Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/ruTW9ozOJUfhdEJ0tIRi0GgSr44.roa
File:                     ruTW9ozOJUfhdEJ0tIRi0GgSr44.roa (raw, json)
Hash identifier:          0yYu3FcQ5c0LScnjL2zOu6VcLBvDUzU2/4XBbeNiBxw=
Subject key identifier:   AE:E4:D6:F6:8C:CE:25:47:E1:74:42:74:B4:84:62:D0:68:12:AF:8E
Certificate issuer:       /CN=4c18a44d54a47a5ea97dedfd5ed8379d7eea02d0
Certificate serial:       019CD786A36E2AAC6ACCD4D3EB601A093D68
Authority key identifier: 4C:18:A4:4D:54:A4:7A:5E:A9:7D:ED:FD:5E:D8:37:9D:7E:EA:02:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/ruTW9ozOJUfhdEJ0tIRi0GgSr44.roa
Signing time:             Tue 10 Mar 2026 11:34:10 +0000
ROA not before:           Tue 10 Mar 2026 11:34:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35197
IP address blocks:        185.111.160.0/24 maxlen: 24
                          185.111.161.0/24 maxlen: 24
                          185.111.162.0/24 maxlen: 24
                          185.111.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:86:a3:6e:2a:ac:6a:cc:d4:d3:eb:60:1a:09:3d:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c18a44d54a47a5ea97dedfd5ed8379d7eea02d0
        Validity
            Not Before: Mar 10 11:34:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aee4d6f68cce2547e1744274b48462d06812af8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a1:0f:09:56:38:cc:84:5b:99:47:31:5e:0f:
                    da:41:eb:0b:5a:ba:8e:66:b7:8d:e3:ba:fa:93:9e:
                    43:b5:b3:cb:02:a5:d5:40:20:1a:e4:55:5f:d1:fc:
                    d7:01:2c:27:48:60:8b:84:ce:9c:e9:ef:7d:3c:bd:
                    b7:fb:b2:3f:c6:07:7c:a0:bb:27:12:ad:89:27:e5:
                    c5:3d:bd:ab:2d:0a:ca:72:f7:d4:5a:db:26:fb:9f:
                    a9:5f:5c:36:ca:0a:b8:7b:db:56:92:1c:c2:0a:dd:
                    5e:3b:89:34:3f:b8:1b:9c:ec:ad:4d:25:78:27:b6:
                    51:fd:84:3d:96:b0:ad:d9:c8:db:b2:61:2c:82:34:
                    09:4e:38:d5:b2:81:5b:81:e2:f7:37:a3:e5:92:c6:
                    47:c6:03:7f:5a:34:f6:c3:e4:19:e5:8c:47:fc:80:
                    7d:d1:d0:e1:78:cf:48:fd:84:31:6d:29:02:15:81:
                    5a:59:78:76:89:a7:a6:ca:89:e6:c9:6f:d6:4d:f5:
                    97:fa:e5:f4:f3:64:b1:93:3c:4d:5a:31:e1:93:6f:
                    75:d2:c5:db:1e:90:17:c3:bf:c8:c6:fd:8d:ed:e2:
                    52:d4:57:73:35:61:be:c3:ec:cb:06:f2:ce:10:71:
                    f8:51:e9:02:94:53:32:f6:d7:79:4c:60:91:71:62:
                    db:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:E4:D6:F6:8C:CE:25:47:E1:74:42:74:B4:84:62:D0:68:12:AF:8E
            X509v3 Authority Key Identifier:
