Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/AEeBq3XFkbn8pyHJEeb3isWEmIA.roa
File:                     AEeBq3XFkbn8pyHJEeb3isWEmIA.roa (raw, json)
Hash identifier:          gkDvS6y+2rhPnDPFUFxFEdfe5IUZN7R+qqVkzML65dE=
Subject key identifier:   00:47:81:AB:75:C5:91:B9:FC:A7:21:C9:11:E6:F7:8A:C5:84:98:80
Certificate issuer:       /CN=b0225fd035a7ce64a7c88bde71aeb560f3483974
Certificate serial:       019CE6EEBA4EF61805AFA625F1558A31E60D
Authority key identifier: B0:22:5F:D0:35:A7:CE:64:A7:C8:8B:DE:71:AE:B5:60:F3:48:39:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCJf0DWnzmSnyIveca61YPNIOXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/AEeBq3XFkbn8pyHJEeb3isWEmIA.roa
Signing time:             Fri 13 Mar 2026 11:22:10 +0000
ROA not before:           Fri 13 Mar 2026 11:22:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55933
IP address blocks:        185.227.152.0/22 maxlen: 24
                          185.227.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/sCJf0DWnzmSnyIveca61YPNIOXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/sCJf0DWnzmSnyIveca61YPNIOXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCJf0DWnzmSnyIveca61YPNIOXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:ee:ba:4e:f6:18:05:af:a6:25:f1:55:8a:31:e6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0225fd035a7ce64a7c88bde71aeb560f3483974
        Validity
            Not Before: Mar 13 11:22:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=004781ab75c591b9fca721c911e6f78ac5849880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:77:9c:01:86:3e:f0:23:ec:cf:08:95:3e:d8:
                    96:5a:9d:46:6e:f3:06:2a:55:1b:d6:9d:18:f4:04:
                    a4:6c:16:a5:f3:25:ce:48:24:84:1e:f0:20:6a:8f:
                    bc:f0:f6:da:b4:09:86:3e:6f:b5:51:79:35:fe:9e:
                    c6:40:f5:60:77:7a:6f:98:2c:5c:de:98:c4:ad:5a:
                    6a:ec:34:c5:5e:cc:43:7c:cd:6b:c6:ab:f1:f5:a2:
                    14:6f:bd:fd:26:1b:1c:57:93:99:48:1c:44:01:b9:
                    7d:c7:9a:09:69:83:c1:bd:83:fe:2b:23:8c:9d:1e:
                    4c:75:42:b8:41:d0:07:9a:14:9e:ed:e8:53:e2:d6:
                    73:ac:c4:82:b5:6d:d0:b8:9f:ec:cb:36:00:a2:7f:
                    12:b6:cc:c8:e9:f1:90:1c:5f:b8:68:5b:08:45:bf:
                    ed:1a:ed:5d:40:a0:87:b3:cb:91:0a:dc:25:b4:a1:
                    bd:93:b0:72:f4:84:f0:51:8c:3c:1c:61:e1:dc:dd:
                    0a:15:cb:39:5a:9f:e3:72:c7:b0:17:a5:af:45:2f:
                    55:4e:5a:71:e5:5d:78:3b:ff:e6:cd:d5:6a:35:05:
                    e0:bf:24:5c:c7:55:8b:ee:87:54:8c:64:bb:1c:da:
                    82:ae:25:e7:ea:05:ae:69:97:e4:6a:64:67:08:f0:
                    04:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:47:81:AB:75:C5:91:B9:FC:A7:21:C9:11:E6:F7:8A:C5:84:98:80
            X509v3 Authority Key Identifier:
