Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/z8azZ7aPyWr_HAcOy7ifQQLJE_U.roa
File:                     z8azZ7aPyWr_HAcOy7ifQQLJE_U.roa (raw, json)
Hash identifier:          uXsbd2ZJ/QbU6YXiL3HcFpz26NxrbKGyM8QwgzLX7Qg=
Subject key identifier:   CF:C6:B3:67:B6:8F:C9:6A:FF:1C:07:0E:CB:B8:9F:41:02:C9:13:F5
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019DF87CA91C46E7D1EFD5D58CBEE5340209
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/z8azZ7aPyWr_HAcOy7ifQQLJE_U.roa
Signing time:             Tue 05 May 2026 14:13:32 +0000
ROA not before:           Tue 05 May 2026 14:13:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197970
IP address blocks:        185.135.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:7c:a9:1c:46:e7:d1:ef:d5:d5:8c:be:e5:34:02:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: May  5 14:13:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfc6b367b68fc96aff1c070ecbb89f4102c913f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:15:d5:48:7f:e0:ce:5a:a0:79:89:90:49:e7:
                    7b:9a:78:4a:16:f0:1c:cb:22:f6:05:d6:b0:8b:f1:
                    0e:51:78:df:64:d2:11:c0:77:31:b9:54:8d:25:7b:
                    8f:ed:79:11:07:58:50:55:b8:fe:b2:f4:a4:db:b3:
                    25:52:e1:a7:a7:c4:b3:2b:3f:fd:9a:4f:b0:dd:9b:
                    0d:dd:32:cd:97:7a:f1:b4:1e:95:5f:16:fd:b4:51:
                    de:a1:45:60:c7:8d:52:b2:62:8b:15:f2:c9:2c:af:
                    01:57:bf:ae:20:5a:e8:a7:84:e3:0e:e4:a0:76:90:
                    7c:44:72:a2:27:75:b8:89:96:00:8a:05:13:31:94:
                    ce:00:5f:ed:d6:11:d3:d5:de:f6:c2:a8:a8:3c:61:
                    d5:8a:92:50:66:c1:85:b2:bf:28:55:7f:9e:49:38:
                    42:31:dd:2a:eb:51:f7:81:a2:53:7e:76:63:85:0b:
                    5a:65:fe:b0:1f:47:1f:39:4e:72:70:27:50:74:79:
                    e3:f8:20:3d:2c:4e:e8:99:83:ed:8e:e3:0b:98:c5:
                    3c:13:d5:a5:75:9f:26:62:10:b4:f3:7f:99:72:0e:
                    3e:bb:cb:6b:d5:8f:05:64:e7:ab:55:b8:33:fe:a4:
                    96:44:c0:93:ec:83:d3:28:fd:b8:fc:46:ff:f0:88:
                    86:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C6:B3:67:B6:8F:C9:6A:FF:1C:07:0E:CB:B8:9F:41:02:C9:13:F5
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/z8azZ7aPyWr_HAcOy7ifQQLJE_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:82:54:0b:04:ad:49:c7:ea:15:d4:30:91:f2:4e:61:2b:2c:
         11:b9:d0:1c:71:77:fe:3f:74:46:36:89:00:48:ab:55:32:22:
         28:65:92:35:38:66:32:3d:2a:2f:b7:a4:c9:0b:4e:b4:ab:c7:
         05:18:34:88:c2:79:eb:16:34:78:75:f8:b4:c2:ca:59:2d:96:
         e9:e8:1b:d2:26:d9:44:0c:a7:c9:3d:99:52:18:9e:75:4f:56:
         19:4b:8a:7b:c6:ab:46:78:5f:9b:2b:f0:a1:fc:fd:ae:e3:38:
         2e:2b:45:05:58:2b:c4:2c:81:5b:bb:71:85:3a:75:0a:09:09:
         3c:d6:31:1b:f0:08:37:3e:4f:ad:80:be:73:f0:d6:00:f3:77:
         0d:fa:c9:d9:73:1a:3d:3d:25:fd:0a:5a:5b:35:e3:20:05:fc:
         c7:da:8a:27:e3:d8:15:82:e3:8a:b8:0c:36:d6:7c:ec:c6:90:
         cb:17:8d:6c:17:8c:23:aa:1d:f4:fb:14:f4:62:05:c4:2e:6d:
         b7:65:6b:39:ee:a1:ba:c1:ef:68:ac:b0:3b:17:6e:58:2e:f6:
         2f:78:be:5b:e1:2d:81:06:5f:1d:51:fe:9a:64:03:39:64:9f:
         0d:13:78:13:d4:63:37:de:a0:b0:16:12:a9:9b:68:00:b2:b7:
         ce:61:76:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34fKkcRufR79XVjL7lNAIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNTA1MTQxMzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmM2YjM2N2I2OGZjOTZhZmYxYzA3MGVjYmI4OWY0MTAyYzkxM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBXVSH/gzlqgeYmQSed7mnhKFvAc
yyL2Bdawi/EOUXjfZNIRwHcxuVSNJXuP7XkRB1hQVbj+svSk27MlUuGnp8SzKz/9
mk+w3ZsN3TLNl3rxtB6VXxb9tFHeoUVgx41SsmKLFfLJLK8BV7+uIFrop4TjDuSg
dpB8RHKiJ3W4iZYAigUTMZTOAF/t1hHT1d72wqioPGHVipJQZsGFsr8oVX+eSThC
Md0q61H3gaJTfnZjhQtaZf6wH0cfOU5ycCdQdHnj+CA9LE7omYPtjuMLmMU8E9Wl
dZ8mYhC083+Zcg4+u8tr1Y8FZOerVbgz/qSWRMCT7IPTKP24/Eb/8IiGiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/Gs2e2j8lq/xwHDsu4n0ECyRP1MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvejhhelo3YVB5V3JfSEFjT3k3aWZRUUxKRV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYeMMA0G
CSqGSIb3DQEBCwUAA4IBAQBXglQLBK1Jx+oV1DCR8k5hKywRudAccXf+P3RGNokA
SKtVMiIoZZI1OGYyPSovt6TJC060q8cFGDSIwnnrFjR4dfi0wspZLZbp6BvSJtlE
DKfJPZlSGJ51T1YZS4p7xqtGeF+bK/Ch/P2u4zguK0UFWCvELIFbu3GFOnUKCQk8
1jEb8Ag3Pk+tgL5z8NYA83cN+snZcxo9PSX9ClpbNeMgBfzH2oon49gVguOKuAw2
1nzsxpDLF41sF4wjqh30+xT0YgXELm23ZWs57qG6we9orLA7F25YLvYveL5b4S2B
Bl8dUf6aZAM5ZJ8NE3gT1GM33qCwFhKpm2gAsrfOYXZp
-----END CERTIFICATE-----