Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/vz8HwWs32wz7LdSPq6eo_tOp0to.roa
File:                     vz8HwWs32wz7LdSPq6eo_tOp0to.roa (raw, json)
Hash identifier:          6psAckPnQ9/EqCFp17rxTfMjqVmehqU3pMQvhEu8MeM=
Subject key identifier:   BF:3F:07:C1:6B:37:DB:0C:FB:2D:D4:8F:AB:A7:A8:FE:D3:A9:D2:DA
Certificate issuer:       /CN=a6785773df313b91711bf6bc5b149ecc246b9e89
Certificate serial:       019DF1DD8D6E586DFFC7398F24B43B31CBEB
Authority key identifier: A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/vz8HwWs32wz7LdSPq6eo_tOp0to.roa
Signing time:             Mon 04 May 2026 07:22:01 +0000
ROA not before:           Mon 04 May 2026 07:22:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208570
IP address blocks:        185.239.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f1:dd:8d:6e:58:6d:ff:c7:39:8f:24:b4:3b:31:cb:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6785773df313b91711bf6bc5b149ecc246b9e89
        Validity
            Not Before: May  4 07:22:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf3f07c16b37db0cfb2dd48faba7a8fed3a9d2da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c0:43:ca:34:55:28:e4:e3:b2:c9:9f:79:4d:
                    5b:18:86:0f:89:34:68:ec:9a:c2:20:e9:51:1d:02:
                    41:76:b3:af:7d:9c:44:41:0c:01:b9:85:48:5f:75:
                    fe:51:be:0f:a3:5b:ec:74:16:d1:c4:e4:59:c6:fe:
                    2a:8c:49:b1:d0:9f:e5:69:cb:cd:60:2b:fa:c1:23:
                    9c:36:d1:7d:ae:14:08:3a:11:76:3a:b7:72:0a:93:
                    dc:ee:6a:48:f8:9b:03:59:0c:ec:f3:7f:68:03:89:
                    35:3c:83:d1:cd:cf:1d:f7:f3:7d:f2:73:2a:1f:4e:
                    4e:e3:0b:76:67:d5:7c:79:25:a2:5a:f8:32:6d:06:
                    45:e4:e7:86:a9:61:5c:6f:6e:34:a3:89:d7:6a:73:
                    85:0f:54:f8:41:5e:33:79:c3:d4:a6:5f:bb:87:46:
                    70:9e:fb:2a:ba:3c:35:d0:82:65:08:f8:9d:9d:f2:
                    b7:c9:fe:74:87:fa:61:95:72:63:d7:a4:88:ad:d0:
                    48:a4:09:4d:30:69:46:85:51:90:23:2d:c7:7b:46:
                    38:af:af:f6:99:61:b8:05:1e:49:92:36:e6:66:35:
                    6b:64:a0:60:b3:5b:a4:2a:a0:e2:f7:e0:60:08:a9:
                    33:30:75:6c:97:c5:2f:d4:2f:b0:89:ae:4d:58:80:
                    d9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:3F:07:C1:6B:37:DB:0C:FB:2D:D4:8F:AB:A7:A8:FE:D3:A9:D2:DA
            X509v3 Authority Key Identifier:
                keyid:A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/vz8HwWs32wz7LdSPq6eo_tOp0to.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:99:2b:52:ca:28:e8:82:76:3b:33:9b:f4:90:09:73:65:ad:
         cd:4d:6a:c7:3c:6f:62:42:43:a7:9b:09:38:29:71:03:ef:61:
         5d:92:a6:47:34:ee:05:5c:1c:a9:97:b5:43:bc:4f:05:e2:4a:
         2b:22:3c:f5:12:fb:ba:f6:de:46:1d:ae:37:c4:29:f4:5e:c0:
         dd:06:dd:8a:57:64:f4:5e:05:45:00:d5:60:9c:0d:78:a5:72:
         44:dc:98:4a:6f:81:db:01:c6:67:46:e2:b8:5a:83:b3:54:16:
         5d:9d:13:0c:89:07:88:bd:b8:f2:f9:46:d0:61:38:1f:c1:60:
         2b:5d:7b:a7:df:d8:5e:ca:95:95:c2:61:7a:2a:1f:c8:48:93:
         2d:65:a0:1a:a6:ac:3b:f0:e8:25:28:d0:8d:ec:78:0b:14:3c:
         44:8b:55:0e:7a:82:f2:91:27:9e:34:99:c7:9e:eb:4e:76:4f:
         35:be:8d:73:a0:ba:c4:9b:47:b4:9f:8a:1f:54:cf:8c:93:71:
         52:62:7c:0e:57:6e:cf:5f:99:06:3c:2f:0d:2b:2b:24:8b:16:
         f3:4b:04:02:ab:0e:29:1d:13:25:4b:6d:75:d4:63:8a:0f:9d:
         a1:d1:95:b3:2e:46:ec:8f:72:07:46:9f:d7:b5:00:08:a6:5f:
         38:ac:7f:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3x3Y1uWG3/xzmPJLQ7McvrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Nzg1NzczZGYzMTNiOTE3MTFiZjZiYzViMTQ5ZWNjMjQ2
YjllODkwHhcNMjYwNTA0MDcyMjAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjNmMDdjMTZiMzdkYjBjZmIyZGQ0OGZhYmE3YThmZWQzYTlkMmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsBDyjRVKOTjssmfeU1bGIYPiTRo
7JrCIOlRHQJBdrOvfZxEQQwBuYVIX3X+Ub4Po1vsdBbRxORZxv4qjEmx0J/lacvN
YCv6wSOcNtF9rhQIOhF2OrdyCpPc7mpI+JsDWQzs839oA4k1PIPRzc8d9/N98nMq
H05O4wt2Z9V8eSWiWvgybQZF5OeGqWFcb240o4nXanOFD1T4QV4zecPUpl+7h0Zw
nvsqujw10IJlCPidnfK3yf50h/phlXJj16SIrdBIpAlNMGlGhVGQIy3He0Y4r6/2
mWG4BR5JkjbmZjVrZKBgs1ukKqDi9+BgCKkzMHVsl8Uv1C+wia5NWIDZfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8/B8FrN9sM+y3Uj6unqP7TqdLaMB8GA1UdIwQY
MBaAFKZ4V3PfMTuRcRv2vFsUnswka56JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEt
ZDc1ODY5YzBjNzFlLzEvdno4SHdXczMyd3o3TGRTUHE2ZW9fdE9wMHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEtZDc1ODY5YzBjNzFl
LzEvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+yMA0G
CSqGSIb3DQEBCwUAA4IBAQBhmStSyijognY7M5v0kAlzZa3NTWrHPG9iQkOnmwk4
KXED72FdkqZHNO4FXBypl7VDvE8F4korIjz1Evu69t5GHa43xCn0XsDdBt2KV2T0
XgVFANVgnA14pXJE3JhKb4HbAcZnRuK4WoOzVBZdnRMMiQeIvbjy+UbQYTgfwWAr
XXun39heypWVwmF6Kh/ISJMtZaAapqw78OglKNCN7HgLFDxEi1UOeoLykSeeNJnH
nutOdk81vo1zoLrEm0e0n4ofVM+Mk3FSYnwOV27PX5kGPC8NKyskixbzSwQCqw4p
HRMlS2111GOKD52h0ZWzLkbsj3IHRp/XtQAIpl84rH9w
-----END CERTIFICATE-----