                keyid:B0:22:5F:D0:35:A7:CE:64:A7:C8:8B:DE:71:AE:B5:60:F3:48:39:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCJf0DWnzmSnyIveca61YPNIOXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/AEeBq3XFkbn8pyHJEeb3isWEmIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/sCJf0DWnzmSnyIveca61YPNIOXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:dd:e1:78:d3:7a:3c:cd:a1:3a:27:ae:b2:77:f6:b7:9d:30:
         5b:b0:83:c8:26:2a:4f:66:b7:27:0d:b7:70:3a:23:c1:4a:18:
         72:e4:cc:af:87:93:36:dc:4c:86:7e:6d:44:bd:79:72:c5:f5:
         0b:34:50:4f:e1:3f:ee:84:23:51:f0:8d:7a:dc:fe:e7:b1:8b:
         54:dc:4e:89:34:93:88:5f:62:ed:4f:b5:dc:ea:df:91:b4:89:
         2f:b5:dd:dc:6f:2e:c9:43:a0:be:14:cb:4c:ce:fd:a6:fd:11:
         fc:1f:e4:87:0e:ae:4b:f2:11:f7:e4:08:a5:ba:f9:c6:31:b4:
         a0:8b:7b:58:1b:12:cb:0f:4c:e2:a7:64:a3:d7:14:13:3b:ed:
         12:2f:1a:17:87:2a:d3:25:c2:18:2a:c3:e9:0b:af:4f:0f:0c:
         44:24:c3:49:ed:88:4a:28:e4:11:c8:0a:0c:a0:7f:a0:b4:c0:
         31:10:92:37:b9:e5:60:e5:96:e5:00:0e:eb:f3:77:a8:61:65:
         6d:e5:8f:d2:85:5e:67:2d:a9:d9:6b:88:1e:2d:16:a5:5e:87:
         13:87:f1:48:b9:44:da:b3:4d:5a:c7:4e:73:57:d0:8f:97:e4:
         6c:ed:ac:ff:c4:9e:87:cf:e6:a0:a9:0f:78:f6:d6:e5:27:bd:
         3f:ea:42:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzm7rpO9hgFr6Yl8VWKMeYNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMjI1ZmQwMzVhN2NlNjRhN2M4OGJkZTcxYWViNTYwZjM0
ODM5NzQwHhcNMjYwMzEzMTEyMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDQ3ODFhYjc1YzU5MWI5ZmNhNzIxYzkxMWU2Zjc4YWM1ODQ5ODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3ecAYY+8CPszwiVPtiWWp1GbvMG
KlUb1p0Y9ASkbBal8yXOSCSEHvAgao+88PbatAmGPm+1UXk1/p7GQPVgd3pvmCxc
3pjErVpq7DTFXsxDfM1rxqvx9aIUb739JhscV5OZSBxEAbl9x5oJaYPBvYP+KyOM
nR5MdUK4QdAHmhSe7ehT4tZzrMSCtW3QuJ/syzYAon8StszI6fGQHF+4aFsIRb/t
Gu1dQKCHs8uRCtwltKG9k7By9ITwUYw8HGHh3N0KFcs5Wp/jcsewF6WvRS9VTlpx
5V14O//mzdVqNQXgvyRcx1WL7odUjGS7HNqCriXn6gWuaZfkamRnCPAEaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABHgat1xZG5/KchyRHm94rFhJiAMB8GA1UdIwQY
MBaAFLAiX9A1p85kp8iL3nGutWDzSDl0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NKZjBEV256bVNueUl2ZWNhNjFZUE5JT1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jNDYyNzgtZTFkMC00ZGM3LTk4Yzct
NDQzZTRiYWI3ZGU2LzEvQUVlQnEzWEZrYm44cHlISkVlYjNpc1dFbUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jNDYyNzgtZTFkMC00ZGM3LTk4YzctNDQzZTRiYWI3ZGU2
LzEvc0NKZjBEV256bVNueUl2ZWNhNjFZUE5JT1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueOYMA0G
CSqGSIb3DQEBCwUAA4IBAQBx3eF403o8zaE6J66yd/a3nTBbsIPIJipPZrcnDbdw
OiPBShhy5Myvh5M23EyGfm1EvXlyxfULNFBP4T/uhCNR8I163P7nsYtU3E6JNJOI
X2LtT7Xc6t+RtIkvtd3cby7JQ6C+FMtMzv2m/RH8H+SHDq5L8hH35AiluvnGMbSg
i3tYGxLLD0zip2Sj1xQTO+0SLxoXhyrTJcIYKsPpC69PDwxEJMNJ7YhKKOQRyAoM
oH+gtMAxEJI3ueVg5ZblAA7r83eoYWVt5Y/ShV5nLanZa4geLRalXocTh/FIuUTa
s01ax05zV9CPl+Rs7az/xJ6Hz+agqQ949tblJ70/6kKO
-----END CERTIFICATE-----