Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/92d1fe-93a1-47cb-aec7-20424bba0cd0/1/uU8ossy2p7V8NUr-yE6SGQbVl1A.roa
File:                     uU8ossy2p7V8NUr-yE6SGQbVl1A.roa (raw, json)
Hash identifier:          d8UVhRXFfrSP4F8iKcPdZK8V4ewW5P0RPFn5tLTH2VQ=
Subject key identifier:   B9:4F:28:B2:CC:B6:A7:B5:7C:35:4A:FE:C8:4E:92:19:06:D5:97:50
Certificate issuer:       /CN=b585769868e39c45a5f5124d23256d778f216b01
Certificate serial:       019CE30B8CAE70606EAEDFC0EF0CA809D852
Authority key identifier: B5:85:76:98:68:E3:9C:45:A5:F5:12:4D:23:25:6D:77:8F:21:6B:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tYV2mGjjnEWl9RJNIyVtd48hawE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/92d1fe-93a1-47cb-aec7-20424bba0cd0/1/uU8ossy2p7V8NUr-yE6SGQbVl1A.roa
Signing time:             Thu 12 Mar 2026 17:15:10 +0000
ROA not before:           Thu 12 Mar 2026 17:15:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206548
IP address blocks:        185.178.172.0/22 maxlen: 22
                          2a0a:6580::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/92d1fe-93a1-47cb-aec7-20424bba0cd0/1/tYV2mGjjnEWl9RJNIyVtd48hawE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/92d1fe-93a1-47cb-aec7-20424bba0cd0/1/tYV2mGjjnEWl9RJNIyVtd48hawE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tYV2mGjjnEWl9RJNIyVtd48hawE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e3:0b:8c:ae:70:60:6e:ae:df:c0:ef:0c:a8:09:d8:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b585769868e39c45a5f5124d23256d778f216b01
        Validity
            Not Before: Mar 12 17:15:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b94f28b2ccb6a7b57c354afec84e921906d59750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1b:24:98:c9:b7:66:ce:38:02:88:f1:b6:cc:
                    29:0c:bc:13:fe:a2:ba:c9:22:37:21:cf:07:4f:a7:
                    d8:7a:e8:73:57:9d:30:d7:1c:ae:3b:8c:a7:55:fc:
                    4a:e2:45:09:77:c2:4d:66:82:ca:e0:98:92:de:b3:
                    ff:2e:3a:f2:b3:c3:e1:22:57:42:15:cb:39:20:ff:
                    a7:e0:e2:f4:e7:89:fd:35:1a:18:b8:3f:a9:6b:18:
                    8a:fe:d7:90:30:3b:2b:c2:cb:50:f7:e5:78:2f:6b:
                    44:d2:7f:ee:c5:49:85:a4:c5:29:1c:13:12:c6:9f:
                    c5:7a:fb:56:8a:b3:25:e7:a0:44:93:c7:90:0e:44:
                    98:09:8a:46:2f:0c:bd:b7:22:90:19:8b:91:e5:e5:
                    4a:0f:32:c0:08:fb:21:b5:08:00:c6:1b:f5:22:33:
                    11:8a:f1:32:aa:3d:e3:0f:98:ea:54:47:3a:ef:a9:
                    73:df:98:41:70:86:84:cc:fb:b5:42:fa:56:f0:e1:
                    ef:c0:b3:c6:be:da:79:e7:2a:b7:ad:07:e3:c0:9c:
                    18:01:95:0f:eb:f7:03:f6:fe:1c:0d:98:41:04:ca:
                    f2:b5:df:e7:60:70:a7:56:60:2e:c4:c7:38:c4:b8:
                    a0:8e:78:5a:ab:ca:bc:ad:ff:ed:a0:ad:11:ce:ae:
                    81:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4F:28:B2:CC:B6:A7:B5:7C:35:4A:FE:C8:4E:92:19:06:D5:97:50
            X509v3 Authority Key Identifier:
