Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/cAfMugWdxXFLBCx7sw2-yd61uKY.roa
File:                     cAfMugWdxXFLBCx7sw2-yd61uKY.roa (raw, json)
Hash identifier:          orwX8b0RS0lYztkvgn66c9x9TZlFdD7WNVOTBejxj/Y=
Subject key identifier:   70:07:CC:BA:05:9D:C5:71:4B:04:2C:7B:B3:0D:BE:C9:DE:B5:B8:A6
Certificate issuer:       /CN=85b611a0b7d4334b7a2395e8cce7b0e3c9b838e8
Certificate serial:       019EA7F2D5F43335F2F6BE267DF8034863D1
Authority key identifier: 85:B6:11:A0:B7:D4:33:4B:7A:23:95:E8:CC:E7:B0:E3:C9:B8:38:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hbYRoLfUM0t6I5XozOew48m4OOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/cAfMugWdxXFLBCx7sw2-yd61uKY.roa
Signing time:             Mon 08 Jun 2026 15:56:09 +0000
ROA not before:           Mon 08 Jun 2026 15:56:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3352
IP address blocks:        185.51.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/hbYRoLfUM0t6I5XozOew48m4OOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/hbYRoLfUM0t6I5XozOew48m4OOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hbYRoLfUM0t6I5XozOew48m4OOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 15:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:f2:d5:f4:33:35:f2:f6:be:26:7d:f8:03:48:63:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85b611a0b7d4334b7a2395e8cce7b0e3c9b838e8
        Validity
            Not Before: Jun  8 15:56:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7007ccba059dc5714b042c7bb30dbec9deb5b8a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:46:ca:5a:86:17:c4:38:1f:0b:86:6f:9a:ff:
                    6a:87:52:97:fb:a0:5e:7e:6c:09:bf:21:d0:f7:19:
                    89:d7:36:f3:f7:80:0a:e1:f0:61:b6:00:5b:a2:d3:
                    03:bd:41:ab:8c:8f:69:c0:73:39:ba:59:df:cb:a4:
                    1b:42:d5:22:f3:25:1f:3e:44:7b:df:2b:e6:57:32:
                    ef:c0:91:1a:6a:35:21:38:14:ad:05:a9:b3:b9:e2:
                    32:87:43:64:46:49:ef:e7:39:4a:e5:a5:d1:33:c3:
                    62:12:9e:6a:9e:24:49:a1:d5:55:5b:9e:2c:d7:fe:
                    df:ca:5f:e6:4c:22:e6:d9:10:c9:ea:35:0c:d9:2a:
                    32:2c:39:32:dc:2b:52:74:b2:bc:ae:c1:89:d8:ab:
                    16:30:c7:e3:88:c6:da:d1:40:be:10:1f:22:56:5c:
                    db:b6:a3:56:06:ba:99:c7:30:7a:0f:2b:9c:9a:53:
                    96:c0:54:6e:80:56:2f:d3:9e:b2:22:77:d2:59:43:
                    86:c4:67:f1:77:cc:47:ed:19:9a:13:8a:79:90:37:
                    0c:c7:d0:fd:31:80:22:a4:d2:1d:1e:6b:4e:91:02:
                    9b:b3:20:58:af:85:9f:82:97:6b:f4:cc:35:f8:a9:
                    74:bf:0c:3c:6f:f8:ac:1d:c6:10:f8:4f:65:1d:37:
                    03:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:07:CC:BA:05:9D:C5:71:4B:04:2C:7B:B3:0D:BE:C9:DE:B5:B8:A6
            X509v3 Authority Key Identifier:
