Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/rTBbbKqOoDleztbkH5gCUuaaskA.roa
File:                     rTBbbKqOoDleztbkH5gCUuaaskA.roa (raw, json)
Hash identifier:          RwwqIDHdfQieX8PTWUMnN4JTqKEHqM2AaHzXNkqy1/Q=
Subject key identifier:   AD:30:5B:6C:AA:8E:A0:39:5E:CE:D6:E4:1F:98:02:52:E6:9A:B2:40
Certificate issuer:       /CN=6a8edda2f21c885fbe67286218b8318d6ad23896
Certificate serial:       019D239A2AE4D28D2A6C8B2047E04B634DC5
Authority key identifier: 6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/rTBbbKqOoDleztbkH5gCUuaaskA.roa
Signing time:             Wed 25 Mar 2026 06:06:39 +0000
ROA not before:           Wed 25 Mar 2026 06:06:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     269822
IP address blocks:        185.104.164.0/22 maxlen: 22
                          185.104.164.0/24 maxlen: 24
                          185.104.165.0/24 maxlen: 24
                          185.104.166.0/24 maxlen: 24
                          185.104.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:23:9a:2a:e4:d2:8d:2a:6c:8b:20:47:e0:4b:63:4d:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a8edda2f21c885fbe67286218b8318d6ad23896
        Validity
            Not Before: Mar 25 06:06:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad305b6caa8ea0395eced6e41f980252e69ab240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:15:34:2b:3b:af:b1:68:35:0a:d9:90:71:5c:
                    b4:8b:8d:71:cc:fc:44:e0:b8:86:6d:cd:64:58:f3:
                    bf:ff:b0:8d:86:8e:c0:1b:33:8d:5c:7a:66:ab:e0:
                    9e:3b:88:0e:1e:e6:df:db:6e:57:03:5a:ac:4f:f3:
                    7f:c5:12:95:61:2a:2c:83:67:ab:ff:0a:f1:46:9a:
                    32:05:1a:9f:4f:55:ed:38:14:32:fc:ac:be:50:6f:
                    d8:69:34:88:6a:b8:be:2a:1e:49:b1:d0:07:75:15:
                    81:28:31:9b:85:7a:cd:64:16:e1:84:11:60:a5:31:
                    ad:26:18:c8:2f:fd:96:31:fd:b1:07:4d:18:f5:3a:
                    26:62:51:70:af:33:73:ad:06:2d:00:17:d8:19:72:
                    2e:3c:71:19:17:ff:e0:a0:64:1e:50:48:3b:ae:7a:
                    d3:07:b7:da:fb:bc:1d:a2:3f:a9:c5:91:1a:55:c2:
                    87:02:f4:d0:b4:79:95:c3:09:3c:64:ab:e8:61:cf:
                    57:58:25:8a:d1:a5:78:5c:c4:36:e7:51:7a:55:73:
                    de:7f:29:4e:a8:b5:04:b8:4b:78:8e:8b:ae:e9:4e:
                    7c:09:a0:f8:35:f2:c2:41:6c:78:c1:41:ca:99:8d:
                    ed:c9:50:7e:fe:d4:2b:a2:84:97:2f:0c:07:c5:b4:
                    1c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:30:5B:6C:AA:8E:A0:39:5E:CE:D6:E4:1F:98:02:52:E6:9A:B2:40
            X509v3 Authority Key Identifier:
                keyid:6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/rTBbbKqOoDleztbkH5gCUuaaskA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:ee:fa:b2:2b:d7:8d:1b:3d:9a:4d:68:6a:86:c4:03:d9:6f:
         de:0a:59:f5:c4:ec:f5:83:9e:1b:fe:03:cd:16:98:fa:1f:b2:
         86:fe:43:70:57:60:68:e8:e8:fe:32:f1:7b:6d:1d:da:ad:a9:
         11:d1:61:cf:d7:0f:be:27:a8:27:a9:43:a7:92:85:52:94:d8:
         74:70:b8:9f:53:fb:ef:2d:aa:52:f6:21:0f:78:8a:52:88:78:
         a8:13:9d:70:e6:88:66:3b:ed:23:97:21:8b:6d:ac:89:44:de:
         a6:79:58:cd:b7:f4:17:01:f2:71:bf:0b:8d:8b:24:46:36:25:
         56:8a:e7:06:a3:6f:93:c0:fd:c5:fa:92:97:c7:82:23:c2:c4:
         9a:97:be:50:73:27:09:90:a3:22:77:48:bc:d4:a6:89:f8:af:
         6d:c2:52:de:ab:7e:b8:be:3e:2b:20:d4:1f:8f:24:e0:71:24:
         98:7e:39:1f:ad:05:bb:f1:1e:99:63:d8:21:cc:ea:b9:0e:3d:
         ae:0b:9e:df:d0:8a:19:1b:9f:f2:cf:a3:a7:c3:10:7a:d0:f5:
         d4:fa:7c:a0:90:52:8c:72:a6:52:c0:21:f1:09:ab:75:2f:ad:
         99:91:6a:c8:31:77:96:92:d8:67:28:18:09:9b:50:4c:14:17:
         9e:3e:6b:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0jmirk0o0qbIsgR+BLY03FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOGVkZGEyZjIxYzg4NWZiZTY3Mjg2MjE4YjgzMThkNmFk
MjM4OTYwHhcNMjYwMzI1MDYwNjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDMwNWI2Y2FhOGVhMDM5NWVjZWQ2ZTQxZjk4MDI1MmU2OWFiMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRU0KzuvsWg1CtmQcVy0i41xzPxE
4LiGbc1kWPO//7CNho7AGzONXHpmq+CeO4gOHubf225XA1qsT/N/xRKVYSosg2er
/wrxRpoyBRqfT1XtOBQy/Ky+UG/YaTSIari+Kh5JsdAHdRWBKDGbhXrNZBbhhBFg
pTGtJhjIL/2WMf2xB00Y9TomYlFwrzNzrQYtABfYGXIuPHEZF//goGQeUEg7rnrT
B7fa+7wdoj+pxZEaVcKHAvTQtHmVwwk8ZKvoYc9XWCWK0aV4XMQ251F6VXPefylO
qLUEuEt4jouu6U58CaD4NfLCQWx4wUHKmY3tyVB+/tQrooSXLwwHxbQcLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0wW2yqjqA5Xs7W5B+YAlLmmrJAMB8GA1UdIwQY
MBaAFGqO3aLyHIhfvmcoYhi4MY1q0jiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2Et
MGM2Njg0MDE5OGQwLzEvclRCYmJLcU9vRGxlenRia0g1Z0NVdWFhc2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2EtMGM2Njg0MDE5OGQw
LzEvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWikMA0G
CSqGSIb3DQEBCwUAA4IBAQBf7vqyK9eNGz2aTWhqhsQD2W/eCln1xOz1g54b/gPN
Fpj6H7KG/kNwV2Bo6Oj+MvF7bR3arakR0WHP1w++J6gnqUOnkoVSlNh0cLifU/vv
LapS9iEPeIpSiHioE51w5ohmO+0jlyGLbayJRN6meVjNt/QXAfJxvwuNiyRGNiVW
iucGo2+TwP3F+pKXx4IjwsSal75QcycJkKMid0i81KaJ+K9twlLeq364vj4rINQf
jyTgcSSYfjkfrQW78R6ZY9ghzOq5Dj2uC57f0IoZG5/yz6OnwxB60PXU+nygkFKM
cqZSwCHxCat1L62ZkWrIMXeWkthnKBgJm1BMFBeePmux
-----END CERTIFICATE-----