Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/tGcQWfJdFA7I3cRAu7ko9fiv_Zg.roa
File:                     tGcQWfJdFA7I3cRAu7ko9fiv_Zg.roa (raw, json)
Hash identifier:          dRKbNHfZ6eyJqPwleBrpM00yMHOrBXW9WqS11VOxnIg=
Subject key identifier:   B4:67:10:59:F2:5D:14:0E:C8:DD:C4:40:BB:B9:28:F5:F8:AF:FD:98
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       019CCBADBCF00C5362772EEAFF9E089F36A1
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/tGcQWfJdFA7I3cRAu7ko9fiv_Zg.roa
Signing time:             Sun 08 Mar 2026 04:21:26 +0000
ROA not before:           Sun 08 Mar 2026 04:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206977
IP address blocks:        185.138.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:cb:ad:bc:f0:0c:53:62:77:2e:ea:ff:9e:08:9f:36:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Mar  8 04:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4671059f25d140ec8ddc440bbb928f5f8affd98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:f9:28:03:b2:3a:5e:83:c2:f0:83:8f:56:f2:
                    cc:ac:83:79:c1:19:43:c8:a8:2e:57:64:55:ef:c2:
                    e5:5b:c4:9f:5a:d3:df:b0:5e:f6:47:a9:64:c6:e3:
                    cd:38:69:57:14:2b:42:b0:4d:e5:8d:15:11:e0:e4:
                    ff:64:f4:9d:20:bb:4d:6f:56:6e:22:8c:6a:5d:56:
                    e8:ef:e2:1f:12:b5:dc:4b:32:3c:67:8d:e3:77:0c:
                    3c:f5:be:fb:1f:b5:0a:c5:91:9a:aa:a7:fa:e8:10:
                    02:27:fb:2c:49:2d:58:5b:3d:ad:6e:6d:e8:64:c0:
                    e9:a3:25:30:de:17:41:b7:d0:37:e4:d0:a8:c6:a3:
                    70:88:6c:31:a1:c5:07:0b:1a:9b:07:50:5a:e4:fc:
                    f1:37:61:bc:96:7e:fb:eb:c5:49:6f:9e:b0:3a:52:
                    53:01:35:dc:2a:b1:d5:ef:a1:9c:e5:d7:16:b5:7d:
                    9a:53:ff:62:d8:12:fc:8c:d7:78:29:57:56:a8:00:
                    17:b3:4e:00:da:f4:29:e4:95:ec:ed:ae:3c:a7:07:
                    74:98:bb:3d:f3:1a:ce:df:9c:38:f6:66:01:ce:c7:
                    f6:7f:0e:13:ae:ed:f0:3c:80:c1:4a:8a:29:35:7a:
                    58:d0:34:7e:4d:2e:99:a0:53:48:30:bc:6e:35:ab:
                    a9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:67:10:59:F2:5D:14:0E:C8:DD:C4:40:BB:B9:28:F5:F8:AF:FD:98
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/tGcQWfJdFA7I3cRAu7ko9fiv_Zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:93:bf:d8:97:a6:a5:05:2c:6f:61:96:c9:71:cf:e1:f4:2a:
         68:0f:8b:59:0b:d9:6f:31:53:22:c1:12:af:43:ad:37:f9:dd:
         60:a6:31:e1:7e:58:0d:61:1f:d0:56:7d:a9:6e:0f:c4:e0:90:
         89:84:cf:69:04:30:01:60:f0:60:05:56:06:b6:b4:ca:ef:a0:
         79:17:4c:f7:98:13:94:bf:ac:02:69:5c:5e:84:13:f7:dd:6c:
         7f:5d:95:e3:9d:dd:d7:8d:f3:9f:51:4c:83:95:31:2e:16:f4:
         de:24:bd:a1:e0:92:f8:09:b7:d3:5f:9c:51:9b:ee:8b:10:8b:
         c1:cd:45:7f:0b:51:f5:3d:98:d9:87:0d:cb:b9:7b:b9:89:89:
         89:49:55:4f:b6:3b:df:c6:90:ed:cb:c1:c8:2b:5f:e0:4e:bb:
         7c:5f:eb:1c:88:97:93:3b:4d:06:12:0a:28:d7:8d:92:e8:3a:
         d2:37:8f:30:0f:a6:13:de:03:ce:9d:35:41:99:bf:cf:43:af:
         8e:3f:5e:26:4a:96:82:b9:49:b5:3c:c2:be:ea:2a:df:ef:86:
         62:9f:e0:12:d2:e5:97:dc:1c:75:72:c1:24:74:c6:b0:71:b0:
         36:ab:4f:45:59:3a:5e:a0:20:de:34:8d:56:49:5c:a6:0e:c0:
         85:c8:91:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzLrbzwDFNidy7q/54InzahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjYwMzA4MDQyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDY3MTA1OWYyNWQxNDBlYzhkZGM0NDBiYmI5MjhmNWY4YWZmZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5vkoA7I6XoPC8IOPVvLMrIN5wRlD
yKguV2RV78LlW8SfWtPfsF72R6lkxuPNOGlXFCtCsE3ljRUR4OT/ZPSdILtNb1Zu
IoxqXVbo7+IfErXcSzI8Z43jdww89b77H7UKxZGaqqf66BACJ/ssSS1YWz2tbm3o
ZMDpoyUw3hdBt9A35NCoxqNwiGwxocUHCxqbB1Ba5PzxN2G8ln7768VJb56wOlJT
ATXcKrHV76Gc5dcWtX2aU/9i2BL8jNd4KVdWqAAXs04A2vQp5JXs7a48pwd0mLs9
8xrO35w49mYBzsf2fw4Tru3wPIDBSoopNXpY0DR+TS6ZoFNIMLxuNaup2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRnEFnyXRQOyN3EQLu5KPX4r/2YMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvdEdjUVdmSmRGQTdJM2NSQXU3a285Zml2X1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYoMMA0G
CSqGSIb3DQEBCwUAA4IBAQAyk7/Yl6alBSxvYZbJcc/h9CpoD4tZC9lvMVMiwRKv
Q603+d1gpjHhflgNYR/QVn2pbg/E4JCJhM9pBDABYPBgBVYGtrTK76B5F0z3mBOU
v6wCaVxehBP33Wx/XZXjnd3XjfOfUUyDlTEuFvTeJL2h4JL4CbfTX5xRm+6LEIvB
zUV/C1H1PZjZhw3LuXu5iYmJSVVPtjvfxpDty8HIK1/gTrt8X+sciJeTO00GEgoo
142S6DrSN48wD6YT3gPOnTVBmb/PQ6+OP14mSpaCuUm1PMK+6irf74Zin+AS0uWX
3Bx1csEkdMawcbA2q09FWTpeoCDeNI1WSVymDsCFyJHY
-----END CERTIFICATE-----