Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/29098b-f0f2-4b10-b2e2-1fb3d554fed5/1/118-0Se03Hd6WkrM5OjppqFR1S0.roa
File:                     118-0Se03Hd6WkrM5OjppqFR1S0.roa (raw, json)
Hash identifier:          iigPQAfXfwcfzslQVLCKiVJRI0tND4zuk1TNSyWLZe8=
Subject key identifier:   D7:5F:3E:D1:27:B4:DC:77:7A:5A:4A:CC:E4:E8:E9:A6:A1:51:D5:2D
Certificate issuer:       /CN=fb434b32b9fbe3de95bc771d6d2b3c79aa014bf5
Certificate serial:       019B7BA39B3053F1FA190F06F71FA3315D1D
Authority key identifier: FB:43:4B:32:B9:FB:E3:DE:95:BC:77:1D:6D:2B:3C:79:AA:01:4B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-0NLMrn7496VvHcdbSs8eaoBS_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/29098b-f0f2-4b10-b2e2-1fb3d554fed5/1/118-0Se03Hd6WkrM5OjppqFR1S0.roa
Signing time:             Thu 01 Jan 2026 22:17:58 +0000
ROA not before:           Thu 01 Jan 2026 22:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49573
IP address blocks:        185.211.188.0/22 maxlen: 22
                          2a0b:6940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/29098b-f0f2-4b10-b2e2-1fb3d554fed5/1/1-0NLMrn7496VvHcdbSs8eaoBS_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/29098b-f0f2-4b10-b2e2-1fb3d554fed5/1/1-0NLMrn7496VvHcdbSs8eaoBS_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-0NLMrn7496VvHcdbSs8eaoBS_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:9b:30:53:f1:fa:19:0f:06:f7:1f:a3:31:5d:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb434b32b9fbe3de95bc771d6d2b3c79aa014bf5
        Validity
            Not Before: Jan  1 22:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d75f3ed127b4dc777a5a4acce4e8e9a6a151d52d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:89:0a:fe:1d:2a:3f:39:fc:dd:13:94:11:e9:
                    29:9a:9a:07:9e:ef:8b:4d:0f:73:e6:b2:76:14:4f:
                    25:54:7b:31:e2:df:fb:7c:34:4a:a6:8b:38:95:49:
                    23:17:7d:25:2e:ba:c5:75:d8:fd:46:06:c9:fa:ba:
                    a3:bf:16:f2:8a:19:8a:eb:fb:96:20:8c:dd:a1:4a:
                    89:03:a1:f1:92:6e:31:db:e9:50:0b:6c:57:1f:a2:
                    b9:20:15:f0:17:36:ea:36:06:b0:0e:ae:da:82:52:
                    22:7d:c1:82:4b:ac:1a:b4:e6:e9:3e:df:ec:c3:74:
                    69:20:12:5c:fb:51:6b:60:f6:1c:88:bf:31:fc:d2:
                    5f:8c:10:d1:b4:c1:09:2c:5f:e0:ed:e0:d9:34:26:
                    26:ba:2b:9b:46:80:93:31:a5:66:e7:a5:5a:bf:17:
                    d1:f4:6b:b4:07:c8:2c:4f:aa:2a:b3:46:e7:14:e3:
                    73:d9:32:9b:c5:dd:bc:3b:b4:f3:f2:04:86:78:51:
                    c7:77:61:9c:23:a7:0c:f4:fc:34:fe:a3:a6:13:54:
                    85:e1:37:07:6e:2b:6c:a9:1d:d9:c6:5c:0c:b9:56:
                    c4:29:f3:a7:22:a4:ac:bb:2d:43:9a:72:0b:a6:c7:
                    cd:c5:f0:83:d1:2d:b5:1d:68:27:78:9f:0f:b5:fb:
                    22:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:5F:3E:D1:27:B4:DC:77:7A:5A:4A:CC:E4:E8:E9:A6:A1:51:D5:2D
            X509v3 Authority Key Identifier:
                keyid:FB:43:4B:32:B9:FB:E3:DE:95:BC:77:1D:6D:2B:3C:79:AA:01:4B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-0NLMrn7496VvHcdbSs8eaoBS_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/29098b-f0f2-4b10-b2e2-1fb3d554fed5/1/118-0Se03Hd6WkrM5OjppqFR1S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/29098b-f0f2-4b10-b2e2-1fb3d554fed5/1/1-0NLMrn7496VvHcdbSs8eaoBS_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.188.0/22
                IPv6:
                  2a0b:6940::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:97:d3:d3:65:21:97:6c:d6:fe:63:3b:97:74:b5:e7:29:9e:
         b6:a1:a3:a4:d3:bb:bf:01:ad:ff:90:3a:60:a0:80:af:9b:54:
         a5:bc:8e:4b:d0:16:4e:62:04:85:ad:10:02:30:ea:7d:5c:b5:
         f7:72:74:a1:05:0a:e4:5a:b6:8c:ce:91:2f:03:ed:aa:fa:c8:
         ef:25:0e:05:a2:cc:3a:ad:07:e3:75:13:c4:52:3a:1a:7f:de:
         39:90:be:dc:c1:7d:2e:8a:05:5f:34:bb:1d:9d:ee:67:1c:8d:
         44:9e:71:09:90:2f:1d:62:4e:9d:a4:3a:8e:c2:dd:27:dc:60:
         2f:a6:f1:9e:3d:1b:bf:be:3a:91:13:c3:54:b8:4f:f1:ac:74:
         86:30:5b:46:bc:ac:90:ad:f5:cd:4e:b9:14:34:ae:d0:bd:55:
         96:7d:07:47:9f:3d:d0:2b:0c:b4:47:fa:b0:59:25:0b:46:77:
         3b:49:c4:7b:11:7f:53:e4:42:e3:fb:44:90:bd:be:4d:a7:15:
         ed:fd:ac:c9:ed:69:53:89:76:99:75:47:1f:bf:13:76:ac:58:
         8f:92:dc:88:96:d7:e5:fd:ca:2e:e6:1f:03:48:49:08:55:ad:
         27:bf:cc:d5:d4:3d:c2:f8:0f:11:91:54:94:45:e5:18:c1:e8:
         c1:8f:ec:11
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt7o5swU/H6GQ8G9x+jMV0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNDM0YjMyYjlmYmUzZGU5NWJjNzcxZDZkMmIzYzc5YWEw
MTRiZjUwHhcNMjYwMTAxMjIxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzVmM2VkMTI3YjRkYzc3N2E1YTRhY2NlNGU4ZTlhNmExNTFkNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIkK/h0qPzn83ROUEekpmpoHnu+L
TQ9z5rJ2FE8lVHsx4t/7fDRKpos4lUkjF30lLrrFddj9RgbJ+rqjvxbyihmK6/uW
IIzdoUqJA6Hxkm4x2+lQC2xXH6K5IBXwFzbqNgawDq7aglIifcGCS6watObpPt/s
w3RpIBJc+1FrYPYciL8x/NJfjBDRtMEJLF/g7eDZNCYmuiubRoCTMaVm56VavxfR
9Gu0B8gsT6oqs0bnFONz2TKbxd28O7Tz8gSGeFHHd2GcI6cM9Pw0/qOmE1SF4TcH
bitsqR3ZxlwMuVbEKfOnIqSsuy1DmnILpsfNxfCD0S21HWgneJ8PtfsitQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNdfPtEntNx3elpKzOTo6aahUdUtMB8GA1UdIwQY
MBaAFPtDSzK5++Pelbx3HW0rPHmqAUv1MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0wTkxNcm43NDk2VnZIY2RiU3M4ZWFvQlNfVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjcvMjkwOThiLWYwZjItNGIxMC1iMmUy
LTFmYjNkNTU0ZmVkNS8xLzExOC0wU2UwM0hkNldrck01T2pwcHFGUjFTMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjcvMjkwOThiLWYwZjItNGIxMC1iMmUyLTFmYjNkNTU0ZmVk
NS8xLzEtME5MTXJuNzQ5NlZ2SGNkYlNzOGVhb0JTX1UuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAK507ww
DQQCAAIwBwMFAyoLaUAwDQYJKoZIhvcNAQELBQADggEBABCX09NlIZds1v5jO5d0
tecpnraho6TTu78Brf+QOmCggK+bVKW8jkvQFk5iBIWtEAIw6n1ctfdydKEFCuRa
tozOkS8D7ar6yO8lDgWizDqtB+N1E8RSOhp/3jmQvtzBfS6KBV80ux2d7mccjUSe
cQmQLx1iTp2kOo7C3SfcYC+m8Z49G7++OpETw1S4T/GsdIYwW0a8rJCt9c1OuRQ0
rtC9VZZ9B0efPdArDLRH+rBZJQtGdztJxHsRf1PkQuP7RJC9vk2nFe39rMntaVOJ
dpl1Rx+/E3asWI+S3IiW1+X9yi7mHwNISQhVrSe/zNXUPcL4DxGRVJRF5RjB6MGP
7BE=
-----END CERTIFICATE-----