Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/FaTlS0VMGNtX4uQfF3c-b5WkoRg.roa
File:                     FaTlS0VMGNtX4uQfF3c-b5WkoRg.roa (raw, json)
Hash identifier:          uYjng2N/XV/58VptMfNU/xYrDmehs5ElOuhEptwc1f4=
Subject key identifier:   15:A4:E5:4B:45:4C:18:DB:57:E2:E4:1F:17:77:3E:6F:95:A4:A1:18
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019DD9DE2D9492023BDB39FC60796F82B6E3
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/FaTlS0VMGNtX4uQfF3c-b5WkoRg.roa
Signing time:             Wed 29 Apr 2026 15:31:49 +0000
ROA not before:           Wed 29 Apr 2026 15:31:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198486
IP address blocks:        185.179.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 17:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d9:de:2d:94:92:02:3b:db:39:fc:60:79:6f:82:b6:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Apr 29 15:31:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15a4e54b454c18db57e2e41f17773e6f95a4a118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:84:2c:3c:a6:c6:40:b8:89:36:95:b3:00:56:
                    3e:b5:69:ab:ef:e5:7d:1c:2c:37:93:0b:f5:3f:35:
                    e4:eb:fd:a4:c4:7e:8c:6e:78:fa:e3:3a:21:85:9c:
                    cb:16:97:e2:9d:33:35:b4:16:92:75:44:57:38:fd:
                    d0:1e:2f:41:f4:69:fa:ad:23:ed:14:75:1c:24:c3:
                    69:ac:4c:31:58:01:09:08:05:c4:49:dc:a6:ff:2e:
                    ac:e0:f0:ec:fa:ca:22:f5:59:8a:3b:7f:f8:eb:96:
                    20:7f:ed:3a:c0:75:39:c8:1f:e9:84:a2:ac:f3:8d:
                    83:ca:ee:94:4e:11:a0:01:50:6d:69:c7:e5:6a:55:
                    0e:bb:05:72:39:28:3e:ce:44:a3:63:78:09:05:fd:
                    f2:fc:0b:e2:94:45:b3:fd:f2:44:84:29:25:74:b7:
                    ef:8a:2c:db:61:38:09:bc:49:e2:cb:de:68:bd:db:
                    55:4a:d5:83:1c:39:b5:3c:55:09:67:fe:58:81:1f:
                    10:e2:57:33:41:77:81:ce:be:d5:b8:1b:c0:bb:60:
                    09:83:a9:50:96:f2:f2:69:3d:b3:fb:f0:c6:8a:32:
                    44:23:a8:eb:6a:50:dd:27:fd:73:31:6a:0a:ce:90:
                    a4:7a:61:98:d8:8b:45:de:18:eb:04:00:c6:4e:f5:
                    6f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A4:E5:4B:45:4C:18:DB:57:E2:E4:1F:17:77:3E:6F:95:A4:A1:18
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/FaTlS0VMGNtX4uQfF3c-b5WkoRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:b8:52:ff:31:b0:7d:14:5e:02:19:4e:c9:aa:52:ca:70:cc:
         53:5a:16:78:b2:42:03:60:8b:e6:3b:dd:d9:05:2e:d4:61:7c:
         c7:76:ac:81:29:89:e1:56:17:cc:6a:2c:08:d0:17:3b:1e:3d:
         af:b2:fb:b1:44:d9:ac:02:61:50:bf:64:a5:da:dd:9d:df:e7:
         95:a1:e3:2a:63:82:7d:b9:de:f9:fc:1f:5f:83:d4:9f:8b:a0:
         8e:9b:2e:e7:1b:65:ce:ae:fa:5f:5c:c9:cd:ed:ef:01:9e:bb:
         0e:97:d1:ac:b6:35:a8:64:ad:85:f7:c8:cb:ca:9a:1f:30:e4:
         bb:56:7e:5e:55:65:e8:ca:d5:5d:2b:45:8f:61:31:1b:af:7e:
         a3:37:73:9f:df:3d:31:72:7b:68:3f:f7:ff:ce:86:3c:5f:bd:
         7a:f2:c0:53:92:66:e1:b7:7e:72:a9:de:16:82:75:9e:96:b7:
         23:cd:92:a4:68:a1:a5:d8:fc:f4:f3:f5:b7:ba:20:95:51:3f:
         ac:d0:fa:2a:80:cb:69:2e:b2:43:78:b6:54:04:61:11:0d:62:
         b8:89:49:ed:e7:dc:57:7a:b8:eb:94:67:23:3a:9e:f3:33:7f:
         d7:fe:65:98:48:e5:04:2f:2e:af:24:93:0f:05:12:40:62:2e:
         2e:f4:fd:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Z3i2UkgI72zn8YHlvgrbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwNDI5MTUzMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWE0ZTU0YjQ1NGMxOGRiNTdlMmU0MWYxNzc3M2U2Zjk1YTRhMTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoQsPKbGQLiJNpWzAFY+tWmr7+V9
HCw3kwv1PzXk6/2kxH6Mbnj64zohhZzLFpfinTM1tBaSdURXOP3QHi9B9Gn6rSPt
FHUcJMNprEwxWAEJCAXESdym/y6s4PDs+soi9VmKO3/465Ygf+06wHU5yB/phKKs
842Dyu6UThGgAVBtacflalUOuwVyOSg+zkSjY3gJBf3y/AvilEWz/fJEhCkldLfv
iizbYTgJvEniy95ovdtVStWDHDm1PFUJZ/5YgR8Q4lczQXeBzr7VuBvAu2AJg6lQ
lvLyaT2z+/DGijJEI6jralDdJ/1zMWoKzpCkemGY2ItF3hjrBADGTvVvmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWk5UtFTBjbV+LkHxd3Pm+VpKEYMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvRmFUbFMwVk1HTnRYNHVRZkYzYy1iNVdrb1JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubPZMA0G
CSqGSIb3DQEBCwUAA4IBAQBDuFL/MbB9FF4CGU7JqlLKcMxTWhZ4skIDYIvmO93Z
BS7UYXzHdqyBKYnhVhfMaiwI0Bc7Hj2vsvuxRNmsAmFQv2Sl2t2d3+eVoeMqY4J9
ud75/B9fg9Sfi6COmy7nG2XOrvpfXMnN7e8BnrsOl9GstjWoZK2F98jLypofMOS7
Vn5eVWXoytVdK0WPYTEbr36jN3Of3z0xcntoP/f/zoY8X7168sBTkmbht35yqd4W
gnWelrcjzZKkaKGl2Pz08/W3uiCVUT+s0PoqgMtpLrJDeLZUBGERDWK4iUnt59xX
erjrlGcjOp7zM3/X/mWYSOUELy6vJJMPBRJAYi4u9P12
-----END CERTIFICATE-----