Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/9014c3-1a49-4e62-9243-21335d1063af/1/cPaYLIOF3VCjmjb4ZY5WFsbWaMY.roa
File:                     cPaYLIOF3VCjmjb4ZY5WFsbWaMY.roa (raw, json)
Hash identifier:          N1wSv7IKNjHNPgVshCdy+hjLM0GcmgKEhSsoWfHZ7pU=
Subject key identifier:   70:F6:98:2C:83:85:DD:50:A3:9A:36:F8:65:8E:56:16:C6:D6:68:C6
Certificate issuer:       /CN=3f0a287bea92588fc5dae4f93fb25628f32d196d
Certificate serial:       019C48B60FE16F4841F6EFD32067993D7BDB
Authority key identifier: 3F:0A:28:7B:EA:92:58:8F:C5:DA:E4:F9:3F:B2:56:28:F3:2D:19:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pwooe-qSWI_F2uT5P7JWKPMtGW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/9014c3-1a49-4e62-9243-21335d1063af/1/cPaYLIOF3VCjmjb4ZY5WFsbWaMY.roa
Signing time:             Tue 10 Feb 2026 18:00:16 +0000
ROA not before:           Tue 10 Feb 2026 18:00:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212695
IP address blocks:        185.12.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/9014c3-1a49-4e62-9243-21335d1063af/1/Pwooe-qSWI_F2uT5P7JWKPMtGW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/9014c3-1a49-4e62-9243-21335d1063af/1/Pwooe-qSWI_F2uT5P7JWKPMtGW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pwooe-qSWI_F2uT5P7JWKPMtGW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:48:b6:0f:e1:6f:48:41:f6:ef:d3:20:67:99:3d:7b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f0a287bea92588fc5dae4f93fb25628f32d196d
        Validity
            Not Before: Feb 10 18:00:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70f6982c8385dd50a39a36f8658e5616c6d668c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c4:d9:ae:78:ca:3a:f0:2d:93:f8:c2:1e:65:
                    a2:28:5b:59:51:34:86:67:83:c3:ac:bd:24:19:01:
                    6c:0a:0b:f5:14:ad:ca:54:56:0c:64:f2:83:c7:28:
                    e9:f8:80:b9:20:1f:c2:1f:71:53:b7:c3:59:dc:d8:
                    c6:0c:11:27:77:4f:ba:5b:2f:90:5f:55:ea:76:41:
                    15:8e:53:15:5b:dc:82:82:94:0e:eb:28:9e:44:a1:
                    8e:d3:03:63:1a:92:21:3f:d5:07:20:24:3a:32:0e:
                    f9:f5:fa:a8:e9:27:81:f7:49:c1:8c:d9:76:07:cb:
                    f0:8b:03:b1:b7:18:75:a8:3a:ca:b5:8a:74:e7:eb:
                    00:5c:f6:fb:b2:70:fa:46:c8:e8:52:ec:5c:4b:72:
                    d1:44:00:b1:11:e3:38:0b:9a:cb:88:06:bc:5e:98:
                    25:8d:26:9c:17:ae:79:92:90:3f:fb:63:10:5d:51:
                    85:30:15:4c:3b:1a:94:88:be:60:ab:fe:46:5c:51:
                    5a:58:63:20:fd:25:fc:a5:aa:91:25:39:e0:45:5d:
                    8d:08:b8:be:0a:35:e9:72:89:c0:f6:87:5b:fd:39:
                    7b:dc:75:92:ea:50:34:0b:df:b7:ec:a0:9d:e8:53:
                    c6:f8:9d:83:b8:be:8e:74:c3:2b:53:f4:48:47:87:
                    7d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F6:98:2C:83:85:DD:50:A3:9A:36:F8:65:8E:56:16:C6:D6:68:C6
            X509v3 Authority Key Identifier:
