Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/hh65TK7Na8CowJZwyqt1TVeIYy4.roa
File:                     hh65TK7Na8CowJZwyqt1TVeIYy4.roa (raw, json)
Hash identifier:          aukcA6UGC2SQI5ooLx5N67ZM8ueFuH+SPvgDe8VOaKA=
Subject key identifier:   86:1E:B9:4C:AE:CD:6B:C0:A8:C0:96:70:CA:AB:75:4D:57:88:63:2E
Certificate issuer:       /CN=f79647cacd20f9447d050538331b1fe7e04c1a26
Certificate serial:       019C9A746CB9A45AB1D698F4C6E2E4CA7A8E
Authority key identifier: F7:96:47:CA:CD:20:F9:44:7D:05:05:38:33:1B:1F:E7:E0:4C:1A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/95ZHys0g-UR9BQU4Mxsf5-BMGiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/hh65TK7Na8CowJZwyqt1TVeIYy4.roa
Signing time:             Thu 26 Feb 2026 14:57:27 +0000
ROA not before:           Thu 26 Feb 2026 14:57:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41960
IP address blocks:        185.80.12.0/24 maxlen: 32
                          185.80.13.0/24 maxlen: 32
                          185.80.14.0/24 maxlen: 32
                          185.80.15.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/95ZHys0g-UR9BQU4Mxsf5-BMGiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/95ZHys0g-UR9BQU4Mxsf5-BMGiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/95ZHys0g-UR9BQU4Mxsf5-BMGiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:74:6c:b9:a4:5a:b1:d6:98:f4:c6:e2:e4:ca:7a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f79647cacd20f9447d050538331b1fe7e04c1a26
        Validity
            Not Before: Feb 26 14:57:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=861eb94caecd6bc0a8c09670caab754d5788632e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e9:93:f5:b6:1e:b3:62:01:21:33:0d:1a:e0:
                    50:29:0e:b1:24:6c:3e:e0:ff:66:5b:16:5e:14:7f:
                    2a:7f:f0:bc:53:29:b8:a2:25:52:eb:3b:e2:bd:8b:
                    c3:3d:f1:12:3e:a4:6d:17:49:c2:8f:ee:60:00:14:
                    47:d5:f9:c7:49:64:61:f0:05:19:9c:30:19:37:fc:
                    9b:cc:09:1c:90:84:9a:4a:da:ad:23:62:8e:a0:4b:
                    f2:91:1c:c1:90:8e:44:1c:33:26:74:e4:79:8a:7a:
                    da:3c:c0:39:3a:61:9e:ca:2d:8d:34:55:bb:2d:09:
                    d5:8d:c0:36:a5:42:c9:de:74:c9:cf:6f:fe:b7:14:
                    e1:01:34:d7:36:c8:f7:bd:40:83:56:a0:bd:d2:45:
                    ba:e2:5b:78:69:fa:18:04:0e:ba:f9:5b:09:4c:05:
                    b0:e6:7d:87:f3:b0:37:23:cd:7f:a8:92:70:80:d1:
                    46:50:55:e0:6d:80:43:56:7b:6b:34:c4:dc:76:be:
                    46:32:c5:6f:f8:7b:60:60:7c:f8:3a:6c:9b:58:92:
                    7a:dd:bf:8a:69:4d:12:f3:ce:7f:1f:3c:57:79:ce:
                    2d:16:aa:2a:cd:07:f5:e3:41:9a:15:84:94:bf:21:
                    d4:02:b1:d6:35:63:60:18:53:8d:a4:b3:1c:c4:de:
                    f6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:1E:B9:4C:AE:CD:6B:C0:A8:C0:96:70:CA:AB:75:4D:57:88:63:2E
            X509v3 Authority Key Identifier:
                keyid:F7:96:47:CA:CD:20:F9:44:7D:05:05:38:33:1B:1F:E7:E0:4C:1A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/95ZHys0g-UR9BQU4Mxsf5-BMGiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/hh65TK7Na8CowJZwyqt1TVeIYy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b34747-659b-4670-876c-22c8862bec1d/1/95ZHys0g-UR9BQU4Mxsf5-BMGiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:27:4a:b5:e0:e1:6b:3b:a1:7a:28:61:9c:ea:81:f2:6f:64:
         7d:8f:9d:45:76:a8:10:b3:bd:26:31:7c:69:18:2a:f9:f9:3e:
         b4:47:27:ad:47:d5:16:8f:3c:7c:5e:8e:0b:9b:6f:0f:bb:c6:
         79:07:ac:5b:86:0d:22:64:45:35:e1:14:37:a2:b5:23:bc:09:
         b0:1d:d0:67:57:28:69:9a:02:cd:17:14:7a:e0:2b:71:16:56:
         3c:42:1f:0d:18:2a:9b:ad:6b:ef:33:21:a3:1d:6a:a3:c2:f2:
         dc:65:d2:65:b2:f8:ed:a5:b7:97:bc:0b:b7:fd:95:d7:03:86:
         52:5d:f8:07:db:e0:17:c5:ae:13:7e:35:b5:20:ec:d8:74:8e:
         9e:9d:7a:d6:24:19:c0:88:b8:5d:d7:72:59:b1:70:bd:96:3b:
         7b:bc:96:5d:e6:7b:08:d5:f4:c5:7e:c2:ae:dd:12:a5:08:72:
         66:42:39:fd:2c:72:99:35:ef:36:ae:2f:b7:7f:61:7c:5c:2a:
         23:de:9c:99:5c:a3:78:4b:58:32:1e:fc:a4:76:83:01:3b:20:
         ff:b3:7e:80:87:d9:d1:64:48:6d:b5:47:3b:66:2c:63:9d:a4:
         d0:8b:89:6d:00:bf:30:21:b1:c4:22:63:c1:0f:f3:fb:64:3d:
         bf:3b:c7:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyadGy5pFqx1pj0xuLkynqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3OTY0N2NhY2QyMGY5NDQ3ZDA1MDUzODMzMWIxZmU3ZTA0
YzFhMjYwHhcNMjYwMjI2MTQ1NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjFlYjk0Y2FlY2Q2YmMwYThjMDk2NzBjYWFiNzU0ZDU3ODg2MzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+mT9bYes2IBITMNGuBQKQ6xJGw+
4P9mWxZeFH8qf/C8Uym4oiVS6zvivYvDPfESPqRtF0nCj+5gABRH1fnHSWRh8AUZ
nDAZN/ybzAkckISaStqtI2KOoEvykRzBkI5EHDMmdOR5inraPMA5OmGeyi2NNFW7
LQnVjcA2pULJ3nTJz2/+txThATTXNsj3vUCDVqC90kW64lt4afoYBA66+VsJTAWw
5n2H87A3I81/qJJwgNFGUFXgbYBDVntrNMTcdr5GMsVv+HtgYHz4OmybWJJ63b+K
aU0S885/HzxXec4tFqoqzQf140GaFYSUvyHUArHWNWNgGFONpLMcxN72MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYeuUyuzWvAqMCWcMqrdU1XiGMuMB8GA1UdIwQY
MBaAFPeWR8rNIPlEfQUFODMbH+fgTBomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTVaSHlzMGctVVI5QlFVNE14c2Y1LUJNR2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iMzQ3NDctNjU5Yi00NjcwLTg3NmMt
MjJjODg2MmJlYzFkLzEvaGg2NVRLN05hOENvd0pad3lxdDFUVmVJWXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iMzQ3NDctNjU5Yi00NjcwLTg3NmMtMjJjODg2MmJlYzFk
LzEvOTVaSHlzMGctVVI5QlFVNE14c2Y1LUJNR2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVAMMA0G
CSqGSIb3DQEBCwUAA4IBAQASJ0q14OFrO6F6KGGc6oHyb2R9j51FdqgQs70mMXxp
GCr5+T60RyetR9UWjzx8Xo4Lm28Pu8Z5B6xbhg0iZEU14RQ3orUjvAmwHdBnVyhp
mgLNFxR64CtxFlY8Qh8NGCqbrWvvMyGjHWqjwvLcZdJlsvjtpbeXvAu3/ZXXA4ZS
XfgH2+AXxa4TfjW1IOzYdI6enXrWJBnAiLhd13JZsXC9ljt7vJZd5nsI1fTFfsKu
3RKlCHJmQjn9LHKZNe82ri+3f2F8XCoj3pyZXKN4S1gyHvykdoMBOyD/s36Ah9nR
ZEhttUc7ZixjnaTQi4ltAL8wIbHEImPBD/P7ZD2/O8fc
-----END CERTIFICATE-----