Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/599e76-0180-4022-afb9-fb1722974d03/1/pHEIZFspQTjsjYLm3Qx_BC5u-70.roa
File:                     pHEIZFspQTjsjYLm3Qx_BC5u-70.roa (raw, json)
Hash identifier:          k1BBayDiKn0+v/pWcw45P5PZb9zXUPIRn4LGVR+EvUA=
Subject key identifier:   A4:71:08:64:5B:29:41:38:EC:8D:82:E6:DD:0C:7F:04:2E:6E:FB:BD
Certificate issuer:       /CN=4f398435785b50675cf2e836b144ed384c86cf9d
Certificate serial:       019CE311F59C7B135E994C7DC9D4CA617605
Authority key identifier: 4F:39:84:35:78:5B:50:67:5C:F2:E8:36:B1:44:ED:38:4C:86:CF:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzmENXhbUGdc8ug2sUTtOEyGz50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/599e76-0180-4022-afb9-fb1722974d03/1/pHEIZFspQTjsjYLm3Qx_BC5u-70.roa
Signing time:             Thu 12 Mar 2026 17:22:10 +0000
ROA not before:           Thu 12 Mar 2026 17:22:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206548
IP address blocks:        185.201.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/599e76-0180-4022-afb9-fb1722974d03/1/TzmENXhbUGdc8ug2sUTtOEyGz50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/599e76-0180-4022-afb9-fb1722974d03/1/TzmENXhbUGdc8ug2sUTtOEyGz50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TzmENXhbUGdc8ug2sUTtOEyGz50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 20:56:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e3:11:f5:9c:7b:13:5e:99:4c:7d:c9:d4:ca:61:76:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f398435785b50675cf2e836b144ed384c86cf9d
        Validity
            Not Before: Mar 12 17:22:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a47108645b294138ec8d82e6dd0c7f042e6efbbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:20:c4:ba:4d:db:fe:74:05:a5:01:50:f6:8b:
                    65:a4:f2:ec:8d:54:8c:1f:21:e9:a8:d5:30:ae:5b:
                    57:2a:26:ef:66:fa:ae:e2:3d:9a:4e:91:f1:7b:36:
                    bc:48:37:5e:09:6e:10:40:eb:12:0e:d7:4d:ff:d1:
                    f7:73:56:ca:05:36:93:74:1b:b0:4d:29:7f:ef:ad:
                    58:df:74:72:cc:70:a8:2d:ae:d9:c6:c1:2b:fa:19:
                    8f:bb:9b:9b:93:5e:e7:09:3b:2c:57:99:65:f8:4d:
                    80:38:ab:ac:ca:bd:00:56:63:f1:85:3f:78:f1:90:
                    78:65:f1:ce:1b:a0:13:f6:8c:38:d1:3d:cb:bc:bb:
                    47:92:64:60:1a:73:1b:0b:8a:7e:60:c2:82:5d:cd:
                    68:45:dc:89:42:1a:81:df:7e:73:35:b6:5c:57:34:
                    4a:a7:ca:d8:81:52:39:d8:4e:7a:76:f3:9b:3a:39:
                    fb:85:f4:f6:fa:57:f2:78:73:c9:51:b7:3f:c3:8f:
                    32:4d:bf:fc:5b:56:93:9f:5f:bf:cb:9e:e2:ba:d7:
                    0a:29:7e:b0:61:30:8b:e8:dd:90:34:d8:57:bc:bc:
                    69:7d:c0:1e:b5:73:c6:ea:69:b8:d3:3c:55:e7:2a:
                    05:c3:f5:1a:51:45:02:ed:a4:9c:61:d2:d1:e1:61:
                    a5:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:71:08:64:5B:29:41:38:EC:8D:82:E6:DD:0C:7F:04:2E:6E:FB:BD
            X509v3 Authority Key Identifier:
                keyid:4F:39:84:35:78:5B:50:67:5C:F2:E8:36:B1:44:ED:38:4C:86:CF:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzmENXhbUGdc8ug2sUTtOEyGz50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/599e76-0180-4022-afb9-fb1722974d03/1/pHEIZFspQTjsjYLm3Qx_BC5u-70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/599e76-0180-4022-afb9-fb1722974d03/1/TzmENXhbUGdc8ug2sUTtOEyGz50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:f5:b4:8e:f8:b3:91:28:ef:db:2a:d5:4d:e2:97:1a:f5:c3:
         5e:b7:f0:38:6b:9b:1d:9f:2f:70:de:a8:3a:a6:01:f5:a9:48:
         13:09:be:68:22:e1:f8:3a:5b:81:36:2d:bd:0e:b6:10:9e:ea:
         06:43:18:f2:d4:67:bc:91:8d:cb:f5:84:ff:2f:bd:cf:27:73:
         88:14:2a:76:3a:6a:ff:40:5a:1e:d0:f5:70:ef:bf:ae:a1:a5:
         f2:cd:13:02:39:bf:44:1d:6e:71:e2:48:e8:4d:a4:4d:ba:79:
         f0:e2:84:e6:1b:8a:9f:44:cc:8b:e9:60:31:c9:9f:54:3d:2f:
         44:56:8d:e7:5a:46:6a:52:21:66:58:1f:88:d2:b9:4c:a2:92:
         44:f1:46:2c:4c:55:0b:c5:ed:d0:c7:91:19:2f:9b:42:78:da:
         cb:13:18:81:a1:b8:ae:4a:35:46:64:2d:a8:4e:c3:77:46:92:
         e4:9f:32:0a:fd:09:a0:d8:60:5c:23:f8:f4:1b:83:1f:a8:36:
         de:ac:ca:9e:20:bf:21:0b:ff:86:cf:5f:ac:d4:b9:cd:c2:ff:
         6d:c8:91:71:21:74:1c:c7:e0:ff:2a:3b:0c:1e:39:28:d1:6a:
         77:4e:32:b0:a3:ea:96:c6:76:54:0e:da:e5:d8:a3:ae:52:51:
         74:fa:c4:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzjEfWcexNemUx9ydTKYXYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMzk4NDM1Nzg1YjUwNjc1Y2YyZTgzNmIxNDRlZDM4NGM4
NmNmOWQwHhcNMjYwMzEyMTcyMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDcxMDg2NDViMjk0MTM4ZWM4ZDgyZTZkZDBjN2YwNDJlNmVmYmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCDEuk3b/nQFpQFQ9otlpPLsjVSM
HyHpqNUwrltXKibvZvqu4j2aTpHxeza8SDdeCW4QQOsSDtdN/9H3c1bKBTaTdBuw
TSl/761Y33RyzHCoLa7ZxsEr+hmPu5ubk17nCTssV5ll+E2AOKusyr0AVmPxhT94
8ZB4ZfHOG6AT9ow40T3LvLtHkmRgGnMbC4p+YMKCXc1oRdyJQhqB335zNbZcVzRK
p8rYgVI52E56dvObOjn7hfT2+lfyeHPJUbc/w48yTb/8W1aTn1+/y57iutcKKX6w
YTCL6N2QNNhXvLxpfcAetXPG6mm40zxV5yoFw/UaUUUC7aScYdLR4WGl7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRxCGRbKUE47I2C5t0MfwQubvu9MB8GA1UdIwQY
MBaAFE85hDV4W1BnXPLoNrFE7ThMhs+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHptRU5YaGJVR2RjOHVnMnNVVHRPRXlHejUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi81OTllNzYtMDE4MC00MDIyLWFmYjkt
ZmIxNzIyOTc0ZDAzLzEvcEhFSVpGc3BRVGpzallMbTNReF9CQzV1LTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi81OTllNzYtMDE4MC00MDIyLWFmYjktZmIxNzIyOTc0ZDAz
LzEvVHptRU5YaGJVR2RjOHVnMnNVVHRPRXlHejUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucnoMA0G
CSqGSIb3DQEBCwUAA4IBAQAx9bSO+LORKO/bKtVN4pca9cNet/A4a5sdny9w3qg6
pgH1qUgTCb5oIuH4OluBNi29DrYQnuoGQxjy1Ge8kY3L9YT/L73PJ3OIFCp2Omr/
QFoe0PVw77+uoaXyzRMCOb9EHW5x4kjoTaRNunnw4oTmG4qfRMyL6WAxyZ9UPS9E
Vo3nWkZqUiFmWB+I0rlMopJE8UYsTFULxe3Qx5EZL5tCeNrLExiBobiuSjVGZC2o
TsN3RpLknzIK/Qmg2GBcI/j0G4MfqDberMqeIL8hC/+Gz1+s1LnNwv9tyJFxIXQc
x+D/KjsMHjko0Wp3TjKwo+qWxnZUDtrl2KOuUlF0+sSx
-----END CERTIFICATE-----