Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/Go3pOTuap2_fsOG2Cy2Y4VT2pN0.roa
File:                     Go3pOTuap2_fsOG2Cy2Y4VT2pN0.roa (raw, json)
Hash identifier:          0oyx4eIX+vmWlDNgh2kGWbDg44/BIpYISvXYVe/lRmI=
Subject key identifier:   1A:8D:E9:39:3B:9A:A7:6F:DF:B0:E1:B6:0B:2D:98:E1:54:F6:A4:DD
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       019CE1A8538226CA346F0EBD160C0B890B95
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/Go3pOTuap2_fsOG2Cy2Y4VT2pN0.roa
Signing time:             Thu 12 Mar 2026 10:47:10 +0000
ROA not before:           Thu 12 Mar 2026 10:47:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152586
IP address blocks:        185.149.24.0/22 maxlen: 24
                          185.165.154.0/24 maxlen: 24
                          185.172.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:a8:53:82:26:ca:34:6f:0e:bd:16:0c:0b:89:0b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Mar 12 10:47:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a8de9393b9aa76fdfb0e1b60b2d98e154f6a4dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c9:41:bc:3f:b1:98:1d:03:89:9b:72:32:a0:
                    ad:d1:e8:27:63:0f:2c:35:c5:0a:a1:54:bd:11:44:
                    ca:62:50:cf:65:14:d7:43:ac:74:33:e4:77:f0:49:
                    8c:24:df:b5:fe:33:49:18:ce:77:cc:0f:15:85:68:
                    a6:6c:bc:cc:ef:20:69:da:87:a0:e9:e1:c4:20:ae:
                    61:ab:39:fc:a7:be:74:0f:2d:fe:c6:0e:a4:f1:44:
                    d6:d8:48:70:b6:78:26:59:40:cb:87:72:3e:48:f9:
                    d3:25:90:1c:52:05:6e:8e:4f:cf:2f:1a:47:97:24:
                    36:ca:eb:65:a8:2b:f2:31:37:02:43:fb:76:c3:a9:
                    b5:42:38:7e:3d:f6:ec:4b:8b:06:43:3f:82:db:88:
                    d2:c4:ef:9c:4d:d3:95:6a:9c:1e:b6:1b:39:9f:b5:
                    e6:78:b8:fa:09:fa:26:91:00:18:f5:88:46:5a:89:
                    40:44:e0:93:d1:c5:a2:8d:02:86:11:2b:37:c5:51:
                    ea:92:66:d0:6f:ca:fd:33:49:72:20:85:c9:ce:8b:
                    d5:8b:81:a5:cf:56:5d:b2:fc:6c:9e:12:f4:5a:79:
                    bd:d5:f9:60:d9:89:64:32:05:cd:c1:25:51:9a:b1:
                    3f:78:31:c5:9f:8a:92:18:c0:da:e2:05:3a:0b:d7:
                    a5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:8D:E9:39:3B:9A:A7:6F:DF:B0:E1:B6:0B:2D:98:E1:54:F6:A4:DD
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/Go3pOTuap2_fsOG2Cy2Y4VT2pN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.24.0/22
                  185.165.154.0/24
                  185.172.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:80:ca:3a:99:35:98:f9:ac:96:4f:24:06:57:05:e1:44:96:
         f5:29:7d:47:48:18:43:ee:8e:90:8a:ff:47:d8:06:d3:96:08:
         2f:ca:0b:c3:66:ef:3e:8c:08:8a:72:e6:d2:a2:ca:ed:b9:b3:
         93:0e:fb:f2:4d:fc:86:95:7b:9e:6a:72:a4:a2:e6:5d:cd:e9:
         61:06:3c:d2:cd:d8:eb:4e:e8:d5:da:d8:8b:27:d9:24:1d:61:
         cc:25:fc:cb:36:95:73:7a:60:1b:cd:24:40:5d:d8:d0:1d:df:
         12:5f:72:0b:55:c3:3d:64:f2:62:3f:9e:6b:8e:39:b4:38:6a:
         3e:a8:e8:8a:cb:5a:74:9f:06:60:50:e9:64:42:5a:06:ed:12:
         2d:d1:76:f1:2b:5e:6e:97:ba:63:0c:02:7b:81:10:f0:23:fb:
         91:e1:65:21:13:d3:5c:23:62:95:74:b2:b1:99:f8:2c:b7:6f:
         1e:06:a3:74:4c:e7:b8:f7:0c:28:ba:a0:89:e8:29:58:4c:52:
         85:83:84:e0:97:f4:6a:a1:c8:d9:a0:c3:3a:cc:6a:36:d1:5a:
         a5:c8:72:82:f7:d7:e7:07:dd:a6:b3:25:05:99:3f:14:7c:c9:
         d6:07:b7:33:44:6c:29:18:e2:5f:fe:99:ab:35:49:b9:a0:af:
         5d:15:c2:6f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzhqFOCJso0bw69FgwLiQuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjYwMzEyMTA0NzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYThkZTkzOTNiOWFhNzZmZGZiMGUxYjYwYjJkOThlMTU0ZjZhNGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMlBvD+xmB0DiZtyMqCt0egnYw8s
NcUKoVS9EUTKYlDPZRTXQ6x0M+R38EmMJN+1/jNJGM53zA8VhWimbLzM7yBp2oeg
6eHEIK5hqzn8p750Dy3+xg6k8UTW2EhwtngmWUDLh3I+SPnTJZAcUgVujk/PLxpH
lyQ2yutlqCvyMTcCQ/t2w6m1Qjh+PfbsS4sGQz+C24jSxO+cTdOVapweths5n7Xm
eLj6CfomkQAY9YhGWolAROCT0cWijQKGESs3xVHqkmbQb8r9M0lyIIXJzovVi4Gl
z1ZdsvxsnhL0Wnm91flg2YlkMgXNwSVRmrE/eDHFn4qSGMDa4gU6C9elKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBqN6Tk7mqdv37DhtgstmOFU9qTdMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvR28zcE9UdWFwMl9mc09HMkN5Mlk0VlQycE4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuZUYAwQA
uaWaAwQBuawmMA0GCSqGSIb3DQEBCwUAA4IBAQA9gMo6mTWY+ayWTyQGVwXhRJb1
KX1HSBhD7o6Qiv9H2AbTlggvygvDZu8+jAiKcubSosrtubOTDvvyTfyGlXueanKk
ouZdzelhBjzSzdjrTujV2tiLJ9kkHWHMJfzLNpVzemAbzSRAXdjQHd8SX3ILVcM9
ZPJiP55rjjm0OGo+qOiKy1p0nwZgUOlkQloG7RIt0XbxK15ul7pjDAJ7gRDwI/uR
4WUhE9NcI2KVdLKxmfgst28eBqN0TOe49wwouqCJ6ClYTFKFg4Tgl/RqocjZoMM6
zGo20VqlyHKC99fnB92msyUFmT8UfMnWB7czRGwpGOJf/pmrNUm5oK9dFcJv
-----END CERTIFICATE-----