Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/BrYLkD9TmDPoYU0rlukWdAAB0EA.roa
File:                     BrYLkD9TmDPoYU0rlukWdAAB0EA.roa (raw, json)
Hash identifier:          kw7o4839tWQmb1Bv1oM+Q1HjTSF27uMaLJi/HJLmUas=
Subject key identifier:   06:B6:0B:90:3F:53:98:33:E8:61:4D:2B:96:E9:16:74:00:01:D0:40
Certificate issuer:       /CN=1a7d610942d4d9f96d5731b9538fd4c78ba0f20d
Certificate serial:       019B76EB982F7BDF5C364B6A7F0F5C31E48B
Authority key identifier: 1A:7D:61:09:42:D4:D9:F9:6D:57:31:B9:53:8F:D4:C7:8B:A0:F2:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn1hCULU2fltVzG5U4_Ux4ug8g0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/BrYLkD9TmDPoYU0rlukWdAAB0EA.roa
Signing time:             Thu 01 Jan 2026 00:18:29 +0000
ROA not before:           Thu 01 Jan 2026 00:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24840
IP address blocks:        185.16.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/Gn1hCULU2fltVzG5U4_Ux4ug8g0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/Gn1hCULU2fltVzG5U4_Ux4ug8g0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn1hCULU2fltVzG5U4_Ux4ug8g0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:98:2f:7b:df:5c:36:4b:6a:7f:0f:5c:31:e4:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7d610942d4d9f96d5731b9538fd4c78ba0f20d
        Validity
            Not Before: Jan  1 00:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06b60b903f539833e8614d2b96e916740001d040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:26:9d:ce:66:de:85:ac:9a:4d:4b:1d:d2:f7:
                    51:74:96:76:91:39:b0:e3:7b:92:05:19:e6:e0:cb:
                    0a:30:ac:28:c0:18:d9:75:e1:31:be:93:77:1a:5e:
                    d8:47:48:da:d3:9f:f7:d3:a4:0f:5b:41:5d:ac:83:
                    10:c5:ed:01:af:ae:1b:51:71:c4:a0:9c:c6:64:69:
                    4b:3f:d7:23:42:88:83:2e:c6:75:98:36:f2:e0:10:
                    1d:6f:c0:ea:9d:47:20:df:bb:f8:7d:5c:a2:1d:09:
                    be:14:36:2a:03:6b:f0:5b:55:e3:64:80:68:fb:e5:
                    3d:ee:d2:4c:d1:69:b1:87:47:a0:15:d5:58:86:3e:
                    07:76:42:3b:06:a7:07:e1:ba:3f:4d:db:06:45:0b:
                    94:61:97:5c:2a:a3:9b:f8:27:db:92:94:ed:73:20:
                    5f:2e:c0:1f:46:d9:4b:b5:89:50:dd:7a:05:7b:b5:
                    7c:f7:d4:58:d8:52:f2:ad:b9:ef:3e:32:81:1e:e1:
                    75:02:3e:c5:b7:3e:cf:6e:05:36:8d:ea:06:15:33:
                    c2:6c:d0:d0:75:7f:12:57:c3:f7:b9:ec:4c:f7:74:
                    db:fe:31:a0:0b:10:41:51:db:5b:60:86:d9:52:19:
                    29:ca:f9:6e:60:aa:2b:b1:88:7f:ac:e5:7f:53:c5:
                    ba:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B6:0B:90:3F:53:98:33:E8:61:4D:2B:96:E9:16:74:00:01:D0:40
            X509v3 Authority Key Identifier:
                keyid:1A:7D:61:09:42:D4:D9:F9:6D:57:31:B9:53:8F:D4:C7:8B:A0:F2:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn1hCULU2fltVzG5U4_Ux4ug8g0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/BrYLkD9TmDPoYU0rlukWdAAB0EA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/Gn1hCULU2fltVzG5U4_Ux4ug8g0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:9a:80:2d:0b:15:2d:1b:e3:bd:fd:07:61:02:ab:e5:5e:01:
         2a:e8:02:c4:12:4a:10:66:4e:0d:7a:5e:23:d0:a2:9f:2c:9a:
         1e:1e:32:58:06:c2:8d:5a:49:06:70:c5:0d:75:17:41:74:81:
         0a:61:5f:23:20:4a:e8:e2:ca:a1:e1:09:f3:2c:b6:03:5f:c9:
         2c:07:ca:20:64:b2:eb:1a:d8:01:b2:8b:c9:1a:22:e2:ba:45:
         ab:88:f0:7c:3a:a5:19:6b:15:8c:9d:e6:6d:ee:4a:7a:6e:8f:
         78:a5:c0:81:8b:25:3f:1e:67:6a:bc:16:d1:36:1b:bb:90:3d:
         a5:0c:c2:9f:6f:a9:fe:be:d7:c9:5a:01:d0:45:6c:67:f0:9f:
         ba:81:5d:a4:f1:45:dc:ee:dc:66:d4:13:14:cd:d3:48:0d:e9:
         cc:52:ac:c2:a8:ab:88:a2:62:94:61:cb:1a:6e:5f:7f:c0:77:
         4a:b6:f5:89:d8:7c:02:65:bd:be:48:3e:64:57:fa:16:82:36:
         53:cc:23:1d:e3:70:ab:8f:dc:11:7a:d8:d8:cb:5c:c5:cd:04:
         47:db:56:44:67:26:5e:b3:11:57:2e:8e:a2:bb:e5:10:36:b7:
         a5:a2:26:e2:73:70:81:58:ff:31:d9:e2:ef:94:7b:bf:15:2e:
         f8:86:33:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt265gve99cNktqfw9cMeSLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2Q2MTA5NDJkNGQ5Zjk2ZDU3MzFiOTUzOGZkNGM3OGJh
MGYyMGQwHhcNMjYwMTAxMDAxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI2MGI5MDNmNTM5ODMzZTg2MTRkMmI5NmU5MTY3NDAwMDFkMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CadzmbehayaTUsd0vdRdJZ2kTmw
43uSBRnm4MsKMKwowBjZdeExvpN3Gl7YR0ja05/306QPW0FdrIMQxe0Br64bUXHE
oJzGZGlLP9cjQoiDLsZ1mDby4BAdb8DqnUcg37v4fVyiHQm+FDYqA2vwW1XjZIBo
++U97tJM0Wmxh0egFdVYhj4HdkI7BqcH4bo/TdsGRQuUYZdcKqOb+CfbkpTtcyBf
LsAfRtlLtYlQ3XoFe7V899RY2FLyrbnvPjKBHuF1Aj7Ftz7PbgU2jeoGFTPCbNDQ
dX8SV8P3uexM93Tb/jGgCxBBUdtbYIbZUhkpyvluYKorsYh/rOV/U8W6fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa2C5A/U5gz6GFNK5bpFnQAAdBAMB8GA1UdIwQY
MBaAFBp9YQlC1Nn5bVcxuVOP1MeLoPINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR24xaENVTFUyZmx0VnpHNVU0X1V4NHVnOGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zN2FlZGYtNWJjMC00MGQ1LTg0Y2Mt
MDBiMDEzN2YyOWZmLzEvQnJZTGtEOVRtRFBvWVUwcmx1a1dkQUFCMEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zN2FlZGYtNWJjMC00MGQ1LTg0Y2MtMDBiMDEzN2YyOWZm
LzEvR24xaENVTFUyZmx0VnpHNVU0X1V4NHVnOGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRDGMA0G
CSqGSIb3DQEBCwUAA4IBAQBUmoAtCxUtG+O9/QdhAqvlXgEq6ALEEkoQZk4Nel4j
0KKfLJoeHjJYBsKNWkkGcMUNdRdBdIEKYV8jIEro4sqh4QnzLLYDX8ksB8ogZLLr
GtgBsovJGiLiukWriPB8OqUZaxWMneZt7kp6bo94pcCBiyU/HmdqvBbRNhu7kD2l
DMKfb6n+vtfJWgHQRWxn8J+6gV2k8UXc7txm1BMUzdNIDenMUqzCqKuIomKUYcsa
bl9/wHdKtvWJ2HwCZb2+SD5kV/oWgjZTzCMd43Crj9wRetjYy1zFzQRH21ZEZyZe
sxFXLo6iu+UQNreloibic3CBWP8x2eLvlHu/FS74hjOA
-----END CERTIFICATE-----