Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/44muUChp5JRRZ63agxqoMHmu2uk.roa
File:                     44muUChp5JRRZ63agxqoMHmu2uk.roa (raw, json)
Hash identifier:          BUqt5hQEDJqjTZAY38OPC7Xm/4ladOgcW1BaLTx7yWI=
Subject key identifier:   E3:89:AE:50:28:69:E4:94:51:67:AD:DA:83:1A:A8:30:79:AE:DA:E9
Certificate issuer:       /CN=f79647cacd20f9447d050538331b1fe7e04c1a26
Certificate serial:       019CAE75E15C81CDA305CF0FB6C54871431A
Authority key identifier: F7:96:47:CA:CD:20:F9:44:7D:05:05:38:33:1B:1F:E7:E0:4C:1A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/95ZHys0g-UR9BQU4Mxsf5-BMGiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/44muUChp5JRRZ63agxqoMHmu2uk.roa
Signing time:             Mon 02 Mar 2026 12:11:26 +0000
ROA not before:           Mon 02 Mar 2026 12:11:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41960
IP address blocks:        185.80.12.0/22 maxlen: 24
                          2a0f:bf40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/95ZHys0g-UR9BQU4Mxsf5-BMGiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/95ZHys0g-UR9BQU4Mxsf5-BMGiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/95ZHys0g-UR9BQU4Mxsf5-BMGiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:11:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:75:e1:5c:81:cd:a3:05:cf:0f:b6:c5:48:71:43:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f79647cacd20f9447d050538331b1fe7e04c1a26
        Validity
            Not Before: Mar  2 12:11:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e389ae502869e4945167adda831aa83079aedae9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:61:a7:47:f9:35:8f:40:d8:f5:18:77:a4:d3:
                    cc:85:7e:40:10:92:f9:c6:ed:53:d9:d9:fe:fe:ff:
                    2d:b2:42:0c:18:fb:c2:fd:fa:cd:29:d7:ed:46:76:
                    99:67:a0:93:e6:6d:af:85:c6:c3:9f:b4:aa:ae:79:
                    6c:44:74:7a:29:b5:1b:39:0b:18:69:6c:d6:5b:2c:
                    01:8f:03:52:2f:c2:7e:fe:e0:d1:40:9c:e6:76:70:
                    8f:f4:ef:ac:a0:e5:a2:b2:44:5c:fe:5a:70:6f:b5:
                    8d:78:3e:dd:67:c6:38:cb:39:90:08:89:d9:00:17:
                    57:5a:b3:e9:30:44:e7:82:5e:b6:15:bd:1c:56:b3:
                    29:66:bd:93:d6:28:90:de:81:e6:03:bb:1f:c7:0e:
                    22:8d:4f:fe:33:7c:12:38:8f:fd:9a:74:5c:1b:d6:
                    5f:1b:f3:5d:c6:7d:87:dc:b6:18:cf:c2:2b:ab:79:
                    4a:77:96:1a:f9:be:7c:18:c2:63:f1:35:7e:40:c5:
                    29:d7:59:de:95:82:56:1c:6f:1f:02:53:23:6f:a0:
                    81:3f:e6:02:29:7e:f2:2e:b2:42:d8:20:e9:8a:c3:
                    6b:d6:01:99:2e:1a:6b:24:30:93:3f:71:6c:cb:8b:
                    2f:82:ee:72:db:20:49:c9:17:98:b8:db:d3:c0:69:
                    79:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:89:AE:50:28:69:E4:94:51:67:AD:DA:83:1A:A8:30:79:AE:DA:E9
            X509v3 Authority Key Identifier:
