Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/2R98f3LcbdjJTK1zEivNVdv9lT4.roa
File:                     2R98f3LcbdjJTK1zEivNVdv9lT4.roa (raw, json)
Hash identifier:          wn+9EbMSH6lI4fh4eFap7qXQCiZwpo0SPOjzWLLKAfo=
Subject key identifier:   D9:1F:7C:7F:72:DC:6D:D8:C9:4C:AD:73:12:2B:CD:55:DB:FD:95:3E
Certificate issuer:       /CN=40fac6a32fe4baa7d89b91ec5165a3d96688e144
Certificate serial:       019E37E41D1DA130FC5F41A19C49BB8539FF
Authority key identifier: 40:FA:C6:A3:2F:E4:BA:A7:D8:9B:91:EC:51:65:A3:D9:66:88:E1:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/2R98f3LcbdjJTK1zEivNVdv9lT4.roa
Signing time:             Sun 17 May 2026 21:42:37 +0000
ROA not before:           Sun 17 May 2026 21:42:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57814
IP address blocks:        185.49.166.0/24 maxlen: 24
                          185.49.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:37:e4:1d:1d:a1:30:fc:5f:41:a1:9c:49:bb:85:39:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40fac6a32fe4baa7d89b91ec5165a3d96688e144
        Validity
            Not Before: May 17 21:42:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d91f7c7f72dc6dd8c94cad73122bcd55dbfd953e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9a:db:1f:89:d8:86:a7:a8:01:8f:07:9d:46:
                    63:6b:9c:e2:ae:52:f2:fe:25:49:2d:4e:ef:32:64:
                    8f:a7:c4:60:cb:b9:08:60:a2:fe:5c:89:ac:0e:44:
                    f8:2c:80:96:6e:27:fb:ad:d7:c4:8c:32:0c:fa:fd:
                    d8:dc:df:06:76:ed:db:de:d2:19:b9:53:85:15:2f:
                    3c:de:40:54:f4:03:71:17:a3:2a:db:5d:73:d0:22:
                    18:48:2c:91:bf:f3:74:75:5c:bf:e0:81:cc:32:05:
                    b1:b8:26:52:96:fc:27:fd:5e:60:45:4d:49:b2:4e:
                    2b:c6:38:e6:d0:1a:ab:2a:80:1e:88:ce:9c:21:23:
                    db:95:ed:dc:17:8a:44:68:82:c9:b3:21:7e:db:e7:
                    b9:52:13:27:fe:6a:2f:61:f8:0e:1e:1d:15:ee:9e:
                    6d:c9:f9:3e:18:97:9f:c1:d9:a2:7b:1f:0d:75:3d:
                    48:00:21:ac:f4:c2:0f:c1:9d:10:ce:57:89:35:30:
                    00:77:7c:54:e0:c4:b9:45:f6:3c:c4:21:fc:c6:b8:
                    95:38:0e:fc:58:49:64:3c:26:80:8a:b7:dd:39:34:
                    65:21:f4:f6:ad:31:3e:fa:41:cd:d0:4b:10:97:da:
                    1d:c8:43:fb:6d:7d:88:70:49:1a:0d:f1:0d:f9:fe:
                    b9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:1F:7C:7F:72:DC:6D:D8:C9:4C:AD:73:12:2B:CD:55:DB:FD:95:3E
            X509v3 Authority Key Identifier:
                keyid:40:FA:C6:A3:2F:E4:BA:A7:D8:9B:91:EC:51:65:A3:D9:66:88:E1:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/2R98f3LcbdjJTK1zEivNVdv9lT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:76:9c:95:3a:48:ff:e1:d2:e5:3d:2c:d9:0c:ec:7c:73:4d:
         15:07:2a:98:5e:e3:27:6c:61:e8:fd:59:b1:19:59:e9:6b:d3:
         bc:e3:ad:85:f1:7d:fa:8e:a2:31:ff:24:55:ce:89:14:38:1b:
         48:b5:b5:a3:c1:ee:bf:0a:be:6f:5c:33:cc:02:a1:fd:0a:ef:
         dd:65:de:48:ca:9c:c6:70:5f:3b:a9:c9:28:82:1c:1f:c1:68:
         a9:4a:cc:e7:7e:4d:b4:41:40:ed:ba:9b:a0:4c:6c:99:41:95:
         70:40:8d:69:a0:47:5d:9d:41:0d:0b:34:49:8e:d1:79:56:49:
         62:5c:0a:e6:59:66:e0:1e:eb:d8:43:78:4f:c8:12:5c:0e:b7:
         21:37:15:7d:6e:aa:6f:21:08:e5:e2:32:56:c4:38:35:b2:3e:
         0e:07:0d:71:28:7d:f3:6a:5c:6f:06:22:94:10:56:3c:56:d8:
         66:07:cd:d6:35:93:7e:07:fa:56:7c:fb:01:24:3f:c7:45:cc:
         99:00:31:c5:22:79:d4:0d:b1:1c:5c:52:bc:b8:59:f3:2e:98:
         36:38:cb:0d:d2:b4:8c:e5:d5:65:e3:6a:60:5a:c3:27:61:30:
         84:2f:cb:0b:2e:30:9f:bd:a6:9d:ec:46:9c:41:66:d0:10:e7:
         c6:a0:89:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ435B0doTD8X0GhnEm7hTn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZmFjNmEzMmZlNGJhYTdkODliOTFlYzUxNjVhM2Q5NjY4
OGUxNDQwHhcNMjYwNTE3MjE0MjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTFmN2M3ZjcyZGM2ZGQ4Yzk0Y2FkNzMxMjJiY2Q1NWRiZmQ5NTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxprbH4nYhqeoAY8HnUZja5zirlLy
/iVJLU7vMmSPp8Rgy7kIYKL+XImsDkT4LICWbif7rdfEjDIM+v3Y3N8Gdu3b3tIZ
uVOFFS883kBU9ANxF6Mq211z0CIYSCyRv/N0dVy/4IHMMgWxuCZSlvwn/V5gRU1J
sk4rxjjm0BqrKoAeiM6cISPble3cF4pEaILJsyF+2+e5UhMn/movYfgOHh0V7p5t
yfk+GJefwdmiex8NdT1IACGs9MIPwZ0QzleJNTAAd3xU4MS5RfY8xCH8xriVOA78
WElkPCaAirfdOTRlIfT2rTE++kHN0EsQl9odyEP7bX2IcEkaDfEN+f65iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkffH9y3G3YyUytcxIrzVXb/ZU+MB8GA1UdIwQY
MBaAFED6xqMv5Lqn2JuR7FFlo9lmiOFEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVByR295X2t1cWZZbTVIc1VXV2oyV2FJNFVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy82MjljYjItMmI0ZC00NzQ4LWJiMTEt
YzlmZTBiYTI4NjQ3LzEvMlI5OGYzTGNiZGpKVEsxekVpdk5WZHY5bFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy82MjljYjItMmI0ZC00NzQ4LWJiMTEtYzlmZTBiYTI4NjQ3
LzEvUVByR295X2t1cWZZbTVIc1VXV2oyV2FJNFVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTGmMA0G
CSqGSIb3DQEBCwUAA4IBAQAidpyVOkj/4dLlPSzZDOx8c00VByqYXuMnbGHo/Vmx
GVnpa9O8462F8X36jqIx/yRVzokUOBtItbWjwe6/Cr5vXDPMAqH9Cu/dZd5IypzG
cF87qckoghwfwWipSsznfk20QUDtupugTGyZQZVwQI1poEddnUENCzRJjtF5Vkli
XArmWWbgHuvYQ3hPyBJcDrchNxV9bqpvIQjl4jJWxDg1sj4OBw1xKH3zalxvBiKU
EFY8VthmB83WNZN+B/pWfPsBJD/HRcyZADHFInnUDbEcXFK8uFnzLpg2OMsN0rSM
5dVl42pgWsMnYTCEL8sLLjCfvaad7EacQWbQEOfGoImR
-----END CERTIFICATE-----