Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Au6ztzaYOL8tiA06L7XgEOvNL7w.roa
File:                     Au6ztzaYOL8tiA06L7XgEOvNL7w.roa (raw, json)
Hash identifier:          2gixSAvahjHMVkdyFo4/SHHkZ2SyI5tRyn1jTT+SjAw=
Subject key identifier:   02:EE:B3:B7:36:98:38:BF:2D:88:0D:3A:2F:B5:E0:10:EB:CD:2F:BC
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019D0D858E88B7683241E14DDD8BDCD697D9
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Au6ztzaYOL8tiA06L7XgEOvNL7w.roa
Signing time:             Fri 20 Mar 2026 23:12:29 +0000
ROA not before:           Fri 20 Mar 2026 23:12:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        185.208.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 20:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0d:85:8e:88:b7:68:32:41:e1:4d:dd:8b:dc:d6:97:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Mar 20 23:12:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02eeb3b7369838bf2d880d3a2fb5e010ebcd2fbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b7:fa:94:0b:30:a6:c6:ff:e4:3a:4c:43:ae:
                    88:a1:47:f1:ba:dd:3a:99:46:71:a9:8b:04:09:df:
                    b1:a7:66:a1:fd:99:a2:9d:83:15:77:09:c8:bf:1f:
                    ef:cf:fa:d9:4f:11:84:d5:2d:d6:d1:a4:ef:33:04:
                    a3:00:f1:b3:64:d7:56:c2:f1:0e:8e:c4:a2:a1:eb:
                    a3:d7:97:fb:80:70:fc:66:8e:fb:ba:9e:85:23:a4:
                    cc:3b:72:b1:51:30:81:e3:73:d0:d0:65:2d:a3:44:
                    3f:e7:bc:38:71:e6:ae:7a:fb:6a:eb:c7:91:6c:66:
                    10:80:61:5f:64:1c:d6:8c:95:3e:df:09:9a:b7:b8:
                    18:10:00:ae:91:19:79:2a:c9:66:28:02:43:f7:5b:
                    a6:78:e3:9a:60:5b:7d:62:39:1c:7d:93:04:fb:50:
                    b9:4a:23:a4:ae:d9:1a:2e:6f:85:b9:be:4e:9c:27:
                    0c:b8:ee:4f:db:04:3a:fc:37:dd:2e:f9:4d:15:6d:
                    42:d1:de:f5:19:3b:ae:c7:ec:e9:5d:1e:a9:2d:fd:
                    2c:cb:0a:b0:e7:91:bf:b0:c0:eb:1c:88:11:e5:22:
                    d7:76:7b:38:3b:5c:d9:ba:0e:8a:5b:69:b1:c8:7b:
                    8c:c0:10:a7:7a:23:48:16:d2:f5:97:8a:56:6e:26:
                    78:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:EE:B3:B7:36:98:38:BF:2D:88:0D:3A:2F:B5:E0:10:EB:CD:2F:BC
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Au6ztzaYOL8tiA06L7XgEOvNL7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:fe:0a:5b:6d:0e:48:9e:6e:20:a6:a7:6c:ca:82:3e:92:83:
         49:cc:b6:45:95:98:77:67:ac:35:58:db:e8:bc:a5:ee:57:80:
         14:b6:04:b9:e1:a8:68:f8:65:3f:4c:4e:af:7f:e2:68:42:90:
         6a:56:c6:fe:2a:4b:d1:76:91:cf:6b:61:75:1a:46:04:38:80:
         45:a2:aa:20:f8:d8:ee:4c:9c:5c:da:82:18:a2:b0:50:87:d7:
         30:b2:7c:c1:c1:7d:c2:7d:4c:e9:16:a3:7e:ac:df:85:0a:16:
         2e:7a:75:86:94:48:b5:f9:b1:5b:2e:33:8f:35:32:bd:a9:d6:
         e9:c4:be:42:ed:d5:07:7a:a9:85:f0:83:63:3e:fb:d6:4c:67:
         bc:39:53:23:eb:83:4d:b2:2e:3c:99:b9:ae:15:41:91:bf:0f:
         73:6c:65:06:94:2a:5a:4e:09:d2:87:cb:86:d3:22:f4:b0:9a:
         8a:c8:89:e4:60:f7:c0:d5:b6:ff:70:ce:e3:e7:0f:ad:18:75:
         8a:6a:56:d4:af:73:2d:b6:0a:f3:49:98:d1:ae:28:6d:d6:c3:
         f4:34:af:9f:0e:c0:58:3b:6c:b2:2a:cf:e8:42:bb:7d:60:ed:
         fd:f7:ba:d3:ba:6f:af:e9:8d:06:99:e0:9d:9b:4e:b5:42:38:
         df:e2:01:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0NhY6It2gyQeFN3Yvc1pfZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMzIwMjMxMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmVlYjNiNzM2OTgzOGJmMmQ4ODBkM2EyZmI1ZTAxMGViY2QyZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLf6lAswpsb/5DpMQ66IoUfxut06
mUZxqYsECd+xp2ah/ZminYMVdwnIvx/vz/rZTxGE1S3W0aTvMwSjAPGzZNdWwvEO
jsSioeuj15f7gHD8Zo77up6FI6TMO3KxUTCB43PQ0GUto0Q/57w4ceauevtq68eR
bGYQgGFfZBzWjJU+3wmat7gYEACukRl5KslmKAJD91umeOOaYFt9YjkcfZME+1C5
SiOkrtkaLm+Fub5OnCcMuO5P2wQ6/DfdLvlNFW1C0d71GTuux+zpXR6pLf0sywqw
55G/sMDrHIgR5SLXdns4O1zZug6KW2mxyHuMwBCneiNIFtL1l4pWbiZ4SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALus7c2mDi/LYgNOi+14BDrzS+8MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvQXU2enR6YVlPTDh0aUEwNkw3WGdFT3ZOTDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudCbMA0G
CSqGSIb3DQEBCwUAA4IBAQBw/gpbbQ5Inm4gpqdsyoI+koNJzLZFlZh3Z6w1WNvo
vKXuV4AUtgS54aho+GU/TE6vf+JoQpBqVsb+KkvRdpHPa2F1GkYEOIBFoqog+Nju
TJxc2oIYorBQh9cwsnzBwX3CfUzpFqN+rN+FChYuenWGlEi1+bFbLjOPNTK9qdbp
xL5C7dUHeqmF8INjPvvWTGe8OVMj64NNsi48mbmuFUGRvw9zbGUGlCpaTgnSh8uG
0yL0sJqKyInkYPfA1bb/cM7j5w+tGHWKalbUr3MttgrzSZjRriht1sP0NK+fDsBY
O2yyKs/oQrt9YO3997rTum+v6Y0GmeCdm061Qjjf4gGJ
-----END CERTIFICATE-----