Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DeL8lkilqvh57aZc84a-u6cJKiw.roa
File:                     DeL8lkilqvh57aZc84a-u6cJKiw.roa (raw, json)
Hash identifier:          8ir3nfDQ+bbgCZ/Lklb2jgGQIzEU11fmHurCblzKhSA=
Subject key identifier:   0D:E2:FC:96:48:A5:AA:F8:79:ED:A6:5C:F3:86:BE:BB:A7:09:2A:2C
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019E4A022E4BE986EDAEF8B61D3DC123D97A
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DeL8lkilqvh57aZc84a-u6cJKiw.roa
Signing time:             Thu 21 May 2026 10:08:37 +0000
ROA not before:           Thu 21 May 2026 10:08:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216138
IP address blocks:        185.226.105.0/24 maxlen: 24
                          194.5.64.0/24 maxlen: 24
                          194.124.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 18:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:02:2e:4b:e9:86:ed:ae:f8:b6:1d:3d:c1:23:d9:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: May 21 10:08:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0de2fc9648a5aaf879eda65cf386bebba7092a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ee:93:17:d8:24:5d:cc:31:b1:d3:40:31:4a:
                    c2:d4:3e:cb:62:59:ba:8d:ef:69:10:77:07:fd:c5:
                    a6:14:fb:94:19:4e:38:4b:4d:c7:0a:c2:f1:be:72:
                    64:d8:29:a2:f5:e1:f3:06:ac:c6:b3:67:02:dd:1e:
                    89:ba:8a:3f:1b:22:be:1a:aa:a2:d0:d2:f8:e3:bc:
                    52:99:e0:cd:e5:bc:5b:9a:a5:37:05:02:39:c9:37:
                    80:10:62:c7:03:48:e1:a5:29:7c:37:3f:97:ea:b4:
                    9e:e4:d9:31:43:93:72:c1:14:34:5c:1e:f9:86:a4:
                    28:72:73:96:a2:3b:9f:bc:9c:8c:8e:7e:22:21:e9:
                    70:78:b5:21:5c:fe:32:15:0e:15:2a:9f:5d:70:ba:
                    87:b0:b9:36:c0:86:ea:ca:d5:90:54:9a:a8:f1:c0:
                    70:0e:d3:56:63:4f:9a:01:e8:3a:0c:31:42:ec:ea:
                    6e:d6:41:02:2d:eb:03:68:ce:c6:f9:1a:fd:93:54:
                    8a:1a:c8:35:f3:db:d3:9e:b3:f0:73:90:5c:33:9d:
                    94:ae:5b:61:40:0e:57:f2:8c:1b:84:89:a3:26:dc:
                    35:5d:48:c0:4b:0e:ec:a3:24:b6:d0:2e:60:9c:80:
                    52:65:a2:85:c9:73:56:54:4d:a3:eb:fb:b0:69:4c:
                    16:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E2:FC:96:48:A5:AA:F8:79:ED:A6:5C:F3:86:BE:BB:A7:09:2A:2C
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DeL8lkilqvh57aZc84a-u6cJKiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.105.0/24
                  194.5.64.0/24
                  194.124.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:2f:bf:5e:30:fc:b8:34:8a:c5:d1:01:cc:2f:f7:b5:50:96:
         e9:d3:e2:26:b4:3f:f9:92:e5:f6:26:d4:78:6e:f3:03:29:37:
         32:ea:12:ec:aa:93:2b:ee:2a:1a:e5:56:95:89:c2:56:9e:f9:
         34:16:5f:21:40:ab:89:28:d0:88:a0:2b:5f:95:f9:c1:eb:b7:
         1b:10:ab:93:50:fb:a1:ff:db:de:0a:5e:89:14:7a:ee:b8:43:
         4d:a7:e0:b8:50:77:07:95:93:b5:5c:e4:e2:be:21:85:f7:c0:
         25:42:27:90:c1:ce:28:6b:26:31:e9:60:f0:7c:68:b6:b4:bd:
         1c:1b:5e:73:5a:2a:6a:0c:8d:1a:01:c0:1d:dd:d8:a2:90:9d:
         96:e8:8a:b1:d1:ab:cc:59:0d:94:58:4c:a3:b3:59:54:63:fa:
         ba:a8:d6:b9:f1:86:05:f0:89:7a:ae:14:a7:55:41:49:5c:f7:
         57:90:f4:87:e1:06:42:fe:a9:cf:6c:f6:d6:ea:cc:df:35:7b:
         d7:09:25:0d:50:eb:6b:0a:34:32:9b:a3:6a:a9:54:4c:cd:7b:
         41:79:b8:90:4c:c6:2b:5a:35:7f:c5:8c:de:94:e0:4f:45:10:
         20:a8:6c:79:5b:e1:30:34:2c:ba:32:0e:e8:aa:6d:9a:75:96:
         96:52:c8:2d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5KAi5L6Ybtrvi2HT3BI9l6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNTIxMTAwODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGUyZmM5NjQ4YTVhYWY4NzllZGE2NWNmMzg2YmViYmE3MDkyYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAke6TF9gkXcwxsdNAMUrC1D7LYlm6
je9pEHcH/cWmFPuUGU44S03HCsLxvnJk2Cmi9eHzBqzGs2cC3R6Juoo/GyK+Gqqi
0NL447xSmeDN5bxbmqU3BQI5yTeAEGLHA0jhpSl8Nz+X6rSe5NkxQ5NywRQ0XB75
hqQocnOWojufvJyMjn4iIelweLUhXP4yFQ4VKp9dcLqHsLk2wIbqytWQVJqo8cBw
DtNWY0+aAeg6DDFC7Opu1kECLesDaM7G+Rr9k1SKGsg189vTnrPwc5BcM52Urlth
QA5X8owbhImjJtw1XUjASw7soyS20C5gnIBSZaKFyXNWVE2j6/uwaUwWXQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA3i/JZIpar4ee2mXPOGvrunCSosMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRGVMOGxraWxxdmg1N2FaYzg0YS11NmNKS2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAueJpAwQA
wgVAAwQAwnxFMA0GCSqGSIb3DQEBCwUAA4IBAQAbL79eMPy4NIrF0QHML/e1UJbp
0+ImtD/5kuX2JtR4bvMDKTcy6hLsqpMr7ioa5VaVicJWnvk0Fl8hQKuJKNCIoCtf
lfnB67cbEKuTUPuh/9veCl6JFHruuENNp+C4UHcHlZO1XOTiviGF98AlQieQwc4o
ayYx6WDwfGi2tL0cG15zWipqDI0aAcAd3diikJ2W6Iqx0avMWQ2UWEyjs1lUY/q6
qNa58YYF8Il6rhSnVUFJXPdXkPSH4QZC/qnPbPbW6szfNXvXCSUNUOtrCjQym6Nq
qVRMzXtBebiQTMYrWjV/xYzelOBPRRAgqGx5W+EwNCy6Mg7oqm2adZaWUsgt
-----END CERTIFICATE-----