxYmNlNzFmZWEx
LzEvSm4yZXk1bGtnbDFFM1NacnZUS3FDQVM4RVBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucekMA0E
AgACMAcDBQAqDUkAMA0GCSqGSIb3DQEBCwUAA4IBAQDWZnfyk//ucOSavSpx+x2T
6Tflv3GFUyMVQBv1rVMBwR+j564CAEm51u5xw5fzBX8wxiipKfwqEeHMm79FxLEC
/vc1fp5jHotmGFmoDjS++C2qUBLdn4FlPY1itphovUTcyr+FGEMHBIwHZBNgMYW4
a19yO7WDuzB3Y6GSii+sS6eI6wxp19/nrUXdla0jiT6jc6T3RbUzrSQobo3JWiot
tASIDWaHJBwgnkQa6PIjZ59lCeiE9oIhDvv592COkKNil7KdfY0LJOXl1eJ4h0cI
IFnjWFOrmdMwNaD1JLncb3ElqFLBXVhmalpd7oPNEfeTq+jmRBHY3WoD++aJT076
-----END CERTIFICATE-----