Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/8iFh47rsQY1Vo7NxaCj0gAXzGQw.roa
File:                     8iFh47rsQY1Vo7NxaCj0gAXzGQw.roa (raw, json)
Hash identifier:          dQKNiBDwo55CqXHW6Wzk5DmXJyAe2csEyBTMcfc3KRs=
Subject key identifier:   F2:21:61:E3:BA:EC:41:8D:55:A3:B3:71:68:28:F4:80:05:F3:19:0C
Certificate issuer:       /CN=c68ec9c7f1ecc27cb2ec713c2764a0214fce7828
Certificate serial:       019DFD4D9CD48F08D5A7711C373DBFF91FD9
Authority key identifier: C6:8E:C9:C7:F1:EC:C2:7C:B2:EC:71:3C:27:64:A0:21:4F:CE:78:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/8iFh47rsQY1Vo7NxaCj0gAXzGQw.roa
Signing time:             Wed 06 May 2026 12:40:15 +0000
ROA not before:           Wed 06 May 2026 12:40:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215595
IP address blocks:        185.78.168.0/24 maxlen: 24
                          185.78.169.0/24 maxlen: 24
                          185.78.170.0/24 maxlen: 24
                          185.78.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:4d:9c:d4:8f:08:d5:a7:71:1c:37:3d:bf:f9:1f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c68ec9c7f1ecc27cb2ec713c2764a0214fce7828
        Validity
            Not Before: May  6 12:40:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f22161e3baec418d55a3b3716828f48005f3190c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c2:52:0d:cc:6a:c9:20:f1:f6:a4:7f:2a:e2:
                    cb:8a:54:15:15:3e:4e:66:a8:93:37:8a:68:5e:cb:
                    a5:7b:14:27:db:e8:05:4f:42:48:04:75:58:a4:f7:
                    b7:fd:8b:28:19:11:e3:a9:46:80:6a:df:01:89:e8:
                    11:cb:7c:16:6d:c1:f2:c2:5b:42:65:2f:fd:1a:7e:
                    e2:0d:71:2e:25:73:0f:7f:38:5c:cd:e3:39:36:9b:
                    99:2a:5a:36:b5:97:58:d6:fb:30:7f:18:cf:26:50:
                    73:29:92:f8:6c:95:b4:d5:c5:84:c9:34:7f:bb:2c:
                    d5:3a:ed:f1:fb:f2:14:f9:f2:38:ef:8a:64:c8:45:
                    e4:10:cc:6e:fb:d5:e1:78:d1:5a:3f:48:36:fe:e3:
                    42:34:6a:6d:65:77:6f:1f:a5:26:37:67:0d:0a:85:
                    6d:6a:20:dc:d9:d8:1f:9b:3d:21:69:1c:26:ba:fc:
                    78:a7:79:1c:da:53:16:c1:e8:18:68:b9:1d:03:7f:
                    52:53:b4:ad:e3:ab:d6:9b:6f:3f:3a:47:7d:05:58:
                    88:3e:44:f0:2b:56:2f:9e:ac:6f:b3:7d:56:1f:46:
                    88:7b:dc:9d:b9:9f:17:70:7b:41:bd:c5:cd:80:35:
                    98:b3:a4:42:fb:30:d3:59:75:bf:bd:38:f6:70:bc:
                    fb:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:21:61:E3:BA:EC:41:8D:55:A3:B3:71:68:28:F4:80:05:F3:19:0C
            X509v3 Authority Key Identifier:
                keyid:C6:8E:C9:C7:F1:EC:C2:7C:B2:EC:71:3C:27:64:A0:21:4F:CE:78:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/8iFh47rsQY1Vo7NxaCj0gAXzGQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:43:ab:7d:94:61:ca:17:5a:29:1a:53:e0:c7:c6:19:4a:fb:
         3a:88:d7:79:0d:96:ef:a5:93:80:86:33:f2:46:39:72:b8:32:
         65:ed:69:d1:e0:f0:24:34:e3:9d:d1:dc:fc:2b:57:ee:4d:6c:
         8e:50:5f:3c:16:b1:df:af:f1:6c:2d:48:ef:e2:bb:f9:0f:34:
         76:9a:85:e5:af:e7:44:b1:d0:11:20:45:29:38:d5:e5:53:c2:
         3e:68:f5:6f:be:16:a8:ec:e3:fc:ef:7b:9a:a6:c3:6b:11:14:
         f4:bb:af:bf:14:b7:7d:cf:f1:f9:d7:96:af:c7:15:9c:41:57:
         d4:d4:87:bb:59:7a:24:5f:43:92:68:a7:f7:57:8d:9c:65:f9:
         3a:e6:71:c1:14:53:20:05:c5:93:cd:33:23:cd:11:3e:49:89:
         9d:6f:f5:e8:02:52:b7:be:8e:82:9d:34:a9:c3:81:36:12:a3:
         4f:41:61:2a:e3:62:70:74:1a:90:cf:fe:e2:af:7f:45:79:db:
         a9:8f:35:8f:98:34:24:43:76:d9:bf:cf:01:ad:26:b5:b0:d1:
         55:89:70:7f:9e:79:01:7c:1a:10:2f:8d:f7:09:aa:41:11:6c:
         27:33:51:d6:05:10:3b:7a:8a:63:01:2c:19:99:7b:35:b1:d7:
         34:ee:e7:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39TZzUjwjVp3EcNz2/+R/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2OGVjOWM3ZjFlY2MyN2NiMmVjNzEzYzI3NjRhMDIxNGZj
ZTc4MjgwHhcNMjYwNTA2MTI0MDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjIxNjFlM2JhZWM0MThkNTVhM2IzNzE2ODI4ZjQ4MDA1ZjMxOTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucJSDcxqySDx9qR/KuLLilQVFT5O
ZqiTN4poXsulexQn2+gFT0JIBHVYpPe3/YsoGRHjqUaAat8BiegRy3wWbcHywltC
ZS/9Gn7iDXEuJXMPfzhczeM5NpuZKlo2tZdY1vswfxjPJlBzKZL4bJW01cWEyTR/
uyzVOu3x+/IU+fI474pkyEXkEMxu+9XheNFaP0g2/uNCNGptZXdvH6UmN2cNCoVt
aiDc2dgfmz0haRwmuvx4p3kc2lMWwegYaLkdA39SU7St46vWm28/Okd9BViIPkTw
K1Yvnqxvs31WH0aIe9yduZ8XcHtBvcXNgDWYs6RC+zDTWXW/vTj2cLz77wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIhYeO67EGNVaOzcWgo9IAF8xkMMB8GA1UdIwQY
MBaAFMaOycfx7MJ8suxxPCdkoCFPzngoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG83SnhfSHN3bnl5N0hFOEoyU2dJVV9PZUNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kNzRjOWUtMDRmMC00ZTYzLWFmMzAt
ODYzMmVlOTQxNDViLzEvOGlGaDQ3cnNRWTFWbzdOeGFDajBnQVh6R1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kNzRjOWUtMDRmMC00ZTYzLWFmMzAtODYzMmVlOTQxNDVi
LzEveG83SnhfSHN3bnl5N0hFOEoyU2dJVV9PZUNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuU6oMA0G
CSqGSIb3DQEBCwUAA4IBAQBWQ6t9lGHKF1opGlPgx8YZSvs6iNd5DZbvpZOAhjPy
RjlyuDJl7WnR4PAkNOOd0dz8K1fuTWyOUF88FrHfr/FsLUjv4rv5DzR2moXlr+dE
sdARIEUpONXlU8I+aPVvvhao7OP873uapsNrERT0u6+/FLd9z/H515avxxWcQVfU
1Ie7WXokX0OSaKf3V42cZfk65nHBFFMgBcWTzTMjzRE+SYmdb/XoAlK3vo6CnTSp
w4E2EqNPQWEq42JwdBqQz/7ir39FedupjzWPmDQkQ3bZv88BrSa1sNFViXB/nnkB
fBoQL433CapBEWwnM1HWBRA7eopjASwZmXs1sdc07ueC
-----END CERTIFICATE-----