Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/C3S7Z7lno_9rFEN5rI9k-GVilAM.roa
File:                     C3S7Z7lno_9rFEN5rI9k-GVilAM.roa (raw, json)
Hash identifier:          6gStCupXXahtcP47ABJrQ8W9WPHJoBRJRpku34DxbVI=
Subject key identifier:   0B:74:BB:67:B9:67:A3:FF:6B:14:43:79:AC:8F:64:F8:65:62:94:03
Certificate issuer:       /CN=49f26233f5bb4226c2a7a7b9003008d19e34785b
Certificate serial:       019B7E38B121DA1454A6E44AC3C36C832313
Authority key identifier: 49:F2:62:33:F5:BB:42:26:C2:A7:A7:B9:00:30:08:D1:9E:34:78:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SfJiM_W7QibCp6e5ADAI0Z40eFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/C3S7Z7lno_9rFEN5rI9k-GVilAM.roa
Signing time:             Fri 02 Jan 2026 10:20:03 +0000
ROA not before:           Fri 02 Jan 2026 10:20:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64482
IP address blocks:        185.216.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/SfJiM_W7QibCp6e5ADAI0Z40eFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/SfJiM_W7QibCp6e5ADAI0Z40eFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SfJiM_W7QibCp6e5ADAI0Z40eFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:b1:21:da:14:54:a6:e4:4a:c3:c3:6c:83:23:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49f26233f5bb4226c2a7a7b9003008d19e34785b
        Validity
            Not Before: Jan  2 10:20:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b74bb67b967a3ff6b144379ac8f64f865629403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a2:92:58:e7:da:6f:33:24:e9:3b:6d:3a:8e:
                    86:90:7b:12:5c:17:c9:ee:c8:88:bb:31:11:6e:77:
                    98:f6:7e:cf:31:5f:87:b8:12:9a:9e:f6:d7:2c:2e:
                    8e:95:2d:9e:5f:80:ca:4d:09:69:43:2e:74:af:7d:
                    da:b0:75:e1:ff:39:8c:34:41:75:67:ec:78:07:c5:
                    fd:89:0f:74:fe:79:9c:f3:3e:9d:03:04:2d:4c:b7:
                    e2:b7:ce:9c:fe:bf:e0:74:3b:80:e7:0c:42:84:ed:
                    c9:87:6b:07:44:8c:42:f6:4a:37:0b:44:ee:6e:ab:
                    0a:91:3e:d7:df:e0:12:95:47:38:5d:65:ea:c3:2e:
                    da:e3:2b:82:59:c5:ff:a0:b8:76:0f:59:df:03:db:
                    2f:d6:f9:06:a7:cf:9f:02:0c:22:8a:86:1d:1f:92:
                    9b:5b:2c:a8:e0:d1:a0:bc:5e:ad:ee:19:d1:6e:f6:
                    07:93:f3:06:34:da:50:b9:c4:9a:ee:85:5a:68:18:
                    bd:2c:12:1c:e2:a7:2c:0b:d6:6c:5d:7c:69:33:ab:
                    9b:3b:a8:a1:54:44:42:99:17:71:f7:4a:87:97:ab:
                    f0:42:17:d4:66:96:a7:38:a8:4e:4b:32:2f:db:2f:
                    70:3c:2d:b8:c4:6b:68:73:7c:6e:64:3f:8a:b9:a0:
                    01:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:74:BB:67:B9:67:A3:FF:6B:14:43:79:AC:8F:64:F8:65:62:94:03
            X509v3 Authority Key Identifier:
