Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/3Q_yMiwTyac3O9Accnhg5KfD92Q.roa
File:                     3Q_yMiwTyac3O9Accnhg5KfD92Q.roa (raw, json)
Hash identifier:          2pKWPuyute5RJlYJfS0zr4oGa9jeGylHhVM1CLmLS3M=
Subject key identifier:   DD:0F:F2:32:2C:13:C9:A7:37:3B:D0:1C:72:78:60:E4:A7:C3:F7:64
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019CF12EEB3E46561A820648AD9B0C0600BD
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/3Q_yMiwTyac3O9Accnhg5KfD92Q.roa
Signing time:             Sun 15 Mar 2026 11:08:29 +0000
ROA not before:           Sun 15 Mar 2026 11:08:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152179
IP address blocks:        185.179.218.0/23 maxlen: 24
                          188.64.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f1:2e:eb:3e:46:56:1a:82:06:48:ad:9b:0c:06:00:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Mar 15 11:08:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd0ff2322c13c9a7373bd01c727860e4a7c3f764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d3:b3:9b:f9:73:88:cb:ae:71:db:64:29:4c:
                    e3:49:f5:61:19:ab:31:a9:8b:f2:ec:2f:7d:a1:4c:
                    8a:a9:17:81:18:19:8a:95:a9:0a:a5:23:17:21:2f:
                    bb:01:7a:55:4b:fb:69:45:20:8b:1c:c6:3e:04:dc:
                    fb:09:d1:a6:76:4a:0f:91:f9:30:19:69:a8:d5:d3:
                    6c:d4:de:62:68:d7:ea:e6:40:0f:37:78:ce:5a:ec:
                    79:09:10:30:46:b1:91:c5:bd:54:5e:6a:e6:5e:13:
                    01:a9:88:b3:51:76:0e:a5:10:3a:56:cb:58:cb:42:
                    8e:12:b1:e9:18:dc:e6:3e:7c:6f:ce:cb:f1:e9:d0:
                    3a:08:c8:91:67:4d:5c:43:8f:8c:cd:74:6d:db:50:
                    e3:2b:ec:ce:ce:81:79:96:d0:0b:37:d3:cf:c4:62:
                    77:4f:be:e8:ec:41:fb:78:a3:27:c7:11:78:bd:73:
                    80:91:40:5f:0c:80:1e:96:6c:be:4e:41:7e:21:4c:
                    08:0a:e6:85:f6:6d:0f:55:db:e7:d9:45:7f:70:f3:
                    d6:f0:96:d8:df:ce:0f:95:72:7c:17:38:a5:67:04:
                    eb:ef:d6:34:4a:61:cc:b0:f4:60:ab:16:14:b5:7b:
                    a9:34:28:a4:81:22:5d:a0:f1:96:be:f9:4c:72:c3:
                    da:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:0F:F2:32:2C:13:C9:A7:37:3B:D0:1C:72:78:60:E4:A7:C3:F7:64
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/3Q_yMiwTyac3O9Accnhg5KfD92Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.218.0/23
                  188.64.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:eb:06:79:b8:9e:b0:28:2a:ed:01:f9:33:74:b4:59:4f:eb:
         56:c9:07:82:75:b2:fc:25:f3:ed:26:72:2f:52:8d:f6:d3:c1:
         77:e2:6c:18:fc:ea:7f:c8:e8:8c:81:68:b6:9d:d8:28:27:c8:
         43:e6:1a:9b:13:b5:7e:78:77:ab:3c:c0:fa:c2:47:c1:fb:a8:
         04:f0:e0:b7:57:2b:0b:01:c3:97:a3:9b:de:ce:91:ad:13:d0:
         01:b5:e3:62:58:b4:9c:46:b1:3c:f5:9c:33:31:4f:f1:73:a4:
         36:24:ab:2e:dd:3f:59:d8:b5:cc:f8:02:73:88:83:d5:48:ca:
         57:cf:d4:49:e8:03:f1:6c:20:62:16:60:b2:aa:6e:0c:1b:89:
         0d:a9:c9:af:09:50:a0:f8:81:d4:b7:9e:ff:1b:ce:9c:f4:41:
         70:37:79:82:04:ad:7d:70:5f:3d:74:66:86:02:e0:ac:be:d4:
         56:aa:f0:96:3d:37:e8:cb:50:cc:6a:f6:83:23:53:9e:8b:57:
         33:23:6c:fc:5f:11:d9:5a:fa:0b:98:02:1b:79:2f:bb:78:13:
         d3:b3:a3:ed:1a:13:9a:b1:59:ad:4e:86:09:0e:70:af:92:e3:
         c4:b4:4f:77:f2:e2:e1:8d:2e:d5:87:e9:af:9b:65:2e:ae:d7:
         05:b3:20:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzxLus+RlYaggZIrZsMBgC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwMzE1MTEwODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDBmZjIzMjJjMTNjOWE3MzczYmQwMWM3Mjc4NjBlNGE3YzNmNzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNOzm/lziMuucdtkKUzjSfVhGasx
qYvy7C99oUyKqReBGBmKlakKpSMXIS+7AXpVS/tpRSCLHMY+BNz7CdGmdkoPkfkw
GWmo1dNs1N5iaNfq5kAPN3jOWux5CRAwRrGRxb1UXmrmXhMBqYizUXYOpRA6VstY
y0KOErHpGNzmPnxvzsvx6dA6CMiRZ01cQ4+MzXRt21DjK+zOzoF5ltALN9PPxGJ3
T77o7EH7eKMnxxF4vXOAkUBfDIAelmy+TkF+IUwICuaF9m0PVdvn2UV/cPPW8JbY
384PlXJ8FzilZwTr79Y0SmHMsPRgqxYUtXupNCikgSJdoPGWvvlMcsPa3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN0P8jIsE8mnNzvQHHJ4YOSnw/dkMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvM1FfeU1pd1R5YWMzTzlBY2NuaGc1S2ZEOTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBubPaAwQC
vEBoMA0GCSqGSIb3DQEBCwUAA4IBAQBm6wZ5uJ6wKCrtAfkzdLRZT+tWyQeCdbL8
JfPtJnIvUo3208F34mwY/Op/yOiMgWi2ndgoJ8hD5hqbE7V+eHerPMD6wkfB+6gE
8OC3VysLAcOXo5vezpGtE9ABteNiWLScRrE89ZwzMU/xc6Q2JKsu3T9Z2LXM+AJz
iIPVSMpXz9RJ6APxbCBiFmCyqm4MG4kNqcmvCVCg+IHUt57/G86c9EFwN3mCBK19
cF89dGaGAuCsvtRWqvCWPTfoy1DMavaDI1Oei1czI2z8XxHZWvoLmAIbeS+7eBPT
s6PtGhOasVmtToYJDnCvkuPEtE938uLhjS7Vh+mvm2UurtcFsyC+
-----END CERTIFICATE-----