Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/u3HrLTERJi2B9n5xQ0BiK-cRiWU.roa
File:                     u3HrLTERJi2B9n5xQ0BiK-cRiWU.roa (raw, json)
Hash identifier:          VW52fyk1URQcXo8jkObs2fsXbuZN/DcsMh4JuWlfK+A=
Subject key identifier:   BB:71:EB:2D:31:11:26:2D:81:F6:7E:71:43:40:62:2B:E7:11:89:65
Certificate issuer:       /CN=0cc81d074357de5d32f8a65cd9ee7a585bf3ec6f
Certificate serial:       019CF6FBE7632C9CCB1F99D5F28C2CE27493
Authority key identifier: 0C:C8:1D:07:43:57:DE:5D:32:F8:A6:5C:D9:EE:7A:58:5B:F3:EC:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DMgdB0NX3l0y-KZc2e56WFvz7G8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/u3HrLTERJi2B9n5xQ0BiK-cRiWU.roa
Signing time:             Mon 16 Mar 2026 14:10:29 +0000
ROA not before:           Mon 16 Mar 2026 14:10:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.218.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/DMgdB0NX3l0y-KZc2e56WFvz7G8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/DMgdB0NX3l0y-KZc2e56WFvz7G8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DMgdB0NX3l0y-KZc2e56WFvz7G8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:fb:e7:63:2c:9c:cb:1f:99:d5:f2:8c:2c:e2:74:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cc81d074357de5d32f8a65cd9ee7a585bf3ec6f
        Validity
            Not Before: Mar 16 14:10:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb71eb2d3111262d81f67e714340622be7118965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7f:f2:82:a4:3f:9d:70:dc:41:5a:4b:5c:38:
                    44:9f:09:3b:57:84:e2:9c:6f:be:41:b6:09:af:7e:
                    30:bd:ef:8d:91:c9:5d:88:7f:6c:5c:b7:f7:78:cb:
                    f2:a5:ef:47:51:c8:16:96:5d:18:8a:df:c0:36:a9:
                    45:24:3e:26:f2:b8:90:69:3c:2a:ee:16:2a:a8:47:
                    a9:83:8f:79:90:41:74:e2:e3:0c:90:36:39:00:00:
                    32:40:b0:89:0c:15:b2:28:8e:e4:59:24:45:0d:85:
                    b3:07:3d:0a:32:7e:f5:1a:1a:93:55:f0:fc:3a:5f:
                    c5:1c:df:c0:41:8d:26:3a:10:47:e3:87:0b:58:21:
                    2f:ff:56:1e:60:c9:96:9a:af:06:52:28:22:b0:86:
                    38:4b:ab:4a:a8:8d:94:d0:8b:79:6c:90:80:c4:98:
                    f8:0c:c2:82:7e:81:e6:1d:cb:82:3b:18:94:88:0e:
                    22:3b:82:2f:09:dc:9f:41:2e:25:12:28:80:44:0e:
                    74:45:86:d2:b4:e8:97:92:74:55:35:81:b0:20:60:
                    63:22:fd:b6:02:67:aa:14:9f:6c:65:96:1a:7e:3f:
                    96:d5:62:f0:97:2a:8e:ed:2c:11:38:09:ef:ae:bb:
                    37:07:d6:e9:de:21:40:6c:e5:73:c0:be:c0:64:f3:
                    52:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:71:EB:2D:31:11:26:2D:81:F6:7E:71:43:40:62:2B:E7:11:89:65
            X509v3 Authority Key Identifier:
