Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/CJowFgb4ICGp3Wfh7jHnULJU2M0.roa
File:                     CJowFgb4ICGp3Wfh7jHnULJU2M0.roa (raw, json)
Hash identifier:          bL65BGdIxVmyrRBt+KdvOpVuUTY76scln+WxP6WN3rg=
Subject key identifier:   08:9A:30:16:06:F8:20:21:A9:DD:67:E1:EE:31:E7:50:B2:54:D8:CD
Certificate issuer:       /CN=60c44dff71879863ea71442023b7f354dc3dad7c
Certificate serial:       019D00D458BBB2DD711614D1566CFE2B1444
Authority key identifier: 60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/CJowFgb4ICGp3Wfh7jHnULJU2M0.roa
Signing time:             Wed 18 Mar 2026 12:03:29 +0000
ROA not before:           Wed 18 Mar 2026 12:03:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.88.184.0/24 maxlen: 24
                          185.88.185.0/24 maxlen: 24
                          185.88.186.0/24 maxlen: 24
                          185.88.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:d4:58:bb:b2:dd:71:16:14:d1:56:6c:fe:2b:14:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c44dff71879863ea71442023b7f354dc3dad7c
        Validity
            Not Before: Mar 18 12:03:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=089a301606f82021a9dd67e1ee31e750b254d8cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6d:ba:f3:58:ed:55:15:e1:0d:c8:71:ae:1c:
                    ab:ff:70:a8:f1:c1:55:cc:9a:be:61:a0:a1:d1:dc:
                    7b:b3:ae:f5:dc:f3:53:38:18:0b:a3:c3:a7:69:26:
                    33:05:9c:f5:59:06:19:6f:5a:89:72:e7:8f:ea:97:
                    b0:a5:7e:8b:b9:93:ab:a7:db:ef:c0:59:b2:ae:3a:
                    91:fd:98:a9:3a:76:79:ac:c6:55:2e:01:03:39:1b:
                    46:33:be:e7:f4:ba:9a:98:97:dd:2f:e9:24:45:8a:
                    a7:5e:40:b6:02:6a:9f:8a:d2:0e:4b:22:0a:69:1d:
                    00:30:6f:bb:a5:38:29:8e:43:c2:6e:2e:c6:65:e5:
                    fb:05:f5:78:a2:d5:fd:7a:02:25:df:fe:3b:31:6d:
                    d2:35:28:a4:da:4a:04:c2:cd:fe:c4:83:a1:5f:39:
                    8b:06:43:b0:66:ff:6f:41:a8:9d:e3:7b:c5:76:8d:
                    7c:ad:de:9c:ee:06:2a:5f:c6:d9:31:d6:05:dc:c4:
                    6e:a5:18:3e:b8:5b:d2:3c:dd:3b:4a:e4:c1:05:2d:
                    2b:fa:dc:c4:8f:52:83:28:23:4f:3b:97:f9:0a:83:
                    de:f3:6d:9a:dd:a6:d1:8d:4f:9f:67:ab:fb:78:62:
                    4f:18:1e:c7:b1:df:81:63:18:98:84:e4:5e:e7:3c:
                    6a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:9A:30:16:06:F8:20:21:A9:DD:67:E1:EE:31:E7:50:B2:54:D8:CD
            X509v3 Authority Key Identifier:
                keyid:60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/CJowFgb4ICGp3Wfh7jHnULJU2M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:9a:ac:35:ce:1e:44:20:73:eb:1c:af:93:03:2c:bd:6e:ac:
         5a:cb:39:21:c5:eb:9e:a2:46:a4:10:f2:cc:1e:ae:b1:e3:8d:
         92:b9:cc:fb:ba:53:77:b9:02:99:50:e4:b9:ff:a4:7e:9c:b7:
         5e:43:b0:8f:5c:aa:32:75:81:03:1a:b9:d3:32:d5:1b:64:ca:
         bc:6e:ac:4b:0d:73:79:7e:d6:d5:56:d8:12:e3:a2:1e:56:40:
         bd:51:a5:44:1b:16:74:4c:20:ee:a7:d0:e8:da:9b:09:9f:37:
         c0:bb:04:64:02:18:2c:23:9a:f4:ac:a1:3b:72:ac:d7:82:a6:
         2d:fa:7f:8c:4c:13:74:80:74:0b:bf:5b:98:39:7d:cd:d9:5d:
         80:e2:b8:e7:30:f6:18:94:d7:bd:c3:89:31:b1:5e:a6:b5:0a:
         f1:5d:6c:f0:24:40:ca:35:24:c9:cb:fa:c8:aa:d1:61:f8:a2:
         e9:80:9d:26:82:1a:28:34:82:d3:fd:dd:e0:8f:17:bf:05:b9:
         ea:f0:f4:a1:32:62:ec:14:75:27:09:98:06:0f:80:08:f7:8f:
         7a:70:e3:e8:e9:04:da:81:74:4e:b2:83:69:dc:c7:b1:3e:02:
         c6:54:88:13:e4:ed:9c:d5:bd:24:3a:1f:5d:9f:23:9c:22:13:
         4e:ae:d4:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0A1Fi7st1xFhTRVmz+KxREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzQ0ZGZmNzE4Nzk4NjNlYTcxNDQyMDIzYjdmMzU0ZGMz
ZGFkN2MwHhcNMjYwMzE4MTIwMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODlhMzAxNjA2ZjgyMDIxYTlkZDY3ZTFlZTMxZTc1MGIyNTRkOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtG2681jtVRXhDchxrhyr/3Co8cFV
zJq+YaCh0dx7s6713PNTOBgLo8OnaSYzBZz1WQYZb1qJcueP6pewpX6LuZOrp9vv
wFmyrjqR/ZipOnZ5rMZVLgEDORtGM77n9LqamJfdL+kkRYqnXkC2AmqfitIOSyIK
aR0AMG+7pTgpjkPCbi7GZeX7BfV4otX9egIl3/47MW3SNSik2koEws3+xIOhXzmL
BkOwZv9vQaid43vFdo18rd6c7gYqX8bZMdYF3MRupRg+uFvSPN07SuTBBS0r+tzE
j1KDKCNPO5f5CoPe822a3abRjU+fZ6v7eGJPGB7Hsd+BYxiYhORe5zxqwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiaMBYG+CAhqd1n4e4x51CyVNjNMB8GA1UdIwQY
MBaAFGDETf9xh5hj6nFEICO381TcPa18MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWIt
YjJkNzM2Nzg3MjdiLzEvQ0pvd0ZnYjRJQ0dwM1dmaDdqSG5VTEpVMk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWItYjJkNzM2Nzg3Mjdi
LzEvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVi4MA0G
CSqGSIb3DQEBCwUAA4IBAQCsmqw1zh5EIHPrHK+TAyy9bqxayzkhxeueokakEPLM
Hq6x442Sucz7ulN3uQKZUOS5/6R+nLdeQ7CPXKoydYEDGrnTMtUbZMq8bqxLDXN5
ftbVVtgS46IeVkC9UaVEGxZ0TCDup9Do2psJnzfAuwRkAhgsI5r0rKE7cqzXgqYt
+n+MTBN0gHQLv1uYOX3N2V2A4rjnMPYYlNe9w4kxsV6mtQrxXWzwJEDKNSTJy/rI
qtFh+KLpgJ0mghooNILT/d3gjxe/Bbnq8PShMmLsFHUnCZgGD4AI9496cOPo6QTa
gXROsoNp3MexPgLGVIgT5O2c1b0kOh9dnyOcIhNOrtQp
-----END CERTIFICATE-----