Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/927DrBdZnw9D__84nL_ziFzE2-k.roa
File:                     927DrBdZnw9D__84nL_ziFzE2-k.roa (raw, json)
Hash identifier:          RgBqCsDQ9jzTYF1D+WmbsiffT+S6nFjM+//7MQvYIcM=
Subject key identifier:   F7:6E:C3:AC:17:59:9F:0F:43:FF:FF:38:9C:BF:F3:88:5C:C4:DB:E9
Certificate issuer:       /CN=a0e049d00ba8421e4c45a948492945c78fd9e16d
Certificate serial:       019CC3B99AB0FA42DEE1F0F82DA9842DAFC1
Authority key identifier: A0:E0:49:D0:0B:A8:42:1E:4C:45:A9:48:49:29:45:C7:8F:D9:E1:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/927DrBdZnw9D__84nL_ziFzE2-k.roa
Signing time:             Fri 06 Mar 2026 15:17:26 +0000
ROA not before:           Fri 06 Mar 2026 15:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59419
IP address blocks:        185.141.84.0/22 maxlen: 24
                          2a0b:aa00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:b9:9a:b0:fa:42:de:e1:f0:f8:2d:a9:84:2d:af:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0e049d00ba8421e4c45a948492945c78fd9e16d
        Validity
            Not Before: Mar  6 15:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f76ec3ac17599f0f43ffff389cbff3885cc4dbe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b9:5a:1c:20:c5:a5:8f:e0:82:ec:06:11:05:
                    b6:a4:8c:f3:54:eb:f9:39:0a:b3:6c:0e:5d:a3:df:
                    f1:16:bb:9e:3b:d3:92:61:af:a4:ee:87:ba:cb:05:
                    a3:b4:72:5e:23:7d:83:92:39:c6:5b:5a:42:82:85:
                    5c:59:4f:81:66:66:5b:41:39:97:c4:1f:1d:79:2e:
                    47:16:6c:0b:ef:00:e1:a6:20:6a:f7:ac:a7:88:de:
                    8b:d0:e8:c5:c1:65:4f:82:c5:bb:88:c4:64:b1:5d:
                    75:cf:ac:98:68:bb:53:32:2a:c1:ce:95:bf:eb:1d:
                    a0:ef:c5:42:04:24:e3:7f:04:ad:24:91:96:a1:87:
                    be:25:5f:d2:60:37:94:2c:cf:97:cd:73:a5:60:2c:
                    e5:8d:87:88:15:8f:22:b4:e2:92:cb:10:1e:e8:d2:
                    1f:73:59:22:19:c6:df:60:e1:09:0e:c9:99:5e:8b:
                    c9:f4:3e:f7:4e:72:46:38:6b:94:09:d6:97:c4:79:
                    96:a8:6c:7f:4f:13:0e:23:c9:59:94:fb:fb:8e:56:
                    a2:9e:fb:90:c1:e2:57:2e:58:98:c8:d2:27:fb:6e:
                    3b:f4:c0:cf:8b:df:52:2f:f8:e0:7e:da:b6:59:f8:
                    23:e5:16:11:38:ba:c7:32:e7:98:4a:59:42:b3:03:
                    b6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:6E:C3:AC:17:59:9F:0F:43:FF:FF:38:9C:BF:F3:88:5C:C4:DB:E9
            X509v3 Authority Key Identifier:
                keyid:A0:E0:49:D0:0B:A8:42:1E:4C:45:A9:48:49:29:45:C7:8F:D9:E1:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/927DrBdZnw9D__84nL_ziFzE2-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.84.0/22