                keyid:49:F2:62:33:F5:BB:42:26:C2:A7:A7:B9:00:30:08:D1:9E:34:78:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SfJiM_W7QibCp6e5ADAI0Z40eFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/C3S7Z7lno_9rFEN5rI9k-GVilAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/SfJiM_W7QibCp6e5ADAI0Z40eFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:7a:72:bb:64:26:19:cf:37:88:16:d0:1e:1b:30:4a:ec:cf:
         66:a2:07:5b:15:10:20:16:b4:86:e7:d6:1e:39:fd:71:15:ac:
         6e:0c:a1:9b:b5:04:ac:79:14:ab:1d:a2:f2:5a:1c:e1:cc:d4:
         87:66:8c:9f:e4:22:b5:80:ba:39:80:6e:0b:3c:68:c0:5c:b1:
         d2:af:b5:c5:87:ef:e8:be:da:45:38:9a:47:9a:ec:86:3a:fd:
         93:61:ba:67:95:89:da:60:ed:67:d3:46:b1:85:56:e1:e1:1e:
         12:32:96:01:ca:14:6a:9d:b0:c1:7a:d6:44:98:9c:26:6b:86:
         bc:a9:67:a4:19:2a:f5:34:7e:f7:4d:e3:94:51:c8:9b:4e:2f:
         ad:31:a0:ea:22:5a:c2:8a:18:b2:35:dc:af:54:ca:c9:96:1f:
         73:df:33:67:e3:bf:17:d2:09:81:89:a3:ae:71:85:a9:fa:6d:
         4f:73:01:20:a7:9c:22:cc:e9:a0:ca:39:56:92:4f:57:a0:9a:
         d6:1d:a4:b3:ba:82:6a:5e:4f:80:92:22:2c:09:99:05:26:01:
         57:79:8c:58:01:43:ab:dc:b9:17:fa:4c:36:44:ba:4f:bb:71:
         1f:5a:fa:c6:b7:ad:cd:65:24:0e:77:af:bd:16:5e:bb:e2:77:
         77:86:9b:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OLEh2hRUpuRKw8NsgyMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZjI2MjMzZjViYjQyMjZjMmE3YTdiOTAwMzAwOGQxOWUz
NDc4NWIwHhcNMjYwMTAyMTAyMDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjc0YmI2N2I5NjdhM2ZmNmIxNDQzNzlhYzhmNjRmODY1NjI5NDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaKSWOfabzMk6TttOo6GkHsSXBfJ
7siIuzERbneY9n7PMV+HuBKanvbXLC6OlS2eX4DKTQlpQy50r33asHXh/zmMNEF1
Z+x4B8X9iQ90/nmc8z6dAwQtTLfit86c/r/gdDuA5wxChO3Jh2sHRIxC9ko3C0Tu
bqsKkT7X3+ASlUc4XWXqwy7a4yuCWcX/oLh2D1nfA9sv1vkGp8+fAgwiioYdH5Kb
Wyyo4NGgvF6t7hnRbvYHk/MGNNpQucSa7oVaaBi9LBIc4qcsC9ZsXXxpM6ubO6ih
VERCmRdx90qHl6vwQhfUZpanOKhOSzIv2y9wPC24xGtoc3xuZD+KuaABiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAt0u2e5Z6P/axRDeayPZPhlYpQDMB8GA1UdIwQY
MBaAFEnyYjP1u0ImwqenuQAwCNGeNHhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2ZKaU1fVzdRaWJDcDZlNUFEQUkwWjQwZUZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84ZmRmNmQtY2JhNi00NDk0LTkwMjgt
NTc3ZTk5MzViZDc1LzEvQzNTN1o3bG5vXzlyRkVONXJJOWstR1ZpbEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84ZmRmNmQtY2JhNi00NDk0LTkwMjgtNTc3ZTk5MzViZDc1
LzEvU2ZKaU1fVzdRaWJDcDZlNUFEQUkwWjQwZUZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudgKMA0G
CSqGSIb3DQEBCwUAA4IBAQALenK7ZCYZzzeIFtAeGzBK7M9mogdbFRAgFrSG59Ye
Of1xFaxuDKGbtQSseRSrHaLyWhzhzNSHZoyf5CK1gLo5gG4LPGjAXLHSr7XFh+/o
vtpFOJpHmuyGOv2TYbpnlYnaYO1n00axhVbh4R4SMpYByhRqnbDBetZEmJwma4a8
qWekGSr1NH73TeOUUcibTi+tMaDqIlrCihiyNdyvVMrJlh9z3zNn478X0gmBiaOu
cYWp+m1PcwEgp5wizOmgyjlWkk9XoJrWHaSzuoJqXk+AkiIsCZkFJgFXeYxYAUOr
3LkX+kw2RLpPu3EfWvrGt63NZSQOd6+9Fl674nd3hpsL
-----END CERTIFICATE-----