Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/ftWl42XlVR06kFIc2c0GqMJzHUE.roa
File:                     ftWl42XlVR06kFIc2c0GqMJzHUE.roa (raw, json)
Hash identifier:          nYy1i5V68Ehly7gVpP19Cgh2GN1U/c5mj8ykEj8Zqek=
Subject key identifier:   7E:D5:A5:E3:65:E5:55:1D:3A:90:52:1C:D9:CD:06:A8:C2:73:1D:41
Certificate issuer:       /CN=bf5db811b5d5d05bec37ee9d09a4ec52eeed1ad5
Certificate serial:       019DC8BD5DF47D2530E3C6BEF79C8D9D7AD7
Authority key identifier: BF:5D:B8:11:B5:D5:D0:5B:EC:37:EE:9D:09:A4:EC:52:EE:ED:1A:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/ftWl42XlVR06kFIc2c0GqMJzHUE.roa
Signing time:             Sun 26 Apr 2026 07:42:26 +0000
ROA not before:           Sun 26 Apr 2026 07:42:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47308
IP address blocks:        185.66.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c8:bd:5d:f4:7d:25:30:e3:c6:be:f7:9c:8d:9d:7a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf5db811b5d5d05bec37ee9d09a4ec52eeed1ad5
        Validity
            Not Before: Apr 26 07:42:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ed5a5e365e5551d3a90521cd9cd06a8c2731d41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:42:d2:bd:0f:f1:38:68:2b:95:4e:46:86:e1:
                    ac:8a:6e:da:2e:ca:5f:6f:42:9f:8c:10:39:86:20:
                    5b:68:6f:3b:4a:60:5d:ef:1a:24:cd:77:ee:7f:5e:
                    75:a6:6c:ae:56:a7:c2:76:d6:96:2a:72:e5:ae:d0:
                    8a:6f:bf:0b:c9:5b:70:84:6c:92:5c:71:2f:ab:f7:
                    05:32:c9:4d:75:52:90:15:cb:4a:64:ef:64:7e:e8:
                    73:fb:a1:c8:46:9a:75:fd:68:37:95:81:7b:74:58:
                    37:9a:77:a5:d1:22:67:d9:8b:91:6f:c3:ef:ec:2e:
                    9b:dc:0e:59:41:8d:0a:f6:ca:be:da:12:bb:77:fb:
                    2b:1c:1a:0c:d3:48:54:50:47:3d:87:d8:0f:13:76:
                    56:ba:f3:e4:a6:72:85:6b:c6:bb:1a:a1:5a:31:6e:
                    43:92:14:b8:ff:90:75:b1:13:44:d1:1f:1c:99:0a:
                    8f:ac:f7:83:f8:2e:3c:5a:88:8c:ab:4c:26:d0:2b:
                    cb:6a:22:70:2c:8c:7e:0e:6d:25:e4:06:fd:80:59:
                    ab:48:4e:a2:72:df:27:81:77:ad:e9:99:2d:b5:f9:
                    0d:1b:d9:0f:db:60:55:9a:ec:56:d2:a0:b3:90:bb:
                    11:7d:a0:99:bf:99:ca:ca:66:65:2c:6a:2e:0c:d9:
                    69:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D5:A5:E3:65:E5:55:1D:3A:90:52:1C:D9:CD:06:A8:C2:73:1D:41
            X509v3 Authority Key Identifier:
                keyid:BF:5D:B8:11:B5:D5:D0:5B:EC:37:EE:9D:09:A4:EC:52:EE:ED:1A:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/ftWl42XlVR06kFIc2c0GqMJzHUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:eb:04:e7:1a:0b:df:93:43:20:7d:13:19:fa:1c:41:75:4e:
         6e:7d:1f:3f:52:7b:a9:9e:15:a9:20:8b:a8:a8:78:d2:1b:7d:
         bc:f0:b5:39:a0:29:fc:ee:e6:0c:e9:0c:e3:7d:8f:fd:9b:ce:
         cc:9e:0a:e0:33:0c:ce:e5:b1:b0:0c:b2:ea:33:a2:44:55:d1:
         73:3e:30:2e:94:45:be:36:8f:8f:05:86:fa:4e:9c:2a:61:b0:
         cf:e3:75:14:7e:3d:12:1c:41:be:c4:c2:bc:aa:fd:4d:b3:ea:
         58:9c:ca:a8:81:79:e7:7d:98:98:fd:ac:71:95:af:2b:15:30:
         26:91:be:99:c2:c5:cc:ee:05:af:8a:d6:e2:9b:ba:26:6d:ae:
         aa:4f:0c:a8:be:9f:9d:9d:ad:73:b1:b3:8c:bf:fa:f7:83:8e:
         bb:26:d7:2e:00:32:2b:ab:ec:30:80:f1:9a:2b:56:39:c2:20:
         f1:2f:ad:b1:6e:75:39:dd:b6:bf:18:3b:89:e9:46:68:51:f9:
         a3:34:4e:ce:6c:52:f1:52:d1:f0:a1:e0:6d:b2:19:6d:56:c8:
         d3:3e:9c:b1:af:4c:e2:5a:29:a7:fa:99:77:4c:0c:6b:b2:cf:
         fa:f6:97:93:cc:e4:6b:68:53:9f:54:ae:b9:9e:82:4f:3c:73:
         1b:1e:03:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3IvV30fSUw48a+95yNnXrXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNWRiODExYjVkNWQwNWJlYzM3ZWU5ZDA5YTRlYzUyZWVl
ZDFhZDUwHhcNMjYwNDI2MDc0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWQ1YTVlMzY1ZTU1NTFkM2E5MDUyMWNkOWNkMDZhOGMyNzMxZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmULSvQ/xOGgrlU5GhuGsim7aLspf
b0KfjBA5hiBbaG87SmBd7xokzXfuf151pmyuVqfCdtaWKnLlrtCKb78LyVtwhGyS
XHEvq/cFMslNdVKQFctKZO9kfuhz+6HIRpp1/Wg3lYF7dFg3mnel0SJn2YuRb8Pv
7C6b3A5ZQY0K9sq+2hK7d/srHBoM00hUUEc9h9gPE3ZWuvPkpnKFa8a7GqFaMW5D
khS4/5B1sRNE0R8cmQqPrPeD+C48WoiMq0wm0CvLaiJwLIx+Dm0l5Ab9gFmrSE6i
ct8ngXet6ZkttfkNG9kP22BVmuxW0qCzkLsRfaCZv5nKymZlLGouDNlpEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7VpeNl5VUdOpBSHNnNBqjCcx1BMB8GA1UdIwQY
MBaAFL9duBG11dBb7DfunQmk7FLu7RrVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjEyNEViWFYwRnZzTi02ZENhVHNVdTd0R3RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zMGY1ZTAtYTA0Zi00OTkzLTk4M2Mt
NzE1ZjA5ODE3MzQxLzEvZnRXbDQyWGxWUjA2a0ZJYzJjMEdxTUp6SFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zMGY1ZTAtYTA0Zi00OTkzLTk4M2MtNzE1ZjA5ODE3MzQx
LzEvdjEyNEViWFYwRnZzTi02ZENhVHNVdTd0R3RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuULmMA0G
CSqGSIb3DQEBCwUAA4IBAQCW6wTnGgvfk0MgfRMZ+hxBdU5ufR8/UnupnhWpIIuo
qHjSG3288LU5oCn87uYM6QzjfY/9m87MngrgMwzO5bGwDLLqM6JEVdFzPjAulEW+
No+PBYb6TpwqYbDP43UUfj0SHEG+xMK8qv1Ns+pYnMqogXnnfZiY/axxla8rFTAm
kb6ZwsXM7gWvitbim7omba6qTwyovp+dna1zsbOMv/r3g467JtcuADIrq+wwgPGa
K1Y5wiDxL62xbnU53ba/GDuJ6UZoUfmjNE7ObFLxUtHwoeBtshltVsjTPpyxr0zi
Wimn+pl3TAxrss/69peTzORraFOfVK65noJPPHMbHgPR
-----END CERTIFICATE-----