Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/1f36d5-3080-4a0e-9d63-79344da3a2e6/1/jkO9BFrCDIzfertRYsapdDM7d60.roa
File:                     jkO9BFrCDIzfertRYsapdDM7d60.roa (raw, json)
Hash identifier:          lSLXPmm7AIqebADnL1CRDBRTEdI7PBQZJXEYwCSAye8=
Subject key identifier:   8E:43:BD:04:5A:C2:0C:8C:DF:7A:BB:51:62:C6:A9:74:33:3B:77:AD
Certificate issuer:       /CN=af23585bfcdd061ca946e2d9ea8b97e45b9c31d6
Certificate serial:       019F1349D455020EF5D8427CA62E9E109947
Authority key identifier: AF:23:58:5B:FC:DD:06:1C:A9:46:E2:D9:EA:8B:97:E4:5B:9C:31:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ryNYW_zdBhypRuLZ6ouX5FucMdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/1f36d5-3080-4a0e-9d63-79344da3a2e6/1/jkO9BFrCDIzfertRYsapdDM7d60.roa
Signing time:             Mon 29 Jun 2026 12:10:32 +0000
ROA not before:           Mon 29 Jun 2026 12:10:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47176
IP address blocks:        185.213.56.0/22 maxlen: 24
                          195.170.175.0/24 maxlen: 24
                          2a0b:83c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/1f36d5-3080-4a0e-9d63-79344da3a2e6/1/ryNYW_zdBhypRuLZ6ouX5FucMdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/1f36d5-3080-4a0e-9d63-79344da3a2e6/1/ryNYW_zdBhypRuLZ6ouX5FucMdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ryNYW_zdBhypRuLZ6ouX5FucMdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:13:49:d4:55:02:0e:f5:d8:42:7c:a6:2e:9e:10:99:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af23585bfcdd061ca946e2d9ea8b97e45b9c31d6
        Validity
            Not Before: Jun 29 12:10:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e43bd045ac20c8cdf7abb5162c6a974333b77ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:be:06:9e:9c:3c:b9:a1:08:c8:52:96:1f:18:
                    79:6c:a7:da:29:a8:3a:c2:01:d3:20:f9:d7:06:fb:
                    89:7f:03:86:64:c7:12:ca:4f:fc:9a:44:0d:12:fe:
                    62:fd:74:24:85:00:ec:15:72:fc:ef:6e:0b:21:d1:
                    7f:a0:ed:41:f6:8c:10:71:40:36:56:a3:33:24:fa:
                    43:aa:e8:b9:a9:d7:3d:89:28:04:2a:db:6a:15:ca:
                    25:95:2f:21:f0:3b:d9:9f:2e:17:0b:27:f7:0b:40:
                    bb:2d:95:8e:70:47:e8:58:5c:10:85:73:2e:e2:53:
                    7e:8a:c3:3e:32:60:50:6e:4c:46:0c:6e:c5:c8:95:
                    f2:d9:d8:ad:ac:23:24:40:ab:0c:f3:a3:7c:ae:e5:
                    75:b6:34:3a:72:c6:d2:93:cf:4a:5c:fa:81:a3:cd:
                    64:1a:22:93:5b:8d:42:71:29:f6:2c:f1:51:ab:db:
                    63:30:6e:f3:8f:2b:f5:e8:c7:f3:d1:da:69:ee:85:
                    a3:6d:50:5a:68:b0:ee:ae:f7:a5:72:2f:f9:f7:ef:
                    63:10:57:f6:78:3b:1c:86:c0:09:b5:b6:c5:b2:83:
                    81:28:62:82:07:d3:0a:c7:96:06:6f:50:56:23:4a:
                    a8:d5:8a:aa:73:2f:9a:3e:20:32:e6:8b:74:2f:0f:
                    b4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:43:BD:04:5A:C2:0C:8C:DF:7A:BB:51:62:C6:A9:74:33:3B:77:AD
            X509v3 Authority Key Identifier:
                keyid:AF:23:58:5B:FC:DD:06:1C:A9:46:E2:D9:EA:8B:97:E4:5B:9C:31:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ryNYW_zdBhypRuLZ6ouX5FucMdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f36d5-3080-4a0e-9d63-79344da3a2e6/1/jkO9BFrCDIzfertRYsapdDM7d60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f36d5-3080-4a0e-9d63-79344da3a2e6/1/ryNYW_zdBhypRuLZ6ouX5FucMdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.56.0/22
                  195.170.175.0/24
                IPv6:
                  2a0b:83c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:f4:3d:73:38:19:02:d3:0c:07:96:15:89:ec:62:73:dc:71:
         65:68:b5:bd:bc:ca:88:44:0e:33:f5:e6:63:e4:69:c1:36:ba:
         03:ea:a7:e2:6a:84:bc:10:65:3c:98:e4:aa:70:0f:36:c4:96:
         81:b1:ae:4d:03:da:f6:75:52:0e:1e:65:ac:82:65:00:a2:ed:
         60:3c:15:ab:95:11:c1:e3:c8:d9:ac:9a:8b:30:3f:fa:d5:c0:
         68:4d:de:eb:2b:74:4e:34:e2:9f:9b:6d:21:88:b5:f5:0b:98:
         50:73:82:b0:1a:e9:0e:42:04:48:ca:3f:4f:37:04:33:99:41:
         e2:bd:0b:60:7a:cf:3a:62:18:d2:14:62:15:e8:99:b1:eb:56:
         db:2c:20:36:94:25:41:b5:40:b9:fa:8d:60:e1:6a:e7:3e:cc:
         bf:b5:6f:fb:3c:41:f9:0f:83:1b:75:7a:eb:6e:a1:5b:c9:54:
         4e:4c:42:15:fc:83:62:b4:7f:88:97:96:97:e3:a4:b5:d0:7a:
         ef:10:0d:6d:a9:fd:07:cf:ef:40:76:ef:0e:cb:91:1e:bd:7a:
         51:8f:b4:51:d9:a9:5c:40:fa:07:6f:0b:32:44:33:31:1e:65:
         15:bf:93:95:c2:68:77:ec:00:ea:69:b6:70:60:f2:0a:e7:50:
         4c:6e:ff:a9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ8TSdRVAg712EJ8pi6eEJlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMjM1ODViZmNkZDA2MWNhOTQ2ZTJkOWVhOGI5N2U0NWI5
YzMxZDYwHhcNMjYwNjI5MTIxMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTQzYmQwNDVhYzIwYzhjZGY3YWJiNTE2MmM2YTk3NDMzM2I3N2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjb4Gnpw8uaEIyFKWHxh5bKfaKag6
wgHTIPnXBvuJfwOGZMcSyk/8mkQNEv5i/XQkhQDsFXL8724LIdF/oO1B9owQcUA2
VqMzJPpDqui5qdc9iSgEKttqFcollS8h8DvZny4XCyf3C0C7LZWOcEfoWFwQhXMu
4lN+isM+MmBQbkxGDG7FyJXy2ditrCMkQKsM86N8ruV1tjQ6csbSk89KXPqBo81k
GiKTW41CcSn2LPFRq9tjMG7zjyv16Mfz0dpp7oWjbVBaaLDurvelci/59+9jEFf2
eDschsAJtbbFsoOBKGKCB9MKx5YGb1BWI0qo1Yqqcy+aPiAy5ot0Lw+02QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFI5DvQRawgyM33q7UWLGqXQzO3etMB8GA1UdIwQY
MBaAFK8jWFv83QYcqUbi2eqLl+RbnDHWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnlOWVdfemRCaHlwUnVMWjZvdVg1RnVjTWRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xZjM2ZDUtMzA4MC00YTBlLTlkNjMt
NzkzNDRkYTNhMmU2LzEvamtPOUJGckNESXpmZXJ0UllzYXBkRE03ZDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xZjM2ZDUtMzA4MC00YTBlLTlkNjMtNzkzNDRkYTNhMmU2
LzEvcnlOWVdfemRCaHlwUnVMWjZvdVg1RnVjTWRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCudU4AwQA
w6qvMA0EAgACMAcDBQMqC4PAMA0GCSqGSIb3DQEBCwUAA4IBAQCZ9D1zOBkC0wwH
lhWJ7GJz3HFlaLW9vMqIRA4z9eZj5GnBNroD6qfiaoS8EGU8mOSqcA82xJaBsa5N
A9r2dVIOHmWsgmUAou1gPBWrlRHB48jZrJqLMD/61cBoTd7rK3RONOKfm20hiLX1
C5hQc4KwGukOQgRIyj9PNwQzmUHivQtges86YhjSFGIV6Jmx61bbLCA2lCVBtUC5
+o1g4WrnPsy/tW/7PEH5D4MbdXrrbqFbyVROTEIV/INitH+Il5aX46S10HrvEA1t
qf0Hz+9Adu8Oy5EevXpRj7RR2alcQPoHbwsyRDMxHmUVv5OVwmh37ADqabZwYPIK
51BMbv+p
-----END CERTIFICATE-----