Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/bP8QNxBQn0Bs2-Xfh-xasmS6LHk.roa
File:                     bP8QNxBQn0Bs2-Xfh-xasmS6LHk.roa (raw, json)
Hash identifier:          q+uzlbwPJbxOafdkuBf0forZDV06McFldCHvCFhOu8A=
Subject key identifier:   6C:FF:10:37:10:50:9F:40:6C:DB:E5:DF:87:EC:5A:B2:64:BA:2C:79
Certificate issuer:       /CN=12694f6945a21d08d30192cfc1a6b780de728e3b
Certificate serial:       019D0104DEAB55EDC2B12660DDFB29463F04
Authority key identifier: 12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/bP8QNxBQn0Bs2-Xfh-xasmS6LHk.roa
Signing time:             Wed 18 Mar 2026 12:56:29 +0000
ROA not before:           Wed 18 Mar 2026 12:56:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50192
IP address blocks:        185.75.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:04:de:ab:55:ed:c2:b1:26:60:dd:fb:29:46:3f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12694f6945a21d08d30192cfc1a6b780de728e3b
        Validity
            Not Before: Mar 18 12:56:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6cff103710509f406cdbe5df87ec5ab264ba2c79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4b:89:9c:9d:cf:71:a7:2e:52:af:c6:30:91:
                    fb:a7:ea:93:0d:87:17:11:d5:4f:ec:9e:7d:70:5e:
                    8d:bb:1d:ed:5c:64:55:76:97:ac:14:66:f5:a5:5e:
                    a2:a2:39:e9:35:9d:60:1f:6b:e7:ca:63:58:5a:74:
                    7c:ca:18:d3:7f:a2:71:79:63:0a:57:bb:34:a7:b8:
                    7d:76:46:cf:3a:b1:6a:e1:87:ea:be:4d:dd:15:ce:
                    64:70:69:9c:23:56:cb:55:8f:02:f6:a8:2c:25:fd:
                    63:f6:f3:a0:ad:b2:9d:3e:b4:2a:e6:34:2f:dc:9c:
                    8d:e9:af:f4:d0:bf:b9:79:fc:a1:77:6e:9f:d4:74:
                    da:b2:f2:58:da:e8:55:e8:9e:55:65:bf:0e:28:bb:
                    37:aa:65:b3:a2:4d:64:85:3d:b5:b0:fe:68:35:27:
                    d9:6c:af:34:5a:6f:25:2b:7d:75:43:38:64:ff:05:
                    40:85:bb:c6:ac:6a:f4:b6:45:a6:1c:e5:e5:d2:80:
                    1d:45:fa:23:13:e4:f3:d0:76:67:bf:2b:ea:7c:34:
                    ee:59:20:72:1f:58:fb:8a:56:b2:1d:f6:6c:91:53:
                    2b:c8:a4:90:1b:a5:f8:b7:ce:82:6f:2c:dd:19:94:
                    73:a2:fc:f2:9e:5d:f9:9c:01:df:45:38:a9:2c:6e:
                    23:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:FF:10:37:10:50:9F:40:6C:DB:E5:DF:87:EC:5A:B2:64:BA:2C:79
            X509v3 Authority Key Identifier:
                keyid:12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/bP8QNxBQn0Bs2-Xfh-xasmS6LHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:50:68:6d:b7:f1:5a:c5:5c:dc:5a:e0:7f:e9:c0:3e:a6:93:
         59:ce:25:67:0b:c3:99:49:24:5c:0a:5d:8c:cf:65:58:9f:ff:
         36:c1:3a:e4:d2:26:72:3a:3d:cb:cd:a9:94:22:04:8b:ad:55:
         c1:e1:40:43:ca:79:d5:50:9a:20:53:e1:e4:42:9f:c7:2e:5f:
         3d:8d:8e:1f:85:d5:45:5c:62:8a:e2:e0:91:80:97:3b:de:31:
         6a:71:27:7d:f4:df:b0:8a:93:15:75:b5:1b:1a:97:25:4c:c7:
         e7:13:91:95:23:24:9e:fe:90:3c:e9:3a:a6:6c:ab:fa:3e:4f:
         40:a8:ab:92:8c:ca:16:43:d4:17:8e:31:4f:1f:38:2a:7b:57:
         f3:fc:26:c4:93:b2:80:a3:0e:8b:1b:61:31:b4:b4:31:52:95:
         c0:dc:9a:4e:b0:be:9e:b4:3e:17:80:a1:d0:c7:21:ea:dd:9b:
         7e:d8:3e:11:af:67:cd:c3:e0:c9:bb:aa:fe:7f:f1:68:99:35:
         2f:1c:9c:de:31:af:55:11:0b:45:99:ce:f0:2b:0e:0a:c7:32:
         f2:31:4e:87:c5:35:80:a0:62:43:62:d4:cc:44:6d:f9:ce:da:
         9c:ed:52:5a:98:21:ed:ed:38:3a:55:91:a6:0f:65:a4:b4:a9:
         3a:dd:7b:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0BBN6rVe3CsSZg3fspRj8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNjk0ZjY5NDVhMjFkMDhkMzAxOTJjZmMxYTZiNzgwZGU3
MjhlM2IwHhcNMjYwMzE4MTI1NjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ZmMTAzNzEwNTA5ZjQwNmNkYmU1ZGY4N2VjNWFiMjY0YmEyYzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikuJnJ3PcacuUq/GMJH7p+qTDYcX
EdVP7J59cF6Nux3tXGRVdpesFGb1pV6iojnpNZ1gH2vnymNYWnR8yhjTf6JxeWMK
V7s0p7h9dkbPOrFq4Yfqvk3dFc5kcGmcI1bLVY8C9qgsJf1j9vOgrbKdPrQq5jQv
3JyN6a/00L+5efyhd26f1HTasvJY2uhV6J5VZb8OKLs3qmWzok1khT21sP5oNSfZ
bK80Wm8lK311Qzhk/wVAhbvGrGr0tkWmHOXl0oAdRfojE+Tz0HZnvyvqfDTuWSBy
H1j7ilayHfZskVMryKSQG6X4t86CbyzdGZRzovzynl35nAHfRTipLG4jPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGz/EDcQUJ9AbNvl34fsWrJkuix5MB8GA1UdIwQY
MBaAFBJpT2lFoh0I0wGSz8Gmt4Deco47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDkt
NjU5OGI0Y2ViMDY5LzEvYlA4UU54QlFuMEJzMi1YZmgteGFzbVM2TEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDktNjU5OGI0Y2ViMDY5
LzEvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUs0MA0G
CSqGSIb3DQEBCwUAA4IBAQA/UGhtt/FaxVzcWuB/6cA+ppNZziVnC8OZSSRcCl2M
z2VYn/82wTrk0iZyOj3LzamUIgSLrVXB4UBDynnVUJogU+HkQp/HLl89jY4fhdVF
XGKK4uCRgJc73jFqcSd99N+wipMVdbUbGpclTMfnE5GVIySe/pA86TqmbKv6Pk9A
qKuSjMoWQ9QXjjFPHzgqe1fz/CbEk7KAow6LG2ExtLQxUpXA3JpOsL6etD4XgKHQ
xyHq3Zt+2D4Rr2fNw+DJu6r+f/FomTUvHJzeMa9VEQtFmc7wKw4KxzLyMU6HxTWA
oGJDYtTMRG35ztqc7VJamCHt7Tg6VZGmD2WktKk63XsE
-----END CERTIFICATE-----