Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/XerDxKv88GRxs9ZkYhrJ-uj7FmE.roa
File:                     XerDxKv88GRxs9ZkYhrJ-uj7FmE.roa (raw, json)
Hash identifier:          +QfXYiGvQiBZ0Keb856JGIixLSseope7ht1TwdKxQc8=
Subject key identifier:   5D:EA:C3:C4:AB:FC:F0:64:71:B3:D6:64:62:1A:C9:FA:E8:FB:16:61
Certificate issuer:       /CN=5446df07ff3cb26dfcf4eeb8761fb016caf7f9ee
Certificate serial:       019B77C722148A337F7475ACA5524C859A6C
Authority key identifier: 54:46:DF:07:FF:3C:B2:6D:FC:F4:EE:B8:76:1F:B0:16:CA:F7:F9:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEbfB_88sm389O64dh-wFsr3-e4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/XerDxKv88GRxs9ZkYhrJ-uj7FmE.roa
Signing time:             Thu 01 Jan 2026 04:18:17 +0000
ROA not before:           Thu 01 Jan 2026 04:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205277
IP address blocks:        185.223.124.0/22 maxlen: 22
                          185.223.124.0/23 maxlen: 23
                          185.223.124.0/24 maxlen: 24
                          185.223.125.0/24 maxlen: 24
                          185.223.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/VEbfB_88sm389O64dh-wFsr3-e4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/VEbfB_88sm389O64dh-wFsr3-e4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEbfB_88sm389O64dh-wFsr3-e4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:22:14:8a:33:7f:74:75:ac:a5:52:4c:85:9a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5446df07ff3cb26dfcf4eeb8761fb016caf7f9ee
        Validity
            Not Before: Jan  1 04:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5deac3c4abfcf06471b3d664621ac9fae8fb1661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ca:35:58:df:dc:09:2d:c5:d4:74:66:23:6e:
                    5a:18:43:53:4e:f1:97:9f:e8:e5:a1:f6:e6:a0:98:
                    9d:78:2f:22:48:ce:be:9a:13:a9:7c:07:f7:25:c9:
                    7f:0d:68:39:3a:3b:99:49:0d:ee:b8:65:67:e6:f9:
                    1e:fd:15:a0:cf:c7:05:87:ca:80:be:fd:ec:b7:70:
                    4e:14:22:af:3e:c0:ca:ed:e2:ba:54:f3:ee:3f:29:
                    f4:56:ff:15:2c:49:b3:e6:7b:da:27:a7:ba:32:b4:
                    f4:19:55:a0:84:8a:0b:7b:70:74:d7:1c:55:1a:b8:
                    a1:10:91:82:de:37:43:9e:27:1e:44:b4:54:b6:6a:
                    1c:90:31:a4:f4:78:c4:c1:0f:c9:a6:77:57:12:3f:
                    f7:90:96:2c:7d:58:0c:a1:0a:b6:3f:b9:dc:d4:c6:
                    98:0b:e1:93:41:ae:fc:66:fd:ee:ea:3e:40:43:1f:
                    1b:ff:ed:1a:36:33:52:7a:a0:46:d7:b5:c2:b7:c3:
                    51:dd:a8:fd:7a:a5:13:4d:93:ed:46:92:14:be:7a:
                    14:8f:18:ac:72:63:bd:d2:36:55:3b:6c:df:a8:f5:
                    65:98:91:e4:9e:6b:75:46:c9:80:30:b6:06:86:ed:
                    8a:10:93:46:f7:c7:3e:e1:c2:05:7e:c7:fb:89:3e:
                    34:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:EA:C3:C4:AB:FC:F0:64:71:B3:D6:64:62:1A:C9:FA:E8:FB:16:61