                keyid:F7:96:47:CA:CD:20:F9:44:7D:05:05:38:33:1B:1F:E7:E0:4C:1A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/95ZHys0g-UR9BQU4Mxsf5-BMGiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/44muUChp5JRRZ63agxqoMHmu2uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/95ZHys0g-UR9BQU4Mxsf5-BMGiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.12.0/22
                IPv6:
                  2a0f:bf40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:36:06:33:71:0e:70:a9:ef:61:65:64:98:05:9f:4e:24:45:
         0a:b0:08:56:f6:43:d0:3c:d1:63:bf:ad:db:b6:9c:2a:6e:f6:
         26:a1:ee:fa:a9:6d:2c:6f:14:73:cd:ee:8a:61:98:b5:87:a9:
         d8:4c:07:c2:ec:35:b3:5c:7b:17:09:65:fc:1e:9e:fa:1c:1c:
         01:fc:d7:dd:28:b7:b7:dd:1d:3e:cc:75:9c:15:39:2a:7b:21:
         7d:e2:d4:35:1c:fb:a9:d6:f6:d3:b5:3c:6e:55:2b:5b:88:db:
         7b:1b:35:3c:a5:42:97:f5:cf:e9:91:9e:02:12:84:89:16:d9:
         ba:59:7e:6c:dd:50:f0:da:5d:d7:74:c5:52:2f:56:8e:8e:64:
         db:ce:74:3f:78:08:b1:a5:df:49:5d:d8:5f:62:c0:2a:51:a2:
         f3:78:b8:9e:ac:57:10:5f:47:d5:c1:38:27:43:71:65:68:c4:
         d8:24:d4:73:6a:b8:39:62:4c:6f:fb:02:bd:2d:0d:a2:85:df:
         83:63:1e:82:69:16:18:6d:8b:6a:65:d7:61:e3:b8:7a:6a:7e:
         03:10:88:08:59:3f:a8:53:67:ab:72:5e:af:35:5a:1a:ef:35:
         5c:36:b6:4c:5e:93:fd:09:a5:03:a3:15:94:d5:d2:27:05:09:
         f4:e0:00:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyudeFcgc2jBc8PtsVIcUMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3OTY0N2NhY2QyMGY5NDQ3ZDA1MDUzODMzMWIxZmU3ZTA0
YzFhMjYwHhcNMjYwMzAyMTIxMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzg5YWU1MDI4NjllNDk0NTE2N2FkZGE4MzFhYTgzMDc5YWVkYWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWGnR/k1j0DY9Rh3pNPMhX5AEJL5
xu1T2dn+/v8tskIMGPvC/frNKdftRnaZZ6CT5m2vhcbDn7SqrnlsRHR6KbUbOQsY
aWzWWywBjwNSL8J+/uDRQJzmdnCP9O+soOWiskRc/lpwb7WNeD7dZ8Y4yzmQCInZ
ABdXWrPpMETngl62Fb0cVrMpZr2T1iiQ3oHmA7sfxw4ijU/+M3wSOI/9mnRcG9Zf
G/Ndxn2H3LYYz8Irq3lKd5Ya+b58GMJj8TV+QMUp11nelYJWHG8fAlMjb6CBP+YC
KX7yLrJC2CDpisNr1gGZLhprJDCTP3Fsy4svgu5y2yBJyReYuNvTwGl5kQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOOJrlAoaeSUUWet2oMaqDB5rtrpMB8GA1UdIwQY
MBaAFPeWR8rNIPlEfQUFODMbH+fgTBomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTVaSHlzMGctVVI5QlFVNE14c2Y1LUJNR2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iMzQ3NDctNjU5Yi00NjcwLTg3NmMt
MjJjODg2MmJlYzFkLzEvNDRtdVVDaHA1SlJSWjYzYWd4cW9NSG11MnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iMzQ3NDctNjU5Yi00NjcwLTg3NmMtMjJjODg2MmJlYzFk
LzEvOTVaSHlzMGctVVI5QlFVNE14c2Y1LUJNR2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVAMMA0E
AgACMAcDBQMqD79AMA0GCSqGSIb3DQEBCwUAA4IBAQAeNgYzcQ5wqe9hZWSYBZ9O
JEUKsAhW9kPQPNFjv63btpwqbvYmoe76qW0sbxRzze6KYZi1h6nYTAfC7DWzXHsX
CWX8Hp76HBwB/NfdKLe33R0+zHWcFTkqeyF94tQ1HPup1vbTtTxuVStbiNt7GzU8
pUKX9c/pkZ4CEoSJFtm6WX5s3VDw2l3XdMVSL1aOjmTbznQ/eAixpd9JXdhfYsAq
UaLzeLierFcQX0fVwTgnQ3FlaMTYJNRzarg5Ykxv+wK9LQ2ihd+DYx6CaRYYbYtq
Zddh47h6an4DEIgIWT+oU2ercl6vNVoa7zVcNrZMXpP9CaUDoxWU1dInBQn04AA3
-----END CERTIFICATE-----