Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/C8cw5nbghQi4OUuGqLlmhBWbh3s.roa
File:                     C8cw5nbghQi4OUuGqLlmhBWbh3s.roa (raw, json)
Hash identifier:          ukinZ9+XO0kbm22VodGuo/P5hn91OEClJ3feFpq9ZTY=
Subject key identifier:   0B:C7:30:E6:76:E0:85:08:B8:39:4B:86:A8:B9:66:84:15:9B:87:7B
Certificate issuer:       /CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
Certificate serial:       019E99123DEDF027E8276822166A10D3E231
Authority key identifier: 29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/C8cw5nbghQi4OUuGqLlmhBWbh3s.roa
Signing time:             Fri 05 Jun 2026 18:36:09 +0000
ROA not before:           Fri 05 Jun 2026 18:36:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200566
IP address blocks:        185.121.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 18:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:99:12:3d:ed:f0:27:e8:27:68:22:16:6a:10:d3:e2:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
        Validity
            Not Before: Jun  5 18:36:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0bc730e676e08508b8394b86a8b96684159b877b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c7:32:b7:3d:6e:62:74:e1:ab:4b:dd:8e:4c:
                    d5:ee:47:9c:df:f3:86:5c:e9:f4:db:ed:d0:1f:66:
                    d5:e3:88:c5:09:31:03:b2:8a:3d:b8:11:69:71:ee:
                    1c:54:3a:95:ac:a7:fd:2d:e8:1a:0c:ba:81:55:7d:
                    d1:d7:89:ab:17:e5:61:57:0e:65:b7:77:99:4c:23:
                    07:d7:b5:d0:24:d6:05:ba:19:eb:94:c6:e0:c8:f9:
                    81:13:b7:bd:d0:ee:d1:1f:a3:7b:81:15:6c:80:2c:
                    49:15:dc:ac:9c:90:09:b0:54:ed:6b:fe:3f:12:af:
                    d1:28:f7:6b:73:7c:f5:b4:49:1c:ca:62:21:a0:f3:
                    cd:b0:6b:cc:e9:0f:92:5f:ce:15:07:6e:b7:48:10:
                    ae:5c:54:17:dd:ba:8f:b1:ce:78:48:fe:ea:ed:87:
                    59:3f:c3:72:80:dc:25:fa:70:1d:45:23:37:58:84:
                    3f:07:b6:00:50:90:d6:a6:b8:01:aa:4e:9f:ac:e2:
                    78:32:f2:5b:ca:c1:7c:02:86:46:d8:10:32:b7:cb:
                    fd:c8:b6:f4:5a:ce:17:a3:2f:d1:3c:1e:50:ec:ce:
                    b5:02:e7:51:7f:24:f0:b7:8b:1b:d8:26:a7:74:90:
                    79:37:83:9b:43:e2:fe:b6:90:2b:a2:38:cc:ce:c3:
                    59:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C7:30:E6:76:E0:85:08:B8:39:4B:86:A8:B9:66:84:15:9B:87:7B
            X509v3 Authority Key Identifier:
                keyid:29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/C8cw5nbghQi4OUuGqLlmhBWbh3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dc:04:20:ec:54:e2:b5:b5:31:1c:c6:1b:8d:d3:d6:98:b0:ef:
         a1:c7:1e:53:2a:32:ca:4e:7a:ff:41:6a:0d:44:92:94:ea:08:
         d1:22:81:3d:f7:03:cd:4c:58:9c:2a:de:61:ef:a6:4b:c1:06:
         52:b1:aa:a8:2d:dd:cf:c2:46:de:b8:2d:51:8f:f4:b1:3b:14:
         15:5f:c0:fd:ea:b8:e6:82:7e:d0:ea:5a:f9:96:b9:3e:46:b5:
         1c:c2:ae:1e:e9:71:9c:92:c8:1a:11:9d:67:70:b5:3c:15:45:
         54:8f:6e:4a:9f:20:59:06:dc:b0:70:3f:62:9e:df:ad:8e:90:
         8e:36:44:78:87:cb:82:db:40:fd:ff:70:ad:3e:6e:03:00:2e:
         f2:f6:21:0d:ea:fd:3c:38:f2:1c:d6:d2:9e:c1:47:6b:f1:59:
         c9:bd:c6:0f:7b:49:f1:1c:b7:81:c6:bf:5c:ea:f3:ef:24:1b:
         4a:f1:ae:01:39:71:b6:f9:a3:16:aa:a9:57:80:82:d9:dd:16:
         35:30:84:74:4b:a5:c9:01:23:33:be:17:e0:fd:0a:1c:5f:2e:
         73:ba:e7:cf:0d:78:9d:eb:b2:79:cd:5a:a4:5a:16:90:98:a3:
         7a:10:e7:02:a2:99:1c:6d:61:7d:3d:9f:dd:3f:32:20:b3:60:
         ae:c2:40:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6ZEj3t8CfoJ2giFmoQ0+IxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzljYzQzYzI0NjlmZmE1Y2Y4YjdhYzYzOWIwMWYzYTc2
OGFjNTUwHhcNMjYwNjA1MTgzNjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmM3MzBlNjc2ZTA4NTA4YjgzOTRiODZhOGI5NjY4NDE1OWI4NzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8cytz1uYnThq0vdjkzV7kec3/OG
XOn02+3QH2bV44jFCTEDsoo9uBFpce4cVDqVrKf9LegaDLqBVX3R14mrF+VhVw5l
t3eZTCMH17XQJNYFuhnrlMbgyPmBE7e90O7RH6N7gRVsgCxJFdysnJAJsFTta/4/
Eq/RKPdrc3z1tEkcymIhoPPNsGvM6Q+SX84VB263SBCuXFQX3bqPsc54SP7q7YdZ
P8NygNwl+nAdRSM3WIQ/B7YAUJDWprgBqk6frOJ4MvJbysF8AoZG2BAyt8v9yLb0
Ws4Xoy/RPB5Q7M61AudRfyTwt4sb2CandJB5N4ObQ+L+tpArojjMzsNZ2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvHMOZ24IUIuDlLhqi5ZoQVm4d7MB8GA1UdIwQY
MBaAFCl5zEPCRp/6XPi3rGObAfOnaKxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQt
NDBlYWViYzFjNDdlLzEvQzhjdzVuYmdoUWk0T1V1R3FMbG1oQldiaDNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQtNDBlYWViYzFjNDdl
LzEvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXnjMA0G
CSqGSIb3DQEBCwUAA4IBAQDcBCDsVOK1tTEcxhuN09aYsO+hxx5TKjLKTnr/QWoN
RJKU6gjRIoE99wPNTFicKt5h76ZLwQZSsaqoLd3PwkbeuC1Rj/SxOxQVX8D96rjm
gn7Q6lr5lrk+RrUcwq4e6XGcksgaEZ1ncLU8FUVUj25KnyBZBtywcD9int+tjpCO
NkR4h8uC20D9/3CtPm4DAC7y9iEN6v08OPIc1tKewUdr8VnJvcYPe0nxHLeBxr9c
6vPvJBtK8a4BOXG2+aMWqqlXgILZ3RY1MIR0S6XJASMzvhfg/QocXy5zuufPDXid
67J5zVqkWhaQmKN6EOcCopkcbWF9PZ/dPzIgs2CuwkBr
-----END CERTIFICATE-----