Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fB5RuWK6HoMqDtF9A4cOqUmmLPU.roa
File:                     fB5RuWK6HoMqDtF9A4cOqUmmLPU.roa (raw, json)
Hash identifier:          Ot+iBSzOssCNef8Jhq46wkTmeTSN1JiBZ33UCrflt0w=
Subject key identifier:   7C:1E:51:B9:62:BA:1E:83:2A:0E:D1:7D:03:87:0E:A9:49:A6:2C:F5
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019D1727FCC083A7540C862DD1594B1CCB62
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fB5RuWK6HoMqDtF9A4cOqUmmLPU.roa
Signing time:             Sun 22 Mar 2026 20:06:29 +0000
ROA not before:           Sun 22 Mar 2026 20:06:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201064
IP address blocks:        185.87.25.0/24 maxlen: 24
                          185.98.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:17:27:fc:c0:83:a7:54:0c:86:2d:d1:59:4b:1c:cb:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Mar 22 20:06:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c1e51b962ba1e832a0ed17d03870ea949a62cf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:61:96:af:8b:c7:44:10:40:94:10:4f:a0:be:
                    f0:da:10:85:79:5b:a3:dd:76:fe:f6:ee:f1:99:94:
                    ef:25:0b:05:bc:ef:10:64:75:6b:7b:64:af:b9:ec:
                    81:11:2d:62:f5:80:c2:53:5a:cf:6c:10:3d:b4:c6:
                    1e:b1:9a:6e:5d:d9:24:f6:3d:c4:1d:34:73:8f:e8:
                    06:57:dd:8d:92:f1:e5:78:ae:33:94:66:06:7f:2a:
                    1e:4d:c8:ec:4a:f3:5f:78:e0:05:2d:71:c3:d4:31:
                    79:61:29:f8:60:54:96:c7:24:5b:ac:84:41:a0:bd:
                    aa:31:2a:62:ae:2b:ab:ae:21:98:09:3b:22:10:74:
                    71:36:c8:a2:51:32:f4:27:27:c3:53:e5:7d:59:10:
                    c6:6b:d8:cd:05:b7:4d:5d:57:07:2d:90:e5:33:cd:
                    5a:3b:12:6a:09:df:e4:97:10:7a:6a:9a:45:c0:03:
                    59:e6:b7:ab:69:34:c3:9c:a4:fe:4a:bc:8c:4a:b3:
                    b4:74:0a:75:26:16:b1:41:10:bd:62:43:73:11:86:
                    6d:e6:00:c0:48:f0:7f:66:36:bf:fe:b8:0d:3f:e8:
                    2a:1b:b1:53:77:d4:f8:8e:38:70:2e:17:08:31:6d:
                    3e:e4:7f:92:c9:94:79:48:04:5c:cd:82:47:d4:17:
                    fb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:1E:51:B9:62:BA:1E:83:2A:0E:D1:7D:03:87:0E:A9:49:A6:2C:F5
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fB5RuWK6HoMqDtF9A4cOqUmmLPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.25.0/24
                  185.98.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:59:c5:1d:d2:d0:2c:d8:d9:89:ba:99:6c:48:e9:4c:14:20:
         ba:1a:2a:94:3f:65:c9:d0:aa:77:a9:3c:e3:20:17:28:99:ff:
         c5:9b:45:e4:8f:66:8f:2c:41:19:9f:c2:5b:7e:c4:a3:ad:e8:
         11:b1:c7:ca:37:26:f7:9c:f6:b4:b1:f0:52:2a:5c:7d:1e:03:
         c6:2e:39:0d:58:08:99:0d:06:5f:57:05:6f:f1:2a:21:64:bd:
         0a:a1:8c:5e:c1:16:77:f4:da:e1:3d:3c:ab:6c:ee:41:05:53:
         89:87:77:4f:8d:f6:94:b9:19:f5:47:94:d7:c7:8f:37:ac:3b:
         77:92:d4:18:12:aa:89:76:0e:68:b1:65:a4:78:b8:a6:61:a2:
         49:3d:16:70:91:b5:c9:37:00:39:57:95:c8:64:4d:7d:f3:00:
         9e:7e:28:e8:68:ef:3a:b5:e2:4c:9d:8d:c6:f3:07:b9:57:54:
         26:3e:cc:a9:9a:71:28:05:2f:e7:ba:09:b2:4b:1c:96:d8:e6:
         cb:d5:8c:1d:62:59:d1:27:25:3b:57:81:1f:bd:04:9b:b8:68:
         20:fc:c9:91:80:fe:cd:22:75:fd:86:30:b6:61:a6:94:2f:d5:
         de:21:07:c2:54:ca:aa:77:a5:bd:f5:74:9a:d0:f9:aa:3e:07:
         f6:40:db:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0XJ/zAg6dUDIYt0VlLHMtiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMzIyMjAwNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzFlNTFiOTYyYmExZTgzMmEwZWQxN2QwMzg3MGVhOTQ5YTYyY2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGGWr4vHRBBAlBBPoL7w2hCFeVuj
3Xb+9u7xmZTvJQsFvO8QZHVre2SvueyBES1i9YDCU1rPbBA9tMYesZpuXdkk9j3E
HTRzj+gGV92NkvHleK4zlGYGfyoeTcjsSvNfeOAFLXHD1DF5YSn4YFSWxyRbrIRB
oL2qMSpiriurriGYCTsiEHRxNsiiUTL0JyfDU+V9WRDGa9jNBbdNXVcHLZDlM81a
OxJqCd/klxB6appFwANZ5reraTTDnKT+SryMSrO0dAp1JhaxQRC9YkNzEYZt5gDA
SPB/Zja//rgNP+gqG7FTd9T4jjhwLhcIMW0+5H+SyZR5SARczYJH1Bf7CwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHweUbliuh6DKg7RfQOHDqlJpiz1MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZkI1UnVXSzZIb01xRHRGOUE0Y09xVW1tTFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVcZAwQA
uWI8MA0GCSqGSIb3DQEBCwUAA4IBAQBRWcUd0tAs2NmJuplsSOlMFCC6GiqUP2XJ
0Kp3qTzjIBcomf/Fm0Xkj2aPLEEZn8JbfsSjregRscfKNyb3nPa0sfBSKlx9HgPG
LjkNWAiZDQZfVwVv8SohZL0KoYxewRZ39NrhPTyrbO5BBVOJh3dPjfaUuRn1R5TX
x483rDt3ktQYEqqJdg5osWWkeLimYaJJPRZwkbXJNwA5V5XIZE198wCefijoaO86
teJMnY3G8we5V1QmPsypmnEoBS/nugmySxyW2ObL1YwdYlnRJyU7V4EfvQSbuGgg
/MmRgP7NInX9hjC2YaaUL9XeIQfCVMqqd6W99XSa0PmqPgf2QNs+
-----END CERTIFICATE-----