Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/CCw-BrzzCQyM1PX6ZJ_K0v4QKYk.roa
File:                     CCw-BrzzCQyM1PX6ZJ_K0v4QKYk.roa (raw, json)
Hash identifier:          +1sL0pW9FpaJMzFII1ICHXGTjF5hVnkO/nJH0lVLEP8=
Subject key identifier:   08:2C:3E:06:BC:F3:09:0C:8C:D4:F5:FA:64:9F:CA:D2:FE:10:29:89
Certificate issuer:       /CN=a4b666cb0e5496116eb7ae6714d9055309ba69ac
Certificate serial:       019D22D5524F872824FD2CAFACED337E6E7B
Authority key identifier: A4:B6:66:CB:0E:54:96:11:6E:B7:AE:67:14:D9:05:53:09:BA:69:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/CCw-BrzzCQyM1PX6ZJ_K0v4QKYk.roa
Signing time:             Wed 25 Mar 2026 02:31:38 +0000
ROA not before:           Wed 25 Mar 2026 02:31:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44275
IP address blocks:        185.25.252.0/22 maxlen: 22
                          185.169.188.0/24 maxlen: 24
                          185.169.189.0/24 maxlen: 24
                          185.169.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:22:d5:52:4f:87:28:24:fd:2c:af:ac:ed:33:7e:6e:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4b666cb0e5496116eb7ae6714d9055309ba69ac
        Validity
            Not Before: Mar 25 02:31:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=082c3e06bcf3090c8cd4f5fa649fcad2fe102989
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2e:e0:47:f9:c0:66:a3:68:f4:37:ff:e7:5f:
                    52:77:e8:72:35:ea:e7:28:a2:06:e0:d2:97:1a:bd:
                    db:dd:f1:52:f1:50:a8:eb:e3:8d:47:1f:ef:85:f3:
                    b8:c7:9e:67:44:7b:5b:46:c3:23:35:7f:69:0b:08:
                    5e:73:a2:e4:1b:6b:63:64:e5:ec:0d:fa:94:63:79:
                    db:97:21:34:0c:02:5f:1f:f3:2e:22:65:cb:cd:29:
                    38:36:c4:3d:48:e5:2d:aa:e9:58:6b:a6:2b:04:d1:
                    7b:3f:88:85:a8:27:39:cb:75:bb:11:fa:70:29:39:
                    7e:6c:9f:bf:b2:75:48:6b:55:3c:08:2c:44:a3:60:
                    f0:cc:fc:2c:00:c7:1c:db:8f:40:f5:51:07:11:1f:
                    5a:31:33:e2:fe:ca:94:17:5d:da:cf:a0:38:6d:17:
                    49:aa:54:eb:51:a6:4c:87:e9:55:94:54:2a:eb:ed:
                    4c:ae:9e:1b:a9:5a:0c:ff:8f:6f:df:b0:b4:2a:4b:
                    f2:a1:52:57:ab:cb:29:5a:95:b7:ac:09:00:46:ef:
                    c3:89:e3:d7:82:87:cd:44:f0:81:01:f2:8a:e2:40:
                    bf:ce:ae:19:cf:0e:9f:3d:74:ad:0e:2f:e3:68:61:
                    37:ae:83:51:af:76:49:29:39:3a:79:2b:db:8c:af:
                    ce:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:2C:3E:06:BC:F3:09:0C:8C:D4:F5:FA:64:9F:CA:D2:FE:10:29:89
            X509v3 Authority Key Identifier:
                keyid:A4:B6:66:CB:0E:54:96:11:6E:B7:AE:67:14:D9:05:53:09:BA:69:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/CCw-BrzzCQyM1PX6ZJ_K0v4QKYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.252.0/22