                keyid:85:B6:11:A0:B7:D4:33:4B:7A:23:95:E8:CC:E7:B0:E3:C9:B8:38:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hbYRoLfUM0t6I5XozOew48m4OOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/cAfMugWdxXFLBCx7sw2-yd61uKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/hbYRoLfUM0t6I5XozOew48m4OOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:18:bd:c6:60:04:da:6e:54:a1:5c:33:b7:7a:51:ac:ca:df:
         1a:5a:1b:8c:12:ad:37:e6:28:98:a2:36:58:b0:42:a3:e8:b4:
         e0:20:63:9d:1b:01:3e:f9:d6:ea:78:20:1c:6e:11:0b:04:43:
         81:35:b0:57:46:21:62:ec:78:c9:79:d8:bd:88:86:25:e6:cc:
         46:3f:06:43:3a:6f:3f:d0:00:83:6a:4e:e1:1c:2f:3a:d5:40:
         1c:11:e7:dd:4d:c5:dd:bd:ef:d7:93:14:d9:86:8d:59:5c:55:
         13:b4:94:13:17:f4:27:a1:50:15:0c:c3:0d:09:57:ff:59:e8:
         d9:2b:c5:5f:af:32:1e:28:62:e8:93:2f:34:f6:29:f8:e9:fe:
         eb:5a:b9:e5:d5:52:0d:82:67:f3:93:a2:53:8f:83:df:6b:9d:
         42:26:cf:09:a2:bd:a2:83:b2:dd:5f:a8:4b:3d:cb:cb:cd:14:
         73:43:8e:16:a1:35:e9:b9:ea:97:f0:7e:70:a4:a6:92:d2:3a:
         08:a4:39:fb:4a:75:05:0e:4d:19:39:b4:88:cd:e4:00:47:c2:
         7b:9f:68:02:02:01:c4:5e:ee:97:94:bf:4c:14:41:62:1d:8a:
         5b:89:91:88:5d:b7:6d:f2:d5:85:36:28:e4:f4:a8:6d:8d:e5:
         91:56:c9:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6n8tX0MzXy9r4mffgDSGPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YjYxMWEwYjdkNDMzNGI3YTIzOTVlOGNjZTdiMGUzYzli
ODM4ZTgwHhcNMjYwNjA4MTU1NjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDA3Y2NiYTA1OWRjNTcxNGIwNDJjN2JiMzBkYmVjOWRlYjViOGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0bKWoYXxDgfC4Zvmv9qh1KX+6Be
fmwJvyHQ9xmJ1zbz94AK4fBhtgBbotMDvUGrjI9pwHM5ulnfy6QbQtUi8yUfPkR7
3yvmVzLvwJEaajUhOBStBamzueIyh0NkRknv5zlK5aXRM8NiEp5qniRJodVVW54s
1/7fyl/mTCLm2RDJ6jUM2SoyLDky3CtSdLK8rsGJ2KsWMMfjiMba0UC+EB8iVlzb
tqNWBrqZxzB6DyucmlOWwFRugFYv056yInfSWUOGxGfxd8xH7RmaE4p5kDcMx9D9
MYAipNIdHmtOkQKbsyBYr4Wfgpdr9Mw1+Kl0vww8b/isHcYQ+E9lHTcDNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAHzLoFncVxSwQse7MNvsnetbimMB8GA1UdIwQY
MBaAFIW2EaC31DNLeiOV6MznsOPJuDjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGJZUm9MZlVNMHQ2STVYb3pPZXc0OG00T09nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85ZDU2M2QtYzQ3MC00M2IzLTgyYmIt
ODhjYjRlNzEwNmVhLzEvY0FmTXVnV2R4WEZMQkN4N3N3Mi15ZDYxdUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85ZDU2M2QtYzQ3MC00M2IzLTgyYmItODhjYjRlNzEwNmVh
LzEvaGJZUm9MZlVNMHQ2STVYb3pPZXc0OG00T09nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTMsMA0G
CSqGSIb3DQEBCwUAA4IBAQA+GL3GYATablShXDO3elGsyt8aWhuMEq035iiYojZY
sEKj6LTgIGOdGwE++dbqeCAcbhELBEOBNbBXRiFi7HjJedi9iIYl5sxGPwZDOm8/
0ACDak7hHC861UAcEefdTcXdve/XkxTZho1ZXFUTtJQTF/QnoVAVDMMNCVf/WejZ
K8VfrzIeKGLoky809in46f7rWrnl1VINgmfzk6JTj4Pfa51CJs8Jor2ig7LdX6hL
PcvLzRRzQ44WoTXpueqX8H5wpKaS0joIpDn7SnUFDk0ZObSIzeQAR8J7n2gCAgHE
Xu6XlL9MFEFiHYpbiZGIXbdt8tWFNijk9KhtjeWRVsnK
-----END CERTIFICATE-----