Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/cBmpBa-H56KWNmU3sMYnSKvpvEc.roa
File:                     cBmpBa-H56KWNmU3sMYnSKvpvEc.roa (raw, json)
Hash identifier:          Gm6SYn156PBst3qVFuVBKobN1ngDr3ehu9yneQ0/324=
Subject key identifier:   70:19:A9:05:AF:87:E7:A2:96:36:65:37:B0:C6:27:48:AB:E9:BC:47
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019E830BC54F0906FB15599EA2751E2DDEC7
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/cBmpBa-H56KWNmU3sMYnSKvpvEc.roa
Signing time:             Mon 01 Jun 2026 11:57:27 +0000
ROA not before:           Mon 01 Jun 2026 11:57:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215324
IP address blocks:        85.254.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:0b:c5:4f:09:06:fb:15:59:9e:a2:75:1e:2d:de:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jun  1 11:57:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7019a905af87e7a296366537b0c62748abe9bc47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:da:00:2e:00:54:c9:1f:39:d3:f4:2a:3d:cc:
                    a4:9e:b7:4e:90:77:6c:87:a6:6e:0e:cd:21:6f:d6:
                    41:df:bc:99:fd:de:d8:a7:8b:a2:53:38:f7:c1:09:
                    c8:4d:ac:52:bd:fe:5e:5f:5c:27:a0:7a:b3:12:5e:
                    fe:50:bc:a5:b1:05:37:1d:3f:8e:e5:2c:c2:94:00:
                    70:dc:29:49:b9:f7:06:b4:29:35:34:f0:3b:dd:1c:
                    49:23:9c:6b:f1:85:11:02:40:ad:33:8f:5e:72:c7:
                    05:e9:04:64:b7:8d:9f:6c:49:41:d8:80:a5:b9:a4:
                    9b:04:1d:dc:c2:b6:4d:44:b9:db:10:d0:b5:91:c8:
                    bb:f3:c7:82:cc:23:95:eb:c1:50:aa:86:ed:d5:14:
                    74:7e:c3:d8:67:28:67:7b:87:ab:6f:c8:c1:01:7e:
                    75:ad:a7:d9:5a:aa:da:fc:8b:fb:9e:83:8c:99:17:
                    04:40:9e:be:08:ff:2f:54:bf:01:f0:ca:60:af:f1:
                    3d:09:1b:5e:d9:20:db:6f:75:a2:e9:00:54:9e:4b:
                    7b:00:ae:70:de:36:a4:a9:ba:1f:7f:a0:43:04:d4:
                    04:6d:4b:41:c4:71:22:0f:33:7f:5b:f6:18:b0:1d:
                    34:f5:f5:fe:3f:2f:71:17:f0:e5:cd:66:16:17:60:
                    7c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:19:A9:05:AF:87:E7:A2:96:36:65:37:B0:C6:27:48:AB:E9:BC:47
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/cBmpBa-H56KWNmU3sMYnSKvpvEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:6b:88:da:cb:47:50:17:21:53:02:fb:26:9d:73:f7:83:80:
         99:a9:da:04:20:6f:33:c7:2a:36:6c:bd:78:10:52:8c:10:68:
         d5:d9:21:fd:6b:c4:0b:58:c5:dd:1f:20:84:e5:52:60:68:5e:
         5c:8f:14:01:c6:6d:8d:77:a9:9e:7f:ff:f3:fe:dc:2e:f8:46:
         64:45:84:ae:2a:a5:37:0d:b4:6e:be:83:93:49:63:a9:2f:a4:
         f3:17:e0:b2:99:f8:15:80:96:8e:e8:c0:49:7e:3f:f9:0a:14:
         d8:19:f0:ae:b0:2f:55:85:b4:86:49:a0:fb:a7:77:a4:b4:21:
         93:7b:a6:d4:e3:91:ad:1e:17:c8:f3:d8:ce:d9:6a:be:2b:4a:
         ba:87:63:51:d2:c3:90:0a:99:a6:aa:39:fb:95:ff:07:4d:2c:
         79:78:b6:9e:36:2c:5a:0a:6e:2a:55:56:50:55:23:eb:d9:8f:
         6c:8d:63:bc:7f:c5:ff:9c:c1:c7:92:b8:54:9b:e1:de:95:d2:
         c6:1a:8e:00:e0:cd:59:27:0d:44:47:8b:36:ec:53:7a:9e:0f:
         41:70:5f:28:94:26:fa:c3:f2:41:4a:5a:a8:f7:6e:5e:cf:d1:
         a8:f4:bc:d8:a8:0d:ed:a2:c5:c5:a5:68:d5:d4:9c:31:fa:14:
         28:02:50:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DC8VPCQb7FVmeonUeLd7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwNjAxMTE1NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDE5YTkwNWFmODdlN2EyOTYzNjY1MzdiMGM2Mjc0OGFiZTliYzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNoALgBUyR850/QqPcyknrdOkHds
h6ZuDs0hb9ZB37yZ/d7Yp4uiUzj3wQnITaxSvf5eX1wnoHqzEl7+ULylsQU3HT+O
5SzClABw3ClJufcGtCk1NPA73RxJI5xr8YURAkCtM49ecscF6QRkt42fbElB2ICl
uaSbBB3cwrZNRLnbENC1kci788eCzCOV68FQqobt1RR0fsPYZyhne4erb8jBAX51
rafZWqra/Iv7noOMmRcEQJ6+CP8vVL8B8Mpgr/E9CRte2SDbb3Wi6QBUnkt7AK5w
3jakqboff6BDBNQEbUtBxHEiDzN/W/YYsB009fX+Py9xF/DlzWYWF2B8nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAZqQWvh+eiljZlN7DGJ0ir6bxHMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvY0JtcEJhLUg1NktXTm1VM3NNWW5TS3ZwdkVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVf4BMA0G
CSqGSIb3DQEBCwUAA4IBAQABa4jay0dQFyFTAvsmnXP3g4CZqdoEIG8zxyo2bL14
EFKMEGjV2SH9a8QLWMXdHyCE5VJgaF5cjxQBxm2Nd6mef//z/twu+EZkRYSuKqU3
DbRuvoOTSWOpL6TzF+CymfgVgJaO6MBJfj/5ChTYGfCusC9VhbSGSaD7p3ektCGT
e6bU45GtHhfI89jO2Wq+K0q6h2NR0sOQCpmmqjn7lf8HTSx5eLaeNixaCm4qVVZQ
VSPr2Y9sjWO8f8X/nMHHkrhUm+HeldLGGo4A4M1ZJw1ER4s27FN6ng9BcF8olCb6
w/JBSlqo925ez9Go9LzYqA3tosXFpWjV1Jwx+hQoAlDr
-----END CERTIFICATE-----