Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/v7qTs-P4kf96NQEVuIjiFlnfrkg.roa
File:                     v7qTs-P4kf96NQEVuIjiFlnfrkg.roa (raw, json)
Hash identifier:          06QnWdclxVJibPO9oaPeJlCjEUztsjOaTGtfwNdn2zw=
Subject key identifier:   BF:BA:93:B3:E3:F8:91:FF:7A:35:01:15:B8:88:E2:16:59:DF:AE:48
Certificate issuer:       /CN=2cb178fc335df01543728e29b78e9528ef1f5f6e
Certificate serial:       019DBB140D3036AFC1CEFC744B619655B706
Authority key identifier: 2C:B1:78:FC:33:5D:F0:15:43:72:8E:29:B7:8E:95:28:EF:1F:5F:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LLF4_DNd8BVDco4pt46VKO8fX24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/v7qTs-P4kf96NQEVuIjiFlnfrkg.roa
Signing time:             Thu 23 Apr 2026 16:02:26 +0000
ROA not before:           Thu 23 Apr 2026 16:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     133398
IP address blocks:        185.166.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/LLF4_DNd8BVDco4pt46VKO8fX24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/LLF4_DNd8BVDco4pt46VKO8fX24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LLF4_DNd8BVDco4pt46VKO8fX24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bb:14:0d:30:36:af:c1:ce:fc:74:4b:61:96:55:b7:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cb178fc335df01543728e29b78e9528ef1f5f6e
        Validity
            Not Before: Apr 23 16:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bfba93b3e3f891ff7a350115b888e21659dfae48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5b:21:23:d6:3a:15:f6:46:e5:69:ec:8d:e8:
                    6a:b1:6d:c9:bf:b8:cc:5e:d7:e2:4e:83:bb:9d:14:
                    62:27:d7:07:78:90:68:b3:1e:20:06:fe:9c:07:fd:
                    99:f6:fe:56:91:66:ca:1f:19:24:02:a3:06:77:72:
                    08:0f:07:92:ba:4b:d1:9f:fa:93:61:00:fe:fb:6b:
                    ea:5e:81:6a:39:87:5f:1e:48:db:ea:79:cd:cb:59:
                    0b:38:ec:bb:f1:bf:7c:4c:4d:e0:79:0c:4f:36:77:
                    56:5c:74:60:2c:4a:3d:d0:de:da:f2:13:24:aa:f0:
                    f5:3a:5c:7c:55:06:da:79:87:0c:d0:d3:4a:f1:dc:
                    f2:78:c7:8f:36:db:1e:38:0c:5c:a8:45:f1:b9:fd:
                    bb:50:9c:02:df:19:b9:8c:78:27:7c:23:58:1b:d1:
                    84:c4:60:79:62:fa:7f:3c:ff:a4:79:24:f3:41:99:
                    5a:71:aa:3c:85:95:53:33:71:95:93:1a:b5:f4:75:
                    fa:22:dd:a1:c8:b3:4d:8d:d4:e6:f6:87:ea:76:e8:
                    23:37:c8:60:1c:06:94:9b:ce:00:34:59:82:00:d8:
                    57:6c:83:17:90:13:ca:c0:9e:a0:e7:82:d2:dd:b0:
                    b6:2d:64:c0:f8:21:5f:ae:98:d6:b0:fc:83:6d:81:
                    ca:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:BA:93:B3:E3:F8:91:FF:7A:35:01:15:B8:88:E2:16:59:DF:AE:48
            X509v3 Authority Key Identifier:
                keyid:2C:B1:78:FC:33:5D:F0:15:43:72:8E:29:B7:8E:95:28:EF:1F:5F:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LLF4_DNd8BVDco4pt46VKO8fX24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/v7qTs-P4kf96NQEVuIjiFlnfrkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/eea330-e5be-4f22-b11b-0f7964321ce1/1/LLF4_DNd8BVDco4pt46VKO8fX24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:48:84:29:ad:88:6e:97:7a:6a:58:ad:2f:7c:e5:a7:d4:b9:
         4e:11:f2:4a:be:f9:46:99:eb:9b:66:d7:8a:d0:33:d9:f9:4c:
         dd:a4:58:ba:9c:57:7f:41:00:c5:d3:44:de:b7:69:1a:38:b4:
         d6:9c:0e:e1:91:02:7e:5f:a7:66:c7:88:9c:67:1e:4b:7f:9a:
         3a:e0:ae:d1:9f:f5:7f:70:21:8e:b2:14:3f:4d:cb:36:77:45:
         2e:a1:13:93:9a:27:33:59:4d:a2:f3:6c:2a:19:78:c9:ba:ce:
         1c:e3:5e:20:c0:c1:ee:16:86:31:71:af:e3:cf:11:e4:d5:89:
         81:3f:ee:74:e0:c8:f2:65:cd:7c:60:f6:a4:9a:07:6d:96:3c:
         ff:8f:a2:f6:20:c8:6d:52:38:98:a4:a9:54:42:d8:04:97:71:
         15:80:55:6c:a9:07:99:25:2b:63:1c:fe:70:27:4d:81:e7:68:
         ad:40:2b:91:6b:19:7f:a4:36:0c:b4:a2:ec:26:74:24:a8:97:
         05:f8:f5:ae:38:b1:ed:fb:ef:70:30:79:55:b4:a0:cd:28:3f:
         01:11:ed:fe:92:04:ff:a2:21:36:82:5b:d9:ec:ee:fd:3b:39:
         73:e2:92:d1:c1:69:bc:14:35:ca:8c:db:19:b7:30:b9:db:ec:
         29:3d:0a:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ27FA0wNq/Bzvx0S2GWVbcGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYjE3OGZjMzM1ZGYwMTU0MzcyOGUyOWI3OGU5NTI4ZWYx
ZjVmNmUwHhcNMjYwNDIzMTYwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmJhOTNiM2UzZjg5MWZmN2EzNTAxMTViODg4ZTIxNjU5ZGZhZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFshI9Y6FfZG5WnsjehqsW3Jv7jM
XtfiToO7nRRiJ9cHeJBosx4gBv6cB/2Z9v5WkWbKHxkkAqMGd3IIDweSukvRn/qT
YQD++2vqXoFqOYdfHkjb6nnNy1kLOOy78b98TE3geQxPNndWXHRgLEo90N7a8hMk
qvD1Olx8VQbaeYcM0NNK8dzyeMePNtseOAxcqEXxuf27UJwC3xm5jHgnfCNYG9GE
xGB5Yvp/PP+keSTzQZlacao8hZVTM3GVkxq19HX6It2hyLNNjdTm9ofqdugjN8hg
HAaUm84ANFmCANhXbIMXkBPKwJ6g54LS3bC2LWTA+CFfrpjWsPyDbYHKCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+6k7Pj+JH/ejUBFbiI4hZZ365IMB8GA1UdIwQY
MBaAFCyxePwzXfAVQ3KOKbeOlSjvH19uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTExGNF9ETmQ4QlZEY280cHQ0NlZLTzhmWDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lZWEzMzAtZTViZS00ZjIyLWIxMWIt
MGY3OTY0MzIxY2UxLzEvdjdxVHMtUDRrZjk2TlFFVnVJamlGbG5mcmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lZWEzMzAtZTViZS00ZjIyLWIxMWItMGY3OTY0MzIxY2Ux
LzEvTExGNF9ETmQ4QlZEY280cHQ0NlZLTzhmWDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaZcMA0G
CSqGSIb3DQEBCwUAA4IBAQB6SIQprYhul3pqWK0vfOWn1LlOEfJKvvlGmeubZteK
0DPZ+UzdpFi6nFd/QQDF00Tet2kaOLTWnA7hkQJ+X6dmx4icZx5Lf5o64K7Rn/V/
cCGOshQ/Tcs2d0UuoROTmiczWU2i82wqGXjJus4c414gwMHuFoYxca/jzxHk1YmB
P+504MjyZc18YPakmgdtljz/j6L2IMhtUjiYpKlUQtgEl3EVgFVsqQeZJStjHP5w
J02B52itQCuRaxl/pDYMtKLsJnQkqJcF+PWuOLHt++9wMHlVtKDNKD8BEe3+kgT/
oiE2glvZ7O79Ozlz4pLRwWm8FDXKjNsZtzC52+wpPQpZ
-----END CERTIFICATE-----