                  185.169.188.0-185.169.190.255

    Signature Algorithm: sha256WithRSAEncryption
         14:51:dc:31:26:56:e2:f0:ad:3a:c0:fd:8f:e4:a1:1e:6d:bf:
         00:d6:0e:1a:db:40:7e:be:56:d8:79:1c:97:9b:5a:d4:1f:09:
         ce:3d:c0:10:22:04:06:95:3a:e4:2a:10:8b:c4:7e:8d:b3:3a:
         ec:0a:25:0b:b9:4b:1d:4f:2e:64:bd:a2:4c:51:b7:9a:49:73:
         2c:76:85:1d:4b:f7:4d:5b:73:6c:66:cd:94:93:94:51:44:a4:
         16:6b:f6:cc:38:95:30:27:3f:0f:8d:42:59:e2:91:e0:ca:1d:
         05:44:8a:9d:96:16:47:9c:6b:63:75:f3:91:68:a6:dc:60:18:
         6f:bd:a1:74:ca:72:55:5d:ff:06:f8:ab:fe:48:b5:4c:46:ea:
         b0:14:3b:65:f5:f6:56:9e:da:19:4c:8e:fc:ed:d2:ad:f1:fc:
         22:ac:7b:a6:db:ea:c2:65:8b:bc:3a:07:36:c4:25:b0:4a:83:
         18:81:47:b5:9b:43:a2:ab:ca:24:c7:c2:1b:e6:6d:cb:e0:a6:
         22:a0:1c:db:af:65:57:be:f8:bf:49:95:92:c0:46:bd:58:0c:
         91:3e:57:25:2f:80:3f:e3:63:0c:1b:44:b2:ae:57:2f:3e:da:
         57:ee:09:29:d9:b8:ec:df:86:ac:40:e2:c1:57:f4:72:a4:a3:
         a9:38:73:d1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ0i1VJPhygk/SyvrO0zfm57MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YjY2NmNiMGU1NDk2MTE2ZWI3YWU2NzE0ZDkwNTUzMDli
YTY5YWMwHhcNMjYwMzI1MDIzMTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODJjM2UwNmJjZjMwOTBjOGNkNGY1ZmE2NDlmY2FkMmZlMTAyOTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAty7gR/nAZqNo9Df/519Sd+hyNern
KKIG4NKXGr3b3fFS8VCo6+ONRx/vhfO4x55nRHtbRsMjNX9pCwhec6LkG2tjZOXs
DfqUY3nblyE0DAJfH/MuImXLzSk4NsQ9SOUtqulYa6YrBNF7P4iFqCc5y3W7Efpw
KTl+bJ+/snVIa1U8CCxEo2DwzPwsAMcc249A9VEHER9aMTPi/sqUF13az6A4bRdJ
qlTrUaZMh+lVlFQq6+1Mrp4bqVoM/49v37C0KkvyoVJXq8spWpW3rAkARu/DiePX
gofNRPCBAfKK4kC/zq4Zzw6fPXStDi/jaGE3roNRr3ZJKTk6eSvbjK/OrwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAgsPga88wkMjNT1+mSfytL+ECmJMB8GA1UdIwQY
MBaAFKS2ZssOVJYRbreuZxTZBVMJummsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcExabXl3NVVsaEZ1dDY1bkZOa0ZVd202YWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mNzQyODAtY2M2ZC00MWMxLTg1OGEt
YjUzNjgzMzBiYWYyLzEvQ0N3LUJyenpDUXlNMVBYNlpKX0swdjRRS1lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mNzQyODAtY2M2ZC00MWMxLTg1OGEtYjUzNjgzMzBiYWYy
LzEvcExabXl3NVVsaEZ1dDY1bkZOa0ZVd202YWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCuRn8MAwD
BAK5qbwDBAC5qb4wDQYJKoZIhvcNAQELBQADggEBABRR3DEmVuLwrTrA/Y/koR5t
vwDWDhrbQH6+Vth5HJebWtQfCc49wBAiBAaVOuQqEIvEfo2zOuwKJQu5Sx1PLmS9
okxRt5pJcyx2hR1L901bc2xmzZSTlFFEpBZr9sw4lTAnPw+NQlnikeDKHQVEip2W
Fkeca2N185FoptxgGG+9oXTKclVd/wb4q/5ItUxG6rAUO2X19lae2hlMjvzt0q3x
/CKse6bb6sJli7w6BzbEJbBKgxiBR7WbQ6KryiTHwhvmbcvgpiKgHNuvZVe++L9J
lZLARr1YDJE+VyUvgD/jYwwbRLKuVy8+2lfuCSnZuOzfhqxA4sFX9HKko6k4c9E=
-----END CERTIFICATE-----