                keyid:3F:0A:28:7B:EA:92:58:8F:C5:DA:E4:F9:3F:B2:56:28:F3:2D:19:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pwooe-qSWI_F2uT5P7JWKPMtGW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9014c3-1a49-4e62-9243-21335d1063af/1/cPaYLIOF3VCjmjb4ZY5WFsbWaMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9014c3-1a49-4e62-9243-21335d1063af/1/Pwooe-qSWI_F2uT5P7JWKPMtGW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:dc:7c:50:da:6f:2a:4f:11:ed:a0:44:ff:04:fd:f6:ad:76:
         28:72:6b:96:02:72:34:11:34:27:0c:58:13:2d:55:96:43:aa:
         51:26:84:f4:ab:3b:b6:e1:f4:8c:10:de:a9:19:c2:85:63:c5:
         1d:28:d0:41:27:6c:8f:27:0b:00:4b:d9:4a:d7:8f:78:63:9f:
         29:f8:a8:0e:09:19:e5:64:ff:70:90:18:6a:f3:e8:c2:f2:b9:
         d9:7c:e8:08:27:8a:8b:35:21:fa:3f:cd:4c:8c:4a:99:e2:87:
         cf:d2:4b:ea:17:34:6a:d5:13:70:45:47:72:29:40:90:c2:47:
         e6:a7:96:53:22:c4:ce:e4:20:56:c4:b4:2b:d9:02:c8:b8:6d:
         b0:d6:93:7d:35:e3:c0:d9:69:66:c0:14:76:ea:ec:27:f3:be:
         55:f8:f7:6a:bb:4a:67:63:cb:0a:6d:ae:fa:fd:f7:59:a3:a3:
         db:f4:d1:83:13:61:47:75:68:43:69:4d:7b:18:a6:b0:e9:d4:
         c1:ad:b7:b4:41:fa:24:c0:c1:1d:ab:48:7d:cd:2c:29:03:cc:
         f3:98:80:8e:97:dc:61:4a:34:c1:46:be:91:ee:40:27:d9:80:
         bf:50:e6:54:a0:54:34:3d:4f:24:98:19:eb:fe:a0:43:1c:38:
         8e:50:fa:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxItg/hb0hB9u/TIGeZPXvbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMGEyODdiZWE5MjU4OGZjNWRhZTRmOTNmYjI1NjI4ZjMy
ZDE5NmQwHhcNMjYwMjEwMTgwMDE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGY2OTgyYzgzODVkZDUwYTM5YTM2Zjg2NThlNTYxNmM2ZDY2OGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsTZrnjKOvAtk/jCHmWiKFtZUTSG
Z4PDrL0kGQFsCgv1FK3KVFYMZPKDxyjp+IC5IB/CH3FTt8NZ3NjGDBEnd0+6Wy+Q
X1XqdkEVjlMVW9yCgpQO6yieRKGO0wNjGpIhP9UHICQ6Mg759fqo6SeB90nBjNl2
B8vwiwOxtxh1qDrKtYp05+sAXPb7snD6RsjoUuxcS3LRRACxEeM4C5rLiAa8Xpgl
jSacF655kpA/+2MQXVGFMBVMOxqUiL5gq/5GXFFaWGMg/SX8paqRJTngRV2NCLi+
CjXpconA9odb/Tl73HWS6lA0C9+37KCd6FPG+J2DuL6OdMMrU/RIR4d9cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHD2mCyDhd1Qo5o2+GWOVhbG1mjGMB8GA1UdIwQY
MBaAFD8KKHvqkliPxdrk+T+yVijzLRltMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHdvb2UtcVNXSV9GMnVUNVA3SldLUE10R1cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85MDE0YzMtMWE0OS00ZTYyLTkyNDMt
MjEzMzVkMTA2M2FmLzEvY1BhWUxJT0YzVkNqbWpiNFpZNVdGc2JXYU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85MDE0YzMtMWE0OS00ZTYyLTkyNDMtMjEzMzVkMTA2M2Fm
LzEvUHdvb2UtcVNXSV9GMnVUNVA3SldLUE10R1cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQyOMA0G
CSqGSIb3DQEBCwUAA4IBAQBz3HxQ2m8qTxHtoET/BP32rXYocmuWAnI0ETQnDFgT
LVWWQ6pRJoT0qzu24fSMEN6pGcKFY8UdKNBBJ2yPJwsAS9lK1494Y58p+KgOCRnl
ZP9wkBhq8+jC8rnZfOgIJ4qLNSH6P81MjEqZ4ofP0kvqFzRq1RNwRUdyKUCQwkfm
p5ZTIsTO5CBWxLQr2QLIuG2w1pN9NePA2WlmwBR26uwn875V+Pdqu0pnY8sKba76
/fdZo6Pb9NGDE2FHdWhDaU17GKaw6dTBrbe0QfokwMEdq0h9zSwpA8zzmICOl9xh
SjTBRr6R7kAn2YC/UOZUoFQ0PU8kmBnr/qBDHDiOUPo9
-----END CERTIFICATE-----