Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/rM1oICqo6l7RlZRpP7ULdNI2wDU.roa
File:                     rM1oICqo6l7RlZRpP7ULdNI2wDU.roa (raw, json)
Hash identifier:          WZkea7EbZi/5SwsW3H2QbBdwsQqtdV8aUvDdiNkrivs=
Subject key identifier:   AC:CD:68:20:2A:A8:EA:5E:D1:95:94:69:3F:B5:0B:74:D2:36:C0:35
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019D0C844AE2448837B3683E9554F2140332
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/rM1oICqo6l7RlZRpP7ULdNI2wDU.roa
Signing time:             Fri 20 Mar 2026 18:31:29 +0000
ROA not before:           Fri 20 Mar 2026 18:31:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61161
IP address blocks:        185.17.72.0/22 maxlen: 24
                          185.100.56.0/22 maxlen: 24
                          2a0d:3200::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Mar 2026 15:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0c:84:4a:e2:44:88:37:b3:68:3e:95:54:f2:14:03:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Mar 20 18:31:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=accd68202aa8ea5ed19594693fb50b74d236c035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c9:8b:55:68:4b:0d:d2:94:95:32:77:3b:89:
                    d5:cf:5e:ac:87:44:90:60:e4:43:37:ea:89:40:e2:
                    c3:04:01:d1:57:5a:90:43:95:da:1d:f3:89:2f:0e:
                    a0:a8:77:00:4a:82:e4:52:c6:9a:5c:1c:a3:72:83:
                    a0:53:54:3b:b5:95:e8:7f:f4:7b:96:c0:fd:a7:3b:
                    81:2c:e7:6a:29:9a:a6:59:f8:7a:0d:77:d4:3e:69:
                    71:88:4d:8c:c1:58:5d:aa:cc:b7:ab:57:cc:49:ec:
                    26:de:91:e7:d9:01:69:83:82:6d:0a:7e:59:45:eb:
                    6e:fe:6c:e1:96:a8:d7:25:9f:06:d7:cd:16:70:9a:
                    c8:f7:d6:20:bf:29:3c:5e:d6:1f:94:55:ef:51:fe:
                    03:7e:89:0c:23:50:39:90:4b:eb:c6:3e:d4:20:b9:
                    2a:9f:17:55:91:a6:28:8d:ad:ed:ac:ef:62:ca:cc:
                    b4:ba:35:13:73:ff:8b:1f:45:fa:e8:06:87:d4:a0:
                    33:fd:a6:e7:5a:0a:46:c6:aa:68:14:bb:39:25:9e:
                    b7:3f:c7:f8:18:31:b2:b3:f0:39:ab:78:cd:14:5d:
                    68:fd:a9:31:70:9e:8c:7e:cd:08:ae:e6:8f:65:38:
                    41:69:2b:8d:4a:ec:78:63:17:18:69:8e:10:b8:88:
                    c5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:CD:68:20:2A:A8:EA:5E:D1:95:94:69:3F:B5:0B:74:D2:36:C0:35
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/rM1oICqo6l7RlZRpP7ULdNI2wDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.72.0/22
                  185.100.56.0/22
                IPv6:
                  2a0d:3200::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:c4:f1:08:60:40:ac:b9:ed:75:a6:f6:1b:4a:5d:b9:9e:2a:
         50:05:32:bb:c3:a1:2a:57:68:95:55:60:da:24:a1:24:30:e8:
         ae:bb:8c:75:81:00:88:28:35:72:92:d9:ba:c6:11:b2:5b:ee:
         b3:a8:e7:ba:f5:23:f3:dd:0a:99:8c:9a:26:92:81:89:76:7e:
         68:2d:33:d7:5a:ba:e1:9b:d0:97:82:22:55:02:bd:d9:94:de:
         d6:31:e7:8d:58:80:e1:72:05:a3:58:9b:48:3b:8b:00:52:96:
         b9:ca:6d:01:e9:ad:1e:d8:9b:fc:56:c6:3e:3b:3f:5b:0d:6a:
         74:df:7b:c7:9d:41:f6:74:5a:3e:02:06:f3:7f:b2:16:c5:7f:
         d5:47:b7:e0:fb:fa:e9:3a:d8:fb:09:fb:ad:60:7b:54:a6:ea:
         26:71:2a:2d:e8:1e:a8:6f:44:b9:26:27:99:f8:70:c9:bb:36:
         e6:90:17:fa:56:d4:f4:01:d5:ea:77:aa:9e:9c:f4:fc:a0:5e:
         5b:19:4e:41:34:6d:d8:83:0f:39:c1:c1:ed:ed:63:b1:3c:25:
         0b:49:46:f1:b0:e7:36:13:02:25:f6:0b:ca:17:99:e5:d6:47:
         8b:d3:3d:33:66:68:39:a7:0d:4b:b7:04:68:d4:27:e5:de:0a:
         06:b3:6b:fa
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ0MhEriRIg3s2g+lVTyFAMyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjYwMzIwMTgzMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2NkNjgyMDJhYThlYTVlZDE5NTk0NjkzZmI1MGI3NGQyMzZjMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssmLVWhLDdKUlTJ3O4nVz16sh0SQ
YORDN+qJQOLDBAHRV1qQQ5XaHfOJLw6gqHcASoLkUsaaXByjcoOgU1Q7tZXof/R7
lsD9pzuBLOdqKZqmWfh6DXfUPmlxiE2MwVhdqsy3q1fMSewm3pHn2QFpg4JtCn5Z
Retu/mzhlqjXJZ8G180WcJrI99Ygvyk8XtYflFXvUf4DfokMI1A5kEvrxj7UILkq
nxdVkaYoja3trO9iysy0ujUTc/+LH0X66AaH1KAz/abnWgpGxqpoFLs5JZ63P8f4
GDGys/A5q3jNFF1o/akxcJ6Mfs0IruaPZThBaSuNSux4YxcYaY4QuIjFqQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKzNaCAqqOpe0ZWUaT+1C3TSNsA1MB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvck0xb0lDcW82bDdSbFpScFA3VUxkTkkyd0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRFIAwQC
uWQ4MA0EAgACMAcDBQMqDTIAMA0GCSqGSIb3DQEBCwUAA4IBAQBgxPEIYECsue11
pvYbSl25nipQBTK7w6EqV2iVVWDaJKEkMOiuu4x1gQCIKDVyktm6xhGyW+6zqOe6
9SPz3QqZjJomkoGJdn5oLTPXWrrhm9CXgiJVAr3ZlN7WMeeNWIDhcgWjWJtIO4sA
Upa5ym0B6a0e2Jv8VsY+Oz9bDWp033vHnUH2dFo+Agbzf7IWxX/VR7fg+/rpOtj7
CfutYHtUpuomcSot6B6ob0S5JieZ+HDJuzbmkBf6VtT0AdXqd6qenPT8oF5bGU5B
NG3Ygw85wcHt7WOxPCULSUbxsOc2EwIl9gvKF5nl1keL0z0zZmg5pw1LtwRo1Cfl
3goGs2v6
-----END CERTIFICATE-----