                IPv6:
                  2a0b:aa00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:63:71:fd:2f:e6:dd:1f:d1:ec:9e:63:75:a6:18:d4:4c:a2:
         89:f2:27:91:f0:d6:77:8c:64:a9:75:9c:f9:d9:6f:47:66:da:
         7a:ab:cd:f0:59:7f:78:7f:a9:af:ce:af:2a:e8:db:58:ae:0f:
         6a:06:7f:c3:f8:a3:4e:05:b6:38:96:e3:a9:6b:5e:d5:be:d8:
         90:90:9c:f5:0a:ee:2a:58:f3:79:0d:95:fe:5f:c4:08:34:68:
         eb:c9:82:05:55:eb:3f:9b:76:70:9a:93:21:97:4b:c3:70:2c:
         42:29:ee:e8:45:a8:91:f2:99:b3:91:37:5e:1e:53:52:1c:be:
         aa:7a:cb:ae:99:11:d9:bd:3f:7b:1e:c0:e5:c1:11:44:7c:83:
         a5:9c:1c:f0:83:4f:2b:97:59:e5:c5:c4:c4:ff:aa:80:f9:af:
         c8:c2:34:25:f4:f9:14:1f:43:0a:95:0c:51:bd:74:b8:9a:47:
         09:02:dc:82:21:44:44:62:9b:96:1d:11:86:ec:c0:9f:0d:2f:
         10:40:45:b4:93:75:1b:5d:48:57:05:97:0e:79:d7:9b:f4:8c:
         c0:66:0f:75:49:1d:d1:5f:46:89:14:9b:eb:b1:54:a3:bd:30:
         a9:d8:fa:ff:cb:ac:1d:e2:fb:71:ca:ad:28:7c:80:68:07:33:
         a8:61:c6:7b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzDuZqw+kLe4fD4LamELa/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTA0OWQwMGJhODQyMWU0YzQ1YTk0ODQ5Mjk0NWM3OGZk
OWUxNmQwHhcNMjYwMzA2MTUxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzZlYzNhYzE3NTk5ZjBmNDNmZmZmMzg5Y2JmZjM4ODVjYzRkYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrlaHCDFpY/gguwGEQW2pIzzVOv5
OQqzbA5do9/xFrueO9OSYa+k7oe6ywWjtHJeI32DkjnGW1pCgoVcWU+BZmZbQTmX
xB8deS5HFmwL7wDhpiBq96yniN6L0OjFwWVPgsW7iMRksV11z6yYaLtTMirBzpW/
6x2g78VCBCTjfwStJJGWoYe+JV/SYDeULM+XzXOlYCzljYeIFY8itOKSyxAe6NIf
c1kiGcbfYOEJDsmZXovJ9D73TnJGOGuUCdaXxHmWqGx/TxMOI8lZlPv7jlainvuQ
weJXLliYyNIn+2479MDPi99SL/jgftq2Wfgj5RYROLrHMueYSllCswO2AwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPduw6wXWZ8PQ///OJy/84hcxNvpMB8GA1UdIwQY
MBaAFKDgSdALqEIeTEWpSEkpRceP2eFtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09CSjBBdW9RaDVNUmFsSVNTbEZ4NF9aNFcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80NTYwZTktNzE3My00MjljLWI2ZjEt
NWY0YTE1Y2I5MDU0LzEvOTI3RHJCZFpudzlEX184NG5MX3ppRnpFMi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80NTYwZTktNzE3My00MjljLWI2ZjEtNWY0YTE1Y2I5MDU0
LzEvb09CSjBBdW9RaDVNUmFsSVNTbEZ4NF9aNFcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY1UMA0E
AgACMAcDBQMqC6oAMA0GCSqGSIb3DQEBCwUAA4IBAQBrY3H9L+bdH9HsnmN1phjU
TKKJ8ieR8NZ3jGSpdZz52W9HZtp6q83wWX94f6mvzq8q6NtYrg9qBn/D+KNOBbY4
luOpa17VvtiQkJz1Cu4qWPN5DZX+X8QINGjryYIFVes/m3ZwmpMhl0vDcCxCKe7o
RaiR8pmzkTdeHlNSHL6qesuumRHZvT97HsDlwRFEfIOlnBzwg08rl1nlxcTE/6qA
+a/IwjQl9PkUH0MKlQxRvXS4mkcJAtyCIUREYpuWHRGG7MCfDS8QQEW0k3UbXUhX
BZcOedeb9IzAZg91SR3RX0aJFJvrsVSjvTCp2Pr/y6wd4vtxyq0ofIBoBzOoYcZ7
-----END CERTIFICATE-----