Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/f68b26-f883-4559-8745-500d3b9cdcda/1/h0ixfocdnsQGjiEtpJ2Wa2m5vUk.roa
File:                     h0ixfocdnsQGjiEtpJ2Wa2m5vUk.roa (raw, json)
Hash identifier:          SN3q0o2kLPMwCpmviBxq3GsO7Fw/63NA1TEskWpMh+w=
Subject key identifier:   87:48:B1:7E:87:1D:9E:C4:06:8E:21:2D:A4:9D:96:6B:69:B9:BD:49
Certificate issuer:       /CN=05b0c77ffd6f00e82dbd9dada50118d413af2080
Certificate serial:       019CB02B8084E754F9242399A80F0628B01C
Authority key identifier: 05:B0:C7:7F:FD:6F:00:E8:2D:BD:9D:AD:A5:01:18:D4:13:AF:20:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbDHf_1vAOgtvZ2tpQEY1BOvIIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/f68b26-f883-4559-8745-500d3b9cdcda/1/h0ixfocdnsQGjiEtpJ2Wa2m5vUk.roa
Signing time:             Mon 02 Mar 2026 20:09:26 +0000
ROA not before:           Mon 02 Mar 2026 20:09:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56456
IP address blocks:        93.185.0.0/20 maxlen: 20
                          2a0e:3500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/f68b26-f883-4559-8745-500d3b9cdcda/1/BbDHf_1vAOgtvZ2tpQEY1BOvIIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/f68b26-f883-4559-8745-500d3b9cdcda/1/BbDHf_1vAOgtvZ2tpQEY1BOvIIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbDHf_1vAOgtvZ2tpQEY1BOvIIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b0:2b:80:84:e7:54:f9:24:23:99:a8:0f:06:28:b0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b0c77ffd6f00e82dbd9dada50118d413af2080
        Validity
            Not Before: Mar  2 20:09:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8748b17e871d9ec4068e212da49d966b69b9bd49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3a:9f:b3:36:92:16:7a:43:0a:ce:61:dc:46:
                    bf:14:f6:6e:8d:c6:09:50:98:c6:de:f3:fb:7a:fa:
                    23:56:0a:ee:57:4e:20:bf:9b:2a:51:93:24:3b:76:
                    c3:60:99:16:1c:4e:55:16:f7:9c:31:c3:5e:55:a9:
                    5a:90:88:67:47:2d:d3:d8:31:48:e5:ac:33:95:1b:
                    21:a4:cb:57:75:d6:8b:4c:85:9c:49:65:22:74:a9:
                    dc:39:52:a5:de:e9:e3:46:9a:b4:97:60:ae:cd:bb:
                    4c:fd:85:ce:df:d4:75:2b:7c:5e:c4:62:48:7a:9d:
                    4c:2c:f3:43:0e:fb:1c:00:a3:a4:95:1a:2c:a5:71:
                    68:5d:87:ee:69:a7:5a:fd:f4:b7:39:14:12:c4:93:
                    fa:99:de:36:bd:e7:b4:9d:f7:5d:7d:ec:1e:fb:d7:
                    fe:24:85:90:f7:c7:ee:18:f7:9e:0f:8b:1f:55:e5:
                    13:41:51:d2:ea:cc:1f:06:b8:c5:cb:ee:10:7a:78:
                    25:6c:1e:fa:09:0d:de:91:bf:8b:2f:41:3c:d3:21:
                    33:0a:8a:23:5c:7c:63:4a:4d:38:74:d2:82:81:99:
                    d4:5c:53:27:67:eb:cd:84:3a:d0:3b:fc:49:11:4f:
                    d6:c0:93:b9:fa:01:9f:27:01:7e:e5:bc:e2:c7:29:
                    2c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:48:B1:7E:87:1D:9E:C4:06:8E:21:2D:A4:9D:96:6B:69:B9:BD:49
            X509v3 Authority Key Identifier:
