Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/f2YYJ5N4cyj8VenI6pTsDdwdY-0.roa
File:                     f2YYJ5N4cyj8VenI6pTsDdwdY-0.roa (raw, json)
Hash identifier:          lGbF+QznSxTNFWM7ZPTWgKFfUUiL+xy9hhg7gQprXIc=
Subject key identifier:   7F:66:18:27:93:78:73:28:FC:55:E9:C8:EA:94:EC:0D:DC:1D:63:ED
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019EA316A6E574368697D32815411B5B492B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/f2YYJ5N4cyj8VenI6pTsDdwdY-0.roa
Signing time:             Sun 07 Jun 2026 17:17:11 +0000
ROA not before:           Sun 07 Jun 2026 17:17:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212171
IP address blocks:        185.207.14.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 12:28:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a3:16:a6:e5:74:36:86:97:d3:28:15:41:1b:5b:49:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun  7 17:17:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f66182793787328fc55e9c8ea94ec0ddc1d63ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0e:48:c2:f4:3c:39:97:db:46:47:09:5c:1c:
                    3e:e6:0c:9d:e9:2a:c4:c9:f6:5a:41:33:f4:8d:ff:
                    97:ad:d0:29:28:5b:0e:ca:1b:db:ae:f2:25:51:20:
                    b2:62:2d:b5:9c:d3:db:c1:58:e1:84:3b:e5:37:6c:
                    62:d8:d1:f5:45:f6:8e:8e:5a:65:42:53:ca:12:bd:
                    ba:4d:fc:8a:42:a7:38:d8:50:5d:22:66:70:af:89:
                    6e:d0:f2:f1:89:1e:d1:53:d1:83:b4:72:bb:27:db:
                    25:31:a5:03:01:7e:0d:0c:76:9b:4f:a4:99:9b:37:
                    23:3c:a0:14:e1:cd:d3:99:b7:6f:70:51:45:95:5d:
                    33:19:04:3f:60:74:bc:78:13:dc:51:fe:58:b1:5b:
                    50:63:20:44:7f:e8:55:a3:12:41:b3:f0:2a:52:19:
                    1d:1b:d2:bd:d3:54:9c:d6:52:6c:29:b1:eb:15:b8:
                    d7:59:f0:92:55:e7:f6:6d:25:6e:ad:76:c1:55:f6:
                    7c:b4:c6:67:7f:d3:30:ec:69:bf:30:b7:07:55:de:
                    bb:b2:92:c4:11:85:51:94:25:bc:d4:4b:f7:0e:6d:
                    62:6c:da:cb:63:f7:a0:55:bd:45:b0:d8:77:26:33:
                    37:02:66:c8:b5:60:b3:25:1a:91:e2:f3:2e:df:ed:
                    18:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:66:18:27:93:78:73:28:FC:55:E9:C8:EA:94:EC:0D:DC:1D:63:ED
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/f2YYJ5N4cyj8VenI6pTsDdwdY-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:06:4f:aa:a5:21:c9:b8:4d:ff:53:57:ca:69:1a:d5:ab:1e:
         11:9a:59:f0:95:a3:93:34:97:0d:53:41:32:c9:69:df:96:54:
         4e:47:5b:26:b9:08:14:53:03:4a:31:55:ea:44:1d:30:3d:b1:
         f7:89:c1:8f:9c:70:4a:41:a8:82:95:37:5c:6a:38:14:45:d7:
         5c:cc:f4:b5:3f:72:a3:72:78:e5:b4:0d:85:02:2c:72:a3:a3:
         d7:3c:30:e1:71:06:be:29:6f:d1:e2:da:f4:6e:53:9b:1b:e7:
         69:86:a3:4d:ab:6b:bb:d0:b5:cd:f6:4a:76:28:05:98:a6:e0:
         cb:b6:83:8f:e4:e2:4b:a2:1b:e6:47:3e:8a:39:a9:b1:b8:72:
         86:52:7e:6e:a1:b8:0a:27:1d:9e:51:c4:b1:15:04:c5:b0:39:
         1d:a1:f0:6e:17:17:43:72:6c:a2:2b:fc:1f:fc:db:a6:2e:b1:
         60:42:35:2c:aa:c5:ab:e3:4e:d2:e6:ad:b6:c9:c1:45:cf:ef:
         4b:b7:2c:3e:33:04:cd:8f:65:7e:e1:79:68:ad:33:5c:96:e9:
         80:4d:37:46:f6:e9:26:28:df:97:39:61:18:78:b9:fa:13:43:
         7f:58:8f:80:f6:b9:1b:10:76:8d:39:8f:ba:8e:20:75:48:20:
         7f:b5:a7:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6jFqbldDaGl9MoFUEbW0krMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNjA3MTcxNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjY2MTgyNzkzNzg3MzI4ZmM1NWU5YzhlYTk0ZWMwZGRjMWQ2M2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog5IwvQ8OZfbRkcJXBw+5gyd6SrE
yfZaQTP0jf+XrdApKFsOyhvbrvIlUSCyYi21nNPbwVjhhDvlN2xi2NH1RfaOjlpl
QlPKEr26TfyKQqc42FBdImZwr4lu0PLxiR7RU9GDtHK7J9slMaUDAX4NDHabT6SZ
mzcjPKAU4c3TmbdvcFFFlV0zGQQ/YHS8eBPcUf5YsVtQYyBEf+hVoxJBs/AqUhkd
G9K901Sc1lJsKbHrFbjXWfCSVef2bSVurXbBVfZ8tMZnf9Mw7Gm/MLcHVd67spLE
EYVRlCW81Ev3Dm1ibNrLY/egVb1FsNh3JjM3AmbItWCzJRqR4vMu3+0YCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9mGCeTeHMo/FXpyOqU7A3cHWPtMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZjJZWUo1TjRjeWo4VmVuSTZwVHNEZHdkWS0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuc8OMA0G
CSqGSIb3DQEBCwUAA4IBAQCUBk+qpSHJuE3/U1fKaRrVqx4RmlnwlaOTNJcNU0Ey
yWnfllROR1smuQgUUwNKMVXqRB0wPbH3icGPnHBKQaiClTdcajgURddczPS1P3Kj
cnjltA2FAixyo6PXPDDhcQa+KW/R4tr0blObG+dphqNNq2u70LXN9kp2KAWYpuDL
toOP5OJLohvmRz6KOamxuHKGUn5uobgKJx2eUcSxFQTFsDkdofBuFxdDcmyiK/wf
/NumLrFgQjUsqsWr407S5q22ycFFz+9Ltyw+MwTNj2V+4XlorTNclumATTdG9ukm
KN+XOWEYeLn6E0N/WI+A9rkbEHaNOY+6jiB1SCB/tac1
-----END CERTIFICATE-----