                keyid:4C:18:A4:4D:54:A4:7A:5E:A9:7D:ED:FD:5E:D8:37:9D:7E:EA:02:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/ruTW9ozOJUfhdEJ0tIRi0GgSr44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:45:60:19:27:37:4e:2b:29:62:11:af:c5:5d:3c:88:04:2b:
         72:0b:d4:e1:2b:bf:4c:6e:4e:47:05:65:12:86:35:a0:71:42:
         ed:d2:a3:a8:2d:71:dc:5a:11:7d:3c:56:a9:7e:a7:7d:ee:7b:
         66:2e:55:10:d7:c4:f6:a8:23:14:67:85:78:73:82:54:20:c2:
         b8:17:75:43:c9:a9:59:ff:21:ce:92:65:8a:cd:a4:6e:f4:75:
         66:52:73:f8:2f:f0:cd:99:39:28:e7:aa:f2:40:67:a1:98:29:
         31:5a:7a:61:4d:5b:7e:a9:54:67:f3:cf:b4:97:95:cb:a8:d5:
         35:e8:eb:97:40:0c:a8:f5:c2:4f:56:ba:82:d4:e8:16:a4:27:
         38:39:09:ab:5a:d7:83:a6:ec:74:a5:1f:17:71:d8:cd:48:06:
         b3:47:e2:48:67:3b:49:92:bf:41:56:9b:ce:14:24:e7:40:54:
         d7:f2:cb:8d:32:ac:18:1d:60:18:94:4a:3d:60:6b:51:fe:20:
         d7:fa:2b:03:79:58:96:27:c0:8d:6e:cc:74:f7:31:b2:9c:8f:
         30:c7:80:b6:a9:8f:3b:a2:c9:26:3e:35:74:52:50:f2:b6:d0:
         80:34:d6:77:79:29:b5:0e:17:83:34:76:24:a8:cc:f4:c6:36:
         aa:1a:0b:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzXhqNuKqxqzNTT62AaCT1oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMThhNDRkNTRhNDdhNWVhOTdkZWRmZDVlZDgzNzlkN2Vl
YTAyZDAwHhcNMjYwMzEwMTEzNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWU0ZDZmNjhjY2UyNTQ3ZTE3NDQyNzRiNDg0NjJkMDY4MTJhZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqEPCVY4zIRbmUcxXg/aQesLWrqO
ZreN47r6k55DtbPLAqXVQCAa5FVf0fzXASwnSGCLhM6c6e99PL23+7I/xgd8oLsn
Eq2JJ+XFPb2rLQrKcvfUWtsm+5+pX1w2ygq4e9tWkhzCCt1eO4k0P7gbnOytTSV4
J7ZR/YQ9lrCt2cjbsmEsgjQJTjjVsoFbgeL3N6PlksZHxgN/WjT2w+QZ5YxH/IB9
0dDheM9I/YQxbSkCFYFaWXh2iaemyonmyW/WTfWX+uX082SxkzxNWjHhk2910sXb
HpAXw7/Ixv2N7eJS1FdzNWG+w+zLBvLOEHH4UekClFMy9td5TGCRcWLbdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7k1vaMziVH4XRCdLSEYtBoEq+OMB8GA1UdIwQY
MBaAFEwYpE1UpHpeqX3t/V7YN51+6gLQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJpa1RWU2tlbDZwZmUzOVh0ZzNuWDdxQXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9hYmU2YzAtZTc5ZC00Y2RkLTkyYWQt
ZjIxMzYzMDcxNTkxLzEvcnVUVzlvek9KVWZoZEVKMHRJUmkwR2dTcjQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9hYmU2YzAtZTc5ZC00Y2RkLTkyYWQtZjIxMzYzMDcxNTkx
LzEvVEJpa1RWU2tlbDZwZmUzOVh0ZzNuWDdxQXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW+gMA0G
CSqGSIb3DQEBCwUAA4IBAQCTRWAZJzdOKyliEa/FXTyIBCtyC9ThK79Mbk5HBWUS
hjWgcULt0qOoLXHcWhF9PFapfqd97ntmLlUQ18T2qCMUZ4V4c4JUIMK4F3VDyalZ
/yHOkmWKzaRu9HVmUnP4L/DNmTko56ryQGehmCkxWnphTVt+qVRn88+0l5XLqNU1
6OuXQAyo9cJPVrqC1OgWpCc4OQmrWteDpux0pR8XcdjNSAazR+JIZztJkr9BVpvO
FCTnQFTX8suNMqwYHWAYlEo9YGtR/iDX+isDeViWJ8CNbsx09zGynI8wx4C2qY87
oskmPjV0UlDyttCANNZ3eSm1DheDNHYkqMz0xjaqGgtA
-----END CERTIFICATE-----