                keyid:05:B0:C7:7F:FD:6F:00:E8:2D:BD:9D:AD:A5:01:18:D4:13:AF:20:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbDHf_1vAOgtvZ2tpQEY1BOvIIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/f68b26-f883-4559-8745-500d3b9cdcda/1/h0ixfocdnsQGjiEtpJ2Wa2m5vUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/f68b26-f883-4559-8745-500d3b9cdcda/1/BbDHf_1vAOgtvZ2tpQEY1BOvIIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.0.0/20
                IPv6:
                  2a0e:3500::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:da:59:c5:b8:48:cd:2b:d9:e9:9b:5a:77:f2:99:8c:44:8f:
         5d:45:a6:41:e9:a5:82:b0:c7:61:b9:2c:4f:88:bb:88:28:4a:
         65:b5:7c:70:6f:cd:6b:8b:23:45:4d:1a:a3:7e:2f:31:50:bc:
         d1:5b:56:69:80:ea:f5:c1:aa:69:09:9d:e7:0d:41:5f:1d:f3:
         11:69:d8:d0:f6:fb:b3:86:57:24:ec:03:1c:3a:b1:7c:a1:04:
         d3:dd:89:2b:37:32:17:c2:8c:31:7a:c7:98:64:55:4b:c4:25:
         de:ca:62:74:ff:94:4a:49:bf:8c:23:93:fe:84:4b:50:38:bc:
         ee:d3:07:91:9f:92:f4:6c:99:3a:ee:52:f1:62:6d:33:3c:fa:
         32:d0:cd:47:f4:b0:71:df:be:ad:2d:e9:35:3e:a3:8c:59:20:
         a7:04:fa:69:78:0f:23:e0:b3:0c:96:7d:89:0c:55:74:29:03:
         6f:b5:ae:cf:5d:2c:ae:93:f6:19:41:76:d6:0f:74:f5:d0:ea:
         4e:c0:27:fe:ab:0d:66:a6:3a:7c:66:ed:5e:82:2d:0d:d1:5b:
         4f:df:15:cf:89:ba:46:93:1b:e0:cf:c0:f8:3a:47:68:ed:26:
         af:99:6d:49:c7:38:89:1c:a2:7a:3f:01:26:30:47:43:72:2c:
         a4:a7:31:f3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZywK4CE51T5JCOZqA8GKLAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjBjNzdmZmQ2ZjAwZTgyZGJkOWRhZGE1MDExOGQ0MTNh
ZjIwODAwHhcNMjYwMzAyMjAwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzQ4YjE3ZTg3MWQ5ZWM0MDY4ZTIxMmRhNDlkOTY2YjY5YjliZDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjqfszaSFnpDCs5h3Ea/FPZujcYJ
UJjG3vP7evojVgruV04gv5sqUZMkO3bDYJkWHE5VFvecMcNeValakIhnRy3T2DFI
5awzlRshpMtXddaLTIWcSWUidKncOVKl3unjRpq0l2CuzbtM/YXO39R1K3xexGJI
ep1MLPNDDvscAKOklRospXFoXYfuaada/fS3ORQSxJP6md42vee0nfddfewe+9f+
JIWQ98fuGPeeD4sfVeUTQVHS6swfBrjFy+4QenglbB76CQ3ekb+LL0E80yEzCooj
XHxjSk04dNKCgZnUXFMnZ+vNhDrQO/xJEU/WwJO5+gGfJwF+5bzixyksNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIdIsX6HHZ7EBo4hLaSdlmtpub1JMB8GA1UdIwQY
MBaAFAWwx3/9bwDoLb2draUBGNQTryCAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJESGZfMXZBT2d0dloydHBRRVkxQk92SUlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9mNjhiMjYtZjg4My00NTU5LTg3NDUt
NTAwZDNiOWNkY2RhLzEvaDBpeGZvY2Ruc1FHamlFdHBKMldhMm01dlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9mNjhiMjYtZjg4My00NTU5LTg3NDUtNTAwZDNiOWNkY2Rh
LzEvQmJESGZfMXZBT2d0dloydHBRRVkxQk92SUlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEXbkAMA0E
AgACMAcDBQMqDjUAMA0GCSqGSIb3DQEBCwUAA4IBAQBD2lnFuEjNK9npm1p38pmM
RI9dRaZB6aWCsMdhuSxPiLuIKEpltXxwb81riyNFTRqjfi8xULzRW1ZpgOr1wapp
CZ3nDUFfHfMRadjQ9vuzhlck7AMcOrF8oQTT3YkrNzIXwowxeseYZFVLxCXeymJ0
/5RKSb+MI5P+hEtQOLzu0weRn5L0bJk67lLxYm0zPPoy0M1H9LBx376tLek1PqOM
WSCnBPppeA8j4LMMln2JDFV0KQNvta7PXSyuk/YZQXbWD3T10OpOwCf+qw1mpjp8
Zu1egi0N0VtP3xXPibpGkxvgz8D4Okdo7SavmW1JxziJHKJ6PwEmMEdDciykpzHz
-----END CERTIFICATE-----