            X509v3 Authority Key Identifier:
                keyid:54:46:DF:07:FF:3C:B2:6D:FC:F4:EE:B8:76:1F:B0:16:CA:F7:F9:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEbfB_88sm389O64dh-wFsr3-e4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/XerDxKv88GRxs9ZkYhrJ-uj7FmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/VEbfB_88sm389O64dh-wFsr3-e4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:88:de:19:79:20:ee:1b:9d:18:e7:c9:82:51:eb:93:3b:9e:
         b8:e2:c5:88:1f:57:aa:c1:43:7d:ee:73:9c:61:b1:0d:02:ee:
         d2:16:52:47:55:b9:4b:d3:5f:86:2e:6b:02:54:d8:65:96:7b:
         f5:32:7d:6d:8b:f9:d6:eb:9c:02:fd:9a:f0:06:a7:a4:a6:f0:
         11:6e:1d:94:fc:f5:84:0d:09:78:0f:42:37:8f:0d:c9:96:d2:
         79:df:40:d0:3b:c4:d1:3c:ce:2c:77:93:f0:eb:92:dd:8d:77:
         fa:34:3a:07:de:83:0f:7d:95:b4:fe:24:fe:7f:83:fe:81:84:
         ff:81:d9:7b:ba:dc:6e:5e:e6:6c:a7:e6:1e:20:a3:8e:1c:71:
         29:5a:7f:21:ce:24:cb:d2:21:b3:cc:70:3c:eb:1f:29:1a:12:
         3f:52:1c:71:aa:d6:f3:29:0c:63:93:7d:06:fc:ee:61:e2:09:
         b2:a2:91:8c:7d:aa:69:d1:37:57:d7:8e:52:73:15:92:49:68:
         6e:ed:ce:06:d9:05:29:48:c9:9d:4e:50:2b:51:14:c6:9f:de:
         c6:2b:62:a0:b2:3a:71:b5:6e:02:93:c8:11:c7:68:51:d0:0e:
         99:03:7a:d8:1c:91:a7:32:34:b7:a2:e5:e0:a3:19:10:cd:4d:
         da:e1:c9:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xyIUijN/dHWspVJMhZpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDZkZjA3ZmYzY2IyNmRmY2Y0ZWViODc2MWZiMDE2Y2Fm
N2Y5ZWUwHhcNMjYwMTAxMDQxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGVhYzNjNGFiZmNmMDY0NzFiM2Q2NjQ2MjFhYzlmYWU4ZmIxNjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxso1WN/cCS3F1HRmI25aGENTTvGX
n+jlofbmoJideC8iSM6+mhOpfAf3Jcl/DWg5OjuZSQ3uuGVn5vke/RWgz8cFh8qA
vv3st3BOFCKvPsDK7eK6VPPuPyn0Vv8VLEmz5nvaJ6e6MrT0GVWghIoLe3B01xxV
GrihEJGC3jdDniceRLRUtmockDGk9HjEwQ/JpndXEj/3kJYsfVgMoQq2P7nc1MaY
C+GTQa78Zv3u6j5AQx8b/+0aNjNSeqBG17XCt8NR3aj9eqUTTZPtRpIUvnoUjxis
cmO90jZVO2zfqPVlmJHknmt1RsmAMLYGhu2KEJNG98c+4cIFfsf7iT40dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3qw8Sr/PBkcbPWZGIayfro+xZhMB8GA1UdIwQY
MBaAFFRG3wf/PLJt/PTuuHYfsBbK9/nuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkViZkJfODhzbTM4OU82NGRoLXdGc3IzLWU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zZjg1ZGEtMzExZi00NWI0LWE3NDct
NTY1NjBiMjZhMGRiLzEvWGVyRHhLdjg4R1J4czlaa1lockotdWo3Rm1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zZjg1ZGEtMzExZi00NWI0LWE3NDctNTY1NjBiMjZhMGRi
LzEvVkViZkJfODhzbTM4OU82NGRoLXdGc3IzLWU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud98MA0G
CSqGSIb3DQEBCwUAA4IBAQA1iN4ZeSDuG50Y58mCUeuTO5644sWIH1eqwUN97nOc
YbENAu7SFlJHVblL01+GLmsCVNhllnv1Mn1ti/nW65wC/ZrwBqekpvARbh2U/PWE
DQl4D0I3jw3JltJ530DQO8TRPM4sd5Pw65LdjXf6NDoH3oMPfZW0/iT+f4P+gYT/
gdl7utxuXuZsp+YeIKOOHHEpWn8hziTL0iGzzHA86x8pGhI/UhxxqtbzKQxjk30G
/O5h4gmyopGMfapp0TdX145ScxWSSWhu7c4G2QUpSMmdTlArURTGn97GK2Kgsjpx
tW4Ck8gRx2hR0A6ZA3rYHJGnMjS3ouXgoxkQzU3a4ckE
-----END CERTIFICATE-----