Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/1CYAyjoLwidKDiWJW7x-DPa4x_g.roa
File:                     1CYAyjoLwidKDiWJW7x-DPa4x_g.roa (raw, json)
Hash identifier:          mMokLsKO68sM+ADpYPoFVcK4osoNTL7yvo9EMKAJJAs=
Subject key identifier:   D4:26:00:CA:3A:0B:C2:27:4A:0E:25:89:5B:BC:7E:0C:F6:B8:C7:F8
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019E157BD20768A96593A9EEBD0AC7AFCB5F
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/1CYAyjoLwidKDiWJW7x-DPa4x_g.roa
Signing time:             Mon 11 May 2026 05:21:36 +0000
ROA not before:           Mon 11 May 2026 05:21:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198250
IP address blocks:        85.232.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:7b:d2:07:68:a9:65:93:a9:ee:bd:0a:c7:af:cb:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: May 11 05:21:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d42600ca3a0bc2274a0e25895bbc7e0cf6b8c7f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d3:23:cb:d2:81:03:53:f9:1a:e9:35:1f:ee:
                    0e:29:4d:27:1f:43:27:8b:d9:a1:fa:f3:c6:4e:1c:
                    e0:26:bf:9a:1f:43:2f:7f:34:25:2f:39:44:ca:a9:
                    3f:a0:dd:28:fb:28:4d:4f:7b:c7:81:6c:09:bf:2e:
                    14:ba:ad:76:e0:80:69:4c:a7:1c:28:ee:20:34:e7:
                    0b:b9:64:dd:45:6f:46:b3:ee:59:e1:21:ed:d4:82:
                    e0:67:8f:f0:ba:b1:7e:08:46:2a:92:39:75:6d:ff:
                    18:57:f1:57:1c:7e:ab:35:a8:15:8b:8a:40:62:17:
                    d0:2b:e5:51:8b:92:6b:f6:c3:64:1c:39:67:22:fb:
                    23:0f:89:ce:f8:91:a8:e1:76:f4:cc:ae:7d:9f:36:
                    7d:2b:ea:77:03:e3:9c:20:1e:11:00:76:99:62:10:
                    bf:30:c2:ef:7b:49:d7:0a:77:f1:c9:e5:d0:d2:7f:
                    13:67:2a:ff:10:ec:fd:a6:d9:41:88:f2:19:b6:7e:
                    d2:f8:a0:18:a1:3c:10:cf:41:18:e1:23:86:8e:7f:
                    aa:37:9f:60:53:33:62:73:58:5c:3d:0b:90:07:ec:
                    83:ba:ca:39:74:28:21:42:e8:2e:da:b8:95:71:5f:
                    ea:08:4a:07:88:ed:1c:71:fb:68:34:5a:0d:61:d9:
                    0b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:26:00:CA:3A:0B:C2:27:4A:0E:25:89:5B:BC:7E:0C:F6:B8:C7:F8
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/1CYAyjoLwidKDiWJW7x-DPa4x_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:c3:c7:94:36:69:ed:e6:51:a3:f2:5c:bd:3e:64:74:3c:5b:
         42:14:fc:48:90:f1:2f:4c:e5:9f:0f:57:31:b2:de:4f:1d:4e:
         df:e9:a7:4c:d7:e4:8e:11:07:7c:2d:8d:82:a7:23:41:21:91:
         28:a2:5b:a0:a5:00:64:de:b7:a1:1b:5e:00:f8:9c:52:a4:d7:
         9c:ab:a6:bd:bb:4b:8c:5b:fb:37:a2:17:8d:48:d9:2d:dc:3f:
         a4:0e:53:2f:9a:ca:16:26:ad:f4:80:29:9f:3a:b9:81:23:65:
         81:dc:d9:9d:92:bb:3a:d2:35:7b:eb:88:a2:da:5e:91:66:00:
         0a:d5:9b:52:ad:65:2d:65:97:69:a4:be:74:72:4b:92:2c:db:
         58:f2:cb:e7:54:f9:24:73:8a:0b:9e:bd:97:a7:c7:05:d2:35:
         32:73:b5:c2:38:73:ec:52:86:ca:50:06:e8:23:5c:6e:7d:6b:
         12:b8:fa:fa:fc:ba:c4:c8:69:a7:66:76:1b:6e:f5:32:24:5b:
         75:b7:d0:00:92:bf:76:54:d7:d4:2c:a2:19:37:5c:33:e2:2b:
         dc:a4:96:41:c8:4a:22:52:9b:c3:d3:a4:5f:4d:8d:f5:b0:66:
         f9:0b:56:d6:24:5e:7c:6e:19:78:ac:d7:c5:64:b1:2b:d7:53:
         e4:2f:3c:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Ve9IHaKllk6nuvQrHr8tfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNTExMDUyMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDI2MDBjYTNhMGJjMjI3NGEwZTI1ODk1YmJjN2UwY2Y2YjhjN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9Mjy9KBA1P5Guk1H+4OKU0nH0Mn
i9mh+vPGThzgJr+aH0MvfzQlLzlEyqk/oN0o+yhNT3vHgWwJvy4Uuq124IBpTKcc
KO4gNOcLuWTdRW9Gs+5Z4SHt1ILgZ4/wurF+CEYqkjl1bf8YV/FXHH6rNagVi4pA
YhfQK+VRi5Jr9sNkHDlnIvsjD4nO+JGo4Xb0zK59nzZ9K+p3A+OcIB4RAHaZYhC/
MMLve0nXCnfxyeXQ0n8TZyr/EOz9ptlBiPIZtn7S+KAYoTwQz0EY4SOGjn+qN59g
UzNic1hcPQuQB+yDuso5dCghQugu2riVcV/qCEoHiO0ccftoNFoNYdkLMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQmAMo6C8InSg4liVu8fgz2uMf4MB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvMUNZQXlqb0x3aWRLRGlXSlc3eC1EUGE0eF9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVei3MA0G
CSqGSIb3DQEBCwUAA4IBAQAgw8eUNmnt5lGj8ly9PmR0PFtCFPxIkPEvTOWfD1cx
st5PHU7f6adM1+SOEQd8LY2CpyNBIZEoolugpQBk3rehG14A+JxSpNecq6a9u0uM
W/s3oheNSNkt3D+kDlMvmsoWJq30gCmfOrmBI2WB3Nmdkrs60jV764ii2l6RZgAK
1ZtSrWUtZZdppL50ckuSLNtY8svnVPkkc4oLnr2Xp8cF0jUyc7XCOHPsUobKUAbo
I1xufWsSuPr6/LrEyGmnZnYbbvUyJFt1t9AAkr92VNfULKIZN1wz4ivcpJZByEoi
UpvD06RfTY31sGb5C1bWJF58bhl4rNfFZLEr11PkLzwQ
-----END CERTIFICATE-----