                keyid:0C:C8:1D:07:43:57:DE:5D:32:F8:A6:5C:D9:EE:7A:58:5B:F3:EC:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DMgdB0NX3l0y-KZc2e56WFvz7G8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/u3HrLTERJi2B9n5xQ0BiK-cRiWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/DMgdB0NX3l0y-KZc2e56WFvz7G8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:f2:25:21:12:80:9a:b1:ce:9f:00:b9:cd:ac:e6:3e:bf:c5:
         fa:a0:e9:a9:5d:f6:1d:a4:a1:70:87:41:7f:c1:e8:61:20:fc:
         0c:11:3a:5e:41:50:f4:1e:91:f0:61:a7:b4:91:42:69:2f:e9:
         24:15:67:6c:fb:9f:a2:2e:7c:47:c2:d9:39:84:dc:8e:86:ec:
         e7:4d:5f:f5:8a:4a:d5:a5:89:c2:4b:b5:99:62:56:79:4b:ae:
         c7:c3:e7:e4:a9:de:9f:53:9d:ad:dd:f4:ba:c5:56:70:4f:43:
         eb:b0:11:fa:08:78:8d:6c:88:c1:47:46:5c:a4:5e:f2:63:d1:
         eb:14:4d:97:9e:5d:d8:12:ee:ea:1f:1e:6d:0f:d3:21:f7:8b:
         0d:85:53:72:52:dc:96:fd:4d:59:d8:23:57:c4:1f:9e:9a:f2:
         3e:b1:a1:b5:71:8e:42:a4:4b:c8:1f:b0:12:87:c9:3e:a0:ef:
         93:55:cc:ed:72:3c:43:b6:ed:47:9a:c9:40:4c:ce:86:bf:56:
         20:e6:2e:35:26:7d:f0:61:3e:ea:36:d9:51:52:32:2e:5e:c1:
         6d:cc:77:65:3b:44:f7:56:09:6d:1d:6e:41:40:db:d9:f9:57:
         82:cc:fc:92:7a:44:62:64:04:c9:d7:b2:63:02:02:51:49:11:
         87:fd:26:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz2++djLJzLH5nV8ows4nSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYzgxZDA3NDM1N2RlNWQzMmY4YTY1Y2Q5ZWU3YTU4NWJm
M2VjNmYwHhcNMjYwMzE2MTQxMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjcxZWIyZDMxMTEyNjJkODFmNjdlNzE0MzQwNjIyYmU3MTE4OTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtX/ygqQ/nXDcQVpLXDhEnwk7V4Ti
nG++QbYJr34wve+NkcldiH9sXLf3eMvype9HUcgWll0Yit/ANqlFJD4m8riQaTwq
7hYqqEepg495kEF04uMMkDY5AAAyQLCJDBWyKI7kWSRFDYWzBz0KMn71GhqTVfD8
Ol/FHN/AQY0mOhBH44cLWCEv/1YeYMmWmq8GUigisIY4S6tKqI2U0It5bJCAxJj4
DMKCfoHmHcuCOxiUiA4iO4IvCdyfQS4lEiiARA50RYbStOiXknRVNYGwIGBjIv22
AmeqFJ9sZZYafj+W1WLwlyqO7SwROAnvrrs3B9bp3iFAbOVzwL7AZPNSqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtx6y0xESYtgfZ+cUNAYivnEYllMB8GA1UdIwQY
MBaAFAzIHQdDV95dMvimXNnuelhb8+xvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE1nZEIwTlgzbDB5LUtaYzJlNTZXRnZ6N0c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9iMmQ2MDQtZGRmYi00ZWZmLWI0OWEt
ZGY1Y2U1NmU3YjRiLzEvdTNIckxURVJKaTJCOW41eFEwQmlLLWNSaVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9iMmQ2MDQtZGRmYi00ZWZmLWI0OWEtZGY1Y2U1NmU3YjRi
LzEvRE1nZEIwTlgzbDB5LUtaYzJlNTZXRnZ6N0c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudoaMA0G
CSqGSIb3DQEBCwUAA4IBAQA28iUhEoCasc6fALnNrOY+v8X6oOmpXfYdpKFwh0F/
wehhIPwMETpeQVD0HpHwYae0kUJpL+kkFWds+5+iLnxHwtk5hNyOhuznTV/1ikrV
pYnCS7WZYlZ5S67Hw+fkqd6fU52t3fS6xVZwT0PrsBH6CHiNbIjBR0ZcpF7yY9Hr
FE2Xnl3YEu7qHx5tD9Mh94sNhVNyUtyW/U1Z2CNXxB+emvI+saG1cY5CpEvIH7AS
h8k+oO+TVcztcjxDtu1HmslATM6Gv1Yg5i41Jn3wYT7qNtlRUjIuXsFtzHdlO0T3
VgltHW5BQNvZ+VeCzPySekRiZATJ17JjAgJRSRGH/SZG
-----END CERTIFICATE-----