Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/yMSdih1BEkH3pQ4fKRRG34haBVs.roa
File:                     yMSdih1BEkH3pQ4fKRRG34haBVs.roa (raw, json)
Hash identifier:          zQcIZwJ6Pu/eO5hnk91XHasGs0yD2RAKEuFEjFFSfEg=
Subject key identifier:   C8:C4:9D:8A:1D:41:12:41:F7:A5:0E:1F:29:14:46:DF:88:5A:05:5B
Certificate issuer:       /CN=d6a553612d94b091b3659b2120bc8efb260e7d30
Certificate serial:       019EFEB7C297C9BB8ECD1136C69865CC7242
Authority key identifier: D6:A5:53:61:2D:94:B0:91:B3:65:9B:21:20:BC:8E:FB:26:0E:7D:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qVTYS2UsJGzZZshILyO-yYOfTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/yMSdih1BEkH3pQ4fKRRG34haBVs.roa
Signing time:             Thu 25 Jun 2026 12:18:36 +0000
ROA not before:           Thu 25 Jun 2026 12:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203796
IP address blocks:        185.50.166.0/24 maxlen: 24
                          2a14:8280::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/1qVTYS2UsJGzZZshILyO-yYOfTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/1qVTYS2UsJGzZZshILyO-yYOfTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qVTYS2UsJGzZZshILyO-yYOfTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fe:b7:c2:97:c9:bb:8e:cd:11:36:c6:98:65:cc:72:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6a553612d94b091b3659b2120bc8efb260e7d30
        Validity
            Not Before: Jun 25 12:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c8c49d8a1d411241f7a50e1f291446df885a055b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:26:62:dc:bc:3e:2d:f9:20:ed:5f:51:f8:81:
                    51:67:52:d5:3a:3f:1e:80:02:8d:95:ca:b3:a7:b4:
                    f2:f5:6f:17:86:73:8d:20:08:80:c2:52:62:22:9e:
                    b3:34:e8:1b:8a:39:96:47:04:24:bd:ec:ea:52:c7:
                    ef:50:82:1b:dd:26:8b:05:c5:66:23:f9:5c:51:b1:
                    07:99:c1:15:54:11:10:6b:9d:d4:13:43:72:ae:cb:
                    8e:dc:65:43:61:8e:fc:bf:9e:e6:fd:be:08:75:70:
                    9b:b9:7d:8f:2c:98:6a:32:bb:eb:43:93:44:df:80:
                    58:1a:a3:5f:9a:bf:f1:47:11:0f:9c:ba:da:1c:92:
                    aa:31:c8:9f:8e:c7:6b:a1:2f:41:01:ea:d7:b9:2e:
                    73:1d:71:91:8b:63:fb:dc:b5:58:df:fc:d7:ea:6b:
                    92:80:74:6e:26:a1:71:93:f5:84:6e:11:4f:f0:eb:
                    71:60:5f:58:bd:80:22:99:75:15:97:48:f2:29:a8:
                    da:5e:0f:01:ec:e7:7d:2a:3c:8e:76:7c:60:64:58:
                    45:1f:ff:09:9d:a0:f5:0b:09:5a:46:0b:99:15:89:
                    cf:bf:89:69:db:0f:fb:99:a1:da:96:1a:67:62:5f:
                    bf:87:1f:fa:62:01:e7:6a:a1:44:85:34:3e:e3:09:
                    ff:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C4:9D:8A:1D:41:12:41:F7:A5:0E:1F:29:14:46:DF:88:5A:05:5B
            X509v3 Authority Key Identifier:
                keyid:D6:A5:53:61:2D:94:B0:91:B3:65:9B:21:20:BC:8E:FB:26:0E:7D:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qVTYS2UsJGzZZshILyO-yYOfTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/yMSdih1BEkH3pQ4fKRRG34haBVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/1qVTYS2UsJGzZZshILyO-yYOfTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.166.0/24
                IPv6:
                  2a14:8280::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:b6:4e:e9:9e:a3:de:e4:31:33:4f:d0:69:af:91:42:29:6d:
         98:40:e5:d7:58:12:d6:f8:33:eb:01:15:b0:6c:8c:14:13:50:
         40:61:d4:05:a8:cd:3c:18:b9:0d:84:e5:b0:6a:4e:6e:bb:38:
         1d:36:39:57:c3:13:56:f9:0f:d3:40:cc:78:ff:9b:12:f9:da:
         ac:db:30:ea:c0:38:0c:f7:0f:2b:54:a9:e3:cb:3e:ac:6a:7b:
         2f:81:ee:63:23:da:29:8c:fe:d8:dc:81:2a:15:d1:30:ae:b1:
         94:6c:f3:29:fe:8d:7f:b8:58:fd:35:31:8e:a5:a4:62:e5:c7:
         f8:3c:73:5d:68:a5:8d:58:89:9c:14:0a:10:73:f3:83:2e:04:
         de:0d:84:74:1c:15:09:35:95:16:55:17:74:83:95:92:22:fc:
         c7:04:4a:1d:99:25:e5:39:4a:71:d0:ab:24:da:8b:b3:06:2d:
         84:46:89:08:c5:4b:81:b8:c9:63:05:e1:65:bd:ec:e3:36:30:
         d4:fb:f0:21:72:3f:3e:c4:95:67:0f:9d:bb:fb:62:4d:ab:64:
         9c:b4:98:8e:9e:5b:0e:4b:69:d1:f0:b1:94:9d:e3:88:23:e5:
         c1:8d:6c:09:f4:52:ea:bb:f5:95:54:8a:21:54:14:0e:fb:ba:
         c3:65:f1:aa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ7+t8KXybuOzRE2xphlzHJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YTU1MzYxMmQ5NGIwOTFiMzY1OWIyMTIwYmM4ZWZiMjYw
ZTdkMzAwHhcNMjYwNjI1MTIxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGM0OWQ4YTFkNDExMjQxZjdhNTBlMWYyOTE0NDZkZjg4NWEwNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SZi3Lw+Lfkg7V9R+IFRZ1LVOj8e
gAKNlcqzp7Ty9W8XhnONIAiAwlJiIp6zNOgbijmWRwQkvezqUsfvUIIb3SaLBcVm
I/lcUbEHmcEVVBEQa53UE0NyrsuO3GVDYY78v57m/b4IdXCbuX2PLJhqMrvrQ5NE
34BYGqNfmr/xRxEPnLraHJKqMcifjsdroS9BAerXuS5zHXGRi2P73LVY3/zX6muS
gHRuJqFxk/WEbhFP8OtxYF9YvYAimXUVl0jyKajaXg8B7Od9KjyOdnxgZFhFH/8J
naD1CwlaRguZFYnPv4lp2w/7maHalhpnYl+/hx/6YgHnaqFEhTQ+4wn/wwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMjEnYodQRJB96UOHykURt+IWgVbMB8GA1UdIwQY
MBaAFNalU2EtlLCRs2WbISC8jvsmDn0wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFWVFlTMlVzSkd6WlpzaElMeU8teVlPZlRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8xODhmY2QtZDY4OS00MzZkLWE2ODQt
ZTA1OTA2Y2I2OTQ4LzEveU1TZGloMUJFa0gzcFE0ZktSUkczNGhhQlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8xODhmY2QtZDY4OS00MzZkLWE2ODQtZTA1OTA2Y2I2OTQ4
LzEvMXFWVFlTMlVzSkd6WlpzaElMeU8teVlPZlRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTKmMA0E
AgACMAcDBQMqFIKAMA0GCSqGSIb3DQEBCwUAA4IBAQAPtk7pnqPe5DEzT9Bpr5FC
KW2YQOXXWBLW+DPrARWwbIwUE1BAYdQFqM08GLkNhOWwak5uuzgdNjlXwxNW+Q/T
QMx4/5sS+dqs2zDqwDgM9w8rVKnjyz6sansvge5jI9opjP7Y3IEqFdEwrrGUbPMp
/o1/uFj9NTGOpaRi5cf4PHNdaKWNWImcFAoQc/ODLgTeDYR0HBUJNZUWVRd0g5WS
IvzHBEodmSXlOUpx0Ksk2ouzBi2ERokIxUuBuMljBeFlvezjNjDU+/Ahcj8+xJVn
D527+2JNq2SctJiOnlsOS2nR8LGUneOII+XBjWwJ9FLqu/WVVIohVBQO+7rDZfGq
-----END CERTIFICATE-----