                keyid:B5:85:76:98:68:E3:9C:45:A5:F5:12:4D:23:25:6D:77:8F:21:6B:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tYV2mGjjnEWl9RJNIyVtd48hawE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/92d1fe-93a1-47cb-aec7-20424bba0cd0/1/uU8ossy2p7V8NUr-yE6SGQbVl1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/92d1fe-93a1-47cb-aec7-20424bba0cd0/1/tYV2mGjjnEWl9RJNIyVtd48hawE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.172.0/22
                IPv6:
                  2a0a:6580::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:d7:5f:b3:ee:62:82:37:f5:62:ca:47:e5:38:23:df:32:e4:
         8a:9d:54:ab:8c:d3:ee:26:02:e9:9f:dd:da:1a:4a:d2:a5:49:
         df:d9:78:54:7f:5c:0c:fd:69:d4:bb:31:49:98:e8:a6:06:d3:
         24:72:20:45:3b:2b:b9:19:27:0d:04:3f:0f:40:36:6f:63:c6:
         1f:61:ea:99:0e:e5:e9:66:db:a5:a7:19:b2:13:c7:be:fd:a8:
         21:2b:7e:42:f0:49:38:8d:b5:01:f9:52:f5:0b:c8:58:ec:86:
         87:d7:b0:a0:e0:ad:ae:a6:55:74:57:af:a6:f2:00:e0:09:9a:
         fd:b3:f8:20:5b:71:0a:61:f5:56:5b:58:65:53:52:e2:5c:46:
         78:70:03:4b:ed:4e:9a:30:29:73:ec:ff:ad:60:ea:9f:1b:1f:
         41:79:c6:a2:41:34:b2:1b:6b:19:b1:98:2e:f0:e7:4f:a3:e3:
         c5:e7:ca:a9:d6:15:46:c5:30:3c:65:b1:8d:5c:a8:ba:26:e5:
         58:4a:dd:15:37:06:d6:b0:f3:f6:7e:76:0b:ef:1c:da:d1:28:
         fe:83:3f:cc:7f:26:1f:af:ee:be:27:c9:c9:21:82:bd:f5:aa:
         56:90:84:98:df:4f:b6:64:13:d6:f1:da:d8:1f:83:d3:de:6d:
         da:3a:7a:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzjC4yucGBurt/A7wyoCdhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ODU3Njk4NjhlMzljNDVhNWY1MTI0ZDIzMjU2ZDc3OGYy
MTZiMDEwHhcNMjYwMzEyMTcxNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTRmMjhiMmNjYjZhN2I1N2MzNTRhZmVjODRlOTIxOTA2ZDU5NzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhskmMm3Zs44AojxtswpDLwT/qK6
ySI3Ic8HT6fYeuhzV50w1xyuO4ynVfxK4kUJd8JNZoLK4JiS3rP/Ljrys8PhIldC
Fcs5IP+n4OL054n9NRoYuD+paxiK/teQMDsrwstQ9+V4L2tE0n/uxUmFpMUpHBMS
xp/FevtWirMl56BEk8eQDkSYCYpGLwy9tyKQGYuR5eVKDzLACPshtQgAxhv1IjMR
ivEyqj3jD5jqVEc676lz35hBcIaEzPu1QvpW8OHvwLPGvtp55yq3rQfjwJwYAZUP
6/cD9v4cDZhBBMrytd/nYHCnVmAuxMc4xLigjnhaq8q8rf/toK0Rzq6BmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLlPKLLMtqe1fDVK/shOkhkG1ZdQMB8GA1UdIwQY
MBaAFLWFdpho45xFpfUSTSMlbXePIWsBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFlWMm1HampuRVdsOVJKTkl5VnRkNDhoYXdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC85MmQxZmUtOTNhMS00N2NiLWFlYzct
MjA0MjRiYmEwY2QwLzEvdVU4b3NzeTJwN1Y4TlVyLXlFNlNHUWJWbDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC85MmQxZmUtOTNhMS00N2NiLWFlYzctMjA0MjRiYmEwY2Qw
LzEvdFlWMm1HampuRVdsOVJKTkl5VnRkNDhoYXdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubKsMA0E
AgACMAcDBQAqCmWAMA0GCSqGSIb3DQEBCwUAA4IBAQA511+z7mKCN/ViykflOCPf
MuSKnVSrjNPuJgLpn93aGkrSpUnf2XhUf1wM/WnUuzFJmOimBtMkciBFOyu5GScN
BD8PQDZvY8YfYeqZDuXpZtulpxmyE8e+/aghK35C8Ek4jbUB+VL1C8hY7IaH17Cg
4K2uplV0V6+m8gDgCZr9s/ggW3EKYfVWW1hlU1LiXEZ4cANL7U6aMClz7P+tYOqf
Gx9BecaiQTSyG2sZsZgu8OdPo+PF58qp1hVGxTA8ZbGNXKi6JuVYSt0VNwbWsPP2
fnYL7xza0Sj+gz/MfyYfr+6+J8nJIYK99apWkISY30+2ZBPW8drYH4PT3m3aOnoG
-----END CERTIFICATE-----