Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/8qNwSVXXyja-Upc0_aieggvdQIU.roa
File:                     8qNwSVXXyja-Upc0_aieggvdQIU.roa (raw, json)
Hash identifier:          zNkFU7IYtNNfYotnSm3ZTjA411Lt5oYubwmagNZ4HjY=
Subject key identifier:   F2:A3:70:49:55:D7:CA:36:BE:52:97:34:FD:A8:9E:82:0B:DD:40:85
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019DE9CCD88DEAA36A0801FE84712A0B0602
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/8qNwSVXXyja-Upc0_aieggvdQIU.roa
Signing time:             Sat 02 May 2026 17:46:49 +0000
ROA not before:           Sat 02 May 2026 17:46:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49453
IP address blocks:        185.179.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e9:cc:d8:8d:ea:a3:6a:08:01:fe:84:71:2a:0b:06:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: May  2 17:46:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2a3704955d7ca36be529734fda89e820bdd4085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f2:c1:96:7d:ab:d4:80:af:0e:45:b9:ea:3c:
                    1c:df:5b:b7:39:73:bd:42:ca:57:2d:1f:8e:4d:9b:
                    fd:19:95:3f:67:c4:c8:7d:d9:a1:82:33:35:89:73:
                    71:3e:3f:27:eb:6f:c9:ae:79:2b:6c:77:60:f6:7f:
                    ec:d1:ff:09:9b:de:d5:f8:d0:84:fa:1d:a4:d7:bf:
                    27:d3:64:9a:60:41:b8:5e:47:23:37:ee:ef:83:f5:
                    40:a0:41:2c:a0:85:c5:6f:ed:47:32:5b:eb:6f:a4:
                    60:f5:fb:ce:77:ba:0b:27:0c:8d:2c:73:54:91:d1:
                    b0:54:46:ac:53:7f:5a:b2:e3:38:2a:2b:da:65:c8:
                    69:72:e6:c8:3c:46:34:08:a6:9a:c9:5f:98:2b:40:
                    4a:20:d4:64:2c:40:47:36:cc:2c:e4:56:a6:05:5a:
                    59:b2:62:5a:c1:78:c4:5d:03:b3:e7:25:23:00:9d:
                    21:e0:e6:4a:ab:09:40:d4:bb:f2:1b:df:10:50:bd:
                    db:66:2d:34:44:ca:19:ad:e1:4e:41:e9:87:0a:03:
                    81:c6:92:5c:a5:46:df:86:1d:98:ff:37:8c:30:20:
                    62:0d:32:0f:33:34:0e:da:29:73:1e:8f:8a:9d:26:
                    f9:b2:56:d1:26:ee:6a:76:23:9f:34:78:8f:e4:9e:
                    22:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A3:70:49:55:D7:CA:36:BE:52:97:34:FD:A8:9E:82:0B:DD:40:85
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/8qNwSVXXyja-Upc0_aieggvdQIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:65:22:ed:a5:bc:79:bb:66:36:b8:0a:c9:80:94:f1:c9:33:
         b9:8d:dd:19:a3:33:81:b9:aa:22:46:69:ef:f4:35:e6:68:5f:
         60:eb:6c:84:92:0f:83:c8:50:a1:5d:03:5c:a6:f7:33:b2:3c:
         15:e4:7a:26:01:a4:48:66:09:d6:8e:40:84:50:18:49:2c:36:
         5c:61:bb:d7:ba:35:16:99:08:71:2f:ec:e0:70:da:29:73:04:
         0c:32:9a:2a:e3:02:6b:72:8d:34:73:cf:12:25:fc:85:75:09:
         a6:0e:44:63:a8:30:3f:32:10:36:ff:55:94:b1:27:a1:a9:3f:
         a6:41:a2:a9:36:5a:70:f9:f0:c6:b6:ea:e1:37:9e:4d:89:1b:
         e8:4c:c7:ec:be:07:0d:7e:36:0c:4f:8e:82:e2:d8:5e:bb:13:
         07:bd:af:64:72:c4:fb:31:a3:17:b7:4c:10:89:3e:6e:4f:ce:
         da:e6:02:4b:85:09:45:fe:ea:a4:66:41:76:f1:de:4e:2e:c2:
         b4:f5:8e:cc:10:aa:69:aa:4e:86:e1:83:30:b7:a2:15:02:cd:
         a1:50:61:fe:8b:19:0b:22:e4:b7:b3:f7:de:95:6a:da:e6:d5:
         46:89:9a:02:ac:9a:bd:b1:55:c3:b3:a7:6f:d4:ba:f5:1a:10:
         db:95:da:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3pzNiN6qNqCAH+hHEqCwYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwNTAyMTc0NjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmEzNzA0OTU1ZDdjYTM2YmU1Mjk3MzRmZGE4OWU4MjBiZGQ0MDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvLBln2r1ICvDkW56jwc31u3OXO9
QspXLR+OTZv9GZU/Z8TIfdmhgjM1iXNxPj8n62/JrnkrbHdg9n/s0f8Jm97V+NCE
+h2k178n02SaYEG4XkcjN+7vg/VAoEEsoIXFb+1HMlvrb6Rg9fvOd7oLJwyNLHNU
kdGwVEasU39asuM4KivaZchpcubIPEY0CKaayV+YK0BKINRkLEBHNsws5FamBVpZ
smJawXjEXQOz5yUjAJ0h4OZKqwlA1LvyG98QUL3bZi00RMoZreFOQemHCgOBxpJc
pUbfhh2Y/zeMMCBiDTIPMzQO2ilzHo+KnSb5slbRJu5qdiOfNHiP5J4ikwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKjcElV18o2vlKXNP2onoIL3UCFMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvOHFOd1NWWFh5amEtVXBjMF9haWVnZ3ZkUUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubPZMA0G
CSqGSIb3DQEBCwUAA4IBAQCpZSLtpbx5u2Y2uArJgJTxyTO5jd0ZozOBuaoiRmnv
9DXmaF9g62yEkg+DyFChXQNcpvczsjwV5HomAaRIZgnWjkCEUBhJLDZcYbvXujUW
mQhxL+zgcNopcwQMMpoq4wJrco00c88SJfyFdQmmDkRjqDA/MhA2/1WUsSehqT+m
QaKpNlpw+fDGturhN55NiRvoTMfsvgcNfjYMT46C4theuxMHva9kcsT7MaMXt0wQ
iT5uT87a5gJLhQlF/uqkZkF28d5OLsK09Y7MEKppqk6G4YMwt6IVAs2hUGH+ixkL
IuS3s/felWra5tVGiZoCrJq9sVXDs6dv1Lr1GhDbldpK
-----END CERTIFICATE-----