Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ay4Z643jFO2mXZtI438Yp4KIFNo.roa
File:                     ay4Z643jFO2mXZtI438Yp4KIFNo.roa (raw, json)
Hash identifier:          mZvfUKF3er22izAhGMU3SbYTv8YDIEVR+Vg+ezjxGsw=
Subject key identifier:   6B:2E:19:EB:8D:E3:14:ED:A6:5D:9B:48:E3:7F:18:A7:82:88:14:DA
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019CF556C3BD015F37B9D819C99A14DD8D6A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ay4Z643jFO2mXZtI438Yp4KIFNo.roa
Signing time:             Mon 16 Mar 2026 06:30:30 +0000
ROA not before:           Mon 16 Mar 2026 06:30:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401857
IP address blocks:        84.245.23.0/24 maxlen: 24
                          185.227.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:56:c3:bd:01:5f:37:b9:d8:19:c9:9a:14:dd:8d:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 16 06:30:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b2e19eb8de314eda65d9b48e37f18a7828814da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:34:af:24:8d:1d:9e:e2:8c:10:f2:85:c1:50:
                    d2:19:30:82:d5:ad:c5:5e:81:36:72:23:59:04:c7:
                    bd:76:07:a4:bd:3d:3c:fc:fc:dc:50:4d:14:a5:ff:
                    44:ca:85:b4:df:13:88:92:ac:03:6f:92:0d:b8:89:
                    3c:73:b2:94:de:d5:d3:a6:6f:63:a9:fa:52:98:34:
                    69:ca:51:ab:48:5c:97:d8:d5:8e:41:50:d1:f2:c2:
                    c2:2a:7b:6a:c0:f5:6a:54:75:96:51:2a:a9:8e:ef:
                    8b:20:3c:0b:95:31:c5:6e:e6:65:03:1d:3b:00:9d:
                    97:63:a8:ce:21:eb:6a:b1:77:cb:73:8f:4a:82:a4:
                    ac:bc:db:94:0a:2a:fa:2b:d1:7d:d0:93:d1:2f:58:
                    11:27:60:1d:d0:20:ae:5d:c4:ad:7d:1f:46:92:1f:
                    e2:05:6d:15:8c:dc:1f:4d:b6:58:3d:68:39:62:b0:
                    17:6f:29:cc:f3:c6:04:80:6a:48:e6:17:44:ca:ea:
                    75:ec:1f:23:b3:ed:91:d3:26:58:0a:28:37:1e:51:
                    35:a3:13:49:41:48:47:cf:13:27:8c:1c:ab:a8:15:
                    a8:bb:52:b5:54:c5:39:8c:ec:bf:29:28:f3:04:35:
                    2c:86:94:6d:5c:55:28:cd:2d:9a:cc:a4:b1:e6:5f:
                    cc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:2E:19:EB:8D:E3:14:ED:A6:5D:9B:48:E3:7F:18:A7:82:88:14:DA
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ay4Z643jFO2mXZtI438Yp4KIFNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.245.23.0/24
                  185.227.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:84:dc:9a:3c:25:60:1c:ab:4d:d2:69:39:21:2e:53:fb:39:
         e7:71:fb:07:d4:82:cc:e1:b2:7c:fe:93:24:b1:82:e7:74:6b:
         6c:6a:48:2c:e5:22:de:3e:47:2c:f8:68:49:bb:df:f3:87:4f:
         22:8e:0b:19:c1:32:f2:4e:1f:68:e4:0f:38:d0:2a:9d:40:5c:
         e9:1a:fd:6d:28:6a:45:d8:7d:e2:e8:c6:dc:bd:9e:a4:1e:e4:
         b3:47:1f:4f:52:58:00:36:29:1e:c0:8e:dc:5f:9b:f6:b7:4b:
         68:31:aa:52:7d:84:a7:df:bb:c3:66:ae:94:8b:58:dd:c6:9d:
         f3:eb:ca:f0:d0:1b:57:d3:b0:c1:89:15:55:cb:8c:2e:59:35:
         2a:27:95:ad:3c:f9:9c:52:18:0c:78:72:be:1d:0d:61:29:ac:
         67:e2:00:ff:66:e6:e8:ee:cd:0b:b6:3b:63:90:9c:31:01:8d:
         f4:b9:9a:cc:4d:ed:d5:55:55:c4:4f:df:34:bb:8f:bd:8d:a8:
         ba:ac:df:74:23:f3:61:f3:94:54:88:33:99:ca:fe:d3:b5:db:
         21:ce:fe:69:00:76:2c:a6:ca:3a:b8:e3:f2:76:51:cb:b7:ee:
         00:da:98:44:83:ae:fc:fc:26:e6:7d:21:9d:e5:47:6f:67:b0:
         23:24:98:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz1VsO9AV83udgZyZoU3Y1qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMzE2MDYzMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjJlMTllYjhkZTMxNGVkYTY1ZDliNDhlMzdmMThhNzgyODgxNGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zSvJI0dnuKMEPKFwVDSGTCC1a3F
XoE2ciNZBMe9dgekvT08/PzcUE0Upf9EyoW03xOIkqwDb5INuIk8c7KU3tXTpm9j
qfpSmDRpylGrSFyX2NWOQVDR8sLCKntqwPVqVHWWUSqpju+LIDwLlTHFbuZlAx07
AJ2XY6jOIetqsXfLc49KgqSsvNuUCir6K9F90JPRL1gRJ2Ad0CCuXcStfR9Gkh/i
BW0VjNwfTbZYPWg5YrAXbynM88YEgGpI5hdEyup17B8js+2R0yZYCig3HlE1oxNJ
QUhHzxMnjByrqBWou1K1VMU5jOy/KSjzBDUshpRtXFUozS2azKSx5l/MbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGsuGeuN4xTtpl2bSON/GKeCiBTaMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYXk0WjY0M2pGTzJtWFp0STQzOFlwNEtJRk5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPUXAwQA
ueNLMA0GCSqGSIb3DQEBCwUAA4IBAQAEhNyaPCVgHKtN0mk5IS5T+znncfsH1ILM
4bJ8/pMksYLndGtsakgs5SLePkcs+GhJu9/zh08ijgsZwTLyTh9o5A840CqdQFzp
Gv1tKGpF2H3i6MbcvZ6kHuSzRx9PUlgANikewI7cX5v2t0toMapSfYSn37vDZq6U
i1jdxp3z68rw0BtX07DBiRVVy4wuWTUqJ5WtPPmcUhgMeHK+HQ1hKaxn4gD/Zubo
7s0LtjtjkJwxAY30uZrMTe3VVVXET980u4+9jai6rN90I/Nh85RUiDOZyv7Ttdsh
zv5pAHYspso6uOPydlHLt+4A2phEg678/CbmfSGd5UdvZ7AjJJiT
-----END CERTIFICATE-----