Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/960ddf-2c00-4b52-ab43-25fd7429b26e/1/XbkH5_i2k4jHzcNh6FE4UyKwysc.roa
File:                     XbkH5_i2k4jHzcNh6FE4UyKwysc.roa (raw, json)
Hash identifier:          4o2UxH6bGJou1LD39yY2Re5P0lbU2Modup85oP1m1j8=
Subject key identifier:   5D:B9:07:E7:F8:B6:93:88:C7:CD:C3:61:E8:51:38:53:22:B0:CA:C7
Certificate issuer:       /CN=52f4897f7a873f47fa5352a1cdfc903d23263894
Certificate serial:       019CFB83E025585648EB80253E81A19E21B9
Authority key identifier: 52:F4:89:7F:7A:87:3F:47:FA:53:52:A1:CD:FC:90:3D:23:26:38:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UvSJf3qHP0f6U1KhzfyQPSMmOJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/960ddf-2c00-4b52-ab43-25fd7429b26e/1/XbkH5_i2k4jHzcNh6FE4UyKwysc.roa
Signing time:             Tue 17 Mar 2026 11:17:29 +0000
ROA not before:           Tue 17 Mar 2026 11:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        185.89.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/960ddf-2c00-4b52-ab43-25fd7429b26e/1/UvSJf3qHP0f6U1KhzfyQPSMmOJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/960ddf-2c00-4b52-ab43-25fd7429b26e/1/UvSJf3qHP0f6U1KhzfyQPSMmOJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UvSJf3qHP0f6U1KhzfyQPSMmOJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:83:e0:25:58:56:48:eb:80:25:3e:81:a1:9e:21:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52f4897f7a873f47fa5352a1cdfc903d23263894
        Validity
            Not Before: Mar 17 11:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5db907e7f8b69388c7cdc361e851385322b0cac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:14:fe:02:c5:30:c1:0c:50:0c:d0:bc:84:7c:
                    8c:82:60:14:92:ee:0a:70:73:ed:0c:e5:dd:f0:d0:
                    25:6f:27:97:b6:ce:ce:40:90:0d:44:f0:ea:7a:77:
                    61:94:32:68:2b:94:a1:cb:aa:fc:25:1e:b7:3d:b4:
                    1e:8f:e8:d6:81:24:39:eb:91:07:5d:f1:9e:ad:a0:
                    b8:4c:91:e6:c7:88:40:dc:05:94:8f:db:94:2f:0a:
                    40:4a:e0:a0:c8:c9:0e:e7:bf:36:97:9a:ee:b6:61:
                    09:50:af:fc:de:0e:ff:87:a4:f7:13:24:5b:b5:11:
                    fa:eb:6b:fe:b4:08:c3:8f:b6:34:0b:f6:7c:68:c7:
                    b1:4b:9b:66:dd:6e:2f:e7:40:43:f0:01:96:56:71:
                    77:31:a0:4b:aa:5e:4d:79:dc:59:63:cf:b1:fe:f9:
                    64:43:8b:08:cc:68:4d:ea:ae:55:ee:e9:b5:e6:5e:
                    9a:e2:a7:44:11:17:b2:9f:ff:0f:47:52:22:7d:27:
                    a9:0d:f1:9d:59:bb:76:96:0a:03:99:ef:30:29:e5:
                    cf:49:7a:ee:27:ff:a6:a0:f6:fc:07:4a:24:d6:56:
                    ab:25:6a:f0:ab:de:ce:79:f5:e3:dc:c7:1d:20:e1:
                    d2:b7:ec:07:47:41:86:1b:f6:4e:20:52:9c:7a:69:
                    d4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B9:07:E7:F8:B6:93:88:C7:CD:C3:61:E8:51:38:53:22:B0:CA:C7
            X509v3 Authority Key Identifier:
                keyid:52:F4:89:7F:7A:87:3F:47:FA:53:52:A1:CD:FC:90:3D:23:26:38:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UvSJf3qHP0f6U1KhzfyQPSMmOJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/960ddf-2c00-4b52-ab43-25fd7429b26e/1/XbkH5_i2k4jHzcNh6FE4UyKwysc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/960ddf-2c00-4b52-ab43-25fd7429b26e/1/UvSJf3qHP0f6U1KhzfyQPSMmOJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:3a:26:1a:c9:5d:de:0c:5f:59:b3:2f:e8:ad:ec:a8:3a:c0:
         ab:dc:10:9b:61:d5:6c:70:ba:d5:51:ba:a9:17:e7:e8:7b:39:
         9e:3e:5c:43:8a:b6:57:68:81:20:ca:80:3f:5a:5b:c9:a9:f0:
         f0:ca:06:90:90:b9:86:3a:0b:09:fd:b2:5b:b5:12:aa:fc:2c:
         9e:1d:57:e9:4c:7e:4a:92:f2:21:43:35:2f:5a:4a:cc:e5:09:
         a0:83:9c:d5:f2:b8:87:45:16:14:01:4c:77:21:43:48:5b:63:
         8d:0d:c7:89:3d:cf:63:94:18:97:8d:eb:cd:68:93:2c:50:18:
         83:75:31:e4:49:4e:5b:fc:9c:87:ce:6c:29:23:3b:a6:01:66:
         d4:5f:2c:be:e3:3a:37:0f:af:57:d8:22:1b:c7:1a:f2:63:dc:
         6d:2e:0f:37:e8:b4:63:cc:e9:1f:44:7f:44:dd:d0:07:61:e3:
         86:0e:31:68:07:bb:28:df:39:7c:09:69:d0:13:84:26:82:b1:
         bc:a0:a6:b3:2c:38:25:9d:f2:41:39:a8:3c:e8:d9:08:83:33:
         09:b5:59:4b:30:46:ff:69:67:bc:42:08:ab:81:6d:b4:70:ae:
         3b:53:4c:34:dc:5e:11:af:cf:89:9c:fd:b4:b9:0b:85:0a:1a:
         57:4a:a2:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz7g+AlWFZI64AlPoGhniG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZjQ4OTdmN2E4NzNmNDdmYTUzNTJhMWNkZmM5MDNkMjMy
NjM4OTQwHhcNMjYwMzE3MTExNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI5MDdlN2Y4YjY5Mzg4YzdjZGMzNjFlODUxMzg1MzIyYjBjYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xT+AsUwwQxQDNC8hHyMgmAUku4K
cHPtDOXd8NAlbyeXts7OQJANRPDqendhlDJoK5Shy6r8JR63PbQej+jWgSQ565EH
XfGeraC4TJHmx4hA3AWUj9uULwpASuCgyMkO5782l5rutmEJUK/83g7/h6T3EyRb
tRH662v+tAjDj7Y0C/Z8aMexS5tm3W4v50BD8AGWVnF3MaBLql5NedxZY8+x/vlk
Q4sIzGhN6q5V7um15l6a4qdEEReyn/8PR1IifSepDfGdWbt2lgoDme8wKeXPSXru
J/+moPb8B0ok1larJWrwq97OefXj3McdIOHSt+wHR0GGG/ZOIFKcemnUiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF25B+f4tpOIx83DYehROFMisMrHMB8GA1UdIwQY
MBaAFFL0iX96hz9H+lNSoc38kD0jJjiUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXZTSmYzcUhQMGY2VTFLaHpmeVFQU01tT0pRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85NjBkZGYtMmMwMC00YjUyLWFiNDMt
MjVmZDc0MjliMjZlLzEvWGJrSDVfaTJrNGpIemNOaDZGRTRVeUt3eXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85NjBkZGYtMmMwMC00YjUyLWFiNDMtMjVmZDc0MjliMjZl
LzEvVXZTSmYzcUhQMGY2VTFLaHpmeVFQU01tT0pRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVnIMA0G
CSqGSIb3DQEBCwUAA4IBAQAdOiYayV3eDF9Zsy/oreyoOsCr3BCbYdVscLrVUbqp
F+foezmePlxDirZXaIEgyoA/WlvJqfDwygaQkLmGOgsJ/bJbtRKq/CyeHVfpTH5K
kvIhQzUvWkrM5Qmgg5zV8riHRRYUAUx3IUNIW2ONDceJPc9jlBiXjevNaJMsUBiD
dTHkSU5b/JyHzmwpIzumAWbUXyy+4zo3D69X2CIbxxryY9xtLg836LRjzOkfRH9E
3dAHYeOGDjFoB7so3zl8CWnQE4QmgrG8oKazLDglnfJBOag86NkIgzMJtVlLMEb/
aWe8QgirgW20cK47U0w03F4Rr8+JnP20uQuFChpXSqJN
-----END CERTIFICATE-----