Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/B1hcAWVtfsu4p15wc7vb4f5FG2M.roa
File:                     B1hcAWVtfsu4p15wc7vb4f5FG2M.roa (raw, json)
Hash identifier:          kyrwExxNdM9FgyuKFkeZaaofzfIrWd75BKVu637vFZc=
Subject key identifier:   07:58:5C:01:65:6D:7E:CB:B8:A7:5E:70:73:BB:DB:E1:FE:45:1B:63
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019DA1EA4F7C3EE3B747A7DB8B08F074E7CA
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/B1hcAWVtfsu4p15wc7vb4f5FG2M.roa
Signing time:             Sat 18 Apr 2026 18:46:20 +0000
ROA not before:           Sat 18 Apr 2026 18:46:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207057
IP address blocks:        213.182.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a1:ea:4f:7c:3e:e3:b7:47:a7:db:8b:08:f0:74:e7:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Apr 18 18:46:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07585c01656d7ecbb8a75e7073bbdbe1fe451b63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:48:c7:2c:ed:f2:45:65:a9:a6:ec:b8:99:ec:
                    8b:4a:33:a4:f9:95:a5:a6:51:c9:64:f5:32:58:67:
                    b3:89:0c:3f:0d:18:bf:7b:db:d1:a6:a0:92:9a:03:
                    0b:c3:94:db:22:17:7f:4a:3c:18:e7:aa:8f:98:e1:
                    3c:3a:7d:aa:a4:26:aa:fd:04:d0:65:95:19:92:ef:
                    68:ac:f4:d9:a6:8d:8d:5f:ad:92:93:48:50:f6:a7:
                    49:a4:03:1a:3a:9d:0e:36:57:a3:ce:c2:85:b9:39:
                    c1:4f:89:d3:10:cd:83:82:c4:b2:f3:2b:d6:4c:05:
                    81:38:4d:b8:7b:37:5a:06:7f:65:a8:15:2d:34:bb:
                    18:bd:60:7b:39:e6:a2:bd:43:17:33:dc:c3:8e:a9:
                    c2:14:f9:0d:ce:c2:e8:df:bb:da:95:6e:56:e4:e8:
                    a4:0f:2a:91:8d:f6:60:f2:12:02:f2:1f:40:c3:d6:
                    22:e0:c3:46:f0:c5:0c:fc:31:54:d5:67:9f:a2:df:
                    7d:27:b9:e7:07:f2:4a:8a:de:ea:08:76:d9:32:92:
                    e1:f8:21:33:28:90:cc:be:93:45:cd:7a:68:e4:da:
                    06:a6:0d:af:cd:4d:6e:29:f2:6d:80:78:ac:0d:31:
                    62:a5:22:d3:64:37:49:98:c4:11:f6:b2:36:09:ec:
                    de:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:58:5C:01:65:6D:7E:CB:B8:A7:5E:70:73:BB:DB:E1:FE:45:1B:63
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/B1hcAWVtfsu4p15wc7vb4f5FG2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:9c:3a:df:d6:90:06:de:d9:c9:69:1b:3e:9a:25:df:35:18:
         09:51:71:66:a6:62:68:78:b3:13:20:bc:5b:6b:e4:98:1f:1f:
         7f:13:0d:12:35:13:84:1d:5c:0b:9d:e4:d8:e9:86:c1:66:2c:
         65:71:e0:4e:a1:64:0f:0f:f3:56:94:45:41:e8:34:5d:d0:52:
         0c:19:00:b0:78:35:1e:ff:f9:e7:3c:06:60:ba:85:77:eb:1b:
         96:b0:ed:f1:0d:f1:28:dc:a8:32:0f:0c:c9:a8:5e:22:e3:67:
         9b:82:6e:d3:7a:02:9f:94:f8:1e:b1:e1:35:d3:60:97:d3:e5:
         5f:1f:22:a9:ea:a9:c0:1f:6d:f6:6d:8b:5a:16:34:5e:30:29:
         ba:f6:07:19:d6:55:b2:c3:31:71:b5:b2:d3:82:0a:26:34:d9:
         00:17:62:8f:53:48:04:c0:14:f1:0d:46:e0:03:47:69:26:99:
         b4:3f:e9:18:ef:f7:8d:cc:21:4a:b2:b5:6c:1c:ae:14:16:22:
         16:b2:01:8a:a5:95:e9:7c:8e:80:99:4e:26:85:e6:87:45:63:
         0b:a5:ea:da:ef:e9:36:80:45:2a:3b:06:01:ef:55:3d:bf:c3:
         42:7d:b6:20:1e:23:8a:84:eb:ce:ab:82:d6:1e:06:68:dc:67:
         30:77:41:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2h6k98PuO3R6fbiwjwdOfKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjYwNDE4MTg0NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzU4NWMwMTY1NmQ3ZWNiYjhhNzVlNzA3M2JiZGJlMWZlNDUxYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EjHLO3yRWWppuy4meyLSjOk+ZWl
plHJZPUyWGeziQw/DRi/e9vRpqCSmgMLw5TbIhd/SjwY56qPmOE8On2qpCaq/QTQ
ZZUZku9orPTZpo2NX62Sk0hQ9qdJpAMaOp0ONlejzsKFuTnBT4nTEM2DgsSy8yvW
TAWBOE24ezdaBn9lqBUtNLsYvWB7OeaivUMXM9zDjqnCFPkNzsLo37valW5W5Oik
DyqRjfZg8hIC8h9Aw9Yi4MNG8MUM/DFU1Wefot99J7nnB/JKit7qCHbZMpLh+CEz
KJDMvpNFzXpo5NoGpg2vzU1uKfJtgHisDTFipSLTZDdJmMQR9rI2CezeQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdYXAFlbX7LuKdecHO72+H+RRtjMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvQjFoY0FXVnRmc3U0cDE1d2M3dmI0ZjVGRzJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bbYMA0G
CSqGSIb3DQEBCwUAA4IBAQB/nDrf1pAG3tnJaRs+miXfNRgJUXFmpmJoeLMTILxb
a+SYHx9/Ew0SNROEHVwLneTY6YbBZixlceBOoWQPD/NWlEVB6DRd0FIMGQCweDUe
//nnPAZguoV36xuWsO3xDfEo3KgyDwzJqF4i42ebgm7TegKflPgeseE102CX0+Vf
HyKp6qnAH232bYtaFjReMCm69gcZ1lWywzFxtbLTggomNNkAF2KPU0gEwBTxDUbg
A0dpJpm0P+kY7/eNzCFKsrVsHK4UFiIWsgGKpZXpfI6AmU4mheaHRWMLpera7+k2
gEUqOwYB71U9v8NCfbYgHiOKhOvOq4LWHgZo3Gcwd0Ex
-----END CERTIFICATE-----