Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/y0DK2UjH_DKReYw5NUdmHs1btyA.roa
File:                     y0DK2UjH_DKReYw5NUdmHs1btyA.roa (raw, json)
Hash identifier:          VfLGmY9ACuSYXNETyrRKCoYE5Ubu9KeR/Haw0EJrQro=
Subject key identifier:   CB:40:CA:D9:48:C7:FC:32:91:79:8C:39:35:47:66:1E:CD:5B:B7:20
Certificate issuer:       /CN=851272e4e8186b9cf3d1eb42665c53ce714f4d4b
Certificate serial:       019B79ECF36F758600F98445D318C99C3D34
Authority key identifier: 85:12:72:E4:E8:18:6B:9C:F3:D1:EB:42:66:5C:53:CE:71:4F:4D:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hRJy5OgYa5zz0etCZlxTznFPTUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/y0DK2UjH_DKReYw5NUdmHs1btyA.roa
Signing time:             Thu 01 Jan 2026 14:18:50 +0000
ROA not before:           Thu 01 Jan 2026 14:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20572
IP address blocks:        195.190.8.0/24 maxlen: 24
                          2001:67c:2ae4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/hRJy5OgYa5zz0etCZlxTznFPTUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/hRJy5OgYa5zz0etCZlxTznFPTUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hRJy5OgYa5zz0etCZlxTznFPTUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:f3:6f:75:86:00:f9:84:45:d3:18:c9:9c:3d:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=851272e4e8186b9cf3d1eb42665c53ce714f4d4b
        Validity
            Not Before: Jan  1 14:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb40cad948c7fc3291798c393547661ecd5bb720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5f:4f:03:4b:8e:e4:0c:d9:38:cf:b6:8a:93:
                    1f:9b:8c:69:7d:58:3b:4d:09:e1:c5:66:ba:11:d7:
                    c7:5d:ee:cd:74:fb:4d:be:bb:b4:45:53:83:0f:48:
                    5d:99:61:10:ce:0f:86:83:b2:e3:40:51:33:20:14:
                    ae:0a:c2:b3:28:43:de:d1:8d:58:12:5d:bf:23:23:
                    f3:86:89:52:ea:7e:e0:af:1e:19:06:bc:93:ac:6e:
                    4f:49:f5:a2:7f:47:42:5b:b9:ea:f5:0a:95:bc:18:
                    14:09:43:f5:b5:c3:43:4d:6f:f9:d3:8c:14:b8:46:
                    78:93:8c:c7:35:c1:a2:3e:44:69:86:ce:e1:58:2b:
                    33:ba:74:1f:60:05:ea:35:50:eb:94:e5:92:66:e1:
                    08:6c:e8:99:07:7e:60:1d:83:5e:76:c5:af:40:f1:
                    44:e4:9d:17:ab:3a:29:24:e4:34:e1:69:c6:e6:1b:
                    50:dd:74:37:48:79:3b:cd:cf:18:46:31:b1:36:8a:
                    97:0e:b3:a9:87:05:69:76:1d:a3:ca:05:9b:59:d1:
                    6e:1d:a9:98:1c:d2:e4:fd:cb:32:a7:49:57:b0:33:
                    d6:50:22:31:6a:6e:2f:08:da:8d:af:c5:02:d4:4f:
                    fc:47:ab:c2:0d:13:20:ff:15:5c:1b:f7:93:34:3f:
                    31:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:40:CA:D9:48:C7:FC:32:91:79:8C:39:35:47:66:1E:CD:5B:B7:20
            X509v3 Authority Key Identifier:
                keyid:85:12:72:E4:E8:18:6B:9C:F3:D1:EB:42:66:5C:53:CE:71:4F:4D:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hRJy5OgYa5zz0etCZlxTznFPTUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/y0DK2UjH_DKReYw5NUdmHs1btyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/hRJy5OgYa5zz0etCZlxTznFPTUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.8.0/24
                IPv6:
                  2001:67c:2ae4::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:17:e6:4f:25:a1:4f:50:10:58:98:2c:7b:96:1c:6d:9c:6c:
         66:51:16:12:93:29:5a:8d:c5:62:b2:c2:c1:0e:00:b1:a9:84:
         8a:c8:d8:fb:54:bb:28:b1:48:64:63:12:5e:93:19:8e:e9:f2:
         57:98:71:97:94:fe:b3:61:38:93:dc:8f:4c:77:a9:b8:03:36:
         8c:7a:64:c7:47:c1:9b:74:8f:20:83:c5:3c:9f:94:b1:3d:c1:
         66:aa:4e:26:03:25:ec:c5:1c:ce:e3:58:be:db:88:3b:ac:12:
         8a:0a:f2:21:11:fd:36:ed:fe:7e:48:f7:85:7d:41:07:a3:a4:
         da:ba:7f:7b:00:26:14:23:25:11:8d:5c:1f:44:53:ae:bb:2b:
         c3:07:a1:ff:09:89:67:87:d7:06:ac:e1:eb:2d:ba:58:e6:7d:
         14:03:f1:12:1a:02:9a:47:61:d8:06:87:7d:bc:36:26:af:7e:
         25:d4:ce:ba:b5:c5:06:03:f4:cb:f6:44:0d:4c:6e:e1:6b:30:
         7c:ec:d8:e0:67:44:e2:a4:7e:a9:f8:dc:12:d5:67:55:d6:0a:
         9d:3d:df:ee:c4:1b:ec:cc:c0:f9:47:24:2b:2a:49:f0:be:1a:
         53:ed:97:31:42:1a:46:f2:0d:dd:b3:e3:5f:f6:79:88:e0:fe:
         66:1a:76:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt57PNvdYYA+YRF0xjJnD00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MTI3MmU0ZTgxODZiOWNmM2QxZWI0MjY2NWM1M2NlNzE0
ZjRkNGIwHhcNMjYwMTAxMTQxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjQwY2FkOTQ4YzdmYzMyOTE3OThjMzkzNTQ3NjYxZWNkNWJiNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxl9PA0uO5AzZOM+2ipMfm4xpfVg7
TQnhxWa6EdfHXe7NdPtNvru0RVODD0hdmWEQzg+Gg7LjQFEzIBSuCsKzKEPe0Y1Y
El2/IyPzholS6n7grx4ZBryTrG5PSfWif0dCW7nq9QqVvBgUCUP1tcNDTW/504wU
uEZ4k4zHNcGiPkRphs7hWCszunQfYAXqNVDrlOWSZuEIbOiZB35gHYNedsWvQPFE
5J0XqzopJOQ04WnG5htQ3XQ3SHk7zc8YRjGxNoqXDrOphwVpdh2jygWbWdFuHamY
HNLk/csyp0lXsDPWUCIxam4vCNqNr8UC1E/8R6vCDRMg/xVcG/eTND8xxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMtAytlIx/wykXmMOTVHZh7NW7cgMB8GA1UdIwQY
MBaAFIUScuToGGuc89HrQmZcU85xT01LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFJKeTVPZ1lhNXp6MGV0Q1pseFR6bkZQVFVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lZDk0YjEtYjU3My00NWU0LTllMjEt
M2Y0MmM3MTc4MGJjLzEveTBESzJVakhfREtSZVl3NU5VZG1IczFidHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lZDk0YjEtYjU3My00NWU0LTllMjEtM2Y0MmM3MTc4MGJj
LzEvaFJKeTVPZ1lhNXp6MGV0Q1pseFR6bkZQVFVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw74IMA8E
AgACMAkDBwAgAQZ8KuQwDQYJKoZIhvcNAQELBQADggEBAGkX5k8loU9QEFiYLHuW
HG2cbGZRFhKTKVqNxWKywsEOALGphIrI2PtUuyixSGRjEl6TGY7p8leYcZeU/rNh
OJPcj0x3qbgDNox6ZMdHwZt0jyCDxTyflLE9wWaqTiYDJezFHM7jWL7biDusEooK
8iER/Tbt/n5I94V9QQejpNq6f3sAJhQjJRGNXB9EU667K8MHof8JiWeH1was4est
uljmfRQD8RIaAppHYdgGh328NiavfiXUzrq1xQYD9Mv2RA1MbuFrMHzs2OBnROKk
fqn43BLVZ1XWCp093+7EG+zMwPlHJCsqSfC+GlPtlzFCGkbyDd2z41/2eYjg/mYa
dng=
-----END CERTIFICATE-----