Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/I3Xf9VKD-tJpcuIxLlSODq6ARfU.roa
File:                     I3Xf9VKD-tJpcuIxLlSODq6ARfU.roa (raw, json)
Hash identifier:          7g0Zv7NUV1llXr3xxVw2ZytxF911Q+NrrEu/LVgTpkk=
Subject key identifier:   23:75:DF:F5:52:83:FA:D2:69:72:E2:31:2E:54:8E:0E:AE:80:45:F5
Certificate issuer:       /CN=c089de2f42fcf44a4daab6a824c120abb8b7165d
Certificate serial:       019B7EA71C4CB3CB8E5F58DBCE6FD799983A
Authority key identifier: C0:89:DE:2F:42:FC:F4:4A:4D:AA:B6:A8:24:C1:20:AB:B8:B7:16:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIneL0L89EpNqraoJMEgq7i3Fl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/I3Xf9VKD-tJpcuIxLlSODq6ARfU.roa
Signing time:             Fri 02 Jan 2026 12:20:39 +0000
ROA not before:           Fri 02 Jan 2026 12:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47239
IP address blocks:        185.176.64.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/wIneL0L89EpNqraoJMEgq7i3Fl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/wIneL0L89EpNqraoJMEgq7i3Fl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIneL0L89EpNqraoJMEgq7i3Fl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 18:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:1c:4c:b3:cb:8e:5f:58:db:ce:6f:d7:99:98:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089de2f42fcf44a4daab6a824c120abb8b7165d
        Validity
            Not Before: Jan  2 12:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2375dff55283fad26972e2312e548e0eae8045f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:55:07:bf:85:eb:2f:86:bc:37:e2:83:14:a8:
                    ed:4c:da:fb:31:9c:fe:b6:b3:f8:ae:4c:d5:89:89:
                    67:0c:b7:f9:a2:15:70:80:ae:f0:e4:5b:a1:ec:56:
                    14:e3:65:d5:cc:5f:8e:8b:d6:8e:9e:af:c5:c0:c8:
                    b5:de:d8:e9:1e:73:57:46:51:53:92:cb:73:bf:43:
                    56:bb:e1:b0:99:7b:36:a7:1c:41:46:1a:cd:f5:e2:
                    77:2b:df:f2:8b:97:f0:f2:8b:92:3e:55:7b:b6:3f:
                    48:08:2f:44:85:30:31:3b:49:dc:c5:2f:b8:4d:ab:
                    af:79:e3:9a:bd:54:71:b9:94:e6:5e:53:c2:89:04:
                    70:f8:4d:38:43:25:72:47:d6:a0:92:a2:cd:39:4a:
                    d6:8e:a7:df:3a:62:1a:66:3d:31:5c:01:7a:76:5d:
                    2f:20:c0:c3:b6:96:3e:ff:c0:40:8a:f3:55:e5:b5:
                    71:2f:3a:9e:cd:86:63:82:38:4f:7f:e8:e7:4b:46:
                    af:86:98:8f:ed:65:71:05:0d:ee:e1:68:8c:01:f8:
                    3e:28:80:64:c0:c7:9f:bc:44:78:82:f5:d1:6c:47:
                    68:b1:fd:9a:ab:dc:9e:4d:98:76:62:de:fe:cf:6b:
                    94:43:73:9a:3d:66:64:a1:ee:d7:19:2c:2b:7b:66:
                    50:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:75:DF:F5:52:83:FA:D2:69:72:E2:31:2E:54:8E:0E:AE:80:45:F5
            X509v3 Authority Key Identifier:
                keyid:C0:89:DE:2F:42:FC:F4:4A:4D:AA:B6:A8:24:C1:20:AB:B8:B7:16:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIneL0L89EpNqraoJMEgq7i3Fl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/I3Xf9VKD-tJpcuIxLlSODq6ARfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/wIneL0L89EpNqraoJMEgq7i3Fl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:54:f9:18:27:81:23:44:ae:be:89:25:3b:74:82:7d:0c:4c:
         22:cb:d4:63:42:38:d5:cc:e1:81:d4:d6:36:17:a6:c3:d9:7c:
         5c:11:57:2d:a5:c6:ad:09:56:ff:3d:89:cf:9c:62:5d:ee:63:
         d3:b0:17:34:90:e7:9c:96:af:28:e4:d8:1c:9e:63:6e:ae:91:
         80:ed:20:45:93:57:47:da:26:1d:53:57:f8:e4:95:2a:09:c6:
         79:88:df:27:e5:8a:a8:c0:25:d4:b8:68:32:5d:25:ec:46:40:
         4f:b3:e9:c2:42:0e:d3:1a:bd:9b:e5:2c:7b:7d:8c:bd:eb:dd:
         93:df:80:89:8c:14:96:10:ce:0a:f0:03:02:63:35:62:6b:99:
         38:f8:1d:d7:ee:fe:72:b5:fb:91:95:ba:6d:49:62:17:7d:3e:
         35:87:c6:14:80:90:4b:29:b1:cb:c3:1f:63:60:df:ff:6e:df:
         4d:d8:c1:79:b5:9f:f9:61:01:29:1c:f8:72:9c:28:03:01:57:
         72:03:7b:d4:08:a1:8b:6f:f7:11:81:c2:83:09:f6:9d:66:52:
         4f:7a:4b:86:d0:84:e3:47:eb:ca:10:9c:17:28:a7:01:f1:ef:
         9e:01:f3:60:d9:01:df:8a:ad:ec:0b:81:d5:1d:a2:cf:78:3b:
         0e:64:79:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pxxMs8uOX1jbzm/XmZg6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODlkZTJmNDJmY2Y0NGE0ZGFhYjZhODI0YzEyMGFiYjhi
NzE2NWQwHhcNMjYwMTAyMTIyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzc1ZGZmNTUyODNmYWQyNjk3MmUyMzEyZTU0OGUwZWFlODA0NWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1UHv4XrL4a8N+KDFKjtTNr7MZz+
trP4rkzViYlnDLf5ohVwgK7w5Fuh7FYU42XVzF+Oi9aOnq/FwMi13tjpHnNXRlFT
kstzv0NWu+GwmXs2pxxBRhrN9eJ3K9/yi5fw8ouSPlV7tj9ICC9EhTAxO0ncxS+4
TauveeOavVRxuZTmXlPCiQRw+E04QyVyR9agkqLNOUrWjqffOmIaZj0xXAF6dl0v
IMDDtpY+/8BAivNV5bVxLzqezYZjgjhPf+jnS0avhpiP7WVxBQ3u4WiMAfg+KIBk
wMefvER4gvXRbEdosf2aq9yeTZh2Yt7+z2uUQ3OaPWZkoe7XGSwre2ZQ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCN13/VSg/rSaXLiMS5Ujg6ugEX1MB8GA1UdIwQY
MBaAFMCJ3i9C/PRKTaq2qCTBIKu4txZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0luZUwwTDg5RXBOcXJhb0pNRWdxN2kzRmwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS83YmI0MTYtYmE4Zi00OWE3LWI1YWEt
ZWUyZGMyODYwZDViLzEvSTNYZjlWS0QtdEpwY3VJeExsU09EcTZBUmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS83YmI0MTYtYmE4Zi00OWE3LWI1YWEtZWUyZGMyODYwZDVi
LzEvd0luZUwwTDg5RXBOcXJhb0pNRWdxN2kzRmwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubBAMA0G
CSqGSIb3DQEBCwUAA4IBAQBYVPkYJ4EjRK6+iSU7dIJ9DEwiy9RjQjjVzOGB1NY2
F6bD2XxcEVctpcatCVb/PYnPnGJd7mPTsBc0kOeclq8o5NgcnmNurpGA7SBFk1dH
2iYdU1f45JUqCcZ5iN8n5YqowCXUuGgyXSXsRkBPs+nCQg7TGr2b5Sx7fYy9692T
34CJjBSWEM4K8AMCYzVia5k4+B3X7v5ytfuRlbptSWIXfT41h8YUgJBLKbHLwx9j
YN//bt9N2MF5tZ/5YQEpHPhynCgDAVdyA3vUCKGLb/cRgcKDCfadZlJPekuG0ITj
R+vKEJwXKKcB8e+eAfNg2QHfiq3sC4HVHaLPeDsOZHlZ
-----END CERTIFICATE-----